[FFmpeg-trac] #10424(avformat:closed): NULL deference in read_uslt after allocation failure
FFmpeg
trac at avcodec.org
Fri Jun 23 18:15:10 EEST 2023
#10424: NULL deference in read_uslt after allocation failure
-------------------------------------+------------------------------------
Reporter: catenacyber | Owner: (none)
Type: defect | Status: closed
Priority: important | Component: avformat
Version: git-master | Resolution: fixed
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 1 |
-------------------------------------+------------------------------------
Comment (by catenacyber):
Thanks James for the fix.
If this is important, there are likely other similar NULL derefences that
you can find with nallocfuzz
like
#1 0x94f053 in av_get_pix_fmt /src/ffmpeg/libavutil/pixdesc.c:2872:10
#2 0x7453a9 in rawvideo_read_header
/src/ffmpeg/libavformat/rawvideodec.c:59:24
#3 0x579cfb in avformat_open_input
/src/ffmpeg/libavformat/demux.c:314:20
#4 0x4e9dd1 in LLVMFuzzerTestOneInput
/src/ffmpeg/tools/target_dem_fuzzer.c:201:11
after failed
#4 0x9354ac in av_realloc /src/ffmpeg/libavutil/mem.c:162
#5 0x9354ac in av_strdup /src/ffmpeg/libavutil/mem.c:275
#6 0x944444 in set_string /src/ffmpeg/libavutil/opt.c:226
#7 0x944444 in av_opt_set_defaults2 /src/ffmpeg/libavutil/opt.c:1512
#8 0x943f13 in av_opt_set_defaults /src/ffmpeg/libavutil/opt.c:1461
#9 0x579b99 in avformat_open_input /src/ffmpeg/libavformat/demux.c:303
#10 0x4e9dd1 in LLVMFuzzerTestOneInput
/src/ffmpeg/tools/target_dem_fuzzer.c:201
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10424#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list