#11233: heap-buffer-overflow occurred when running program ffmpeg in av_crc at
crc.c
------------------------------------+----------------------------------
Reporter: Du4t | Owner: (none)
Type: defect | Status: new
Priority: important | Component: ffmpeg
Version: git-master | Resolution:
Keywords: crash bugs | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+----------------------------------
Description changed by Du4t:
Old description:
> Summary of the bug: heap-buffer-overflow occurred when running program
> ffmpeg in av_crc at crc.c:403
>
> How to reproduce:
> {{{
> % git log
> commit 73b3344edd39468cb3f729d613949f52dbcba84e (HEAD -> master,
> origin/master, origin/HEAD)
> Author: Niklas Haas <g...@haasn.dev>
> Date: Tue Oct 1 12:32:29 2024 +0200
>
> % ffmpeg -avioflags direct -i PoC /dev/null
> ffmpeg version N-117413-g73b3344edd Copyright (c) 2000-2024 the FFmpeg
> developers
> built with Ubuntu clang version 14.0.0-1ubuntu1.1
> configuration: --cc=clang-14 --cxx=clang++-14
> --prefix=/home/du4t/target/FFmpeg/asan-release --toolchain=clang-asan
> --disable-shared --disable-stripping
> libavutil 59. 41.100 / 59. 41.100
> libavcodec 61. 21.100 / 61. 21.100
> libavformat 61. 9.100 / 61. 9.100
> libavdevice 61. 4.100 / 61. 4.100
> libavfilter 10. 6.100 / 10. 6.100
> libswscale 8. 4.100 / 8. 4.100
> libswresample 5. 4.100 / 5. 4.100
> [ogg @ 0x617000000080] CRC mismatch!
> =================================================================
> ==1185968==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x62d000012400 at pc 0x5acc7d21a0d5 bp 0x7fffa6cb2170 sp 0x7fffa6cb2168
> READ of size 4 at 0x62d000012400 thread T0
> #0 0x5acc7d21a0d4 in av_crcFFmpeg/libavutil/crc.c:403:20
> #1 0x5acc7a365df6 in
> ff_crc04C11DB7_updateFFmpeg/libavformat/aviobuf.c:568:12
> #2 0x5acc7a365ece in
> ffio_get_checksumFFmpeg/libavformat/aviobuf.c:585:19
> #3 0x5acc7a612610 in ogg_read_pageFFmpeg/libavformat/oggdec.c:378:15
> #4 0x5acc7a610e4d in ogg_packetFFmpeg/libavformat/oggdec.c:518:19
> #5 0x5acc7a60e610 in
> ogg_read_headerFFmpeg/libavformat/oggdec.c:737:15
> #6 0x5acc7a3a45c8 in
> avformat_open_inputFFmpeg/libavformat/demux.c:305:20
> #7 0x5acc7997aee3 in ifile_openFFmpeg/fftools/ffmpeg_demux.c:1727:11
> #8 0x5acc799c072f in open_filesFFmpeg/fftools/ffmpeg_opt.c:1334:15
> #9 0x5acc799c072f in
> ffmpeg_parse_optionsFFmpeg/fftools/ffmpeg_opt.c:1374:11
> #10 0x5acc799ee79f in mainFFmpeg/fftools/ffmpeg.c:974:11
> #11 0x7de66c429d8f in __libc_start_call_main
> csu/../sysdeps/nptl/libc_start_call_main.h:58:16
> #12 0x7de66c429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
> #13 0x5acc798af994 in _start (FFmpeg/asan-
> release/bin/ffmpeg+0x8bf994) (BuildId:
> c49a31b3f5b8cb19958f8bbbbf47bfaf1f9a9139)
> }}}
> Patches should be submitted to the ffmpeg-devel mailing list and not this
> bug tracker.
New description:
Summary of the bug: heap-buffer-overflow occurred when running program
ffmpeg in av_crc at crc.c:403
How to reproduce:
{{{
% git log
commit 73b3344edd39468cb3f729d613949f52dbcba84e (HEAD -> master,
origin/master, origin/HEAD)
Author: Niklas Haas <g...@haasn.dev>
Date: Tue Oct 1 12:32:29 2024 +0200
% ffmpeg -avioflags direct -i PoC /dev/null
ffmpeg version N-117413-g73b3344edd Copyright (c) 2000-2024 the FFmpeg
developers
built with Ubuntu clang version 14.0.0-1ubuntu1.1
configuration: --cc=clang-14 --cxx=clang++-14
--prefix=/home/du4t/target/FFmpeg/asan-release --toolchain=clang-asan
--disable-shared --disable-stripping
libavutil 59. 41.100 / 59. 41.100
libavcodec 61. 21.100 / 61. 21.100
libavformat 61. 9.100 / 61. 9.100
libavdevice 61. 4.100 / 61. 4.100
libavfilter 10. 6.100 / 10. 6.100
libswscale 8. 4.100 / 8. 4.100
libswresample 5. 4.100 / 5. 4.100
[ogg @ 0x617000000080] CRC mismatch!
=================================================================
==1185968==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d000012400 at pc 0x5acc7d21a0d5 bp 0x7fffa6cb2170 sp 0x7fffa6cb2168
READ of size 4 at 0x62d000012400 thread T0
#0 0x5acc7d21a0d4 in av_crc FFmpeg/libavutil/crc.c:403:20
#1 0x5acc7a365df6 in ff_crc04C11DB7_update
FFmpeg/libavformat/aviobuf.c:568:12
#2 0x5acc7a365ece in ffio_get_checksum
FFmpeg/libavformat/aviobuf.c:585:19
#3 0x5acc7a612610 in ogg_read_page FFmpeg/libavformat/oggdec.c:378:15
#4 0x5acc7a610e4d in ogg_packet FFmpeg/libavformat/oggdec.c:518:19
#5 0x5acc7a60e610 in ogg_read_header
FFmpeg/libavformat/oggdec.c:737:15
#6 0x5acc7a3a45c8 in avformat_open_input
FFmpeg/libavformat/demux.c:305:20
#7 0x5acc7997aee3 in ifile_open FFmpeg/fftools/ffmpeg_demux.c:1727:11
#8 0x5acc799c072f in open_files FFmpeg/fftools/ffmpeg_opt.c:1334:15
#9 0x5acc799c072f in ffmpeg_parse_options
FFmpeg/fftools/ffmpeg_opt.c:1374:11
#10 0x5acc799ee79f in main FFmpeg/fftools/ffmpeg.c:974:11
#11 0x7de66c429d8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#12 0x7de66c429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#13 0x5acc798af994 in _start (/home/du4t/target/FFmpeg/asan-
release/bin/ffmpeg+0x8bf994) (BuildId:
c49a31b3f5b8cb19958f8bbbbf47bfaf1f9a9139)
}}}
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11233#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
