Description of the bug:
Unknown address is triggered when processing a crafted hevc file, which leads to a crash.
This can be used for denial of service attacks.
Wrong reference to set->UsedByCurrPicS0[i] inside dump_compact_short_term_ref_pic_set.
Steps to reproduce the bug:
Compile with Address Sanitizer (ASan) :
./hdrcopy ./0dfd91904d999a9e52a8893982ccc7853c810800
Tested version: libde265 v1.0.11
Description of the bug: Unknown address is triggered when processing a crafted hevc file, which leads to a crash. This can be used for denial of service attacks.
Wrong reference to set->UsedByCurrPicS0[i] inside dump_compact_short_term_ref_pic_set.
Steps to reproduce the bug: Compile with Address Sanitizer (ASan) : ./hdrcopy ./0dfd91904d999a9e52a8893982ccc7853c810800
Address Sanitizer log:
Please check the attached POC.
0dfd91904d999a9e52a8893982ccc7853c810800.zip