Opened 11 years ago
Closed 11 years ago
#3490 closed defect (invalid)
Read past the end of ff_h264_cabac_tables
Reported by: | Evgeniy Stepanov | Owned by: | |
---|---|---|---|
Priority: | minor | Component: | avcodec |
Version: | git-master | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
This code in decode_significance_8x8_x86 can read one byte past the end of the global "ff_h264_cabac_tables":
libavcodec/x86/h264_i386.h:158
#ifdef BROKEN_RELOCATIONS
"movzbl %c14(%15, %q6), %k6\n\t"
The read is aligned, so it would never cause a page fault, and the value of the extra byte does not seem to affect output bits in any way. Still, I'd appreciate if it was fixed by extending the table by one extra byte, as in the attached patch.
This was detected with AddressSanitizer.
Attachments (1)
Change History (3)
by , 11 years ago
comment:1 by , 11 years ago
Please send your patch to the ffmpeg-devel mailing list where it will be reviewed.
comment:2 by , 11 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
proposed fix