Bug#534142: libavcodec51: segfaults on FLAC files with metadata > 64k (ffmpeg issue #187)

Reinhard Tartler siretart at tauware.de
Wed Jun 24 08:20:34 UTC 2009


Reinhard Tartler <siretart at tauware.de> writes:

> Julien BLACHE <jblache at debian.org> writes:
>
>>>> Anyway, that's an ffmpeg bug, and if it's the 64k bug, I think it
>>>> can be fixed with the upstream patch pretty easily.
>>>
>>> You mean I should rebuild ffmpeg on lenny with the patch from issue 187?
>>
>> The patch in the bug log is not the final patch, I think; you should
>> look at their r14281 and apply that instead. And actually this should
>> be fixed in a Lenny point release for the benefit of all the ffmpeg
>> users in Lenny for the upcoming 2 years...
>
> I've attached the patch in question to this mail.
>
> Release team, are you OK with that patch? If yes, I'll upload to
> stable-proposed-updates.

I've now uploaded the following change to 'stable'. Please reject the
upload if there are problems with it:

diff --git a/debian/changelog b/debian/changelog
index 4967a76..ab9171e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ffmpeg-debian (0.svn20080206-18) stable; urgency=low
+
+  * Support reading large metadata in flac decoder (Closes: #534142)
+
+ -- Reinhard Tartler <siretart at tauware.de>  Wed, 24 Jun 2009 09:02:44 +0200
+
 ffmpeg-debian (0.svn20080206-17+lenny1) stable-security; urgency=high
 
   * Non-maintainer upload by the security team
diff --git a/debian/patches/060_r14281_large_flac_metadata.diff b/debian/patches/060_r14281_large_flac_metadata.diff
new file mode 100644
index 0000000..3082046
--- /dev/null
+++ b/debian/patches/060_r14281_large_flac_metadata.diff
@@ -0,0 +1,47 @@
+------------------------------------------------------------------------
+r14281 | michael | 2008-07-18 14:03:21 +0200 (Fr, 18. Jul 2008) | 3 lines
+
+Support reading large metadata.
+fixes issue187
+
+===================================================================
+--- a/libavcodec/flac.c	(Revision 14280)
++++ b/libavcodec/flac.c	(Revision 14281)
+@@ -181,6 +181,7 @@
+ static int metadata_parse(FLACContext *s)
+ {
+     int i, metadata_last, metadata_type, metadata_size, streaminfo_updated=0;
++    int initial_pos= get_bits_count(&s->gb);
+ 
+     if (show_bits_long(&s->gb, 32) == MKBETAG('f','L','a','C')) {
+         skip_bits(&s->gb, 32);
+@@ -191,6 +192,11 @@
+             metadata_type = get_bits(&s->gb, 7);
+             metadata_size = get_bits_long(&s->gb, 24);
+ 
++            if(get_bits_count(&s->gb) + 8*metadata_size > s->gb.size_in_bits){
++                skip_bits_long(&s->gb, initial_pos - get_bits_count(&s->gb));
++                break;
++            }
++
+             av_log(s->avctx, AV_LOG_DEBUG,
+                    " metadata block: flag = %d, type = %d, size = %d\n",
+                    metadata_last, metadata_type, metadata_size);
+@@ -612,9 +618,16 @@
+     }
+ 
+     if(1 && s->max_framesize){//FIXME truncated
+-            buf_size= FFMAX(FFMIN(buf_size, s->max_framesize - s->bitstream_size), 0);
++            if(s->bitstream_size < 4 || AV_RL32(s->bitstream) != MKTAG('f','L','a','C'))
++                buf_size= FFMIN(buf_size, s->max_framesize - FFMIN(s->bitstream_size, s->max_framesize));
+             input_buf_size= buf_size;
+ 
++            if(s->bitstream_size + buf_size < buf_size || s->bitstream_index + s->bitstream_size + buf_size < s->bitstream_index)
++                return -1;
++
++            if(s->allocated_bitstream_size < s->bitstream_size + buf_size)
++                s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->bitstream_size + buf_size);
++
+             if(s->bitstream_index + s->bitstream_size + buf_size > s->allocated_bitstream_size){
+ //                printf("memmove\n");
+                 memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size);
diff --git a/debian/patches/series b/debian/patches/series
index 1c8716a..8eecb39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,5 +15,6 @@
 060_r14917_dca_max_frame_size.diff
 060_r14937_dca_fix_scaling_factor.diff
 060_r14964.dca_table.diff
+060_r14281_large_flac_metadata.diff
 300_c++_compliant_headers.diff
 900_doxyfile


-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4





More information about the pkg-multimedia-maintainers mailing list