[libav-bugs] [Bug 1066] New: invalid memory access in ff_put_pixels8_x2_mmxext

bugzilla at libav.org bugzilla at libav.org
Mon Jun 12 11:52:02 CEST 2017


https://bugzilla.libav.org/show_bug.cgi?id=1066

            Bug ID: 1066
           Summary: invalid memory access in ff_put_pixels8_x2_mmxext
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: gnehsoah at gmail.com

Created attachment 668
  --> https://bugzilla.libav.org/attachment.cgi?id=668&action=edit
testcase

A fuzzing discovered an invalid memory access in ff_put_pixels8_x2_mmxext.

The complete ASan output:
#avconv -i $FILE -f null -
avconv version 12.1, Copyright (c) 2000-2017 the Libav developers
  built on Jun  8 2017 16:06:53 with clang version 5.0.0
(http://llvm.org/git/clang.git fae6a43ca3b185e456ad8c478f913cf83b36908a)
(http://llvm.org/git/llvm.git d8a59f8c321118e47afb3669e9819e6815116473)
[h263 @ 0x61a000000080] Format detected only with low score of 25, misdetection
possible!
[h263 @ 0x619000002880] Bad marker
[h263 @ 0x619000002880] header damaged
[h263 @ 0x619000002880] Syntax-based Arithmetic Coding (SAC) not supported
[h263 @ 0x619000002880] warning: first frame is no keyframe
ASAN:DEADLYSIGNAL
=================================================================
==1838==ERROR: AddressSanitizer: SEGV on unknown address 0x7ff718987d34 (pc
0x000002063e84 bp 0x7fffeb74b3a0 sp 0x7fffeb74b058 T0)
==1838==The signal is caused by a READ memory access.
    #0 0x2063e83 in ff_put_pixels8_x2_mmxext
(/root/afl_fuzz/project/libav/libav-12.1_bak/avconv+0x2063e83)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/root/afl_fuzz/project/libav/libav-12.1_bak/avconv+0x2063e83) in
ff_put_pixels8_x2_mmxext
==1838==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170612/f330e7b6/attachment.html>


More information about the libav-bugs mailing list