qinzhuo (C)
2018-07-02 13:53:06 UTC
Hi:
In the using the speex software, we found that the "speex_alloc" of the code did not check whether the memory was allocated and used it directly. Is there a security risk? Is there a solution for this?
For example(Attached code screenshot):
speex-1.2rc1: sb_celp.c Line From 242 to 251. (in function sb_encoder_init)
-----邮件原件-----
发件人: Jean-Marc Valin [mailto:***@jmvalin.ca]
发送时间: 2018年3月20日 6:46
收件人: qinzhuo (C) <***@huawei.com>; speex-***@xiph.org
抄送: Gaozhendong <***@hisilicon.com>; Zhangxiaolong (C) <***@hisilicon.com>
主题: Re: [Speex-dev] hello speex官网
Cheers,
Jean-Marc
In the using the speex software, we found that the "speex_alloc" of the code did not check whether the memory was allocated and used it directly. Is there a security risk? Is there a solution for this?
For example(Attached code screenshot):
speex-1.2rc1: sb_celp.c Line From 242 to 251. (in function sb_encoder_init)
-----邮件原件-----
发件人: Jean-Marc Valin [mailto:***@jmvalin.ca]
发送时间: 2018年3月20日 6:46
收件人: qinzhuo (C) <***@huawei.com>; speex-***@xiph.org
抄送: Gaozhendong <***@hisilicon.com>; Zhangxiaolong (C) <***@hisilicon.com>
主题: Re: [Speex-dev] hello speex官网
Learned from the official website, Speex replaced by opus. We want to
confirm whether Speex can continue to use? If there is a significant
security risk or vulnerability, will the official website update Speex
software?
You can absolutely continue to use Speex for as long as you want. Given that Opus is much better than Speex, it makes little sense to develop new products based on Speex, but for things that already use Speex, it often makes sense to keep it. Although we have stopped improving it, it is still being maintained. We are not aware of any security vulnerability in the current version, but should we become aware of one, we would promptly fix it and make a new release.confirm whether Speex can continue to use? If there is a significant
security risk or vulnerability, will the official website update Speex
software?
Cheers,
Jean-Marc