[libav-bugs] [Bug 197] New: Read errors in kega decoder

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Mon Jan 9 23:00:39 CET 2012


http://bugzilla.libav.org/show_bug.cgi?id=197

           Summary: Read errors in kega decoder
           Product: Libav
           Version: git HEAD
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: trivial
          Priority: Normal
         Component: libavcodec
        AssignedTo: bugzilla at libav.org
        ReportedBy: me at aaronschmitz.com


Created attachment 268
  --> http://bugzilla.libav.org/attachment.cgi?id=268
zzuf output

Fuzzed versions of kega/kgv1.avi cause "Invalid read of size 8."

==26754== Invalid read of size 8
==26754==    at 0x4C2A339: memcpy (mc_replace_strmem.c:635)
==26754==    by 0x9FB4DD: av_image_copy (string3.h:52)
==26754==    by 0x450DFF: av_vsrc_buffer_add_frame (vsrc_buffer.c:54)
==26754==    by 0x43A575: output_packet (avconv.c:1963)
==26754==    by 0x434ADF: main (avconv.c:2719)
==26754==  Address 0x5aef9b8 is 8 bytes before a block of size 153,600 alloc'd
==26754==    at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==26754==    by 0x4C29019: realloc (vg_replace_malloc.c:525)
==26754==    by 0x73028A: decode_frame (kgv1dec.c:67)
==26754==    by 0x8449C7: avcodec_decode_video2 (utils.c:905)
==26754==    by 0x4394AD: output_packet (avconv.c:1911)
==26754==    by 0x434ADF: main (avconv.c:2719)

This occurs for virtually all fuzzings.

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list