Your message dated Wed, 07 Mar 2012 09:05:07 +0100
with message-id <[email protected]>
and subject line Re: Bug#657200: seems to be fixed
has caused the Debian Bug report #657200,
regarding Endless loop in avformat_find_stream_info()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
657200: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657200
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libavformat53
Version: 4:0.8-1
Severity: important
When calling avformat_find_stream_info() on a broken mp3 file,
libavformat enters an endless loop. This is a vulnerability that can
be used as a remote DoS attack on radio players such as MPD, therefore
severity important.
Demo file: http://www.blarg.de/broken.mp3
Dump of a gdb session demonstrating the problem:
gdb --args ffprobe broken.mp3
Reading symbols from /usr/bin/ffprobe...Reading symbols from
/usr/lib/debug/.build-id/d1/8d41702259479824206b4584cfa11b04d6b7b3.debug...done.
done.
(gdb) run
Starting program: /usr/bin/ffprobe broken.mp3
warning: no loadable sections found in added symbol-file system-supplied DSO at
0x7ffff7ffa000
[Thread debugging using libthread_db enabled]
avprobe version 0.8-4:0.8-1, Copyright (c) 2007-2011 the Libav developers
built on Jan 22 2012 21:45:34 with gcc 4.6.2
[mp3 @ 0x6209a0] Format detected only with low score of 25, misdetection
possible!
[mp3 @ 0x6228c0] Header missing
...
^C
Program received signal SIGINT, Interrupt.
apply_param_change (avctx=0x6228c0, avpkt=<optimized out>) at
/build/libav-QkFId0/libav-0.8/libavcodec/utils.c:1116
1116 /build/libav-QkFId0/libav-0.8/libavcodec/utils.c: No such file or
directory.
in /build/libav-QkFId0/libav-0.8/libavcodec/utils.c
(gdb) bt
#0 apply_param_change (avctx=0x6228c0, avpkt=<optimized out>) at
/build/libav-QkFId0/libav-0.8/libavcodec/utils.c:1116
#1 0x00007ffff6cce833 in avcodec_decode_audio4 (avctx=0x6228c0,
frame=0x7fffffffe1a0, got_frame_ptr=0x7fffffffe37c,
avpkt=0x7fffffffe310) at
/build/libav-QkFId0/libav-0.8/libavcodec/utils.c:1218
#2 0x00007ffff774e78d in try_decode_frame (st=0x620fe0, avpkt=<optimized out>,
options=<optimized out>)
at /build/libav-QkFId0/libav-0.8/libavformat/utils.c:2170
#3 0x00007ffff77540ed in avformat_find_stream_info (ic=0x6209a0, options=0x0)
at /build/libav-QkFId0/libav-0.8/libavformat/utils.c:2404
#4 0x0000000000402cc0 in open_input_file (filename=0x7fffffffeb39
"broken.mp3", fmt_ctx_ptr=0x7fffffffe770)
at /build/libav-QkFId0/libav-0.8/avprobe.c:310
#5 probe_file (filename=0x7fffffffeb39 "broken.mp3") at
/build/libav-QkFId0/libav-0.8/avprobe.c:341
#6 main (argc=<optimized out>, argv=<optimized out>) at
/build/libav-QkFId0/libav-0.8/avprobe.c:450
--- End Message ---
--- Begin Message ---
Version: 4:0.8-2
Am 06.03.2012 18:07, schrieb Matthieu Bedouet:
It works with latest upload 4:0.8-2.
the patch has been applied upstream and is within the "post 0.8"
patches in the new revision.
Fine.
This bug could be closed.
Doing so, thanks for the reminder!
--- End Message ---
