aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/s337m.c
diff options
context:
space:
mode:
authorAman Gupta <aman@tmm1.net>2018-10-05 11:36:51 -0700
committerAman Gupta <aman@tmm1.net>2018-10-16 11:54:52 -0700
commit8791a1e7de35d84fc12cc1a3adb131f5ad888245 (patch)
treeee62229be585f7f1b2462f46a5c30d80405d2bae /libavformat/s337m.c
parent70d0d83d4d61f4c85ff4fe75e24de94a27f61288 (diff)
downloadffmpeg-8791a1e7de35d84fc12cc1a3adb131f5ad888245.tar.gz
avcodec/cbs: ensure user_data is padded for GBC parsing
Fixes crash noticed in the cbs_userdata patchset. ====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748 READ of size 4 at 0x609000026c89 thread T0 #0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274 #1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119 #2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595 #3 0x105c1321d in output_packet ffmpeg.c:853 0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88) allocated by thread T0 here: #0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7) #1 0x10aca95e6 in av_malloc mem.c:87 #2 0x10ac545fe in av_buffer_allocz buffer.c:72 #3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722 #4 0x10725b688 in cbs_read_fragment_content cbs.c:155 Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 41ed2c384993da0cbc69657f05bec3c9b21b78bf)
Diffstat (limited to 'libavformat/s337m.c')
0 files changed, 0 insertions, 0 deletions