<html>
    <head>
      <base href="https://bugzilla.libav.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Null pointer dereference in ff_dca_lfe_fir1_sse()"
   href="https://bugzilla.libav.org/show_bug.cgi?id=1037">1037</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Null pointer dereference in ff_dca_lfe_fir1_sse()
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Libav
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>git HEAD
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>---
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>libavcodec
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>bugzilla@libav.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>fumfi.255@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=655" name="attach_655" title="POC to trigger null pointer dereference (avprobe)">attachment 655</a> <a href="attachment.cgi?id=655&action=edit" title="POC to trigger null pointer dereference (avprobe)">[details]</a></span>
POC to trigger null pointer dereference (avprobe)

After some fuzz testing I found a crashing test case.

Command: avprobe libav_nullptr_ff_dca_lfe_fir1_sse

Git Head: 698ac8f9cabd053f2c19346a77b92f8eae4218fc

Output + ASAN:

avprobe version v13_dev0-897-g698ac8f, Copyright (c) 2007-2017 the Libav
developers
  built on Feb 28 2017 11:03:05 with clang version 3.9.1
(tags/RELEASE_391/final)
ASAN:DEADLYSIGNAL
=================================================================
==12530==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000201354e bp 0x7ffe627e6d30 sp 0x7ffe627e5a58 T0)
==12530==The signal is caused by a WRITE memory access.
==12530==Hint: address points to the zero page.
    #0 0x201354d in ff_dca_lfe_fir1_sse XYZ/libav/libavcodec/x86/dcadsp.asm:114

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/libav/libavcodec/x86/dcadsp.asm:114 in
ff_dca_lfe_fir1_sse
==12530==ABORTING</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>