strukturag/libde265

Stack-buffer-overflow READ 4 · void apply_sao_internal<unsigned short>

Closed this issue · 2 comments

dlemstra commented

The https://github.com/ImageMagick project is using the oss-fuzz tooling of google and with the attached file there is a stack-buffer-overflow in apply_sao_internal:

libde265/libde265/sao.cc

Line 270 in e587ef6

apply_sao_internal<uint16_t>(img,xCtb,yCtb, shdr,cIdx,nSW,nSH,

test.zip

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47804

farindk commented

I was not able to reproduce this issue. I tried with old versions back to v1.0.8 and on old Ubuntu 16.04.
h265 stream extracted from test.heic: issue326.zip

Please check whether the issue is still present as I have fixed several issues that appear related.

dlemstra commented

Seeing this on the oss-fuzz website: ClusterFuzz testcase 5208730922254336 is closed as invalid, so closing issue.. So I will close this.