View Issue Details

IDProjectCategoryView StatusLast Update
0000117JVT JM H.264/AVC reference softwaredecoderpublic2008-06-02 15:09
Reporternetcaf Assigned ToAlexis Michael Tourapis  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product VersionJM-14.0 
Fixed in VersionJM-14.1 
Summary0000117: memory out-of-bounds
DescriptionIn exit_picture function, cslice_type has size of 8 chars. It will cause memory out-of-bounds in the code like the following:
strncat(cslice_type,") ",8-strlen(cslice_type));

This operation will add null-terminating char and it exceeds array cslice_type of the size of 8.
TagsNo tags attached.

Activities

Karsten Suehring

2008-06-02 10:34

administrator   ~0000203

Good spotting. I'm always thinking twice when using these string functions, but this time I missed the NULL character.

But I think the actual string size is still smaller, so that we won't have a real overflow.

Karsten Suehring

2008-06-02 15:09

administrator   ~0000205

increase the size of cslice_type

Issue History

Date Modified Username Field Change
2008-06-01 13:27 netcaf New Issue
2008-06-02 10:30 Karsten Suehring Status new => assigned
2008-06-02 10:30 Karsten Suehring Assigned To => Alexis Michael Tourapis
2008-06-02 10:34 Karsten Suehring Note Added: 0000203
2008-06-02 15:09 Karsten Suehring Status assigned => resolved
2008-06-02 15:09 Karsten Suehring Fixed in Version => JM-14.0-dev
2008-06-02 15:09 Karsten Suehring Resolution open => fixed
2008-06-02 15:09 Karsten Suehring Note Added: 0000205