[libav-bugs] [Bug 1124] New: avconv crashes because of an AVI file -- SEGFAULT buffer overread of size 8

bugzilla at libav.org bugzilla at libav.org
Mon Apr 23 14:44:43 CEST 2018


https://bugzilla.libav.org/show_bug.cgi?id=1124

            Bug ID: 1124
           Summary: avconv crashes because of an AVI file -- SEGFAULT
                    buffer overread of size 8
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: general
          Assignee: bugzilla at libav.org
          Reporter: thuanpv at comp.nus.edu.sg

Created attachment 714
  --> https://bugzilla.libav.org/attachment.cgi?id=714&action=edit
crash-inducing sample file

Dear all,

This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel
Böhme, Andrew Santosa and Alexandru Razvan Caciulescu. 

This bug was found on Ubuntu 16.04 64-bit & libav revision 39f3b6 (HEAD)

To reproduce:
Download the attached file - libav_crash_2.avi
avconv -i libav_crash_2.avi -f null -

Valgrind says:

==70810== Invalid read of size 8
==70810==    at 0x20D576B: av_freep (mem.c:194)
==70810==    by 0x44217D: ivi_free_buffers (ivi.c:290)
==70810==    by 0x4425DC: ff_ivi_init_planes (ivi.c:314)
==70810==    by 0x104E42E: decode_pic_hdr (indeo4.c:190)
==70810==    by 0x107EFAC: ff_ivi_decode_frame (ivi.c:1036)
==70810==    by 0xBCC2C3: decode_receive_frame_internal (decode.c:336)
==70810==    by 0xBCD2DF: avcodec_send_packet (decode.c:470)
==70810==    by 0x55A167: decode (avconv.c:1309)
==70810==    by 0x55A167: decode_video (avconv.c:1409)
==70810==    by 0x4FCD89: process_input_packet (avconv.c:1528)
==70810==    by 0x4FCD89: process_input (avconv.c:2756)
==70810==    by 0x4FCD89: transcode (avconv.c:2798)
==70810==    by 0x4FCD89: main (avconv.c:2972)
==70810==  Address 0x40 is not stack'd, malloc'd or (recently) free'd
==70810== 
==70810== 
==70810== Process terminating with default action of signal 11 (SIGSEGV)
==70810==  Access not within mapped region at address 0x40
==70810==    at 0x20D576B: av_freep (mem.c:194)
==70810==    by 0x44217D: ivi_free_buffers (ivi.c:290)
==70810==    by 0x4425DC: ff_ivi_init_planes (ivi.c:314)
==70810==    by 0x104E42E: decode_pic_hdr (indeo4.c:190)
==70810==    by 0x107EFAC: ff_ivi_decode_frame (ivi.c:1036)
==70810==    by 0xBCC2C3: decode_receive_frame_internal (decode.c:336)
==70810==    by 0xBCD2DF: avcodec_send_packet (decode.c:470)
==70810==    by 0x55A167: decode (avconv.c:1309)
==70810==    by 0x55A167: decode_video (avconv.c:1409)
==70810==    by 0x4FCD89: process_input_packet (avconv.c:1528)
==70810==    by 0x4FCD89: process_input (avconv.c:2756)
==70810==    by 0x4FCD89: transcode (avconv.c:2798)
==70810==    by 0x4FCD89: main (avconv.c:2972)

Regards,

Thuan

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20180423/8142925b/attachment.html>


More information about the libav-bugs mailing list