[libav-bugs] [Bug 1037] New: Null pointer dereference in ff_dca_lfe_fir1_sse()
bugzilla at libav.org
bugzilla at libav.org
Wed Mar 1 09:57:00 CET 2017
https://bugzilla.libav.org/show_bug.cgi?id=1037
Bug ID: 1037
Summary: Null pointer dereference in ff_dca_lfe_fir1_sse()
Product: Libav
Version: git HEAD
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: ---
Component: libavcodec
Assignee: bugzilla at libav.org
Reporter: fumfi.255 at gmail.com
Created attachment 655
--> https://bugzilla.libav.org/attachment.cgi?id=655&action=edit
POC to trigger null pointer dereference (avprobe)
After some fuzz testing I found a crashing test case.
Command: avprobe libav_nullptr_ff_dca_lfe_fir1_sse
Git Head: 698ac8f9cabd053f2c19346a77b92f8eae4218fc
Output + ASAN:
avprobe version v13_dev0-897-g698ac8f, Copyright (c) 2007-2017 the Libav
developers
built on Feb 28 2017 11:03:05 with clang version 3.9.1
(tags/RELEASE_391/final)
ASAN:DEADLYSIGNAL
=================================================================
==12530==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000201354e bp 0x7ffe627e6d30 sp 0x7ffe627e5a58 T0)
==12530==The signal is caused by a WRITE memory access.
==12530==Hint: address points to the zero page.
#0 0x201354d in ff_dca_lfe_fir1_sse XYZ/libav/libavcodec/x86/dcadsp.asm:114
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/libav/libavcodec/x86/dcadsp.asm:114 in
ff_dca_lfe_fir1_sse
==12530==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170301/6886fb3e/attachment.html>
More information about the libav-bugs
mailing list