Package: mkvtoolnix Version: 14.0.0-2 mkvinfo crashes on the attached file:
$ mkvinfo nullptr.mkv
+ EBML head
+ Segment, size 808464432
|+ Tags
| + DummyElement: length 4, data: 0x30 0x30 0x30 0x30
Segmentation fault
Valgrind says it's a null pointer dereference:
Invalid read of size 1
at 0x21EC96: to_hex[abi:cxx11](unsigned char const*, unsigned int, bool)
(formatting.cpp:295)
by 0x1631BF: format_binary[abi:cxx11](libebml::EbmlBinary&, unsigned int)
(mkvinfo.cpp:408)
by 0x16EDE2: format_binary (mkvinfo.cpp:424)
by 0x16EDE2: handle_elements_rec(libebml::EbmlStream*, int,
libebml::EbmlElement*, mtx::xml::ebml_converter_c const&) (mkvinfo.cpp:1616)
by 0x1785FF: handle_tags(libebml::EbmlStream*&, int&,
libebml::EbmlElement*&) (mkvinfo.cpp:1651)
by 0x178F0C: handle_segment(libebml::EbmlElement*,
std::shared_ptr<mm_io_c>&, libebml::EbmlStream*) (mkvinfo.cpp:1747)
by 0x179827: process_file(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) (mkvinfo.cpp:1829)
by 0x179D74: console_main() (mkvinfo.cpp:1865)
by 0x123873: main (mkvinfo.cpp:1880)
Address 0x0 is not stack'd, malloc'd or (recently) free'd
Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages mkvtoolnix depends on:
ii libboost-filesystem1.62.0 1.62.0+dfsg-4+b1
ii libboost-regex1.62.0 1.62.0+dfsg-4+b1
ii libboost-system1.62.0 1.62.0+dfsg-4+b1
ii libc6 2.24-14
ii libebml4v5 1.3.4-2
ii libflac8 1.3.2-1
ii libgcc1 1:7.1.0-13
ii libmagic1 1:5.31-1
ii libmatroska6v5 1.4.7-2
ii libogg0 1.3.2-1+b1
ii libpugixml1v5 1.8.1-3
ii libstdc++6 7.1.0-13
ii libvorbis0a 1.3.5-4
ii zlib1g 1:1.2.8.dfsg-5
--
Jakub Wilk
nullptr.mkv
Description: video/matroska
