Opened 5 years ago

Closed 3 years ago

Last modified 3 years ago

#8188 closed defect (fixed)

heap-use-after-free from libavformat/mpegenc.c in mpeg_mux_write_packet

Reported by: Suhwan Owned by:
Priority: important Component: avformat
Version: git-master Keywords: mpegps asan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is a heap-use-after-free from libavformat/mpegenc.c in mpeg_mux_write_packet.

SUMMARY: AddressSanitizer: heap-use-after-free ffmpeg/libavformat/mpegenc.c:1187:30 in mpeg_mux_write_packet

How to reproduce:

% ./ffmpeg_g -stream_loop 14 -y -r 115 -i Event20120111133101017.avi -loglevel 0 -map 0 -c copy -disposition:s:19 alias_pix tmp.mpeg

ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-asan

Attachments (2)

Event20120111133101017.avi (544.9 KB ) - added by Suhwan 5 years ago.
poc
ASAN-UAF-mpeg_mux (3.1 KB ) - added by Suhwan 5 years ago.

Download all attachments as: .zip

Change History (4)

by Suhwan, 5 years ago

Attachment: Event20120111133101017.avi added

poc

by Suhwan, 5 years ago

Attachment: ASAN-UAF-mpeg_mux added

comment:1 by mkver, 3 years ago

Component: undeterminedavformat
Resolution: fixed
Status: newclosed

Fixed in cfce16449cb815132f829d5a07beb138dfb2cba6.

comment:2 by Carl Eugen Hoyos, 3 years ago

Keywords: mpegps added
Note: See TracTickets for help on using tickets.