Ticket #103 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Codecs uses CountImageDescriptionExtensionType

Reported by: roine@users.sf.net Assigned to:
Priority: normal Milestone: 1.0
Component: Codec Version:
Severity: major Keywords:
Cc:

Description (Last modified by tick)

CountImageDescriptionExtensionType will crash the player if the extension structure is wrong. This is unfortunately very common (for example recent FFmpeg produces them). Please don't use it; write your own version of it that makes sure not to read past the size of the extension block. 

Thread 0 Crashed:
0   com.apple.QuickTime            	0x9436d66e CountImageDescriptionExtensionType + 456
1   org.perian.Perian              	0x1534c90a FFusionCodecPreflight + 2032 (FFusionCodec.c:576)

Attachments

broken.mov (1.0 kB) - added by anonymous on 02/04/07 13:38:37.

Change History

02/04/07 13:38:37 changed by anonymous

  • attachment broken.mov added.

02/04/07 13:43:48 changed by astrange

Isn't this a QT bug? Especially if a system codec uses one, then it would be a security problem (can crash the browser).

05/02/07 09:53:39 changed by tick

  • milestone set to 1.1.

We need to either have a plan to address this, or close this, by time 1.1 is closed.

05/03/07 13:56:55 changed by astrange

  • severity changed from normal to major.
  • milestone changed from 1.1 to 1.0.

There are actual podcasts that do this, so I'm moving it up.

I guess we fix it here, then report it as a security problem.

05/03/07 13:59:05 changed by sky

http://www.ninjatune.net/solidsteel/rss.xml Solid Steel Podcast #56 http://ninjatune.cachefly.net/sspodcasts/56_SolidSteel_-_Podcast.mp3

05/03/07 14:21:25 changed by tick

  • description changed.

Fixing the description

05/16/07 11:12:41 changed by gbooker

  • status changed from new to closed.
  • resolution set to fixed.

(In [506]) Use our own parse for the image description extensions.

Fixes #103