Closed Bug 1230276 Opened 8 years ago Closed 8 years ago

FFMPEG: index out of bounds in [@prefetch_motion]

Categories

(Core :: Audio/Video: Playback, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-bounds, sec-other, testcase)

Attachments

(2 files)

Attached file call_stack.txt
Found fuzzing ffmpeg commit: 259c71c199e9b4ea89bf4cb90ed0e207ddc9dff7

This is an Undefined behavior sanitizer (UBSan) runtime error.

libavcodec/h264_mb.c:493:25: runtime error: index 63 out of bounds for type 'H264Ref [48]'

Run this command with an UBSan build:
$ ./ffmpeg -v 0 -nostats -f h264 -i test_case.264 -f null -
Attached file test_case.264
Fixed in c8ea57664fe3ad611c9ecd234670544ddff7ca55
Thanks Michael.
Group: media-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Oops I guess I shouldn't clear the sec flag without asking first.
Group: media-core-security
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: