Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Oct 2016 18:11:42 -0500
From: Brandon Perry <bperry.volatile@...il.com>
To: oss-security@...ts.openwall.com
Cc: fulldisclosure@...lists.org
Subject: Handful of libass issues

The open source libass library is used to read and render subtitles onto images or frames of a movie. It is a popular library used in a few well-known media players. It seems it is usually shipped statically? Not sure.

https://github.com/libass/libass <https://github.com/libass/libass>

Attached are 4 test cases and their asan/valgrind results tested against version 0.13.3. 

One is in wrap_lines_smart() (https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26 <https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26>).

One is coeff_blur121() (https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75 <https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75>).

The third is a huge memory allocation leading to a crash that wasn’t fixed because a good solution is unavailable at the moment.

The fourth is in check_allocations() (https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b <https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b>).

These should be fixed in the 0.13.4 release, but are fixed currently on master. Thanks to the libass team for the quick turnaround. 

Of note, there seems to have been an old PR to potentially resolve the wrap_lines_smart() issue, but there seems to be some confusion regarding it.

https://github.com/libass/libass/pull/229 <https://github.com/libass/libass/pull/229>

The PR to fix the issues except the memory DoS is at:

https://github.com/libass/libass/pull/240 <https://github.com/libass/libass/pull/240>


Let me know if you have any issues reproducing.



[ CONTENT OF TYPE text/html SKIPPED ]

[ CONTENT OF TYPE application/zip SKIPPED ]

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ