Opened 11 years ago

Closed 11 years ago

#3490 closed defect (invalid)

Read past the end of ff_h264_cabac_tables

Reported by: Evgeniy Stepanov Owned by:
Priority: minor Component: avcodec
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This code in decode_significance_8x8_x86 can read one byte past the end of the global "ff_h264_cabac_tables":

libavcodec/x86/h264_i386.h:158

#ifdef BROKEN_RELOCATIONS

"movzbl %c14(%15, %q6), %k6\n\t"

The read is aligned, so it would never cause a page fault, and the value of the extra byte does not seem to affect output bits in any way. Still, I'd appreciate if it was fixed by extending the table by one extra byte, as in the attached patch.

This was detected with AddressSanitizer.

Attachments (1)

1.patch (840 bytes ) - added by Evgeniy Stepanov 11 years ago.
proposed fix

Download all attachments as: .zip

Change History (3)

by Evgeniy Stepanov, 11 years ago

Attachment: 1.patch added

proposed fix

comment:1 by Carl Eugen Hoyos, 11 years ago

Please send your patch to the ffmpeg-devel mailing list where it will be reviewed.

comment:2 by Evgeniy Stepanov, 11 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.