commit | 72315c11ac595a73d3b629cc36647327156d5875 | [log] [tgz] |
---|---|---|
author | Ashwin Natesan <ashwin.natesan@ittiam.com> | Mon Feb 26 14:02:06 2024 +0530 |
committer | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | Tue May 07 11:48:55 2024 -0700 |
tree | 00ceab08f604b516784e7064830d4bb90322c34f | |
parent | 828cdb77ba434eb11ce19f7f0d4482e744b27064 [diff] |
mvcdec: Heap overflow in 'ih264d_read_coeff4x4_cabac' In some erroneous fuzzer bistreams, the slice data requires more parsing than what was implied by the distance between successive start codes. The primary culprit is the NEXTBITS macro which requires reading 4 additional bytes of the bitstream buffer. To alleviate this, 4 bytes per 4x4 TU have been additionally allocated to the bitstream buffer. Bug = ossfuzz:66989 Test: mvc_dec_fuzzer
Supports:
Use the following commands for building on the target machine
$ cd external/libavc $ mkdir build $ cd build $ cmake .. $ make
$ cd external/libavc $ mkdir build $ cd build $ CFLAGS="-m32" CXXFLAGS="-m32" LDFLAGS="-m32" cmake .. $ make
Update 'CMAKE_C_COMPILER', 'CMAKE_CXX_COMPILER', 'CMAKE_C_COMPILER_AR', and 'CMAKE_CXX_COMPILER_AR' in CMAKE_TOOLCHAIN_FILE passed below
$ cd external/libavc $ mkdir build $ cd build
$ cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake/toolchains/aarch64_toolchain.cmake $ make
$ cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake/toolchains/aarch32_toolchain.cmake $ make