Re: [FFmpeg-trac] #11537(undetermined:new): ffmpeg 6.1.3 please?

Mon, 07 Apr 2025 07:34:54 -0700 

#11537: ffmpeg 6.1.3 please?
-------------------------------------+-------------------------------------
             Reporter:  Artem S.     |                    Owner:  (none)
  Tashkinov                          |
                 Type:  defect       |                   Status:  new
             Priority:  critical     |                Component:
                                     |  undetermined
              Version:  6.1.1        |               Resolution:
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by MasterQuestionable):

 * cc: MasterQuestionable (added)

Comment:

 ͏    Quite wondering that, why would some mere arithmetic overflow of
 limited influence:
 ͏    Be exaggerated as that "high risk security vulnerability" that may
 enable arbitrary remote code execution..?
 ͏
 
https://github.com/FFmpeg/FFmpeg/blob/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661/libavformat/westwood_vqa.c#L265
 ͏
 
https://github.com/FFmpeg/FFmpeg/blob/65ddc74988245a01421a63c5cffa4d900c47117c/libavcodec/packet.h#L536-L540
 ͏    .
 ͏    Arithmetic overflow itself won't cause any real issue.
 ͏    That causes issues is the misuse of overflowed values.

 ͏    Also:
 ͏
 
https://github.com/FFmpeg/FFmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857
 ![1]
 ͏    The premise (of "ULONG_MAX") holds only in atypical compiling
 environment.
 ͏    Also tagged alike?
 ͏    [ Refer also:
 https://github.com/MasterInQuestion/talk/discussions/15#C-absurdity ]

 ͏    Is it "医之好治不病以为功"..?
 +    "Doctors favored curing non-ill as accomplishment"?

 [ ![1]
 ͏    The type casting here would be actually no-op.
 ͏    For the previous definition:
 
https://github.com/FFmpeg/FFmpeg/blob/7a089ed8e049e3bfcb22de1250b86f2106060857/libavformat/avidec.c#L1694
 ͏    `int64_t min_pos, pos;`
 ͏    .
 ͏    "pos" cannot hold anything larger than "int64_t" permits.
 ͏    Demonstrable alike:
 [[
 {{{#!c
 #include <stdio.h>
 #include <stdint.h>

     int main () {
     int32_t x = 2147483647;
     int32_t _ = x + (int64_t) 1;
     printf( "%d", _ );
     };
 }}}
 ]]
 ͏    Unsure what it really addresses:
 ͏
 
https://github.com/FFmpeg/FFmpeg/commit/108957c661f9e2dc35dea8d55e5e5b1776f4a303
 ]
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11537#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

Reply via email to