Closed Bug 1182718 Opened 9 years ago Closed 9 years ago

OpenH264: ASan heap-buffer-overflow READ in WelsDec::GetAvilInfoFromCorrectMb

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-bounds, sec-high, testcase)

Attachments

(3 files, 1 obsolete file)

test_case.264
3.52 KB, application/octet-stream
Details
call_stack.txt
5.17 KB, text/plain
Details
test_case_2.264
112 bytes, application/octet-stream
Details
Attached file callstack.txt (obsolete) — 

    
  
Depends on: 1170319

    
    

    
  
tested openh264 branch v1.4-Firefox38, the bug is also in this branch.

    
    

    
  
This bug has been fixed in the latest version of openh264 master branch.
Keywords: sec-high

    
  
Group: core-security → media-core-security

    
  
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release

    
    

    
  
I came across this bug again while fuzzing https://github.com/cisco/openh264/commit/f9f2bbf805ebb82d0cc46dd79aade2dfb264f046
Group: core-security-release → media-core-security
Severity: normal → critical
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  

      
      
      
      

        Attached file
          
        call_stack.txt
      

    


  

        Attachment #8632374 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached file
          
        test_case_2.264
      

    


  

    
    

    
  
We have fixed this bug in the master branch commit b37cda2 and openh264v1.5 branch commit d6b1680, please help to verify it.

    
    

    
  
Verified with commit b37cda2482.

    
    

    
  
Thanks, I'm marking it as resolved now.
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release

    
  
See Also:  → 1227337
Group: core-security-release
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: