[libav-bugs] [Bug 1000] Global Out of bounds read in decode_residual() #2

bugzilla at libav.org bugzilla at libav.org
Sat Dec 17 21:09:18 CET 2016


https://bugzilla.libav.org/show_bug.cgi?id=1000

--- Comment #2 from Kamil Frankowicz <fumfi.255 at gmail.com> ---
Yup.

OS: Xubuntu 16.04 x64
CC: afl-clang-fast (clang 3.9.0) + ASAN

Additional output (avprobe -v 9 -loglevel 99 [crash-file]) without ASAN: 

avprobe version v13_dev0-588-gf22da2c, Copyright (c) 2007-2016 the Libav
developers
  built on Dec  7 2016 11:40:38 with clang version 3.9.0
(tags/RELEASE_390/final)
  configuration: --cc=afl-clang-fast
  libavutil     55. 29. 0 / 55. 29. 0
  libavcodec    57. 28. 4 / 57. 28. 4
  libavformat   57. 10. 0 / 57. 10. 0
  libavdevice   56.  1. 0 / 56.  1. 0
  libavfilter    6.  8. 0 /  6.  8. 0
  libavresample  3.  0. 0 /  3.  0. 0
  libswscale     4.  0. 0 /  4.  0. 0
nsv_probe(), buf_size 101
[h264 @ 0x61a00001f280] Probed with size=2048 and score=51
[h264 @ 0x619000000080] missing picture in access unit
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x61300000db00
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x61300000db00
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[AVBSFContext @ 0x60800000b6a0] nal_unit_type: 7, nal_ref_idc: 3
[AVBSFContext @ 0x60800000b6a0] nal_unit_type: 1, nal_ref_idc: 3
[h264 @ 0x619000000080] nal_unit_type: 7, nal_ref_idc: 3
[h264 @ 0x619000000080] nal_unit_type: 1, nal_ref_idc: 3
[h264 @ 0x619000000080] slice type 32 too large at -1
[h264 @ 0x619000000080] decode_slice_header error
[h264 @ 0x619000000080] no frame!
[h264 @ 0x619000000080] nal_unit_type: 8, nal_ref_idc: 3
[h264 @ 0x619000000080] nal_unit_type: 1, nal_ref_idc: 2
[h264 @ 0x619000000080] Reinit context to 32x576, pix_fmt: 5
[h264 @ 0x619000000080] Missing reference picture
[h264 @ 0x619000000080] decode_slice_header error
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x61300000db00
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x619000000080] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x619000000080] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x619000000080] Missing reference picture
[h264 @ 0x619000000080] Missing reference picture
[h264 @ 0x619000000080] Missing reference picture
[h264 @ 0x619000000080] Missing reference picture
[h264 @ 0x619000000080] Missing reference picture

Regards,
Kamil Frankowicz

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20161217/196772e2/attachment.html>


More information about the libav-bugs mailing list