[libav-bugs] [Bug 1014] New: SEGV/negative size in memmove libavcodec/h264_refs.c remove_short_at_index()

bugzilla at libav.org bugzilla at libav.org
Mon Jan 2 20:55:37 CET 2017


https://bugzilla.libav.org/show_bug.cgi?id=1014

            Bug ID: 1014
           Summary: SEGV/negative size in memmove libavcodec/h264_refs.c
                    remove_short_at_index()
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: jan.s.ruge at gmail.com

Created attachment 641
  --> https://bugzilla.libav.org/attachment.cgi?id=641&action=edit
File causing avplay to crash due to a negative size in memmove

By fuzzing i found the "following negative size" bug in avplay.
git HEAD ee164727dd64c199b87118917e674b17c25e0da3

$./avplay-asan crash-neg-0x4a28a3.flv
ASAN Report
[New process 19128]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Inferior 2 (process 19128) exited with code 01]
ALSA lib confmisc.c:768:(parse_card) cannot find card '0'
ALSA lib conf.c:4292:(_snd_config_evaluate) function snd_func_card_driver
returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4292:(_snd_config_evaluate) function snd_func_concat returned
error: No such file or directory
ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name
ALSA lib conf.c:4292:(_snd_config_evaluate) function snd_func_refer returned
error: No such file or directory
ALSA lib conf.c:4771:(snd_config_expand) Evaluate error: No such file or
directory
ALSA lib pcm.c:2266:(snd_pcm_open_noupdate) Unknown PCM default
[h264 @ 0x619000002880] top block unavailable for requested intra4x4 mode -1
[h264 @ 0x619000002880] error while decoding MB 0 0, bytestream 4523
[h264 @ 0x619000002880] data partitioning is not implemented. Update your Libav
version to the newest one from Git. If the problem still occurs, it means that
your file has a feature which has not been implemented.
[h264 @ 0x619000002880] If you want to help, upload a sample of this file to
ftp://upload.libav.org/incoming/ and contact the libav-devel mailing list.
=================================================================
==19103==ERROR: AddressSanitizer: negative-size-param: (size=-8)
    #0 0x4a6b1c  (/home/hammel/libav/libav/avplay+0x4a6b1c) ???
    #1 0x20be9ee  (/home/hammel/libav/libav/avplay+0x20be9ee)  file
libavcodec/h264_refs.c remove_short_at_index(), line 466
    #2 0x20b5c1b  (/home/hammel/libav/libav/avplay+0x20b5c1b)  file
libavcodec/h264_picture.c, line 157
    #3 0x20ce851  (/home/hammel/libav/libav/avplay+0x20ce851)  file
libavcodec/h264_slice.c, line 1888
    #4 0xdb2790  (/home/hammel/libav/libav/avplay+0xdb2790)  file
libavcodec/h264dec.c, line 573
    #5 0xb428b7  (/home/hammel/libav/libav/avplay+0xb428b7)  file
libavcodec/decode.c, line 334
    #6 0xb40a97  (/home/hammel/libav/libav/avplay+0xb40a97)  
    #7 0x9278bf  (/home/hammel/libav/libav/avplay+0x9278bf)
    #8 0x9200ba  (/home/hammel/libav/libav/avplay+0x9200ba)
    #9 0x4fe4a1  (/home/hammel/libav/libav/avplay+0x4fe4a1)
    #10 0x7ffff5dc582f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x41c408  (/home/hammel/libav/libav/avplay+0x41c408)

0x62e000007510 is located 28944 bytes inside of 47144-byte region
[0x62e000000400,0x62e00000bc28)
allocated by thread T0 here:
    #0 0x4bce10  (/home/hammel/libav/libav/avplay+0x4bce10) ???
    #1 0x2857b92  (/home/hammel/libav/libav/avplay+0x2857b92)  file
libavutil/mem.c, line 71
    #2 0x1919a24  (/home/hammel/libav/libav/avplay+0x1919a24)  file
libavcodec/utils.c, line 457
    #3 0x91d6ee  (/home/hammel/libav/libav/avplay+0x91d6ee)   file
libavformat/utils.c, line 2265
    #4 0x4fe4a1  (/home/hammel/libav/libav/avplay+0x4fe4a1)
    #5 0x7ffff5dc582f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: negative-size-param
(/home/hammel/libav/libav/avplay+0x4a6b1c) 
==19103==ABORTING

>>>> GDB backtrace <<<<

$./avplay crash-neg-0x4a28a3.flv
avplay version 13_dev0, Copyright (c) 2003-2016 the Libav developers
  built on Jan  2 2017 19:06:58 with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
20160609
Segmentation fault (core dumped)
$ gdb gdb/avplay /tmp/core_avplay.14266 
Reading symbols from gdb/avplay...done.
[New LWP 14266]
[New LWP 14267]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./gdb/avplay crash-neg-0x4a28a3.flv'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  malloc_consolidate (av=av at entry=0x7f8a70322b20 <main_arena>) at
malloc.c:4167
4167    malloc.c: No such file or directory.
[Current thread is 1 (Thread 0x7f8a71ae2880 (LWP 14266))]
gdb-peda$ bt
#0  malloc_consolidate (av=av at entry=0x7f8a70322b20 <main_arena>) at
malloc.c:4167
#1  0x00007f8a6ffdf0a8 in _int_free (av=0x7f8a70322b20 <main_arena>,
p=<optimized out>, have_lock=0x0) at malloc.c:4073
#2  0x00007f8a6ffe298c in __GI___libc_free (mem=<optimized out>) at
malloc.c:2966
#3  0x00007f8a6f4365ba in cucul_free_canvas () from
/usr/lib/x86_64-linux-gnu/libcaca.so.0
#4  0x00007f8a6f435716 in __caca0_end () from
/usr/lib/x86_64-linux-gnu/libcaca.so.0
#5  0x00007f8a71729a5c in ?? () from /usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#6  0x00007f8a717080ee in SDL_VideoQuit () from
/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#7  0x00007f8a716dff65 in SDL_QuitSubSystem () from
/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#8  0x00007f8a716e000e in SDL_Quit () from
/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#9  0x00007f8a716e061f in ?? () from /usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#10 <signal handler called>
#11 __memmove_ssse3_back () at
../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1549
#12 0x00000000009c34c9 in memmove (__len=<optimized out>, __src=0x2592090,
__dest=0x2592088) at /usr/include/x86_64-linux-gnu/bits/string3.h:59
#13 remove_short_at_index (i=0x0, h=0x258af80) at libavcodec/h264_refs.c:466
#14 ff_h264_execute_ref_pic_marking (h=h at entry=0x258af80) at
libavcodec/h264_refs.c:623
#15 0x00000000009c0436 in ff_h264_field_end (h=h at entry=0x258af80,
sl=sl at entry=0x25967e0, in_setup=in_setup at entry=0x1) at
libavcodec/h264_picture.c:157
#16 0x00000000009c8b95 in ff_h264_queue_decode_slice (h=h at entry=0x258af80,
nal=nal at entry=0x25c7660) at libavcodec/h264_slice.c:1888
#17 0x00000000006255ef in decode_nal_units (buf_size=0x2c7e, buf=<optimized
out>, h=0x258af80) at libavcodec/h264dec.c:573
#18 h264_decode_frame (avctx=0x2571800, data=0x2573a60,
got_frame=0x7ffd2f643554, avpkt=<optimized out>) at libavcodec/h264dec.c:742
#19 0x00000000005ab61d in decode_simple_internal (frame=0x2573a60,
avctx=0x2571800) at libavcodec/decode.c:334
#20 decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized out>)
at libavcodec/decode.c:390
#21 decode_receive_frame_internal (avctx=0x2571800, frame=0x2573a60) at
libavcodec/decode.c:408
#22 0x00000000005ab9b8 in avcodec_send_packet (avctx=avctx at entry=0x2571800,
avpkt=avpkt at entry=0x7ffd2f643600) at libavcodec/decode.c:445
#23 0x0000000000543a0d in try_decode_frame (st=st at entry=0x255e5a0,
avpkt=avpkt at entry=0x7ffd2f6436e0, options=0x2571d00, s=0x255df00) at
libavformat/utils.c:1950
#24 0x0000000000547d76 in avformat_find_stream_info (ic=0x255df00,
options=0x2571d00) at libavformat/utils.c:2459
#25 0x000000000044d1f3 in stream_setup (is=0x106ec80 <player_state>) at
avplay.c:2316
#26 stream_open (iformat=<optimized out>, filename=<optimized out>,
is=0x106ec80 <player_state>) at avplay.c:2550
#27 main (argc=argc at entry=0x2, argv=argv at entry=0x7ffd2f643a98) at avplay.c:3050
#28 0x00007f8a6ff7f830 in __libc_start_main (main=0x44cfa0 <main>, argc=0x2,
argv=0x7ffd2f643a98, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffd2f643a88) at ../csu/libc-start.c:291
#29 0x000000000044e589 in _start ()

gdb-peda$ disas $pc
...
   0x00007f8a6ffdd42b <+267>:    mov    QWORD PTR [rbx+rbp*1],rbp
   0x00007f8a6ffdd42f <+271>:    mov    rbx,r9
   0x00007f8a6ffdd432 <+274>:    je     0x7f8a6ffdd4e0 <malloc_consolidate+448>
   0x00007f8a6ffdd438 <+280>:    mov    rax,QWORD PTR [rbx+0x8]
   0x00007f8a6ffdd43c <+284>:    mov    r9,QWORD PTR [rbx+0x10]
   0x00007f8a6ffdd440 <+288>:    mov    rbp,rax
   0x00007f8a6ffdd443 <+291>:    and    rbp,0xfffffffffffffffa
   0x00007f8a6ffdd447 <+295>:    lea    r12,[rbx+rbp*1]
=> 0x00007f8a6ffdd44b <+299>:    mov    r13,QWORD PTR [r12+0x8]
   0x00007f8a6ffdd450 <+304>:    and    r13,0xfffffffffffffff8
   0x00007f8a6ffdd454 <+308>:    test   al,0x1
   0x00007f8a6ffdd456 <+310>:    jne    0x7f8a6ffdd4a0 <malloc_consolidate+384>
   0x00007f8a6ffdd458 <+312>:    mov    rax,QWORD PTR [rbx]
   0x00007f8a6ffdd45b <+315>:    sub    rbx,rax
   0x00007f8a6ffdd45e <+318>:    add    rbp,rax
   0x00007f8a6ffdd461 <+321>:    mov    r11,QWORD PTR [rbx+0x10]
   0x00007f8a6ffdd465 <+325>:    mov    rax,QWORD PTR [rbx+0x18]
   0x00007f8a6ffdd469 <+329>:    cmp    rbx,QWORD PTR [r11+0x18]
...

gdb-peda$ info all
rax            0x25c0fb0    0x25c0fb0
rbx            0x262b1f0    0x262b1f0
rcx            0x7ffd2f639d50    0x7ffd2f639d50
rdx            0x3c1    0x3c1
rsi            0x0    0x0
rdi            0x7f8a70322b20    0x7f8a70322b20
rbp            0x25c0fb0    0x25c0fb0
rsp            0x7ffd2f639d00    0x7ffd2f639d00
r8             0x0    0x0
r9             0x2a5840c54f130fa4    0x2a5840c54f130fa4
r10            0x7f8a70322b78    0x7f8a70322b78
r11            0x255b740    0x255b740
r12            0x4bec1a0    0x4bec1a0
r13            0x2392af0    0x2392af0
r14            0x7f8a70322b20    0x7f8a70322b20
r15            0x7f8a70322b78    0x7f8a70322b78
rip            0x7f8a6ffdd44b    0x7f8a6ffdd44b
eflags         0x10202    [ IF RF ]
cs             0x33    0x33
ss             0x2b    0x2b
ds             0x0    0x0
es             0x0    0x0
fs             0x0    0x0
gs             0x0    0x0
st0            0    (raw 0x00000000000000000000)
st1            0    (raw 0x00000000000000000000)
st2            0    (raw 0x00000000000000000000)
st3            0    (raw 0x00000000000000000000)
st4            0    (raw 0x00000000000000000000)
st5            0    (raw 0x00000000000000000000)
st6            0    (raw 0x00000000000000000000)
st7            0    (raw 0x00000000000000000000)
fctrl          0x37f    0x37f
fstat          0x0    0x0
ftag           0xffff    0xffff
fiseg          0x0    0x0
fioff          0x0    0x0
foseg          0x0    0x0
fooff          0x0    0x0
fop            0x0    0x0
mxcsr          0x1f80    [ IM DM ZM OM UM PM ]
ymm0           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm1           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm2           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm3           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm4           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, 
  v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, 
  v16_int16 = {0x0, 0x0, 0x0, 0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0x0, 0xff000000, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xff00000000000000, 0xffffffffffffffff, 0x0, 0x0}, 
  v2_int128 = {0xffffffffffffffffff00000000000000,
0x00000000000000000000000000000000}
}
ymm5           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm6           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm7           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm8           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm9           {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm10          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm11          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm12          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm13          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm14          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}
ymm15          {
  v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}
}

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170102/1d489bdd/attachment-0001.html>


More information about the libav-bugs mailing list