diff options
author | Aman Gupta <aman@tmm1.net> | 2018-10-05 11:36:51 -0700 |
---|---|---|
committer | Aman Gupta <aman@tmm1.net> | 2018-10-15 11:52:54 -0700 |
commit | 41ed2c384993da0cbc69657f05bec3c9b21b78bf (patch) | |
tree | 0c3dbb9f2fe7fcdfb1c0b37abee72432520bf61d /libavformat/mpjpeg.c | |
parent | b6c3a02740871f4992ab7c34a95dfa53a56ba382 (diff) | |
download | ffmpeg-41ed2c384993da0cbc69657f05bec3c9b21b78bf.tar.gz |
avcodec/cbs: ensure user_data is padded for GBC parsing
Fixes crash noticed in the cbs_userdata patchset.
====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748
READ of size 4 at 0x609000026c89 thread T0
#0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274
#1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119
#2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595
#3 0x105c1321d in output_packet ffmpeg.c:853
0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88)
allocated by thread T0 here:
#0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7)
#1 0x10aca95e6 in av_malloc mem.c:87
#2 0x10ac545fe in av_buffer_allocz buffer.c:72
#3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722
#4 0x10725b688 in cbs_read_fragment_content cbs.c:155
Signed-off-by: Aman Gupta <aman@tmm1.net>
Diffstat (limited to 'libavformat/mpjpeg.c')
0 files changed, 0 insertions, 0 deletions