Bug 783273 – overflow will happen when pps->num_tile_columns_minus1 is 19

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 783273 - overflow will happen when pps->num_tile_columns_minus1 is 19


Summary:	overflow will happen when pps->num_tile_columns_minus1 is 19


Status:	RESOLVED INVALID

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	unspecified
Hardware:	Other Windows

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-05-31 09:14 UTC by liujuan
Modified:	2017-05-31 09:18 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description liujuan 2017-05-31 09:14:55 UTC

IN gsth265parser.c ,  gst_h265_parse_pps(), 

Line 1868/1869
pps->num_tile_columns_minus1 can be 19,

then go into Line 1874, num_col = 20,

in while loop for (i = 0; i < num_col; i++)
i can be 19,

pps->column_width_minus1[i] will overflow

in header file, its size is 19, column_width_minus1[19];


same issue with pps->num_tile_rows_minus1;