[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oss-security] Handful of libass issues



The open source libass library is used to read and render subtitles onto images or frames of a movie. It is a popular library used in a few well-known media players. It seems it is usually shipped statically? Not sure.

https://github.com/libass/libass

Attached are 4 test cases and their asan/valgrind results tested against version 0.13.3. 

One is in wrap_lines_smart() (https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26).

One is coeff_blur121() (https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75).

The third is a huge memory allocation leading to a crash that wasn’t fixed because a good solution is unavailable at the moment.

The fourth is in check_allocations() (https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b).

These should be fixed in the 0.13.4 release, but are fixed currently on master. Thanks to the libass team for the quick turnaround. 

Of note, there seems to have been an old PR to potentially resolve the wrap_lines_smart() issue, but there seems to be some confusion regarding it.

https://github.com/libass/libass/pull/229

The PR to fix the issues except the memory DoS is at:

https://github.com/libass/libass/pull/240


Let me know if you have any issues reproducing.


Attachment: samples.zip
Description: Zip archive