Comments (11)
Thanks for the report. Can you specify the commit id you're using to decode?
from thor.
I have checked the commit id, it's commit e42047d.It's strange that I cloned the code from the https://github.com/cisco/thor.git 12 days ago. Does it mean that I would get the latest version of the code? But when I check the commit id using command line:
git reflog
I got this :
e42047d HEAD@{0}: clone: from https://github.com/cisco/thor.git
from thor.
Thanks. It looks to me that the bitstream contains illegal elements, which indicates that there is an encoder bug as well. Are you able to share how you produced the stream? (config file, options & input video)
Does the following patch for you work? (it should fix the crash, but the file will not be decodable):
patch.txt
from thor.
My command line to produce the stream is like:
./Thordec test.bit out.yuv
with no options and config file , I just try to input a file and the issue happened.
The input file has been placed at:https://github.com/fCorleone/fuzz_programs/blob/master/thor/test.bit
I will try the patch later.
By the way, I'm wondering that could I get a CVE ID for this issue?
Thank you for your reply to this issue anyway.
from thor.
I meant the Thorenc command used to produce test.bit (and test2.bit in #37)
from thor.
Oh, the test bit was not produced by Thorenc using a certain video. The test bit was created in fuzzing process. I put a seed into the fuzzing process and afl mutated the seed and got the test bit which would make a crash to the program.
from thor.
@stemidts Could I get CVE-IDs for this two issues please?
from thor.
We haven't issued CVE's yet. In order for me to understand this problem correctly, it would be helpful if you could give feedback whether the patch helps.
from thor.
Yes , the patch fix the problem for me.
from thor.
@stemidts will I get CVE-ids for these two issues?
from thor.
The issues seem to have the same root cause and the CVD ID is CVE-2018-0429.
A patch has been committed into the repository.
from thor.
Related Issues (18)
- Code fail to build with GCC 5.2 HOT 3
- reserved identifier violation HOT 2
- Addition of a build system generator HOT 2
- Completion of error handling
- Support arbitrary sequence lengths HOT 1
- Add code to check encoder/decoder agreement HOT 1
- get_vlc(): infinite loop on invalid streams
- Current master is completely busted HOT 1
- Please remove sequence specific parameters from configurations
- Using %d for unsigned intergers, instead of %u HOT 1
- Stack buffer overflow found in common_kernels.c HOT 3
- Invalid read in vg_replace_strmem.c:210
- Stack buffer overflow in read_block()
- NULL Pointer Dereference in interpolate_frame
- Compilation fails on ARM with gcc 4.6.1
- Compilation fails with clang due to intrinsics HOT 3
- Assembly optimisations - offer of code HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thor.