[FFmpeg-trac] #8017(avformat:new): hls, applehttp =ERROR: AddressSanitizer: heap-use-after-free

FFmpeg trac at avcodec.org
Sat Jul 13 14:38:34 EEST 2019


#8017: hls,applehttp =ERROR: AddressSanitizer: heap-use-after-free
----------------------------------+---------------------------------------
             Reporter:  satbaby   |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avformat  |                  Version:  unspecified
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+---------------------------------------
 Summary of the bug:
 ffmpeg-4.1.4
 ERROR: AddressSanitizer: heap-use-after-free
 How to reproduce:
 {{{
 [hls,applehttp @ 0x61b000000080] Opening 'https://a.stream.media.com/live-
 hls/h264/media_w1768186090_b4596000_t64RlBTOjYwLjA=_7102.ts' for reading
 [https @ 0x623000001d00] Opening 'https://a.stream.media.com/live-
 hls/h264/chunklist_A=.m3u8' for reading
 skipping 1 segments ahead, expired from playlists
 [hls,applehttp @ 0x61b000000080] Opening 'https://a.stream.media.com/live-
 hls/h264/media_A=_7102.ts' for reading
 [hls,applehttp @ 0x61b000000080] Opening 'https://a.stream.media.com/live-
 hls/h264/media_A=_7103.ts' for reading
 =================================================================
 devel/gcc-9.1.0-r1/work/gcc-9.1.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:703
     #1 0x7f2a1c6e0bc2 in av_match_ext src/libavformat/format.c:45
     #2 0x7f2a1c6e10c6 in av_probe_input_format3
 src/libavformat/format.c:168
     #3 0x7f2a1c6e1311 in av_probe_input_format2
 src/libavformat/format.c:208
     #4 0x7f2a1c6e14fb in av_probe_input_buffer2
 src/libavformat/format.c:280
     #5 0x7f2a1c6e1708 in av_probe_input_buffer
 src/libavformat/format.c:316
     #6 0x7f2a1c6f52f0 in hls_read_header src/libavformat/hls.c:1906
     #7 0x7f2a1c7f2c98 in avformat_open_input src/libavformat/utils.c:631
 0x611000004a00 is located 0 bytes inside of 194-byte region
 [0x611000004a00,0x611000004ac2)

 freed by thread T0 here:
     #0 0x7f2a1cb2fc2f in __interceptor_free /var/tmp/portage/sys-
 devel/gcc-9.1.0-r1/work/gcc-9.1.0/libsanitizer/asan/asan_malloc_linux.cc:122
     #1 0x7f2a1c6f2bf7 in free_segment_dynarray src/libavformat/hls.c:219
     #2 0x7f2a1c6f2bf7 in parse_playlist src/libavformat/hls.c:933
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8017>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list