Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

xiph/opus
main @ 3da9f7a
23
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Memory Corruption: 7 prior fixes. Scrutinize any change in this area.
libcelt: most-fixed (2 issues). Treat as high-risk during review.
8 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Memory Corruption: 16-bit integer overflows when handling large frame size and channel count combinations in multistream copy APIs can lead to severe memory corruption. Developers must ensure type widening and strict configuration limits are applied to prevent these overflows.
Memory Corruption: Incorrect index arithmetic and buffer layout validation when computing collapse masks (using static indices instead of multi-channel C-multipliers) can lead to out-of-bounds writes on mono and stereo transitions.
Out-of-bounds Read: Integer overflows and out-of-bounds reads can occur during lacing accumulation in the extension parser when handling malformed packets with crafted extension lengths. Robust validation of the data pointer and packet boundaries is critical.