Closed
Bug 1152740
Opened 10 years ago
Closed 5 years ago
h264dec can cause division by zero
Categories
(Core :: Audio/Video: GMP, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: hanno, Unassigned)
Details
Attachments
(1 file)
456 bytes,
patch
|
Details | Diff | Splinter Review |
In certain circumstances the h264dec tool can trigger a division by zero in line 296 of h264dec.cpp. As the variable dElapsed is a double it won't crash. To see this one has to compile with undefined behaviour sanitizer.
This should reproduce:
make CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -fpic" LDFLAGS="-fsanitize=undefined -lpthread"
dd if=/dev/zero bs=1 count=1 of=zero
UBSAN_OPTIONS="print_stacktrace=1" ./h264dec zero out
It's not really causing any issues, I'm just reporting it because it could confuse people looking for bugs with ubsan. Attached a patch (probably it could be done in some nicer way).
Comment 1•5 years ago
|
||
Thank you for the report and patch. Since this affects a command line tool not used in Firefox, if the issue still exists, it should be reported upstream: https://github.com/cisco/openh264.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•2 years ago
|
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•