Opened 20 months ago
Closed 9 months ago
#11233 closed defect (fixed)
heap-buffer-overflow occurred when running program ffmpeg in av_crc at crc.c
| Reported by: | Du4t | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | crash bugs |
| Cc: | Du4t | Blocked By: | |
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description (last modified by )
Summary of the bug: heap-buffer-overflow occurred when running program ffmpeg in av_crc at crc.c:403
How to reproduce:
% git log
commit 73b3344edd39468cb3f729d613949f52dbcba84e (HEAD -> master, origin/master, origin/HEAD)
Author: Niklas Haas <git@haasn.dev>
Date: Tue Oct 1 12:32:29 2024 +0200
% ffmpeg -avioflags direct -i PoC /dev/null
ffmpeg version N-117413-g73b3344edd Copyright (c) 2000-2024 the FFmpeg developers
built with Ubuntu clang version 14.0.0-1ubuntu1.1
configuration: --cc=clang-14 --cxx=clang++-14 --prefix=/home/du4t/target/FFmpeg/asan-release --toolchain=clang-asan --disable-shared --disable-stripping
libavutil 59. 41.100 / 59. 41.100
libavcodec 61. 21.100 / 61. 21.100
libavformat 61. 9.100 / 61. 9.100
libavdevice 61. 4.100 / 61. 4.100
libavfilter 10. 6.100 / 10. 6.100
libswscale 8. 4.100 / 8. 4.100
libswresample 5. 4.100 / 5. 4.100
[ogg @ 0x617000000080] CRC mismatch!
=================================================================
==1185968==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000012400 at pc 0x5acc7d21a0d5 bp 0x7fffa6cb2170 sp 0x7fffa6cb2168
READ of size 4 at 0x62d000012400 thread T0
#0 0x5acc7d21a0d4 in av_crc FFmpeg/libavutil/crc.c:403:20
#1 0x5acc7a365df6 in ff_crc04C11DB7_update FFmpeg/libavformat/aviobuf.c:568:12
#2 0x5acc7a365ece in ffio_get_checksum FFmpeg/libavformat/aviobuf.c:585:19
#3 0x5acc7a612610 in ogg_read_page FFmpeg/libavformat/oggdec.c:378:15
#4 0x5acc7a610e4d in ogg_packet FFmpeg/libavformat/oggdec.c:518:19
#5 0x5acc7a60e610 in ogg_read_header FFmpeg/libavformat/oggdec.c:737:15
#6 0x5acc7a3a45c8 in avformat_open_input FFmpeg/libavformat/demux.c:305:20
#7 0x5acc7997aee3 in ifile_open FFmpeg/fftools/ffmpeg_demux.c:1727:11
#8 0x5acc799c072f in open_files FFmpeg/fftools/ffmpeg_opt.c:1334:15
#9 0x5acc799c072f in ffmpeg_parse_options FFmpeg/fftools/ffmpeg_opt.c:1374:11
#10 0x5acc799ee79f in main FFmpeg/fftools/ffmpeg.c:974:11
#11 0x7de66c429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#12 0x7de66c429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#13 0x5acc798af994 in _start (/home/du4t/target/FFmpeg/asan-release/bin/ffmpeg+0x8bf994) (BuildId: c49a31b3f5b8cb19958f8bbbbf47bfaf1f9a9139)
Attachments (1)
Change History (3)
by , 20 months ago
| Attachment: | crc-buffer-overflow.mp4 added |
|---|
comment:1 by , 20 months ago
| Description: | modified (diff) |
|---|
comment:2 by , 9 months ago
| Component: | ffmpeg → avformat |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Fixed by 987c955cd7e972d9940284fa6ae7187ac858ebb1.