Re: [libav-devel] [PATCH] AMV: Fix possibly exploitable crash.

Thu, 28 Apr 2011 10:21:05 -0700 

On Thu, Apr 28, 2011 at 4:32 AM, Reinhard Tartler <siret...@tauware.de> wrote:
> On Wed, Apr 27, 2011 at 03:37:27PM -0400, Justin Ruggles wrote:
>> On 04/27/2011 03:25 PM, Reinhard Tartler wrote:
>>
>> > From: Michael Niedermayer <michae...@gmx.at>
>> >
>> > Reported-at: Thu, 21 Apr 2011 14:38:25 +0000
>> > Reported-by: Dominic Chell <dominic.ch...@ngssecure.com>
>> > Signed-off-by: Michael Niedermayer <michae...@gmx.at>
>> > (cherry picked from commit 89f903b3d5ec38c9c5d90fba7e626fa0eda61a32)
>> > (cherry picked from commit 9b919571e506fbb72b81a35ca1e7c1bd6efc4209)
>> > ---
>> >  libavcodec/sp5xdec.c |    3 +--
>> >  1 files changed, 1 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/libavcodec/sp5xdec.c b/libavcodec/sp5xdec.c
>> > index e2c371a..3d01020 100644
>> > --- a/libavcodec/sp5xdec.c
>> > +++ b/libavcodec/sp5xdec.c
>> > @@ -86,7 +86,6 @@ static int sp5x_decode_frame(AVCodecContext *avctx,
>> >      recoded[j++] = 0xFF;
>> >      recoded[j++] = 0xD9;
>> >
>> > -    avctx->flags &= ~CODEC_FLAG_EMU_EDGE;
>> >      av_init_packet(&avpkt_recoded);
>> >      avpkt_recoded.data = recoded;
>> >      avpkt_recoded.size = j;
>> > @@ -121,6 +120,6 @@ AVCodec ff_amv_decoder = {
>> >      NULL,
>> >      ff_mjpeg_decode_end,
>> >      sp5x_decode_frame,
>> > -    CODEC_CAP_DR1,
>> > +    0,
>> >      .long_name = NULL_IF_CONFIG_SMALL("AMV Video"),
>> >  };
>>
>>
>> The log message explains nothing.  What was the issue?  How is it
>> related to CODEC_CAP_DR1 and CODEC_FLAG_EMU_EDGE?  Why change
>> ff_amv_decoder and not ff_sp5x_decoder?
>
> No idea, and I'm not able to fill in the missing information. What shall
> we do about this patch now? It seems that it has been picked up by Bugtraq:
> http://seclists.org/bugtraq/2011/Apr/257
>
> And I have a request from the Debian security team to include this
> patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
>

> NGS Secure is going to withhold details of this flaw for three months.
> This three month window will allow users the time needed to apply the
> patch before the details are released to the general public. This
> reflects the NGS Secure approach to responsible disclosure.

I would complain to NGS about their "responsible disclosure" policy.
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to