- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
I'm using the H.264 decoder from audio-video-codecs, version 7.0.6.
In the method BuildNALUnit() in umc_h264_nal_spl.cpp, line 544, there is no check for the size of the input buffer in the call to memcpy. We've found an MPEG-4 clip whose prefix length is invalid for one sample in the file (generated from a Casio Digital Camera). This cause a crash since the input buffer is accessed outside of its length. Alsoa huge output buffer is allocated before the crash.
Proposal: rewrite the BuildNALUnit to take a MediaData in place of a raw buffer for the buf parameter and check that the prefix length match the buffer length before doing allocating and copying memory around.
Cheers,
Pascal
PS: Can somebody fix the incorrectly spelled "lenght"found inthe source code?
PS2: Sorry for my bad english.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have attached a file as a private message.
Thanks,
Pascal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much for the time taken to look into the issue. I will try to patch my version and let you know if this fix the problem. I'm not using the IPP mp4 splitter, only the decoder.
I will keep you posted.
Pascal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page