Closed Bug 1182718 Opened 7 years ago Closed 6 years ago

OpenH264: ASan heap-buffer-overflow READ in WelsDec::GetAvilInfoFromCorrectMb

Categories

(External Software Affecting Firefox :: OpenH264, defect)

defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-bounds, sec-high, testcase)

Attachments

(3 files, 1 obsolete file)

Attached file callstack.txt (obsolete) —
Depends on: 1170319
tested openh264 branch v1.4-Firefox38, the bug is also in this branch.
This bug has been fixed in the latest version of openh264 master branch.
Keywords: sec-high
Group: core-security → media-core-security
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
I came across this bug again while fuzzing https://github.com/cisco/openh264/commit/f9f2bbf805ebb82d0cc46dd79aade2dfb264f046
Group: core-security-release → media-core-security
Severity: normal → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attached file call_stack.txt
Attachment #8632374 - Attachment is obsolete: true
Attached file test_case_2.264
We have fixed this bug in the master branch commit b37cda2 and openh264v1.5 branch commit d6b1680, please help to verify it.
Verified with commit b37cda2482.
Thanks, I'm marking it as resolved now.
Status: REOPENED → RESOLVED
Closed: 6 years ago6 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
See Also: → 1227337
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.