[FFmpeg-trac] #6763(swscale:new): swscale: Out-of-bounds memory accesses
FFmpeg
trac at avcodec.org
Sat Oct 21 01:57:52 EEST 2017
#6763: swscale: Out-of-bounds memory accesses
---------------------------------+---------------------------------------
Reporter: Gramner | Type: defect
Status: new | Priority: normal
Component: swscale | Version: unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
---------------------------------+---------------------------------------
Many assembly functions in swscale will read past the end of their input
buffers which causes segfaults and/or bus errors if the buffer happens to
be located near the end of a memory page and the next page is invalid.
Aligning input buffers isn't even enough for formats like RGB24 (and
requiring alignment would be a bad idea anyway since it wouldn't work with
memory-mapped input files for example).
Using swscale with x264 CLI seems to be a fairly consistent way to trigger
such out-of-bounds crashes. This command line for example will cause
segfaults in ff_rgb24ToY_avx():
./x264 -o /dev/null --input-csp rgb --input-res 512x512 <any_input_file>
If asm is disabled in swscale the problem goes away.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6763>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list