[libav-bugs] [Bug 1094] Heap out of bounds read in mpc8_probe()

bugzilla at libav.org bugzilla at libav.org
Wed Mar 20 08:07:40 CET 2019


https://bugzilla.libav.org/show_bug.cgi?id=1094

--- Comment #1 from Mingi Cho <mgcho.minic at gmail.com> ---
Hello.

I found another crash which triggers segmentation fault without ASAN.

GDB output:

Program received signal SIGSEGV, Segmentation fault.
mpc8_probe (p=0xffffcae8) at libavformat/mpc8.c:88
88    libavformat/mpc8.c: No such file or directory.

(gdb) bt
#0  mpc8_probe (p=0xffffcae8) at libavformat/mpc8.c:88
#1  0x080a3fe9 in av_probe_input_format2 (pd=0xffffcb58, is_opened=<optimized
out>, score_max=0xffffcb50) at libavformat/format.c:193
#2  0x080a43f1 in av_probe_input_buffer (pb=<optimized out>, fmt=0x91535a4,
filename=<optimized out>, logctx=<optimized out>, offset=<optimized out>,
max_probe_size=1048576) at libavformat/format.c:286
#3  0x081435f7 in init_input (filename=0xffffd72a
"./intriguer/libav/avconv_12_3_f_null_afl-clang5_asan_empty/1/crashes_all/id:000007,sig:06,src:004861,op:fieldc,pos:10,val:+0",
options=<optimized out>, 
    s=<optimized out>) at libavformat/utils.c:214
#4  avformat_open_input (ps=0xffffcc00, filename=0xffffd72a
"./intriguer/libav/avconv_12_3_f_null_afl-clang5_asan_empty/1/crashes_all/id:000007,sig:06,src:004861,op:fieldc,pos:10,val:+0", 
    fmt=<optimized out>, options=<optimized out>) at libavformat/utils.c:303
#5  0x0804b8b9 in open_input_file (o=<optimized out>, filename=<optimized out>)
at avtools/avconv_opt.c:804
#6  0x0804b480 in open_files (l=<optimized out>, inout=<optimized out>,
open_file=<optimized out>) at avtools/avconv_opt.c:2467
#7  0x0804b286 in avconv_parse_options (argc=<optimized out>, argv=<optimized
out>) at avtools/avconv_opt.c:2504
#8  0x08058b4f in main (argc=<optimized out>, argv=<optimized out>) at
avtools/avconv.c:2953

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20190320/64ec166a/attachment.html>


More information about the libav-bugs mailing list