Issue metadata
Sign in to add a comment
|
ParseScaling Overflow.
Reported by
mishra.d...@gmail.com,
Dec 17 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0 Steps to reproduce the problem: Hi , https://chromium.googlesource.com/dart/dartium/src/+/releases/1650/content/common/gpu/media/h264_parser.cc // Parse scaling_list4x4 Where as : res = ParseScalingList(sizeof(sps->scaling_list4x4[i]), sps->scaling_list4x4[i], &use_default); sizeof(sps->scaling_list4x4[i]) Is used in the function as a count of int elements which can cause an overflow. What is the expected behavior? What went wrong? sizeof(sps->scaling_list4x4[i]) Did this work before? N/A Chrome version: 53.0.2785.143 (Developer Build) Built on Ubuntu , running on Ubuntu 16.04 (64-bit) Channel: n/a OS Version: V8 5.3.332.47 Flash Version: Shockwave Flash 11.2 r202 This might cause an Overflow !
,
Mar 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Dec 19 2016