Opened 9 days ago
Last modified 9 days ago
#11233 new defect
heap-buffer-overflow occurred when running program ffmpeg in av_crc at crc.c
Reported by: | Du4t | Owned by: | |
---|---|---|---|
Priority: | important | Component: | ffmpeg |
Version: | git-master | Keywords: | crash bugs |
Cc: | Du4t | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description (last modified by )
Summary of the bug: heap-buffer-overflow occurred when running program ffmpeg in av_crc at crc.c:403
How to reproduce:
% git log commit 73b3344edd39468cb3f729d613949f52dbcba84e (HEAD -> master, origin/master, origin/HEAD) Author: Niklas Haas <git@haasn.dev> Date: Tue Oct 1 12:32:29 2024 +0200 % ffmpeg -avioflags direct -i PoC /dev/null ffmpeg version N-117413-g73b3344edd Copyright (c) 2000-2024 the FFmpeg developers built with Ubuntu clang version 14.0.0-1ubuntu1.1 configuration: --cc=clang-14 --cxx=clang++-14 --prefix=/home/du4t/target/FFmpeg/asan-release --toolchain=clang-asan --disable-shared --disable-stripping libavutil 59. 41.100 / 59. 41.100 libavcodec 61. 21.100 / 61. 21.100 libavformat 61. 9.100 / 61. 9.100 libavdevice 61. 4.100 / 61. 4.100 libavfilter 10. 6.100 / 10. 6.100 libswscale 8. 4.100 / 8. 4.100 libswresample 5. 4.100 / 5. 4.100 [ogg @ 0x617000000080] CRC mismatch! ================================================================= ==1185968==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000012400 at pc 0x5acc7d21a0d5 bp 0x7fffa6cb2170 sp 0x7fffa6cb2168 READ of size 4 at 0x62d000012400 thread T0 #0 0x5acc7d21a0d4 in av_crc FFmpeg/libavutil/crc.c:403:20 #1 0x5acc7a365df6 in ff_crc04C11DB7_update FFmpeg/libavformat/aviobuf.c:568:12 #2 0x5acc7a365ece in ffio_get_checksum FFmpeg/libavformat/aviobuf.c:585:19 #3 0x5acc7a612610 in ogg_read_page FFmpeg/libavformat/oggdec.c:378:15 #4 0x5acc7a610e4d in ogg_packet FFmpeg/libavformat/oggdec.c:518:19 #5 0x5acc7a60e610 in ogg_read_header FFmpeg/libavformat/oggdec.c:737:15 #6 0x5acc7a3a45c8 in avformat_open_input FFmpeg/libavformat/demux.c:305:20 #7 0x5acc7997aee3 in ifile_open FFmpeg/fftools/ffmpeg_demux.c:1727:11 #8 0x5acc799c072f in open_files FFmpeg/fftools/ffmpeg_opt.c:1334:15 #9 0x5acc799c072f in ffmpeg_parse_options FFmpeg/fftools/ffmpeg_opt.c:1374:11 #10 0x5acc799ee79f in main FFmpeg/fftools/ffmpeg.c:974:11 #11 0x7de66c429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #12 0x7de66c429e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #13 0x5acc798af994 in _start (/home/du4t/target/FFmpeg/asan-release/bin/ffmpeg+0x8bf994) (BuildId: c49a31b3f5b8cb19958f8bbbbf47bfaf1f9a9139)
Attachments (1)
Change History (2)
by , 9 days ago
Attachment: | crc-buffer-overflow.mp4 added |
---|
comment:1 by , 9 days ago
Description: | modified (diff) |
---|
Note:
See TracTickets
for help on using tickets.