[FFmpeg-trac] #8259(avcodec:new): A use-after-free bug in libavcodec/utils.c
FFmpeg
trac at avcodec.org
Sun Oct 13 16:32:33 EEST 2019
#8259: A use-after-free bug in libavcodec/utils.c
-----------------------------------+------------------------------------
Reporter: wurongxin | Type: defect
Status: new | Priority: critical
Component: avcodec | Version: 3.4.6
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+------------------------------------
Summary of the bug:
How to reproduce:
{{{
% ffmpeg -i input ... output
ffmpeg version
built on ...
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
In the source file
https://github.com/FFmpeg/FFmpeg/blob/release/3.4/libavcodec/utils.c, in
the function "default_lockmgr_cb", there is a use-after-free bug. Please
see the following code. At Line 104, it frees the variable "*mutex", and
then uses "*mutex" at Line 105.
{{{
69. static int default_lockmgr_cb(void **arg, enum AVLockOp op)
70. {
…
101. case AV_LOCK_DESTROY:
102. if (*mutex)
103. pthread_mutex_destroy(*mutex);
104. av_free(*mutex);
105. avpriv_atomic_ptr_cas(mutex, *mutex, NULL);
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8259>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list