[FFmpeg-trac] #8859(ffmpeg:new): A heap-buffer-overflow in FFmpeg JIT code
FFmpeg
trac at avcodec.org
Sat Aug 22 05:37:55 EEST 2020
#8859: A heap-buffer-overflow in FFmpeg JIT code
-----------------------------------+--------------------------------------
Reporter: seviezhou | Type: defect
Status: new | Priority: normal
Component: ffmpeg | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+--------------------------------------
== System info ==
Ubuntu x86_64, clang 6.0, ffmpeg (git-master
[https://github.com/FFmpeg/FFmpeg/commit/3fc3d712a99cf39f69a2258b48cbc81fa8ae5471])
== Configure ==
{{{
./configure --disable-shared --enable-debug=3 --disable-ffplay --disable-
ffprobe --disable-doc --disable-asm --cc=clang --cxx=clang++ --ld=clang
--toolchain=clang-asan
}}}
== Command line ==
{{{
./ffmpeg -y -f mov /dev/null -i @@
}}}
== AddressSanitizer ==
{{{
=================================================================
==35580==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x624000008308 at pc 0x0000030dcdfc bp 0x7ffe3ba63450 sp 0x7ffe3ba63448
READ of size 8 at 0x624000008308 thread T0
#0 0x30dcdfb (/home/seviezhou/ffmpeg/ffmpeg+0x30dcdfb)
#1 0x30d1314 (/home/seviezhou/ffmpeg/ffmpeg+0x30d1314)
#2 0x30e7f96 (/home/seviezhou/ffmpeg/ffmpeg+0x30e7f96)
#3 0x30c7dbc (/home/seviezhou/ffmpeg/ffmpeg+0x30c7dbc)
#4 0x179945c (/home/seviezhou/ffmpeg/ffmpeg+0x179945c)
#5 0x1798a55 (/home/seviezhou/ffmpeg/ffmpeg+0x1798a55)
#6 0x145def6 (/home/seviezhou/ffmpeg/ffmpeg+0x145def6)
#7 0x1451f5d (/home/seviezhou/ffmpeg/ffmpeg+0x1451f5d)
#8 0x519abb (/home/seviezhou/ffmpeg/ffmpeg+0x519abb)
#9 0x5179a6 (/home/seviezhou/ffmpeg/ffmpeg+0x5179a6)
#10 0x516e1b (/home/seviezhou/ffmpeg/ffmpeg+0x516e1b)
#11 0x5839c2 (/home/seviezhou/ffmpeg/ffmpeg+0x5839c2)
#12 0x7f6ec8c51b96 in __libc_start_main /build/glibc-
OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#13 0x41e179 in _init (/home/seviezhou/ffmpeg/ffmpeg+0x41e179)
Address 0x624000008308 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/seviezhou/ffmpeg/ffmpeg+0x30dcdfb)
Shadow bytes around the buggy address:
0x0c487fff9010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c487fff9060: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff90a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c487fff90b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==35580==ABORTING
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8859>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list