Opened 4 months ago
#11228 new defect
SEGV bug at libavfilter/drawutils.c:172:27 in ff_draw_color in FFmpeg7.1
Reported by: | ZengYunxiang | Owned by: | |
---|---|---|---|
Priority: | important | Component: | undetermined |
Version: | 7.1 | Keywords: | bugs, fuzz |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
Dear developers,
We found the following SEGV bug on FFmpeg(version 7.1) , please confirm.
This may be due to a Segmentation violation caused by dereferencing a null pointer, which can sometimes lead to a crash.
The poc file(poc24ffmpeg) will be attached to this ticket.
157 void ff_draw_color(FFDrawContext *draw, FFDrawColor *color, const uint8_t rgba[4]) 158 { 159 unsigned i; 160 double yuvad[4]; 161 double rgbad[4]; 162 const AVPixFmtDescriptor *desc = draw->desc; 163 164 if (rgba != color->rgba) 165 memcpy(color->rgba, rgba, sizeof(color->rgba)); 166 167 memset(color->comp, 0, sizeof(color->comp)); 168 169 for (int i = 0; i < 4; i++) 170 rgbad[i] = color->rgba[i] / 255.; 171 172 if (draw->desc->flags & AV_PIX_FMT_FLAG_RGB) 173 memcpy(yuvad, rgbad, sizeof(double) * 3); 174 else
How to reproduce:
tar -xvf ffmpeg-7.1.tar.xz cd ffmpeg-7.1 ./configure --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan make -j30 ./ffmpeg_g -y -i poc24ffmpeg -filter_complex pad tmp.mp4
ASAN Log:
AddressSanitizer:DEADLYSIGNAL ================================================================= ==4008132==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x55a0c4422a34 bp 0x7f565491aad0 sp 0x7f565491a9a0 T19) ==4008132==The signal is caused by a READ memory access. ==4008132==Hint: address points to the zero page. #0 0x55a0c4422a34 in ff_draw_color /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27 #1 0x55a0c3f00004 in config_input /afltest/ffmpeg-7.1/libavfilter/vf_pad.c:115:5 #2 0x55a0c39887f3 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:432:28 #3 0x55a0c39880c6 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24 #4 0x55a0c39880c6 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24 #5 0x55a0c399e407 in graph_config_links /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:255:24 #6 0x55a0c399e407 in avfilter_graph_config /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:1302:16 #7 0x55a0c3852d82 in configure_filtergraph /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:1951:16 #8 0x55a0c3848fdf in send_eof /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:2736:23 #9 0x55a0c3848fdf in filter_thread /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:3023:19 #10 0x55a0c389e586 in task_wrapper /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:2514:11 #11 0x7f5660d1fac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) (BuildId: 490fef8403240c91833978d494d39e537409b92e) #12 0x7f5660db184f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) (BuildId: 490fef8403240c91833978d494d39e537409b92e) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27 in ff_draw_color Thread T19 (fc0) created by T0 here: #0 0x55a0c37c998c in __interceptor_pthread_create (/afltest/ffmpeg-7.1/ffmpeg_g+0x99498c) (BuildId: 8ca1265ed5a8b6b91f520daf8c6156ed184d52f0) #1 0x55a0c3896853 in task_start /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:422:11 ==4008132==ABORTING
ffmpeg version:
# ./ffmpeg -version ffmpeg version 7.1 Copyright (c) 2000-2024 the FFmpeg developers built with Ubuntu clang version 14.0.0-1ubuntu1.1 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan libavutil 59. 39.100 / 59. 39.100 libavcodec 61. 19.100 / 61. 19.100 libavformat 61. 7.100 / 61. 7.100 libavdevice 61. 3.100 / 61. 3.100 libavfilter 10. 4.100 / 10. 4.100 libswscale 8. 3.100 / 8. 3.100 libswresample 5. 3.100 / 5. 3.100
Thanks for your time!
Attachments (1)
Note:
See TracTickets
for help on using tickets.
POC file