Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(283)

Issue 1218023003: Prevent OOB read on truncated H264 headers. (Closed)

Created:
5 years, 5 months ago by pbos-webrtc
Modified:
5 years, 5 months ago
Reviewers:
stefan-webrtc
CC:
webrtc-reviews_webrtc.org, tterriberry_mozilla.com, mflodman
Base URL:
https://chromium.googlesource.com/external/webrtc.git@master
Target Ref:
refs/pending/heads/master
Project:
webrtc
Visibility:
Public.

Description

Prevent OOB read on truncated H264 headers. Prevents OOB reads on truncated FU-A NAL units, StapA headers and past truncation just after StapA headers. BUG=webrtc:4771 R=stefan@webrtc.org Committed: https://crrev.com/2f1509395b56fe3175b27dc2ac76e8f749c809f7 Cr-Commit-Position: refs/heads/master@{#9522}

Patch Set 1 #

Patch Set 2 : rename test #

Patch Set 3 : use kFuAHeaderSize constant #

Total comments: 4

Patch Set 4 : additional StapANalu overflows #

Unified diffs Side-by-side diffs Delta from patch set Stats (+36 lines, -4 lines) Patch
M webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc View 1 2 3 5 chunks +18 lines, -4 lines 0 comments Download
M webrtc/modules/rtp_rtcp/source/rtp_format_h264_unittest.cc View 1 2 3 1 chunk +18 lines, -0 lines 0 comments Download

Messages

Total messages: 20 (4 generated)
pbos-webrtc
PTAL
5 years, 5 months ago (2015-06-30 12:19:34 UTC) #1
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1218023003/1
5 years, 5 months ago (2015-06-30 12:19:54 UTC) #3
pbos-webrtc
rename test
5 years, 5 months ago (2015-06-30 12:24:31 UTC) #4
pbos-webrtc
use kFuAHeaderSize constant
5 years, 5 months ago (2015-06-30 12:35:17 UTC) #5
stefan-webrtc
Feel free to do more than one fix per cl if they are in the ...
5 years, 5 months ago (2015-06-30 13:08:06 UTC) #6
pbos-webrtc
Agreed, I generally want to find them by fuzzing though, so I try to fix ...
5 years, 5 months ago (2015-06-30 13:11:34 UTC) #7
stefan-webrtc
On 2015/06/30 13:11:34, pbos-webrtc wrote: > Agreed, I generally want to find them by fuzzing ...
5 years, 5 months ago (2015-06-30 13:12:43 UTC) #8
stefan-webrtc
https://codereview.webrtc.org/1218023003/diff/40001/webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc File webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc (right): https://codereview.webrtc.org/1218023003/diff/40001/webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc#newcode58 webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc:58: nal_type = payload_data[kStapAHeaderSize] & kTypeMask; Is this also safe?
5 years, 5 months ago (2015-06-30 13:13:19 UTC) #9
pbos-webrtc
On 2015/06/30 13:12:43, stefan-webrtc (holmer) wrote: > On 2015/06/30 13:11:34, pbos-webrtc wrote: > > Agreed, ...
5 years, 5 months ago (2015-06-30 13:13:45 UTC) #10
pbos-webrtc
additional StapANalu overflows
5 years, 5 months ago (2015-06-30 13:16:20 UTC) #11
pbos-webrtc
https://codereview.webrtc.org/1218023003/diff/40001/webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc File webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc (right): https://codereview.webrtc.org/1218023003/diff/40001/webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc#newcode58 webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc:58: nal_type = payload_data[kStapAHeaderSize] & kTypeMask; On 2015/06/30 13:13:18, stefan-webrtc ...
5 years, 5 months ago (2015-06-30 13:16:37 UTC) #12
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1218023003/60001
5 years, 5 months ago (2015-06-30 13:18:34 UTC) #14
stefan-webrtc
lgtm
5 years, 5 months ago (2015-06-30 13:19:10 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1218023003/60001
5 years, 5 months ago (2015-06-30 13:20:14 UTC) #18
commit-bot: I haz the power
Committed patchset #4 (id:60001)
5 years, 5 months ago (2015-06-30 15:23:40 UTC) #19
commit-bot: I haz the power
5 years, 5 months ago (2015-06-30 15:23:50 UTC) #20
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/2f1509395b56fe3175b27dc2ac76e8f749c809f7
Cr-Commit-Position: refs/heads/master@{#9522}

Powered by Google App Engine
This is Rietveld 408576698