Closed Bug 1152740 Opened 10 years ago Closed 5 years ago

h264dec can cause division by zero

Categories

(Core :: Audio/Video: GMP, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: hanno, Unassigned)

Details

Attachments

(1 file)

In certain circumstances the h264dec tool can trigger a division by zero in line 296 of h264dec.cpp. As the variable dElapsed is a double it won't crash. To see this one has to compile with undefined behaviour sanitizer. This should reproduce: make CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -fpic" LDFLAGS="-fsanitize=undefined -lpthread" dd if=/dev/zero bs=1 count=1 of=zero UBSAN_OPTIONS="print_stacktrace=1" ./h264dec zero out It's not really causing any issues, I'm just reporting it because it could confuse people looking for bugs with ubsan. Attached a patch (probably it could be done in some nicer way).

Thank you for the report and patch. Since this affects a command line tool not used in Firefox, if the issue still exists, it should be reported upstream: https://github.com/cisco/openh264.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: