[FFmpeg-devel] [PATCH] Fix read past the end of ff_h264_cabac_tables

Michael Niedermayer michaelni at gmx.at
Sun Mar 23 18:23:00 CET 2014


On Sun, Mar 23, 2014 at 07:02:29PM +0400, Evgeniy Stepanov wrote:
> Hi,
> 
> this patch fixes a benign read past the end of global ff_h264_cabac_tables[].
> The code in decode_significance_8x8_x86 reads it 4 bytes at a time and
> can over-read the table by 1 byte to the right. See
> https://trac.ffmpeg.org/ticket/3490.
> 
> Please review.

the instruction the ticket points to reads 1 byte not 4 byte
where does the overread happen exactly?
do you have a testcase to reproduce this ?

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Concerning the gods, I have no means of knowing whether they exist or not
or of what sort they may be, because of the obscurity of the subject, and
the brevity of human life -- Protagoras
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140323/da69d3aa/attachment.asc>


More information about the ffmpeg-devel mailing list