[FFmpeg-trac] #1202(FFplay:new): Read Access Violation in memcpy

FFmpeg trac at avcodec.org
Sat Apr 14 02:14:41 CEST 2012


#1202: Read Access Violation in memcpy
----------------------------------+---------------------------------------
             Reporter:  daybreak  |                     Type:  defect
               Status:  new       |                 Priority:  critical
            Component:  FFplay    |                  Version:  unspecified
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+---------------------------------------
 This is a read access violation within a call to memcpy.  An attacker has
 control over esi.

 (21ed4.21e30): Access violation - code c0000005 (first chance)
 First chance exceptions are reported before any exception handling.
 This exception may be expected and handled.
 *** ERROR: Symbol file could not be found.  Defaulted to export symbols
 for C:\windows\syswow64\msvcrt.dll -
 msvcrt!memcpy+0x250:
 74dd9b60 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
 0:002:x86> $<dbgcomm.txt
 0:002:x86> r
 eax=077b3f68 ebx=00000e38 ecx=00000046 edx=00000000 esi=077b3e50
 edi=02ea2178
 eip=74dd9b60 esp=02e8fab0 ebp=02e8fab8 iopl=0         nv up ei pl nz ac po
 nc
 cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
 efl=00010212
 msvcrt!memcpy+0x250:
 74dd9b60 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
 0:002:x86> !load winext\msec.dll
 0:002:x86> !exploitable
 Exploitability Classification: PROBABLY_EXPLOITABLE
 Recommended Bug Title: Probably Exploitable - Read Access Violation on
 Block Data Move starting at msvcrt!memcpy+0x0000000000000250
 (Hash=0x23671766.0x0d446b3f)

 This is a read access violation in a block data move, and is therefore
 classified as probably exploitable.
 0:002:x86> q
 quit:

 This was tested on the shared build from 2012-04-09 found at
 http://ffmpeg.zeranoe.com/builds/

 PoC file can be downloaded from the following url:
 http://w.rdtsc.net/ffmpegmkv/ProbablyExploitable/memcpyReadAV.zip

 Thanks,
 John Villamil

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1202>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list