diff options
author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-04-01 16:15:19 +0200 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-04-01 17:12:26 +0000 |
commit | 0698dad07bcff92affb43319fee9ea5a78824add (patch) | |
tree | 00a9df4a834f14e09e8a8634a0523cb6c6d5b0b7 /chromium/media/formats/mp4/avc.h | |
parent | be81c3d2eefb9e690690f2f87faec99417f3ca3f (diff) | |
download | qtwebengine-chromium-0698dad07bcff92affb43319fee9ea5a78824add.tar.gz |
[Backport] Security bug 917608
Backport of original patch by John Rummell <jrummell@chromium.org>:
Fix buffer size comparisons for VP8 parser
With fuzzed data the frame_size field can be huge, which causes the
address range checks to fail.
BUG=917608
Reviewed-on: https://chromium-review.googlesource.com/c/1391777
Change-Id: I5fcaeac4681ed24924034dd2230e45d0e72f756b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/media/formats/mp4/avc.h')
0 files changed, 0 insertions, 0 deletions