Reimar Döffinger <[EMAIL PROTECTED]> added the comment: On Sun, Jul 13, 2008 at 12:05:24PM +0000, hanno wrote: > Attached gif crashes ffmpeg lavf demuxer. Can be reproduced with > mplayer or gstreamer. This may be a security issue. > > This is one of the samples provided by zzuf: > http://libcaca.zoy.org/wiki/zzuf
You failed to attach it, it is here: http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-giftopnm.gif > mplayer -demuxer +lavf lol-giftopnm.gif > gst-launch-0.10 filesrc location=lol-giftopnm.gif ! decodebin Now, since you probably could not reproduce with FFmpeg or ffplay, why do you think this belongs here? I do not care about gstreamer but in the case of MPlayer: 1) it is MPlayer that incorrectly passes a NULL pointer. 2) it certainly is not exploitable because it is and invalid read and into the NULL page in addition. 3) It probably should be said clearer, but you are using +lavf, the man page says "Use a ’+’ before the name to force it, this will skip some checks!". This was meant to imply that you will have to expect crashes. Either way, without gdb backtrace or anything there is little we can do about this anyway. ---------- status: new -> closed substatus: new -> invalid ______________________________________________________ FFmpeg issue tracker <[EMAIL PROTECTED]> <https://roundup.mplayerhq.hu/roundup/ffmpeg/issue530> ______________________________________________________
