Closed Bug 1230286 Opened 10 years ago Closed 10 years ago

FFMPEG: signed integer overflow in [@ff_h264_direct_ref_list_init]

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-intoverflow, sec-other, testcase)

Attachments

(2 files)

test_case.264
1.67 KB, text/x-matlab
Details
call_stack.txt
1.31 KB, text/plain
Details
Found fuzzing ffmpeg commit: 259c71c199e9b4ea89bf4cb90ed0e207ddc9dff7 This is an Undefined behavior sanitizer (UBSan) runtime error. libavcodec/h264_direct.c:140:27: runtime error: signed integer overflow: 2147483647 - -8150 cannot be represented in type 'int' Run this command with an UBSan build: $ ./ffmpeg -v 0 -nostats -f h264 -i test_case.264 -f null -
Attached file test_case.264
Attached file call_stack.txt
this doesnt look security relevant
Group: media-core-security
Should be fixed in upstream commit 77a644e6fa4aaeb2c26cfaa0e8ec3b19829b8d88. Tyson, could you please verify?
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(twsmith)
Resolution: --- → FIXED
Verified.
Flags: needinfo?(twsmith)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: