Opened 8 months ago
Closed 8 months ago
#10951 closed defect (fixed)
SEGV bug at libavcodec/hevcdec.c:2947:22 in hevc_frame_end in FFmpeg7.0
Reported by: | ZengYunxiang | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | 7.0 | Keywords: | bugs |
Cc: | ZengYunxiang | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
Dear developers,
We found the following SEGV bug on FFmpeg(version 7.0) , please confirm.
This bug doesn't require harsh parameter conditions to trigger.
The poc file(poc23ffmpeg) will be attached to this ticket.
How to reproduce:
tar -xvf ffmpeg-7.0.tar.xz cd ffmpeg-7.0 ./configure --cc=afl-clang-fast --cxx=afl-clang-fast++ --disable-shared AFL_USE_ASAN=1 make -j30 ./ffmpeg_g -y -i poc23ffmpeg tmp.mp4
ASAN Log:
AddressSanitizer:DEADLYSIGNAL ================================================================= ==2083295==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55661ca3e58c bp 0x0ff32d1da6b7 sp 0x7f9968eb7620 T8) ==2083295==The signal is caused by a READ memory access. ==2083295==Hint: address points to the zero page. #0 0x55661ca3e58c in hevc_frame_end /ffmpeg-7.0/libavcodec/hevcdec.c:2947:22 #1 0x55661ca34250 in decode_nal_unit /ffmpeg-7.0/libavcodec/hevcdec.c:3122:23 #2 0x55661ca34250 in decode_nal_units /ffmpeg-7.0/libavcodec/hevcdec.c:3227:15 #3 0x55661ca34250 in hevc_decode_frame /ffmpeg-7.0/libavcodec/hevcdec.c:3376:14 #4 0x55661d3b6761 in frame_worker_thread /ffmpeg-7.0/libavcodec/pthread_frame.c:223:21 #5 0x7f996ef3fac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) (BuildId: a43bfc8428df6623cd498c9c0caeb91aec9be4f9) #6 0x7f996efd1a3f (/lib/x86_64-linux-gnu/libc.so.6+0x126a3f) (BuildId: a43bfc8428df6623cd498c9c0caeb91aec9be4f9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /ffmpeg-7.0/libavcodec/hevcdec.c:2947:22 in hevc_frame_end Thread T8 (av:hevc:df7) created by T0 here: #0 0x55661aef856c in __interceptor_pthread_create (/ffmpeg-7.0/ffmpeg_g+0x98c56c) (BuildId: 545ccc2062eaee7e775c86df925c8f1fb97035e3) #1 0x55661ad85de6 in init_thread /ffmpeg-7.0/libavcodec/pthread_frame.c:828:11 ==2083295==ABORTING
ffmpeg version:
# ./ffmpeg -version ffmpeg version 7.0 Copyright (c) 2000-2024 the FFmpeg developers built with Ubuntu clang version 14.0.0-1ubuntu1.1 configuration: --cc=afl-clang-fast --cxx=afl-clang-fast++ --disable-shared libavutil 59. 8.100 / 59. 8.100 libavcodec 61. 3.100 / 61. 3.100 libavformat 61. 1.100 / 61. 1.100 libavdevice 61. 1.100 / 61. 1.100 libavfilter 10. 1.100 / 10. 1.100 libswscale 8. 1.100 / 8. 1.100 libswresample 5. 1.100 / 5. 1.100
Credit:
Discovered by Zeng Yunxiang.
Thanks for your time!
Attachments (1)
Change History (3)
by , 8 months ago
Attachment: | poc23ffmpeg added |
---|
comment:1 by , 8 months ago
reproduce compile command:
tar -xvf ffmpeg-7.0.tar.xz cd ffmpeg-7.0 ./configure --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan make -j30 ./ffmpeg_g -y -i poc23ffmpeg tmp.mp4
comment:2 by , 8 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
POC file