[vorbis-dev] Will Vorbis happily decode packets with random data?

Gregory Maxwell greg at linuxpower.cx
Wed Aug 8 09:51:33 PDT 2001



On Wed, Aug 08, 2001 at 12:28:09PM -0400, Martin C. Martin wrote:
> I'm assuming the decoder doesn't have any bugs that can be exploited in
> this way.  I'm writing a Vorbis downloader for Unreal Tournament, and
> the danger is that some of the other functionality in UT can be used to
> extract, then run, a portion of a downloaded file.  It's a remote
> possibility, but I'd make a lot of people happy if i could say "there's
> no executable code in this file longer than 16 bytes."

Unfortunatly thats not possible. You could very reasonibly have totaly valid
music data that Vorbis encoded to distructive program OPcodes for the
platform of your choice. Of course, the chance of finding this becomes
vanishingly small as the code sequence becomes longer... Thought it doesn't
take much, I can wipe a windows box with less then 16bytes.

Your only solution is to place any code which can execute downloaded code in
a sandbox. The Unreal Tournament engine is misdesigned if it doesn't allow
for this.

--- >8 ----
List archives:  http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Vorbis-dev mailing list