Closed Bug 1215715 Opened 9 years ago Closed 9 years ago

OpenH264: UBSan signed integer overflow in [WelsDec::BsGetUe]

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-intoverflow, sec-audit, testcase)

Attachments

(2 files)

call_stack.txt
1.69 KB, text/plain
Details
test_case.264
331 bytes, application/octet-stream
Details
Attached file call_stack.txt 
codec/decoder/core/inc/dec_golomb.h:182:37: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Attached file test_case.264 

    
    

    
  
I have removed this undefined-behavior warning in the commit 3ee8784 at master branch, and the newest version of openh264v1.5 branch and v1.5-Firefox39 branch. Please help to verify it.

    
    

    
  
Verified with commit: 3ee8784c0

    
  
Keywords: sec-audit

    
  
Keywords: csectype-intoverflow

    
  
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: