[libav-bugs] [Bug 1034] New: Null pointer dereference in ff_synth_filter_inner_fma3()

bugzilla at libav.org bugzilla at libav.org
Tue Feb 28 12:43:20 CET 2017


https://bugzilla.libav.org/show_bug.cgi?id=1034

            Bug ID: 1034
           Summary: Null pointer dereference in
                    ff_synth_filter_inner_fma3()
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: fumfi.255 at gmail.com

Created attachment 652
  --> https://bugzilla.libav.org/attachment.cgi?id=652&action=edit
POC to trigger null pointer dereference (avprobe)

After some fuzz testing I found a crashing test case.

Command: avprobe libav_nullptr_ff_synth_filter_inner_fma3 

Git Head: 698ac8f9cabd053f2c19346a77b92f8eae4218fc

Output + ASAN:

avprobe version v13_dev0-897-g698ac8f, Copyright (c) 2007-2017 the Libav
developers
  built on Feb 28 2017 11:03:05 with clang version 3.9.1
(tags/RELEASE_391/final)
ASAN:DEADLYSIGNAL
=================================================================
==9735==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x000002013c1f bp 0x0ffe71c3a8b4 sp 0x7fff5140b250 T0)
==9735==The signal is caused by a WRITE memory access.
==9735==Hint: address points to the zero page.
    #0 0x2013c1e in ff_synth_filter_inner_fma3
XYZ/libav/libavcodec/x86/dcadsp.asm:336

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/libav/libavcodec/x86/dcadsp.asm:336 in
ff_synth_filter_inner_fma3
==9735==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170228/4356d8cc/attachment.html>


More information about the libav-bugs mailing list