[libav-bugs] [Bug 1037] New: Null pointer dereference in ff_dca_lfe_fir1_sse()

bugzilla at libav.org bugzilla at libav.org
Wed Mar 1 09:57:00 CET 2017


            Bug ID: 1037
           Summary: Null pointer dereference in ff_dca_lfe_fir1_sse()
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: fumfi.255 at gmail.com

Created attachment 655
  --> https://bugzilla.libav.org/attachment.cgi?id=655&action=edit
POC to trigger null pointer dereference (avprobe)

After some fuzz testing I found a crashing test case.

Command: avprobe libav_nullptr_ff_dca_lfe_fir1_sse

Git Head: 698ac8f9cabd053f2c19346a77b92f8eae4218fc

Output + ASAN:

avprobe version v13_dev0-897-g698ac8f, Copyright (c) 2007-2017 the Libav
  built on Feb 28 2017 11:03:05 with clang version 3.9.1
==12530==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000201354e bp 0x7ffe627e6d30 sp 0x7ffe627e5a58 T0)
==12530==The signal is caused by a WRITE memory access.
==12530==Hint: address points to the zero page.
    #0 0x201354d in ff_dca_lfe_fir1_sse XYZ/libav/libavcodec/x86/dcadsp.asm:114

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/libav/libavcodec/x86/dcadsp.asm:114 in

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170301/6886fb3e/attachment.html>

More information about the libav-bugs mailing list