After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 783269 - overflow will happen when pps->num_tile_columns_minus1 is 19
overflow will happen when pps->num_tile_columns_minus1 is 19
Status: RESOLVED OBSOLETE
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
unspecified
Other Windows
: Normal normal
: git master
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-05-31 08:14 UTC by liujuan
Modified: 2018-11-03 14:08 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description liujuan 2017-05-31 08:14:33 UTC 
IN gsth265parser.c ,  gst_h265_parse_pps(), 

Line 1868/1869
pps->num_tile_columns_minus1 can be 19,

then go into Line 1874, num_col = 20,

in while loop for (i = 0; i < num_col; i++)
i can be 19,

pps->column_width_minus1[i] will overflow

in header file, its size is 19, column_width_minus1[19];


same issue with pps->num_tile_rows_minus1;
Comment 1 Sebastian Dröge (slomo) 2017-05-31 08:40:56 UTC 
Do you want to provide a patch?
Comment 2 liujuan 2017-05-31 09:20:37 UTC 
Actually I want to check the array size 19/21, where they are from?

If I can modify as below : 
  if (pps->tiles_enabled_flag) {
    READ_UE_ALLOWED (&nr, pps->num_tile_columns_minus1, 0, 18);
    READ_UE_ALLOWED (&nr, pps->num_tile_rows_minus1, 0, 20);
     
    .....
  }
Comment 3 GStreamer system administrator 2018-11-03 14:08:46 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/560.