Closed Bug 1182717 Opened 9 years ago Closed 9 years ago

OpenH264: ASan heap-buffer-overflow WRITE in WelsDec::DoErrorConSliceMVCopy

Categories

(Core :: Audio/Video: GMP, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-bounds, sec-high, testcase)

Attachments

(3 files, 2 obsolete files)

Attached file callstack.txt (obsolete) —
Depends on: 1170319
Attached file callstack_2.txt (obsolete) —
Severity: major → critical
tested openh264 branch v1.4-Firefox38, the bug is also in this branch.
This bug has been fixed in the latest version of openh264 master branch.
Keywords: sec-high
Group: core-security → media-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Found while fuzzing: https://github.com/cisco/openh264/commit/f9f2bbf805ebb82d0cc46dd79aade2dfb264f046
Group: core-security-release → media-core-security
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attached file call_stack.txt
Attachment #8632375 - Attachment is obsolete: true
Attachment #8633097 - Attachment is obsolete: true
Attached file test_case_2.264
We have fixed this bug in the master branch commit b37cda2 and openh264v1.5 branch commit d6b1680, please help to verify it.
Verified with commit b37cda2482.
Thanks, Tyson, for the verification. I'm marking this as "resolved now"
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: