Closed Bug 1229131 Opened 8 years ago Closed 8 years ago

FFMPEG: heap-buffer-overflow in [@check_intra_mode]

Categories

(Core :: Audio/Video: Playback, defect, P1)

defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Assigned: mozbugz)

References

Details

(Keywords: csectype-bounds, sec-other, testcase)

Attachments

(2 files)

Attached file call_stack.txt
Found fuzzing ffmpeg commit: 6b978dadc654906130de46a8b83b6f67f90d3e17
Attached file test_case.ivf
No longer depends on: 1229128
Assignee: nobody → gsquelart
Priority: -- → P1
cant reproduce with 
./ffmpeg -f ivf -i 1229131/test_case.ivf -f null -
nor
./ffmpeg -i 1229131/test_case.ivf -f null -
(In reply to Michael Niedermayer [:mn] from comment #2)
> cant reproduce with 
> ./ffmpeg -f ivf -i 1229131/test_case.ivf -f null -
> nor
> ./ffmpeg -i 1229131/test_case.ivf -f null -

See bug 1229128.

Try building with ASan or try running with Valgrind.
seems i have no luck reproducing this either
adding ronald as the stack trace suggests a vp9 issue
I cannot reproduce this after the fix from 1229128 was applied (I could before), so it's probably the same source issue.
Keywords: sec-other
Verified with patch (see bug 1229128) + commit 25e37f5ea92d4201976a59ae306ce848d257a7e6 (n2.9-dev-2076-g25e37f5)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: