View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000117 | JVT JM H.264/AVC reference software | decoder | public | 2008-06-01 13:27 | 2008-06-02 15:09 |
| Reporter | netcaf | Assigned To | Alexis Michael Tourapis | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | JM-14.0 | ||||
| Fixed in Version | JM-14.1 | ||||
| Summary | 0000117: memory out-of-bounds | ||||
| Description | In exit_picture function, cslice_type has size of 8 chars. It will cause memory out-of-bounds in the code like the following: strncat(cslice_type,") ",8-strlen(cslice_type)); This operation will add null-terminating char and it exceeds array cslice_type of the size of 8. | ||||
| Tags | No tags attached. | ||||
|
|
Good spotting. I'm always thinking twice when using these string functions, but this time I missed the NULL character. But I think the actual string size is still smaller, so that we won't have a real overflow. |
|
|
increase the size of cslice_type |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-06-01 13:27 | netcaf | New Issue | |
| 2008-06-02 10:30 | Karsten Suehring | Status | new => assigned |
| 2008-06-02 10:30 | Karsten Suehring | Assigned To | => Alexis Michael Tourapis |
| 2008-06-02 10:34 | Karsten Suehring | Note Added: 0000203 | |
| 2008-06-02 15:09 | Karsten Suehring | Status | assigned => resolved |
| 2008-06-02 15:09 | Karsten Suehring | Fixed in Version | => JM-14.0-dev |
| 2008-06-02 15:09 | Karsten Suehring | Resolution | open => fixed |
| 2008-06-02 15:09 | Karsten Suehring | Note Added: 0000205 |
