Closed Bug 1183756 Opened 9 years ago Closed 9 years ago

OpenH264: NULL deref [@WelsDec::PrefetchPic]

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(4 files)

callstack.txt
2.54 KB, text/plain
Details
test_case.264
4.50 KB, application/octet-stream
Details
test_case-for_fix.264
4.55 KB, application/octet-stream
Details
call_stack-after _fix.txt
2.53 KB, text/plain
Details
No description provided.
Blocks: WebRTC-OpenH264, fuzzing-openh264
Severity: normal → critical
Keywords: crash, csectype-nullptr, testcase
Summary: WelsDec::DecodeCurrentAccessUnit → OpenH264: NULL deref [@OpeWelsDec::PrefetchPic]
Attached file callstack.txt
Attached file test_case.264
Depends on: 1170319
this bug exists in openh264 v1.4-Firefox38 branch and openh264 master branch
This bug has been fixed in the latest version of openh264 master branch.
Attached file test_case-for_fix.264
Looks like I spoke too soon. I was able to find this issue again through fuzzing.
See Also: → 1197888
Group: core-security
Keywords: csectype-other
Summary: OpenH264: NULL deref [@OpeWelsDec::PrefetchPic] → OpenH264: NULL deref [@WelsDec::PrefetchPic]
Group: core-security → media-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: