[FFmpeg-trac] #11228(undetermined:new): SEGV bug at libavfilter/drawutils.c:172:27 in ff_draw_color in FFmpeg7.1

FFmpeg Sun, 06 Oct 2024 12:05:52 -0700

#11228: SEGV bug at libavfilter/drawutils.c:172:27 in ff_draw_color in FFmpeg7.1
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:  defect
  ZengYunxiang                       |
               Status:  new          |                 Priority:  important
            Component:               |                  Version:  7.1
  undetermined                       |
             Keywords:  bugs,fuzz    |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:


 Dear developers,

 We found the following SEGV bug on FFmpeg(version 7.1) , please confirm.

 This may be due to a Segmentation violation caused by dereferencing a null
 pointer, which can sometimes lead to a crash.

 The poc file(poc24ffmpeg) will be attached to this ticket.

 {{{
 157 void ff_draw_color(FFDrawContext *draw, FFDrawColor *color, const
 uint8_t rgba[4])
 158 {
 159     unsigned i;
 160     double yuvad[4];
 161     double rgbad[4];
 162     const AVPixFmtDescriptor *desc = draw->desc;
 163
 164     if (rgba != color->rgba)
 165         memcpy(color->rgba, rgba, sizeof(color->rgba));
 166
 167     memset(color->comp, 0, sizeof(color->comp));
 168
 169     for (int i = 0; i < 4; i++)
 170         rgbad[i] = color->rgba[i] / 255.;
 171
 172     if (draw->desc->flags & AV_PIX_FMT_FLAG_RGB)
 173         memcpy(yuvad, rgbad, sizeof(double) * 3);
 174     else
 }}}

 How to reproduce:
 {{{
 tar -xvf ffmpeg-7.1.tar.xz
 cd ffmpeg-7.1
 ./configure --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain
 =clang-asan
 make -j30

 ./ffmpeg_g -y -i poc24ffmpeg -filter_complex pad tmp.mp4
 }}}
 ASAN Log:
 {{{
 AddressSanitizer:DEADLYSIGNAL
 =================================================================
 ==4008132==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010
 (pc 0x55a0c4422a34 bp 0x7f565491aad0 sp 0x7f565491a9a0 T19)
 ==4008132==The signal is caused by a READ memory access.
 ==4008132==Hint: address points to the zero page.
     #0 0x55a0c4422a34 in ff_draw_color
 /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27
     #1 0x55a0c3f00004 in config_input
 /afltest/ffmpeg-7.1/libavfilter/vf_pad.c:115:5
     #2 0x55a0c39887f3 in ff_filter_config_links
 /afltest/ffmpeg-7.1/libavfilter/avfilter.c:432:28
     #3 0x55a0c39880c6 in ff_filter_config_links
 /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24
     #4 0x55a0c39880c6 in ff_filter_config_links
 /afltest/ffmpeg-7.1/libavfilter/avfilter.c:365:24
     #5 0x55a0c399e407 in graph_config_links
 /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:255:24
     #6 0x55a0c399e407 in avfilter_graph_config
 /afltest/ffmpeg-7.1/libavfilter/avfiltergraph.c:1302:16
     #7 0x55a0c3852d82 in configure_filtergraph
 /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:1951:16
     #8 0x55a0c3848fdf in send_eof
 /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:2736:23
     #9 0x55a0c3848fdf in filter_thread
 /afltest/ffmpeg-7.1/fftools/ffmpeg_filter.c:3023:19
     #10 0x55a0c389e586 in task_wrapper
 /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:2514:11
     #11 0x7f5660d1fac2  (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
 (BuildId: 490fef8403240c91833978d494d39e537409b92e)
     #12 0x7f5660db184f  (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)
 (BuildId: 490fef8403240c91833978d494d39e537409b92e)

 AddressSanitizer can not provide additional info.
 SUMMARY: AddressSanitizer: SEGV
 /afltest/ffmpeg-7.1/libavfilter/drawutils.c:172:27 in ff_draw_color
 Thread T19 (fc0) created by T0 here:
     #0 0x55a0c37c998c in __interceptor_pthread_create
 (/afltest/ffmpeg-7.1/ffmpeg_g+0x99498c) (BuildId:
 8ca1265ed5a8b6b91f520daf8c6156ed184d52f0)
     #1 0x55a0c3896853 in task_start
 /afltest/ffmpeg-7.1/fftools/ffmpeg_sched.c:422:11

 ==4008132==ABORTING
 }}}

 ffmpeg version:
 {{{
 # ./ffmpeg -version
 ffmpeg version 7.1 Copyright (c) 2000-2024 the FFmpeg developers
 built with Ubuntu clang version 14.0.0-1ubuntu1.1
 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 --toolchain=clang-asan
 libavutil      59. 39.100 / 59. 39.100
 libavcodec     61. 19.100 / 61. 19.100
 libavformat    61.  7.100 / 61.  7.100
 libavdevice    61.  3.100 / 61.  3.100
 libavfilter    10.  4.100 / 10.  4.100
 libswscale      8.  3.100 /  8.  3.100
 libswresample   5.  3.100 /  5.  3.100
 }}}

 Thanks for your time!
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11228>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

[FFmpeg-trac] #11228(undetermined:new): SEGV bug at libavfilter/drawutils.c:172:27 in ff_draw_color in FFmpeg7.1

Reply via email to