Date: Tue, 4 Oct 2016 18:11:42 -0500 From: Brandon Perry <bperry.volatile@...il.com> To: oss-security@...ts.openwall.com Cc: fulldisclosure@...lists.org Subject: Handful of libass issues The open source libass library is used to read and render subtitles onto images or frames of a movie. It is a popular library used in a few well-known media players. It seems it is usually shipped statically? Not sure. https://github.com/libass/libass <https://github.com/libass/libass> Attached are 4 test cases and their asan/valgrind results tested against version 0.13.3. One is in wrap_lines_smart() (https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26 <https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26>). One is coeff_blur121() (https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75 <https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75>). The third is a huge memory allocation leading to a crash that wasn’t fixed because a good solution is unavailable at the moment. The fourth is in check_allocations() (https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b <https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b>). These should be fixed in the 0.13.4 release, but are fixed currently on master. Thanks to the libass team for the quick turnaround. Of note, there seems to have been an old PR to potentially resolve the wrap_lines_smart() issue, but there seems to be some confusion regarding it. https://github.com/libass/libass/pull/229 <https://github.com/libass/libass/pull/229> The PR to fix the issues except the memory DoS is at: https://github.com/libass/libass/pull/240 <https://github.com/libass/libass/pull/240> Let me know if you have any issues reproducing. Content of type "text/html" skipped Download attachment "samples.zip" of type "application/zip" (21293 bytes) Content of type "text/html" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ