Closed Bug 1227375 Opened 9 years ago Closed 9 years ago

OpenH264: SEGV on unknown address in [@WelsDec::DoErrorConSliceMVCopy]

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [sg:dos])

Attachments

(2 files)

call_stack.txt
1.91 KB, text/plain
Details
test_case.264
179 bytes, application/octet-stream
Details
Found with commit: 2d3071e37cd17d44b05abcac9abb577b91d5349a Built with 'sDecParam.bParseOnly=true;' set in h264dec.cpp USE_ASM=No
Attached file call_stack.txt
Attached file test_case.264
Hi Tyson, all recent bugs for parseonly=true are caused by the same reason by "wrongly calling API". We are fixing it. Please wait for a moment for this kind of tests. btw: as the flag bParseOnly is assigned as 0 in gmpopenh264, so it will not affect FF code.
(In reply to wayne from comment #3) > Hi Tyson, all recent bugs for parseonly=true are caused by the same reason > by "wrongly calling API". We are fixing it. Please wait for a moment for > this kind of tests. Ok I'll hold off before I log the rest. > btw: as the flag bParseOnly is assigned as 0 in gmpopenh264, so it will not > affect FF code. I figured the bParseOnly bugs didn't affect the ff plugin but I thought I should log them :)
Verified with commit: 404315ab19583db6bdee91efacee714801007c7e
Keywords: sec-audit
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
See Also: → 1227341
See Also: → 1227337
See Also: → 1227329
See Also: → 1227328
See Also: → 1227324
Depends on: 1223891
Depends on: 1233495
No longer depends on: 1223891
Whiteboard: [sg:dos]
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: