Opened 3 hours ago
#11228 new defect
SEGV bug at libavfilter/drawutils.c:172:27 in ff_draw_color in FFmpeg7.1
| Reported by: | ZengYunxiang | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | undetermined |
| Version: | 7.1 | Keywords: | bugs, fuzz |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
Dear developers,
We found the following SEGV bug on FFmpeg(version 7.1) , please confirm.
This may be due to a Segmentation violation caused by dereferencing a null pointer, which can sometimes lead to a crash.
The poc file(poc24ffmpeg) will be attached to this ticket.
157 void ff_draw_color(FFDrawContext *draw, FFDrawColor *color, const uint8_t rgba[4])
158 {
159 unsigned i;
160 double yuvad[4];
161 double rgbad[4];
162 const AVPixFmtDescriptor *desc = draw->desc;
163
164 if (rgba != color->rgba)
165 memcpy(color->rgba, rgba, sizeof(color->rgba));
166
167 memset(color->comp, 0, sizeof(color->comp));
168
169 for (int i = 0; i < 4; i++)
170 rgbad[i] = color->rgba[i] / 255.;
171
172 if (draw->desc->flags & AV_PIX_FMT_FLAG_RGB)
173 memcpy(yuvad, rgbad, sizeof(double) * 3);
174 else
How to reproduce:
tar -xvf ffmpeg-7.1.tar.xz cd ffmpeg-7.1 ./configure --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan make -j30 ./ffmpeg_g -y -i poc24ffmpeg -filter_complex pad tmp.mp4
ASAN Log:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==4008132==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x55a0c4422a34 bp 0x7f565491aad0 sp 0x7f565491a9a0 T19)
==4008132==The signal is caused by a READ memory access.
==4008132==Hint: address points to the zero page.
#0 0x55a0c4422a34 in ff_draw_color /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27
#1 0x55a0c3f00004 in config_input /afltest/ffmpeg-7.1/libavfilter/vf_pad.c:115:5
#2 0x55a0c39887f3 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:432:28
#3 0x55a0c39880c6 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24
#4 0x55a0c39880c6 in ff_filter_config_links /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24
#5 0x55a0c399e407 in graph_config_links /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:255:24
#6 0x55a0c399e407 in avfilter_graph_config /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:1302:16
#7 0x55a0c3852d82 in configure_filtergraph /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:1951:16
#8 0x55a0c3848fdf in send_eof /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:2736:23
#9 0x55a0c3848fdf in filter_thread /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:3023:19
#10 0x55a0c389e586 in task_wrapper /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:2514:11
#11 0x7f5660d1fac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
#12 0x7f5660db184f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27 in ff_draw_color
Thread T19 (fc0) created by T0 here:
#0 0x55a0c37c998c in __interceptor_pthread_create (/afltest/ffmpeg-7.1/ffmpeg_g+0x99498c) (BuildId: 8ca1265ed5a8b6b91f520daf8c6156ed184d52f0)
#1 0x55a0c3896853 in task_start /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:422:11
==4008132==ABORTING
ffmpeg version:
# ./ffmpeg -version ffmpeg version 7.1 Copyright (c) 2000-2024 the FFmpeg developers built with Ubuntu clang version 14.0.0-1ubuntu1.1 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan libavutil 59. 39.100 / 59. 39.100 libavcodec 61. 19.100 / 61. 19.100 libavformat 61. 7.100 / 61. 7.100 libavdevice 61. 3.100 / 61. 3.100 libavfilter 10. 4.100 / 10. 4.100 libswscale 8. 3.100 / 8. 3.100 libswresample 5. 3.100 / 5. 3.100
Thanks for your time!
Attachments (1)
Note:
See TracTickets
for help on using tickets.
POC file