#11417: libavformat/mov.c:5195 SEGV
----------------------------------+--------------------------------------
Reporter: 0x20z | Type: defect
Status: new | Priority: important
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
Summary of the bug:
{{{
Dear developers,
I have discovered a Segmentation Fault vulnerability. The POC file is
attached to the session, and the version of ffmpeg the main branch. Please
confirm.
}}}
How to reproduce:
{{{
git clone https://github.com/FFmpeg/FFmpeg.git
cd FFmpeg
./configure --cc=clang --cxx=clang++ --toolchain=clang-asan --extra-
cflags="-I$HOME/ffmpeg_build/include -O0 -fno-omit-frame-pointer -g"
--extra-cxxflags="-O0 -fno-omit-frame-pointer -g" --extra-
ldflags="-L$HOME/ffmpeg_build/include -fsanitize=address
-fsanitize=undefined -lubsan" --disable-optimizations --disable-stripping
--enable-cross-compile
make -j30
./ffmpeg -y -i poc tmp.mp4
}}}
ASAN log:
{{{
=================================================================
==1470909==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010
(pc 0x5e3e34844b3c bp 0x7ffe336763a0 sp 0x7ffe33676330 T0)
==1470909==The signal is caused by a READ memory access.
==1470909==Hint: address points to the zero page.
#0 0x5e3e34844b3c in mov_read_trak libavformat/mov.c:5195
#1 0x5e3e3489052e in mov_read_default libavformat/mov.c:9406
#2 0x5e3e347fcbc4 in mov_read_moov libavformat/mov.c:1565
#3 0x5e3e3489052e in mov_read_default libavformat/mov.c:9406
#4 0x5e3e348a3cd9 in mov_read_header libavformat/mov.c:10449
#5 0x5e3e34472bff in avformat_open_input libavformat/demux.c:308
#6 0x5e3e32eb995b in ifile_open fftools/ffmpeg_demux.c:1727
#7 0x5e3e32f762bc in open_files fftools/ffmpeg_opt.c:1363
#8 0x5e3e32f76e87 in ffmpeg_parse_options fftools/ffmpeg_opt.c:1412
#9 0x5e3e32ff6cdc in main fftools/ffmpeg.c:974
#10 0x7dbbbb829d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#11 0x7dbbbb829e3f in __libc_start_main_impl ../csu/libc-start.c:392
#12 0x5e3e32e76924 in _start (/home/swift/workstation/FFmpeg-
master/ffmpeg+0x564924)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libavformat/mov.c:5195 in mov_read_trak
==1470909==ABORTING
}}}
Found by:
{{{
Found by 0x20z
}}}
Thank you for your time and attention
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11417>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
