[FFmpeg-trac] #10951(avcodec:new): SEGV bug at libavcodec/hevcdec.c:2947:22 in hevc_frame_end in FFmpeg7.0
FFmpeg
trac at avcodec.org
Sat Apr 6 04:47:13 EEST 2024
#10951: SEGV bug at libavcodec/hevcdec.c:2947:22 in hevc_frame_end in FFmpeg7.0
-------------------------------------+-------------------------------------
Reporter: | Type: defect
ZengYunxiang |
Status: new | Priority: important
Component: avcodec | Version: 7.0
Keywords: bugs | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
Dear developers,
We found the following SEGV bug on FFmpeg(version 7.0) , please confirm.
This bug doesn't require harsh parameter conditions to trigger.
The poc file(poc23ffmpeg) will be attached to this ticket.
How to reproduce:
{{{
tar -xvf ffmpeg-7.0.tar.xz
cd ffmpeg-7.0
./configure --cc=afl-clang-fast --cxx=afl-clang-fast++ --disable-shared
AFL_USE_ASAN=1 make -j30
./ffmpeg_g -y -i poc23ffmpeg tmp.mp4
}}}
ASAN Log:
{{{
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2083295==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55661ca3e58c bp 0x0ff32d1da6b7 sp 0x7f9968eb7620 T8)
==2083295==The signal is caused by a READ memory access.
==2083295==Hint: address points to the zero page.
#0 0x55661ca3e58c in hevc_frame_end
/ffmpeg-7.0/libavcodec/hevcdec.c:2947:22
#1 0x55661ca34250 in decode_nal_unit
/ffmpeg-7.0/libavcodec/hevcdec.c:3122:23
#2 0x55661ca34250 in decode_nal_units
/ffmpeg-7.0/libavcodec/hevcdec.c:3227:15
#3 0x55661ca34250 in hevc_decode_frame
/ffmpeg-7.0/libavcodec/hevcdec.c:3376:14
#4 0x55661d3b6761 in frame_worker_thread
/ffmpeg-7.0/libavcodec/pthread_frame.c:223:21
#5 0x7f996ef3fac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) (BuildId:
a43bfc8428df6623cd498c9c0caeb91aec9be4f9)
#6 0x7f996efd1a3f (/lib/x86_64-linux-gnu/libc.so.6+0x126a3f)
(BuildId: a43bfc8428df6623cd498c9c0caeb91aec9be4f9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /ffmpeg-7.0/libavcodec/hevcdec.c:2947:22
in hevc_frame_end
Thread T8 (av:hevc:df7) created by T0 here:
#0 0x55661aef856c in __interceptor_pthread_create
(/ffmpeg-7.0/ffmpeg_g+0x98c56c) (BuildId:
545ccc2062eaee7e775c86df925c8f1fb97035e3)
#1 0x55661ad85de6 in init_thread
/ffmpeg-7.0/libavcodec/pthread_frame.c:828:11
==2083295==ABORTING
}}}
ffmpeg version:
{{{
# ./ffmpeg -version
ffmpeg version 7.0 Copyright (c) 2000-2024 the FFmpeg developers
built with Ubuntu clang version 14.0.0-1ubuntu1.1
configuration: --cc=afl-clang-fast --cxx=afl-clang-fast++ --disable-shared
libavutil 59. 8.100 / 59. 8.100
libavcodec 61. 3.100 / 61. 3.100
libavformat 61. 1.100 / 61. 1.100
libavdevice 61. 1.100 / 61. 1.100
libavfilter 10. 1.100 / 10. 1.100
libswscale 8. 1.100 / 8. 1.100
libswresample 5. 1.100 / 5. 1.100
}}}
Credit:
{{{
Discovered by Zeng Yunxiang.
}}}
Thanks for your time!
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10951>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list