[libav-bugs] [Bug 1019] New: SIGSEGV in ff_h264_execute_ref_pic_marking()

bugzilla at libav.org bugzilla at libav.org
Sat Jan 7 23:15:20 CET 2017


https://bugzilla.libav.org/show_bug.cgi?id=1019

            Bug ID: 1019
           Summary: SIGSEGV in ff_h264_execute_ref_pic_marking()
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: fumfi.255 at gmail.com

Created attachment 647
  --> https://bugzilla.libav.org/attachment.cgi?id=647&action=edit
POC to trigger SIGSEGV (avprobe)

After some fuzz testing I found a crashing test case.

Command: avprobe libav_segv_ff_h264_execute_ref_pic_marking

Git Head: 9026ec8aaf5fa19cb4fb266c16f608af0d863b2b

ASAN:

==21561==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000009c (pc
0x000002455caf bp 0x000000000000 sp 0x7ffd692da5b0 T0)
    #0 0x2455cae in ff_h264_execute_ref_pic_marking libavcodec/h264_refs.c:659
    #1 0x2448fb5 in ff_h264_field_end libavcodec/h264_picture.c:157
    #2 0x2483f3d in ff_h264_queue_decode_slice libavcodec/h264_slice.c:1888
    #3 0x100293e in decode_nal_units libavcodec/h264dec.c:573
    #4 0x100293e in h264_decode_frame libavcodec/h264dec.c:742
    #5 0xd7baef in decode_simple_internal libavcodec/decode.c:334
    #6 0xd7baef in decode_simple_receive_frame libavcodec/decode.c:390
    #7 0xd7baef in decode_receive_frame_internal libavcodec/decode.c:408
    #8 0xd7d577 in avcodec_send_packet libavcodec/decode.c:445
    #9 0xaf72b8 in try_decode_frame libavformat/utils.c:1950
    #10 0xb10b34 in avformat_find_stream_info libavformat/utils.c:2459
    #11 0x5a3e41 in open_input_file XYZ/libav/avprobe.c:866
    #12 0x5a3e41 in probe_file XYZ/libav/avprobe.c:944
    #13 0x5a3e41 in main XYZ/libav/avprobe.c:1178
    #14 0x7fb9d846782f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #15 0x5c4478 in _start (/usr/local/bin/avprobe+0x5c4478)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libavcodec/h264_refs.c:659
ff_h264_execute_ref_pic_marking
==21561==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170107/c7d8dc65/attachment.html>


More information about the libav-bugs mailing list