Opened 3 years ago

Closed 2 years ago

#8017 closed defect (needs_more_info)

hls,applehttp =ERROR: AddressSanitizer: heap-use-after-free

Reported by: satbaby Owned by:
Priority: important Component: avformat
Version: unspecified Keywords: crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


Summary of the bug:
ERROR: AddressSanitizer: heap-use-after-free
How to reproduce:

[hls,applehttp @ 0x61b000000080] Opening '' for reading
[https @ 0x623000001d00] Opening '' for reading
skipping 1 segments ahead, expired from playlists
[hls,applehttp @ 0x61b000000080] Opening '' for reading
[hls,applehttp @ 0x61b000000080] Opening '' for reading
    #1 0x7f2a1c6e0bc2 in av_match_ext src/libavformat/format.c:45
    #2 0x7f2a1c6e10c6 in av_probe_input_format3 src/libavformat/format.c:168
    #3 0x7f2a1c6e1311 in av_probe_input_format2 src/libavformat/format.c:208
    #4 0x7f2a1c6e14fb in av_probe_input_buffer2 src/libavformat/format.c:280
    #5 0x7f2a1c6e1708 in av_probe_input_buffer src/libavformat/format.c:316
    #6 0x7f2a1c6f52f0 in hls_read_header src/libavformat/hls.c:1906
    #7 0x7f2a1c7f2c98 in avformat_open_input src/libavformat/utils.c:631
0x611000004a00 is located 0 bytes inside of 194-byte region [0x611000004a00,0x611000004ac2)

freed by thread T0 here:
    #0 0x7f2a1cb2fc2f in __interceptor_free /var/tmp/portage/sys-devel/gcc-9.1.0-r1/work/gcc-9.1.0/libsanitizer/asan/
    #1 0x7f2a1c6f2bf7 in free_segment_dynarray src/libavformat/hls.c:219
    #2 0x7f2a1c6f2bf7 in parse_playlist src/libavformat/hls.c:933

Change History (4)

comment:1 by satbaby, 3 years ago

Version: unspecified4.1

comment:2 by Steven Liu, 3 years ago

liuqideMacBook-Pro:dash liuqi$ wget
--2019-07-13 21:38:26--
Connecting to||:443... connected.
Unable to establish SSL connection.
liuqideMacBook-Pro:dash liuqi$
liuqideMacBook-Pro:dash liuqi$ wget
--2019-07-13 21:39:05--
Connecting to||:443... connected.
Unable to establish SSL connection.
liuqideMacBook-Pro:dash liuqi$

comment:3 by satbaby, 3 years ago

This url is dumb. Url is taken from chaturbate<.>com cams.

comment:4 by Carl Eugen Hoyos, 2 years ago

Keywords: crash added
Priority: normalimportant
Resolution: needs_more_info
Status: newclosed
Version: 4.1unspecified

Please test current FFmpeg git head and provide valgrind output if the issue is still reproducible. Never provide an excerpt of the console output, always post the command line you tested together with the complete, uncut console output.

Note: See TracTickets for help on using tickets.