|
|
Flash: memory corruption with excessive dimensions in H264 | |||
| Reported by cevans@google.com, Feb 25 2015 | Back to list | |||
To reproduce, host the attached SWF and other files on a web server (e.g. localhost) and load it like this: http://localhost/PlayManifest.swf?file=h264wh.mp4 This particular example likes to die on out-of-memory on 32-bit Chrome, but use a 64-bit version and you'll probably get a memory corruption crash in memset(). A more convincing example could be constructed but this example goes for simplicity, it sets the picture width to 4096x4096 blocks, which is 65536x65536 pixels. The video file is based on a real file downloaded from the web, with the following differences (cmp -l format): 4798 251 374 4799 30 0 4800 74 40 4801 27 0 4802 374 0 4803 270 20 4804 3 0 4805 120 377 This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Comment 1
by
cevans@google.com,
Mar 3 2015
,
Mar 3 2015
Correction: URL is: http://localhost/LoadMP4.swf?file=h264wh.mp4
,
Apr 10 2015
,
Apr 14 2015
,
Apr 30 2015
|
||||
| ► Sign in to add a comment | ||||