#11460: SEGV FFmpeg-master/libavformat/mov.c:5209:39 in mov_read_trak
----------------------------------+--------------------------------------
Reporter: 0x20z | Type: defect
Status: new | Priority: important
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 1 |
----------------------------------+--------------------------------------
Summary of the bug:
{{{
Dear developers,
I have discovered a Segmentation Fault vulnerability. The POC file is
attached to the session, and the version of ffmpeg the main branch. Please
confirm.
}}}
How to reproduce:
{{{
git clone https://github.com/FFmpeg/FFmpeg.git
cd FFmpeg
./configure --cc=clang --cxx=clang++ --toolchain=clang-asan --extra-
cflags="-I$HOME/ffmpeg_build/include -O0 -fno-omit-frame-pointer -g"
--extra-cxxflags="-O0 -fno-omit-frame-pointer -g" --extra-
ldflags="-L$HOME/ffmpeg_build/include -fsanitize=address
-fsanitize=undefined -lubsan" --disable-optimizations --disable-stripping
--enable-cross-compile
make -j30
./ffmpeg -y -i poc tmp.mp4
}}}
ASAN log
{{{
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2984708==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004
(pc 0x5d63f3bfa921 bp 0x7ffe863f0350 sp 0x7ffe863ef9e0 T0)
==2984708==The signal is caused by a READ memory access.
==2984708==Hint: address points to the zero page.
#0 0x5d63f3bfa921 in mov_read_trak /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:5209:39
#1 0x5d63f3bcc4e6 in mov_read_default /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:9414:23
#2 0x5d63f3be69ad in mov_read_moov /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:1565:16
#3 0x5d63f3bcc4e6 in mov_read_default /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:9414:23
#4 0x5d63f3bce458 in mov_read_header /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:10482:20
#5 0x5d63f39a85ca in avformat_open_input /home/swift/workstation
/FFmpeg-master/libavformat/demux.c:308:20
#6 0x5d63f29b5de7 in ifile_open /home/swift/workstation/FFmpeg-
master/fftools/ffmpeg_demux.c:1727:11
#7 0x5d63f2a37b12 in open_files /home/swift/workstation/FFmpeg-
master/fftools/ffmpeg_opt.c:1362:15
#8 0x5d63f2a373c8 in ffmpeg_parse_options /home/swift/workstation
/FFmpeg-master/fftools/ffmpeg_opt.c:1411:11
#9 0x5d63f2a805ad in main /home/swift/workstation/FFmpeg-
master/fftools/ffmpeg.c:974:11
#10 0x7c2935829d8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#11 0x7c2935829e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#12 0x5d63f28dbf94 in _start (/home/swift/workstation/FFmpeg-
master/ffmpeg+0x74bf94) (BuildId:
3e39da16128bd7a0ad33deeb901b37099ed2104c)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/swift/workstation/FFmpeg-
master/libavformat/mov.c:5209:39 in mov_read_trak
==2984708==ABORTING
}}}
Found by
{{{
Found by 0x20z
}}}
Thank you for your time and attention
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11460>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
