On Sat, Oct 14, 2017 at 8:02 PM, Ronald S. Bultje <rsbul...@gmail.com> wrote: > Hi Umair, > > On Sat, Oct 14, 2017 at 9:59 AM, Umair Khan <omerj...@gmail.com> wrote: > >> I tested the file which Michael sent. The thing is that I'm getting >> error in decoding that file in both the cases, with or without the >> patch. I will begin debugging this issue, however I think the file >> which Michael sent has got nothing to do with the patch in this >> thread. >> > > I don't think the file is meant to be decoded correctly, it's a specially > crafted file to demonstrate that certain codepaths (triggered by files such > as this) can be used to trigger unwanted behaviour (overreads, overwrites, > etc.). Eventually, combinations of such files can be used to break into > your system with specially crafted media files (yes, really). > > Your patch introduces such a security issue (since it's triggered by the > file after, but not before the patch). This must be fixed before the patch > can be committed.
Okay. You mean the file isn't supposed to be decoded and that the als decoder should output the proper error message instead of breaking at a random point. Am I getting it correct? -Umair _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
