FFMPEG: index out of bounds in [@prefetch_motion]

RESOLVED FIXED

Status

()

Core
Audio/Video: Playback
--
critical
RESOLVED FIXED
3 years ago
a year ago

People

(Reporter: tsmith, Unassigned)

Tracking

(Blocks: 1 bug, {csectype-bounds, sec-other, testcase})

Trunk
csectype-bounds, sec-other, testcase
Points:
---

Firefox Tracking Flags

(firefox45 affected)

Details

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8695419 [details]
call_stack.txt

Found fuzzing ffmpeg commit: 259c71c199e9b4ea89bf4cb90ed0e207ddc9dff7

This is an Undefined behavior sanitizer (UBSan) runtime error.

libavcodec/h264_mb.c:493:25: runtime error: index 63 out of bounds for type 'H264Ref [48]'

Run this command with an UBSan build:
$ ./ffmpeg -v 0 -nostats -f h264 -i test_case.264 -f null -
(Reporter)

Comment 1

3 years ago
Created attachment 8695420 [details]
test_case.264
Fixed in c8ea57664fe3ad611c9ecd234670544ddff7ca55
(Reporter)

Comment 3

3 years ago
Thanks Michael.
Group: media-core-security
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Comment 4

3 years ago
Oops I guess I shouldn't clear the sec flag without asking first.
Group: media-core-security
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.