[webkit-changes] [WebKit/WebKit] 58f0a3: ASan global-buffer-overflow READ in com.apple.WebK...
youennf
noreply at github.com
Mon May 22 10:15:22 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 58f0a3c82680947b6205bec08d30ec0abb629130
https://github.com/WebKit/WebKit/commit/58f0a3c82680947b6205bec08d30ec0abb629130
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/third_party/libaom/source/libaom/av1/encoder/arm/neon/av1_fwd_txfm2d_neon.c
Log Message:
-----------
ASan global-buffer-overflow READ in com.apple.WebKit.WebContent.Development at libwebrtc.dylib: av1_lowbd_fwd_txfm2d_8x8_neon
https://bugs.webkit.org/show_bug.cgi?id=253512
rdar://105650593
Reviewed by Eric Carlson.
Cherry-pick from upstream the corresponding fix (582d2fd1e9b6a212cb7d30bcf63d3c1e78aa8fca).
Remove the call to vld1_s8, which reads 8 bytes while only 3 bytes are available, even though only 2 are used.
* Source/ThirdParty/libwebrtc/Source/third_party/libaom/source/libaom/av1/encoder/arm/neon/av1_fwd_txfm2d_neon.c:
(av1_lowbd_fwd_txfm2d_4x8_neon):
(av1_lowbd_fwd_txfm2d_4x16_neon):
(av1_lowbd_fwd_txfm2d_8x4_neon):
(av1_lowbd_fwd_txfm2d_8x8_neon):
(av1_lowbd_fwd_txfm2d_8x16_neon):
(av1_lowbd_fwd_txfm2d_8x32_neon):
(av1_lowbd_fwd_txfm2d_16x4_neon):
(av1_lowbd_fwd_txfm2d_16x8_neon):
(av1_lowbd_fwd_txfm2d_16x16_neon):
(av1_lowbd_fwd_txfm2d_16x32_neon):
(av1_lowbd_fwd_txfm2d_32x8_neon):
(av1_lowbd_fwd_txfm2d_32x16_neon):
Originally-landed-as: 259548.383 at safari-7615-branch (4b0ac875e7fa). rdar://105650593
Canonical link: https://commits.webkit.org/264328@main
More information about the webkit-changes
mailing list