[libav-bugs] [Bug 1027] New: FPE in ff_decode_sbr_extension()

bugzilla at libav.org bugzilla at libav.org
Fri Feb 10 20:42:06 CET 2017


https://bugzilla.libav.org/show_bug.cgi?id=1027

            Bug ID: 1027
           Summary: FPE in ff_decode_sbr_extension()
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: fumfi.255 at gmail.com

Created attachment 649
  --> https://bugzilla.libav.org/attachment.cgi?id=649&action=edit
POC to trigger FPE (avprobe)

After some fuzz testing I found a crashing test case.

Command: avprobe libav_fpe_ff_decode_sbr_extension_min

Git Head: 3bc5b28d5a191864c54bba60646933a63da31656

ASAN:

==27115==ERROR: AddressSanitizer: FPE on unknown address 0x000001a60ef6 (pc
0x000001a60ef6 bp 0x7ffd7ce68570 sp 0x7ffd7ce68220 T0)
    #0 0x1a60ef5 in ff_decode_sbr_extension (/usr/local/bin/avprobe+0x1a60ef5)
    #1 0x1a35ac6 in aac_decode_frame_int (/usr/local/bin/avprobe+0x1a35ac6)
    #2 0x1a24e48 in aac_decode_frame (/usr/local/bin/avprobe+0x1a24e48)
    #3 0xa15255 in decode_simple_internal
/root/libav/libavcodec/decode.c:335:15
    #4 0xa15255 in decode_simple_receive_frame
/root/libav/libavcodec/decode.c:391
    #5 0xa15255 in decode_receive_frame_internal
/root/libav/libavcodec/decode.c:409
    #6 0xa14014 in avcodec_send_packet /root/libav/libavcodec/decode.c:446:15
    #7 0x83704b in try_decode_frame /root/libav/libavformat/utils.c:1950:19
    #8 0x830b93 in avformat_find_stream_info
/root/libav/libavformat/utils.c:2459:9
    #9 0x4f6bb9 in open_input_file /root/libav/avprobe.c:866:16
    #10 0x4f6bb9 in probe_file /root/libav/avprobe.c:944
    #11 0x4f6bb9 in main /root/libav/avprobe.c:1178
    #12 0x7ff40bfa582f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x41aeb8 in _start (/usr/local/bin/avprobe+0x41aeb8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE (/usr/local/bin/avprobe+0x1a60ef5) in
ff_decode_sbr_extension
==27115==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170210/5bf093ab/attachment.html>


More information about the libav-bugs mailing list