[FFmpeg-trac] #8869(ffmpeg:new): heap-use-after-free in ffmpeg
FFmpeg
trac at avcodec.org
Thu Aug 27 11:38:41 EEST 2020
#8869: heap-use-after-free in ffmpeg
--------------------------------+--------------------------------------
Reporter: fstark | Type: defect
Status: new | Priority: important
Component: ffmpeg | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
--------------------------------+--------------------------------------
Summary of the bug:heap-use-after-free in ffmpeg
How to reproduce:
{{{
% ./ffmpeg -y -i
./id\:000020\,sig\:06\,src\:005184+005692\,time\:243850025\,op\:splice\,rep\:4
-f null -
ffmpeg version github-master
built on ...clang++ asan
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
test at test:~/ffmpeg/afl$ ./ffmpeg -y -i
./id\:000020\,sig\:06\,src\:005184+005692\,time\:243850025\,op\:splice\,rep\:4
-f null -
ffmpeg version N-98785-g412d63fe72 Copyright (c) 2000-2020 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --enable-static
libavutil 56. 58.100 / 56. 58.100
libavcodec 58.100.100 / 58.100.100
libavformat 58. 51.100 / 58. 51.100
libavdevice 58. 11.101 / 58. 11.101
libavfilter 7. 87.100 / 7. 87.100
libswscale 5. 8.100 / 5. 8.100
libswresample 3. 8.100 / 3. 8.100
[aac @ 0x619000000580] Multiple frames in a packet.
[aac @ 0x619000000580] Too large remapped id is not implemented. Update
your FFmpeg version to the newest one from Git. If the problem still
occurs, it means that your file has a feature which has not been
implemented.
[aac @ 0x619000000580] If you want to help, upload a sample of this file
to https://streams.videolan.org/upload/ and contact the ffmpeg-devel
mailing list. (ffmpeg-devel at ffmpeg.org)
[aac @ 0x619000000580] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000000580] Number of bands (7) exceeds limit (4).
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'./id:000020,sig:06,src:005184+005692,time:243850025,op:splice,rep:4':
Metadata:
major_brand : isom
minor_version : 1769172786
compatible_brands: av
creation_time : 2004-09-21T16:20:31.000000Z
Duration: 00:00:05.90, start: 0.000000, bitrate: 124 kb/s
Stream #0:0(unb): Audio: aac (mp4a / 0x6134706D), 33728 Hz, 39
channels, fltp, 121 kb/s (default)
Metadata:
creation_time : 2004-09-21T16:20:31.000000Z
handler_name : soun
Stream mapping:
Stream #0:0 -> #0:0 (aac (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] channel element 0.4 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 1.3 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Multiple frames in a packet.
[aac @ 0x619000002880] Error decoding AAC frame header.
Error while decoding stream #0:0: Error number -50531338 occurred
[aac @ 0x619000002880] channel element 2.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 2.6 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 2.4 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 2.12 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Too large remapped id is not implemented. Update
your FFmpeg version to the newest one from Git. If the problem still
occurs, it means that your file has a feature which has not been
implemented.
[aac @ 0x619000002880] If you want to help, upload a sample of this file
to https://streams.videolan.org/upload/ and contact the ffmpeg-devel
mailing list. (ffmpeg-devel at ffmpeg.org)
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches
welcome
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (58) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Number of bands (52) exceeds limit (49).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.5 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (39) exceeds limit (36).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (52) exceeds limit (46).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.10 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.8 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.3 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.3 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Gain control is not implemented. Update your FFmpeg
version to the newest one from Git. If the problem still occurs, it means
that your file has a feature which has not been implemented.
[aac @ 0x619000002880] channel element 3.2 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of scalefactor bands in group (53) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (5) exceeds limit (3).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.4 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of scalefactor bands in group (53) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (11) exceeds limit (6).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (22) exceeds limit (2).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Number of bands (7) exceeds limit (4).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.3 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (28) exceeds limit (2).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (10) exceeds limit (7).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.4 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] SBR was found before the first channel element.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] ms_present = 3 is reserved.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Number of bands (18) exceeds limit (6).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (41) exceeds limit (20).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 2.14 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 2.7 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (46) exceeds limit (29).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] ms_present = 3 is reserved.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (49) exceeds limit (45).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (56) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 1.5 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
Last message repeated 1 times
[aac @ 0x619000002880] decode_pce: Input buffer exhausted before END
element found
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (18) exceeds limit (8).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (19) exceeds limit (14).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Too large remapped id is not implemented. Update
your FFmpeg version to the newest one from Git. If the problem still
occurs, it means that your file has a feature which has not been
implemented.
[aac @ 0x619000002880] If you want to help, upload a sample of this file
to https://streams.videolan.org/upload/ and contact the ffmpeg-devel
mailing list. (ffmpeg-devel at ffmpeg.org)
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches
welcome
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (17) exceeds limit (10).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (4) exceeds limit (1).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (6) exceeds limit (5).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Number of bands (19) exceeds limit (7).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (18) exceeds limit (13).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (47) exceeds limit (31).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (55) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (40) exceeds limit (30).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (16) exceeds limit (14).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Too large remapped id is not implemented. Update
your FFmpeg version to the newest one from Git. If the problem still
occurs, it means that your file has a feature which has not been
implemented.
[aac @ 0x619000002880] If you want to help, upload a sample of this file
to https://streams.videolan.org/upload/ and contact the ffmpeg-devel
mailing list. (ffmpeg-devel at ffmpeg.org)
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches
welcome
[aac @ 0x619000002880] Number of bands (25) exceeds limit (14).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (33) exceeds limit (12).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (32) exceeds limit (5).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] TNS filter order 31 is greater than maximum 12.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (29) exceeds limit (8).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (56) exceeds limit (48).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (56) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.1 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (23) exceeds limit (1).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (30) exceeds limit (23).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] SBR was found before the first channel element.
Last message repeated 1 times
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (27) exceeds limit (16).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Number of bands (29) exceeds limit (22).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] SBR was found before the first channel element.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (13) exceeds limit (10).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (33) exceeds limit (30).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (7) exceeds limit (5).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (43) exceeds limit (28).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (10) exceeds limit (9).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (47) exceeds limit (45).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (53) exceeds limit (48).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (60) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (33) exceeds limit (32).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (41) exceeds limit (28).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (54) exceeds limit (38).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (4) exceeds limit (1).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (46) exceeds limit (44).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (8) exceeds limit (6).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (17) exceeds limit (16).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of scalefactor bands in group (53) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (10) exceeds limit (8).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (29) exceeds limit (28).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 duplicate
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 duplicate
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 0.0 duplicate
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (59) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] TNS filter order 14 is greater than maximum 12.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (67) exceeds limit (42).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (42) exceeds limit (28).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of bands (22) exceeds limit (21).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] channel element 3.4 is not allocated
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Number of bands (12) exceeds limit (11).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
[aac @ 0x619000002880] Inconsistent channel configuration.
[aac @ 0x619000002880] get_buffer() failed
Error while decoding stream #0:0: Invalid argument
[aac @ 0x619000002880] SBR was found before the first channel element.
[aac @ 0x619000002880] Number of bands (15) exceeds limit (2).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Reserved bit set.
[aac @ 0x619000002880] Number of scalefactor bands in group (57) exceeds
limit (51).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0x619000002880] Sample rate index in program config element does
not match the sample rate index configured by the container.
=================================================================
==39663==ERROR: AddressSanitizer: heap-use-after-free on address
0x7fc46eb21800 at pc 0x00000469d07e bp 0x7ffc91473790 sp 0x7ffc91473788
WRITE of size 4 at 0x7fc46eb21800 thread T0
#0 0x469d07d (/home/test/ffmpeg/afl/ffmpeg+0x469d07d)
#1 0x466ce36 (/home/test/ffmpeg/afl/ffmpeg+0x466ce36)
#2 0x20205a5 (/home/test/ffmpeg/afl/ffmpeg+0x20205a5)
#3 0x201f78b (/home/test/ffmpeg/afl/ffmpeg+0x201f78b)
#4 0x5ddd8c (/home/test/ffmpeg/afl/ffmpeg+0x5ddd8c)
#5 0x5ca01a (/home/test/ffmpeg/afl/ffmpeg+0x5ca01a)
#6 0x5b2eef (/home/test/ffmpeg/afl/ffmpeg+0x5b2eef)
#7 0x7fc4735d0b96 in __libc_start_main /build/glibc-
2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
#8 0x41ca79 in __isnanf (/home/test/ffmpeg/afl/ffmpeg+0x41ca79)
0x7fc46eb21800 is located 0 bytes inside of 547744-byte region
[0x7fc46eb21800,0x7fc46eba73a0)
freed by thread T0 here:
#0 0x4dc760 in __interceptor_free
(/home/test/ffmpeg/afl/ffmpeg+0x4dc760)
#1 0x468d1a6 (/home/test/ffmpeg/afl/ffmpeg+0x468d1a6)
previously allocated by thread T0 here:
#0 0x4dd568 in __interceptor_posix_memalign
(/home/test/ffmpeg/afl/ffmpeg+0x4dd568)
#1 0x5f9b294 (/home/test/ffmpeg/afl/ffmpeg+0x5f9b294)
#2 0x468cdb8 (/home/test/ffmpeg/afl/ffmpeg+0x468cdb8)
SUMMARY: AddressSanitizer: heap-use-after-free
(/home/test/ffmpeg/afl/ffmpeg+0x469d07d)
Shadow bytes around the buggy address:
0x0ff90dd5c2b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff90dd5c2c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff90dd5c2d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff90dd5c2e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff90dd5c2f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0ff90dd5c300:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff90dd5c310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff90dd5c320: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff90dd5c330: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff90dd5c340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0ff90dd5c350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==39663==ABORTING
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8869>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list