Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mvcdec: Heap overflow in 'ih264d_read_coeff4x4_cabac' #98

Merged
merged 1 commit into from
May 7, 2024
Merged

mvcdec: Heap overflow in 'ih264d_read_coeff4x4_cabac' #98

merged 1 commit into from
May 7, 2024

Conversation

AshwinNatesan-ittiam
Copy link
Contributor

In some erroneous fuzzer bistreams, the slice data requires more parsing than what was implied by the distance between successive start codes. The primary culprit is the NEXTBITS macro which requires reading 4 additional bytes of the bitstream buffer. To alleviate this, 4 bytes per 4x4 TU have been additionally allocated to the bitstream buffer.

Bug = ossfuzz:66989
Test: mvc_dec_fuzzer

@AshwinNatesan-ittiam
mvcdec: Heap overflow in 'ih264d_read_coeff4x4_cabac'
dcac671 
In some erroneous fuzzer bistreams, the slice data requires more
parsing than what was implied by the distance between successive
start codes. The primary culprit is the NEXTBITS macro which requires
reading 4 additional bytes of the bitstream buffer. To alleviate
this, 4 bytes per 4x4 TU have been additionally allocated to the
bitstream buffer.

Bug = ossfuzz:66989
Test: mvc_dec_fuzzer
@harishdm harishdm merged commit 72315c1 into ittiam-systems:main May 7, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AshwinNatesan-ittiam @harishdm