video-anc: Fix buffer overflow detected by asan (!301) · Merge requests · GStreamer / gst-plugins-base

Roman Sivriver requested to merge rsiv/gst-plugins-base:master-upstream into master Jun 18, 2019

gst_meta_api_type_register() assumes that the last tags element is null, but it wasn't

==17422==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f4e2a67c998 at pc 0x7f4e2a0c92ac bp 0x7ffcc41f80b0 sp 0x7ffcc41f80a0
READ of size 8 at 0x7f4e2a67c998 thread T0
    #0 0x7f4e2a0c92ab in gst_meta_api_type_register ../subprojects/gstreamer/gst/gstmeta.c:94
    #1 0x7f4e2a5582c3 in gst_video_afd_meta_api_get_type ../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1146
    #2 0x404c7c in invoke_get_type (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x404c7c)
    #3 0x406b5c in dump_irepository (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x406b5c)
    #4 0x407089 in main (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x407089)
    #5 0x7f4e295b4b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)
    #6 0x404479 in _start (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x404479)

0x7f4e2a67c998 is located 40 bytes to the left of global variable 'tags' defined in '../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1232:25' (0x7f4e2a67c9c0) of size 24
0x7f4e2a67c998 is located 0 bytes to the right of global variable 'tags' defined in '../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1141:25' (0x7f4e2a67c980) of size 24
SUMMARY: AddressSanitizer: global-buffer-overflow ../subprojects/gstreamer/gst/gstmeta.c:94 in gst_meta_api_type_register

Edited Jun 18, 2019 by Roman Sivriver

video-anc: Fix buffer overflow detected by asan

Merge request reports