[FFmpeg-devel] [PATCH 0/1][TOOL][HACK] Allocation NULL check fuzzer

Paul B Mahol onemda at gmail.com
Fri Nov 24 22:09:09 EET 2017


On 11/24/17, Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
> I've had this kicking around for like 4 years, maybe it can be of use to
> some people.
> I haven't done full scale fuzzing with this because laziness. I just
> sometimes run it
> when I'm bored. It's not thread-safe, but it would be trivial to make it so.
>
> It's based off my old LD_PRELOAD hack from here:
>
>     https://gist.github.com/dwbuiten/7101755
>
> Optionally takes two env vars, MALLOC_SEED (the seed), and MALLOC_FAILPROB
> for the
> probability of failing.
>
> I've been running it directly integrated inside FFmpeg's allocator because
> it makes
> it easier to run under gdb to find where it actually crashes, if the stack
> trace of
> the failure is not enough info/context.
>
> Currently FFmpeg has a lot of unchecked allocations - just one single FATE
> run with
> this found:
>
>     daemon404 at bbvm:~/dev/f/ffmpeg/tests/data/fate$ grep Seg *.err
>     adpcm-ima-amv.err:Segmentation fault
>     adpcm-ima-apc.err:Segmentation fault
>     caf.err:Segmentation fault
>     filter-mergeplanes.err:Segmentation fault

Do you have backtrace of this one?


More information about the ffmpeg-devel mailing list