Vitor <[email protected]> added the comment: On 09/23/2010 01:00 PM, Carl Eugen Hoyos wrote: > > Are you sure? > This one has its invalid writes in lines 1995, 1863, 1379 and 1390, issue 2228 > triggers invalid writes in lines 943 and 567 of mpegaudiodec.c.
Both gives invalid reads in get_bits() and friends (get_vlc, skip_bits, etc). The issue here is that the mp3 decoder don't check anywhere if it has enough bits to decode a frame and overread if the packet is too small. ________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/issue2240> ________________________________________________
