OpenH264: NULL deref [@WelsDec::PrefetchPic]

RESOLVED FIXED

Status

External Software Affecting Firefox
OpenH264
--
critical
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: tsmith, Unassigned)

Tracking

(Blocks: 2 bugs, 4 keywords)

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(4 attachments)

Comment hidden (empty)
(Reporter)

Updated

3 years ago
Blocks: 948160, 959432
Severity: normal → critical
Keywords: crash, csectype-nullptr, testcase
Summary: WelsDec::DecodeCurrentAccessUnit → OpenH264: NULL deref [@OpeWelsDec::PrefetchPic]
(Reporter)

Comment 1

3 years ago
Created attachment 8633607 [details]
callstack.txt
(Reporter)

Comment 2

3 years ago
Created attachment 8633608 [details]
test_case.264

Updated

3 years ago
Depends on: 1170319

Comment 3

3 years ago
this bug exists in openh264 v1.4-Firefox38 branch and openh264 master branch

Comment 4

3 years ago
This bug has been fixed in the latest version of openh264 master branch.
(Reporter)

Comment 6

3 years ago
Created attachment 8638599 [details]
test_case-for_fix.264

Looks like I spoke too soon. I was able to find this issue again through fuzzing.
(Reporter)

Comment 7

3 years ago
Created attachment 8638601 [details]
call_stack-after _fix.txt
(Reporter)

Updated

2 years ago
See Also: → bug 1197888
(Reporter)

Updated

2 years ago
Group: core-security
Keywords: csectype-other
(Reporter)

Updated

2 years ago
Summary: OpenH264: NULL deref [@OpeWelsDec::PrefetchPic] → OpenH264: NULL deref [@WelsDec::PrefetchPic]

Updated

2 years ago
Group: core-security → media-core-security
(Reporter)

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.