#11233: heap-buffer-overflow occurred when running program ffmpeg in av_crc at
crc.c
------------------------------------+--------------------------------------
Reporter: Du4t | Type: defect
Status: new | Priority: important
Component: ffmpeg | Version: git-master
Keywords: crash bugs | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+--------------------------------------
Summary of the bug: heap-buffer-overflow occurred when running program
ffmpeg in av_crc at crc.c:403
How to reproduce:
{{{
% git log
commit 73b3344edd39468cb3f729d613949f52dbcba84e (HEAD -> master,
origin/master, origin/HEAD)
Author: Niklas Haas <g...@haasn.dev>
Date: Tue Oct 1 12:32:29 2024 +0200
% ffmpeg -avioflags direct -i PoC /dev/null
ffmpeg version N-117413-g73b3344edd Copyright (c) 2000-2024 the FFmpeg
developers
built with Ubuntu clang version 14.0.0-1ubuntu1.1
configuration: --cc=clang-14 --cxx=clang++-14
--prefix=/home/du4t/target/FFmpeg/asan-release --toolchain=clang-asan
--disable-shared --disable-stripping
libavutil 59. 41.100 / 59. 41.100
libavcodec 61. 21.100 / 61. 21.100
libavformat 61. 9.100 / 61. 9.100
libavdevice 61. 4.100 / 61. 4.100
libavfilter 10. 6.100 / 10. 6.100
libswscale 8. 4.100 / 8. 4.100
libswresample 5. 4.100 / 5. 4.100
[ogg @ 0x617000000080] CRC mismatch!
=================================================================
==1185968==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d000012400 at pc 0x5acc7d21a0d5 bp 0x7fffa6cb2170 sp 0x7fffa6cb2168
READ of size 4 at 0x62d000012400 thread T0
#0 0x5acc7d21a0d4 in av_crcFFmpeg/libavutil/crc.c:403:20
#1 0x5acc7a365df6 in
ff_crc04C11DB7_updateFFmpeg/libavformat/aviobuf.c:568:12
#2 0x5acc7a365ece in
ffio_get_checksumFFmpeg/libavformat/aviobuf.c:585:19
#3 0x5acc7a612610 in ogg_read_pageFFmpeg/libavformat/oggdec.c:378:15
#4 0x5acc7a610e4d in ogg_packetFFmpeg/libavformat/oggdec.c:518:19
#5 0x5acc7a60e610 in ogg_read_headerFFmpeg/libavformat/oggdec.c:737:15
#6 0x5acc7a3a45c8 in
avformat_open_inputFFmpeg/libavformat/demux.c:305:20
#7 0x5acc7997aee3 in ifile_openFFmpeg/fftools/ffmpeg_demux.c:1727:11
#8 0x5acc799c072f in open_filesFFmpeg/fftools/ffmpeg_opt.c:1334:15
#9 0x5acc799c072f in
ffmpeg_parse_optionsFFmpeg/fftools/ffmpeg_opt.c:1374:11
#10 0x5acc799ee79f in mainFFmpeg/fftools/ffmpeg.c:974:11
#11 0x7de66c429d8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#12 0x7de66c429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#13 0x5acc798af994 in _start (FFmpeg/asan-release/bin/ffmpeg+0x8bf994)
(BuildId: c49a31b3f5b8cb19958f8bbbbf47bfaf1f9a9139)
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11233>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
