Closed Bug 1215757 Opened 6 years ago Closed 6 years ago

OpenH264: UBSan signed integer overflow in [@WelsDec::ParseResidualBlockCabac]

Categories

(External Software Affecting Firefox :: OpenH264, defect)

defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-intoverflow, sec-audit, testcase)

Attachments

(4 files)

Attached file call_stack.txt
codec/decoder/core/src/parse_mb_syn_cabac.cpp:945:53: runtime error: signed integer overflow: 65978130 * 512 cannot be represented in type 'int'
Attached file test_case.264
I have removed this undefined-behavior warning in the commit 3ee8784 at master branch, and the newest version of openh264v1.5 branch and v1.5-Firefox39 branch. Please help to verify it.
Verified with commit: 3ee8784c0
Keywords: sec-audit
Duplicate of this bug: 1224081
This was just uncovered again using this commit: https://github.com/cisco/openh264/commit/1a2606f45d36c7ae030826c4e0859052c5d9486b
Attached file test_case_2.264
Attached file call_stack_2.txt
See Also: → 1260800
This was fixed ages ago but never marked. Another bug with the same stack was uncovered (bug 1260800).
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.