diff options
author | Aman Gupta <aman@tmm1.net> | 2018-10-05 11:36:51 -0700 |
---|---|---|
committer | Aman Gupta <aman@tmm1.net> | 2018-10-16 11:54:52 -0700 |
commit | 8791a1e7de35d84fc12cc1a3adb131f5ad888245 (patch) | |
tree | ee62229be585f7f1b2462f46a5c30d80405d2bae /libavformat/dauddec.c | |
parent | 70d0d83d4d61f4c85ff4fe75e24de94a27f61288 (diff) | |
download | ffmpeg-8791a1e7de35d84fc12cc1a3adb131f5ad888245.tar.gz |
avcodec/cbs: ensure user_data is padded for GBC parsing
Fixes crash noticed in the cbs_userdata patchset.
====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748
READ of size 4 at 0x609000026c89 thread T0
#0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274
#1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119
#2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595
#3 0x105c1321d in output_packet ffmpeg.c:853
0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88)
allocated by thread T0 here:
#0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7)
#1 0x10aca95e6 in av_malloc mem.c:87
#2 0x10ac545fe in av_buffer_allocz buffer.c:72
#3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722
#4 0x10725b688 in cbs_read_fragment_content cbs.c:155
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 41ed2c384993da0cbc69657f05bec3c9b21b78bf)
Diffstat (limited to 'libavformat/dauddec.c')
0 files changed, 0 insertions, 0 deletions