[libav-bugs] [Bug 951] avplay: SIGSEGV due to invalid index (read)

bugzilla at libav.org bugzilla at libav.org
Mon Jul 18 17:52:24 CEST 2016


https://bugzilla.libav.org/show_bug.cgi?id=951

--- Comment #2 from Jan Ruge <jan.s.ruge at gmail.com> ---
No, I've pulled the latest version from github and avplay will still crash with
the supplied .mp4 file.
It seems, that the data at offset 0x1399 - 0x139c with the value of 0xff000001
will be interpreted as an integer and stored unsanitized in
sc->stsc_data[sc->stsc_index].id.
sc->last_stsd_index is then computed as sc->stsc_data[sc->stsc_index].id - 1 in
mov.c:3578 causing an invalid memory access in mov.c:3582.

This can be verified by changing the data at the specified offset in the mp4
file and observe the value of sc->stsc_data[sc->stsc_index].id after avplay
crashes.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20160718/5eb09ad1/attachment.html>


More information about the libav-bugs mailing list