Package: mkvtoolnix Version: 14.0.0-2 mkvinfo crashes on the attached file:
$ mkvinfo nullptr.mkv + EBML head + Segment, size 808464432 |+ Tags | + DummyElement: length 4, data: 0x30 0x30 0x30 0x30 Segmentation fault Valgrind says it's a null pointer dereference: Invalid read of size 1 at 0x21EC96: to_hex[abi:cxx11](unsigned char const*, unsigned int, bool) (formatting.cpp:295) by 0x1631BF: format_binary[abi:cxx11](libebml::EbmlBinary&, unsigned int) (mkvinfo.cpp:408) by 0x16EDE2: format_binary (mkvinfo.cpp:424) by 0x16EDE2: handle_elements_rec(libebml::EbmlStream*, int, libebml::EbmlElement*, mtx::xml::ebml_converter_c const&) (mkvinfo.cpp:1616) by 0x1785FF: handle_tags(libebml::EbmlStream*&, int&, libebml::EbmlElement*&) (mkvinfo.cpp:1651) by 0x178F0C: handle_segment(libebml::EbmlElement*, std::shared_ptr<mm_io_c>&, libebml::EbmlStream*) (mkvinfo.cpp:1747) by 0x179827: process_file(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (mkvinfo.cpp:1829) by 0x179D74: console_main() (mkvinfo.cpp:1865) by 0x123873: main (mkvinfo.cpp:1880) Address 0x0 is not stack'd, malloc'd or (recently) free'd Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 Versions of packages mkvtoolnix depends on: ii libboost-filesystem1.62.0 1.62.0+dfsg-4+b1 ii libboost-regex1.62.0 1.62.0+dfsg-4+b1 ii libboost-system1.62.0 1.62.0+dfsg-4+b1 ii libc6 2.24-14 ii libebml4v5 1.3.4-2 ii libflac8 1.3.2-1 ii libgcc1 1:7.1.0-13 ii libmagic1 1:5.31-1 ii libmatroska6v5 1.4.7-2 ii libogg0 1.3.2-1+b1 ii libpugixml1v5 1.8.1-3 ii libstdc++6 7.1.0-13 ii libvorbis0a 1.3.5-4 ii zlib1g 1:1.2.8.dfsg-5 -- Jakub Wilk
nullptr.mkv
Description: video/matroska