Closed Bug 1184396 Opened 9 years ago Closed 9 years ago

OpenH264: ASan global-buffer-overflow in WelsDec::CavlcGetTrailingOnesAndTotalCoeff

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-bounds, sec-critical, testcase)

Attachments

(2 files, 1 obsolete file)

test_case.264
6.13 KB, application/octet-stream
Details
call_stack_f30ad4e.txt
6.60 KB, text/plain
Details
Attached file call_stack.txt (obsolete) — 
      No description provided.
Assignee: infra → nobody
Group: mozilla-employee-confidential → core-security
Component: Infrastructure: OpenVPN → OpenH264
Product: Infrastructure & Operations → Plugins
QA Contact: jdow
Version: other → unspecified
Attached file test_case.264 

    
  
Depends on: 1170319

    
    

    
  
This bug has been fixed in the latest version of openh264 master branch.

    
    

    
  

      
      
      
      

        Attached file
          
        call_stack_f30ad4e.txt
      

    


  
This issue is still reproducible with https://github.com/cisco/openh264/commit/f30ad4e512e84a1376f5223f9a450c075e0b0df9

        Attachment #8634494 -
        Attachment is obsolete: true

    
    

    
  
This doesn't affect the v1.4-Firefox38 branch.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED

    
  
Group: core-security → core-security-release
Group: core-security-release
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: