[FFmpeg-trac] #3490(avcodec:new): Read past the end of ff_h264_cabac_tables
FFmpeg
trac at avcodec.org
Sun Mar 23 15:51:49 CET 2014
#3490: Read past the end of ff_h264_cabac_tables
---------------------------------+--------------------------------------
Reporter: eugenis | Type: defect
Status: new | Priority: minor
Component: avcodec | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
---------------------------------+--------------------------------------
This code in decode_significance_8x8_x86 can read one byte past the end of
the global "ff_h264_cabac_tables":
libavcodec/x86/h264_i386.h:158
#ifdef BROKEN_RELOCATIONS
"movzbl %c14(%15, %q6), %k6\n\t"
The read is aligned, so it would never cause a page fault, and the value
of the extra byte does not seem to affect output bits in any way. Still,
I'd appreciate if it was fixed by extending the table by one extra byte,
as in the attached patch.
This was detected with AddressSanitizer.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3490>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list