[libav-bugs] [Bug 909] Opus fuzzing segfault

bugzilla at libav.org bugzilla at libav.org
Tue Oct 27 10:55:20 CET 2015


https://bugzilla.libav.org/show_bug.cgi?id=909

lu_zero at gentoo.org <lu_zero at gentoo.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lu_zero at gentoo.org

--- Comment #1 from lu_zero at gentoo.org <lu_zero at gentoo.org> ---
I get something slightly different here.

#0  0x00007ffff4e63ce0 in __asan_report_error () from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.8.4/libasan.so.0
#1  0x00007ffff4e5e6c4 in __asan_report_load1 () from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.8.4/libasan.so.0
#2  0x0000000001741560 in memcpy (__len=96, __src=0x601c00005900,
__dest=<optimized out>) at /usr/include/bits/string3.h:51
#3  av_fifo_generic_write (f=0x600e00009400, src=0x601c00005900,
size=size at entry=96, func=func at entry=0x0) at /usr/src/libav/libavutil/fifo.c:94
#4  0x000000000172daf2 in av_audio_fifo_write (af=0x600a0000a3e0,
data=<optimized out>, nb_samples=24)
    at /usr/src/libav/libavutil/audio_fifo.c:130
#5  0x0000000000f376ed in opus_decode_packet (avctx=0x60420003b600,
data=0x60300000d240, got_frame_ptr=0x7fffffffcdc0, avpkt=0x7fffffffcec0)
    at /usr/src/libav/libavcodec/opusdec.c:572
#6  0x000000000111915a in avcodec_decode_audio4
(avctx=avctx at entry=0x60420003b600, frame=frame at entry=0x60300000d240,
    got_frame_ptr=got_frame_ptr at entry=0x7fffffffcdc0,
avpkt=avpkt at entry=0x7fffffffcec0) at /usr/src/libav/libavcodec/utils.c:1551
#7  0x000000000050c198 in decode_audio (ist=ist at entry=0x602a0001f9a0,
pkt=pkt at entry=0x7fffffffcec0, got_output=got_output at entry=0x7fffffffcdc0)
    at /usr/src/libav/avconv.c:1106
#8  0x000000000050dcb0 in process_input_packet (ist=0x602a0001f9a0,
no_eof=no_eof at entry=0, pkt=0x0) at /usr/src/libav/avconv.c:1343
#9  0x00000000004d9031 in process_input () at /usr/src/libav/avconv.c:2395
#10 transcode () at /usr/src/libav/avconv.c:2526
#11 main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/libav/avconv.c:2689
(gdb) frame 5
#5  0x0000000000f376ed in opus_decode_packet (avctx=0x60420003b600,
data=0x60300000d240, got_frame_ptr=0x7fffffffcdc0, avpkt=0x7fffffffcec0)
    at /usr/src/libav/libavcodec/opusdec.c:572
572                 ret = av_audio_fifo_write(c->sync_buffers[i], (void**)buf,
buffer_samples);
(gdb) p buffer_samples
$1 = 24
(gdb) print __asan_describe_address(buf)
Address 0x7fffffffc6b0 is located at offset 32 in frame <opus_decode_packet> of
T0's stack:
  This frame has 2 object(s):
    [32, 48) 'buf'
    [96, 224) 'sync_dummy'

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20151027/5983d09f/attachment.html>


More information about the libav-bugs mailing list