[FFmpeg-trac] #11692(swscale:new): [Security] heap-buffer-overflow on alphablend.c:77
FFmpeg
trac at avcodec.org
Wed Jul 30 04:48:54 EEST 2025
#11692: [Security] heap-buffer-overflow on alphablend.c:77
------------------------------------+-----------------------------------
Reporter: flyfish101 | Owner: (none)
Type: defect | Status: new
Priority: important | Component: swscale
Version: git-master | Resolution:
Keywords: fuzz | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Comment (by flyfish101):
Replying to [comment:3 Michael Niedermayer]:
> Please use the fuzzer we have without modifications. If you want to
improve the fuzzer submit a patch to it. If you really have to modify it
explain what and why it was modified. Is this report AI generated ?
In this example, we modified the hardcoded alphablend setting in the
driver:
{{{
av_opt_set(sws, "alphablend", "none", 0);
}}}
to enable more alphablend modes. See this line:
https://trac.ffmpeg.org/attachment/ticket/11692/target_sws_fuzzer1519.c#L208
You can read this paper, which explains why it is important to modify and
refine the current fuzz driver.
https://thuanpv.github.io/publications/Fuzzing23_FuzzBlockers.pdf
In short, We are using LLM to help us analyze the existing bottlenecks in
fuzzing and to explore more code paths. If you're interested, we could
explore deeper research and collaboration. By the way, please check these
bugs :)
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11692#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list