[FFmpeg-trac] #10242(ffmpeg:new): heap overflow in ffmpeg (base64.c:133)

Thu Mar 9 06:22:26 EET 2023

#10242: heap overflow in ffmpeg (base64.c:133)
-------------------------------------+-------------------------------------
             Reporter:  Youngseok    |                     Type:  defect
  Choi                               |
               Status:  new          |                 Priority:  normal
            Component:  ffmpeg       |                  Version:  git-
                                     |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Hi, while running afl++ on ffmpeg,
 I found heap overflow in ffmpeg.

 How to reproduce:
 {{{
 % ./ffmpeg -i "data:/;;,doubleweend"
 }}}

 Stack Trace:
 {{{
 ==19450==ERROR: AddressSanitizer: heap-buffer-overflow on address
 0x609000000407 at pc 0x55838811cade bp 0x7ffd42d3c400 sp 0x7ffd42d3c3f0
 WRITE of size 1 at 0x609000000407 thread T0
     #0 0x55838811cadd in av_base64_decode libavutil/base64.c:133
     #1 0x558385eb5f9e in data_open libavformat/data_uri.c:79
     #2 0x5583859af0ef in ffurl_connect libavformat/avio.c:209
     #3 0x5583859b015c in ffurl_open_whitelist libavformat/avio.c:347
     #4 0x5583859ba239 in ffio_open_whitelist libavformat/aviobuf.c:1230
     #5 0x558385d0c9d0 in io_open_default libavformat/options.c:151
     #6 0x558385a061c4 in init_input libavformat/demux.c:174
     #7 0x558385a06c66 in avformat_open_input libavformat/demux.c:254
     #8 0x558384ef1532 in ifile_open fftools/ffmpeg_demux.c:1051
     #9 0x558384f372f4 in open_files fftools/ffmpeg_opt.c:1244
     #10 0x558384f37669 in ffmpeg_parse_options fftools/ffmpeg_opt.c:1283
     #11 0x558384f750df in main fftools/ffmpeg.c:4160
     #12 0x7fcc4980fc86 in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x21c86)
     #13 0x558384ee0499 in _start (/home/youngseok/latest-
 subjects/ffmpeg/ffmpeg+0x52f499)
 }}}


 Environment:
 - OS: Ubuntu 18.04
 - gcc: 7.5.0
 - ffmpeg: version N-109968-gcc76e8340d (git-master)

 Note that I built ffmpeg with address sanitizer.
 {{{
 ./configure --extra-cflags="-fsanitize=address -g -O0" \
 --extra-cxxflags="-fsanitize=address -g -O0" --extra-
 ldflags="-fsanitize=address -g -O0" \
 --disable-optimizations --disable-stripping
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10242>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker