Opened 5 years ago

Closed 5 years ago

#3490 closed defect (invalid)

Read past the end of ff_h264_cabac_tables

Reported by: eugenis Owned by:
Priority: minor Component: avcodec
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This code in decode_significance_8x8_x86 can read one byte past the end of the global "ff_h264_cabac_tables":

libavcodec/x86/h264_i386.h:158

#ifdef BROKEN_RELOCATIONS

"movzbl %c14(%15, %q6), %k6\n\t"

The read is aligned, so it would never cause a page fault, and the value of the extra byte does not seem to affect output bits in any way. Still, I'd appreciate if it was fixed by extending the table by one extra byte, as in the attached patch.

This was detected with AddressSanitizer?.

Attachments (1)

1.patch (840 bytes) - added by eugenis 5 years ago.
proposed fix

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by eugenis

proposed fix

comment:1 Changed 5 years ago by cehoyos

Please send your patch to the ffmpeg-devel mailing list where it will be reviewed.

comment:2 Changed 5 years ago by eugenis

  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.