Bug#534142: libavcodec51: segfaults on FLAC files with metadata > 64k (ffmpeg issue #187)
Reinhard Tartler
siretart at tauware.de
Wed Jun 24 08:20:34 UTC 2009
Reinhard Tartler <siretart at tauware.de> writes:
> Julien BLACHE <jblache at debian.org> writes:
>
>>>> Anyway, that's an ffmpeg bug, and if it's the 64k bug, I think it
>>>> can be fixed with the upstream patch pretty easily.
>>>
>>> You mean I should rebuild ffmpeg on lenny with the patch from issue 187?
>>
>> The patch in the bug log is not the final patch, I think; you should
>> look at their r14281 and apply that instead. And actually this should
>> be fixed in a Lenny point release for the benefit of all the ffmpeg
>> users in Lenny for the upcoming 2 years...
>
> I've attached the patch in question to this mail.
>
> Release team, are you OK with that patch? If yes, I'll upload to
> stable-proposed-updates.
I've now uploaded the following change to 'stable'. Please reject the
upload if there are problems with it:
diff --git a/debian/changelog b/debian/changelog
index 4967a76..ab9171e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ffmpeg-debian (0.svn20080206-18) stable; urgency=low
+
+ * Support reading large metadata in flac decoder (Closes: #534142)
+
+ -- Reinhard Tartler <siretart at tauware.de> Wed, 24 Jun 2009 09:02:44 +0200
+
ffmpeg-debian (0.svn20080206-17+lenny1) stable-security; urgency=high
* Non-maintainer upload by the security team
diff --git a/debian/patches/060_r14281_large_flac_metadata.diff b/debian/patches/060_r14281_large_flac_metadata.diff
new file mode 100644
index 0000000..3082046
--- /dev/null
+++ b/debian/patches/060_r14281_large_flac_metadata.diff
@@ -0,0 +1,47 @@
+------------------------------------------------------------------------
+r14281 | michael | 2008-07-18 14:03:21 +0200 (Fr, 18. Jul 2008) | 3 lines
+
+Support reading large metadata.
+fixes issue187
+
+===================================================================
+--- a/libavcodec/flac.c (Revision 14280)
++++ b/libavcodec/flac.c (Revision 14281)
+@@ -181,6 +181,7 @@
+ static int metadata_parse(FLACContext *s)
+ {
+ int i, metadata_last, metadata_type, metadata_size, streaminfo_updated=0;
++ int initial_pos= get_bits_count(&s->gb);
+
+ if (show_bits_long(&s->gb, 32) == MKBETAG('f','L','a','C')) {
+ skip_bits(&s->gb, 32);
+@@ -191,6 +192,11 @@
+ metadata_type = get_bits(&s->gb, 7);
+ metadata_size = get_bits_long(&s->gb, 24);
+
++ if(get_bits_count(&s->gb) + 8*metadata_size > s->gb.size_in_bits){
++ skip_bits_long(&s->gb, initial_pos - get_bits_count(&s->gb));
++ break;
++ }
++
+ av_log(s->avctx, AV_LOG_DEBUG,
+ " metadata block: flag = %d, type = %d, size = %d\n",
+ metadata_last, metadata_type, metadata_size);
+@@ -612,9 +618,16 @@
+ }
+
+ if(1 && s->max_framesize){//FIXME truncated
+- buf_size= FFMAX(FFMIN(buf_size, s->max_framesize - s->bitstream_size), 0);
++ if(s->bitstream_size < 4 || AV_RL32(s->bitstream) != MKTAG('f','L','a','C'))
++ buf_size= FFMIN(buf_size, s->max_framesize - FFMIN(s->bitstream_size, s->max_framesize));
+ input_buf_size= buf_size;
+
++ if(s->bitstream_size + buf_size < buf_size || s->bitstream_index + s->bitstream_size + buf_size < s->bitstream_index)
++ return -1;
++
++ if(s->allocated_bitstream_size < s->bitstream_size + buf_size)
++ s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->bitstream_size + buf_size);
++
+ if(s->bitstream_index + s->bitstream_size + buf_size > s->allocated_bitstream_size){
+ // printf("memmove\n");
+ memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size);
diff --git a/debian/patches/series b/debian/patches/series
index 1c8716a..8eecb39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,5 +15,6 @@
060_r14917_dca_max_frame_size.diff
060_r14937_dca_fix_scaling_factor.diff
060_r14964.dca_table.diff
+060_r14281_large_flac_metadata.diff
300_c++_compliant_headers.diff
900_doxyfile
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list