[Bug 755167] New: [vorbisenc] Stack overflow with large input METADATA_BLOCK_PICTURE
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Thu Sep 17 09:38:13 PDT 2015
https://bugzilla.gnome.org/show_bug.cgi?id=755167
Bug ID: 755167
Summary: [vorbisenc] Stack overflow with large input
METADATA_BLOCK_PICTURE
Classification: Platform
Product: GStreamer
Version: 1.x
OS: Mac OS
Status: NEW
Severity: normal
Priority: Normal
Component: gst-plugins-base
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: i80and at gmail.com
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
> gst-launch-1.0 filesrc location=Burn\ The\ Sky.mp3 ! decodebin ! audioconvert ! vorbisenc ! fakesink
> Setting pipeline to PAUSED ...
> Pipeline is PREROLLING ...
> Redistribute latency...
> Bus error: 10
Crash occurs because gst_vorbis_enc_metadata_set1() calls
vorbis_comment_add_tag() with arbitrarily large data taken from the input file
(in this case, the tag METADATA_BLOCK_PICTURE has size 1,063,488).
vorbis_comment_add_tag() will allocate a new buffer with alloca(), causing a
stack overflow.
I have a bug open for libvorbis (https://trac.xiph.org/ticket/2221) since
replacing alloca() with _ogg_alloc() resolves the issue, but it may be worth
working around this on the gstreamer side.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list