[FFmpeg-trac] #8503(avformat:new): heap-use-after-free (libavformat)
FFmpeg
trac at avcodec.org
Thu Jan 30 14:38:06 EET 2020
#8503: heap-use-after-free (libavformat)
----------------------------------+--------------------------------------
Reporter: satbaby | Type: defect
Status: new | Priority: normal
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
Summary of the bug:
[hls @ 0x61b0000b7580] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2020-01-30T12:19:55Z')
[hls @ 0x61b0000b7580] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2020-01-30T12:19:57Z')
[hls @ 0x61b0000b7580] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2020-01-30T12:19:59Z')
[hls @ 0x61b0000b7580] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2020-01-30T12:20:01Z')
[hls @ 0x61b0000b7580] Skip ('#EXT-X-PROGRAM-DATE-
TIME:2020-01-30T12:20:03Z')
[hls @ 0x61b0000b7580] Opening 'https://zdf-
hls-02.akamaized.net/hls/live/2002461-b/de/db2a160db8fa0578f9d55391f18d47c1/7/77031.aac'
for reading
[hls @ 0x61b0000b7580] Opening 'https://zdf-
hls-02.akamaized.net/hls/live/2002461-b/de/db2a160db8fa0578f9d55391f18d47c1/7/77032.aac'
for reading
=================================================================
==26433==ERROR: AddressSanitizer: heap-use-after-free on address
0x60b0001786c0 at pc 0x7fa210658bf5 bp 0x7ffff0105260 sp 0x7ffff0104a08
READ of size 2 at 0x60b0001786c0 thread T0
Invalid return value 0 for stream protocol
#0 0x7fa210658bf4 (/usr/lib/gcc/x86_64-pc-linux-
gnu/9.2.0/libasan.so.5+0x6abf4)
#1 0x5590326e6c82 in av_match_ext libavformat/format.c:45
#2 0x5590326e7121 in av_probe_input_format3 libavformat/format.c:168
#3 0x5590326e7311 in av_probe_input_format2 libavformat/format.c:208
#4 0x5590326e7479 in av_probe_input_buffer2 libavformat/format.c:280
#5 0x5590326e7668 in av_probe_input_buffer libavformat/format.c:316
#6 0x55903275e777 in hls_read_header libavformat/hls.c:1945
#7 0x559032707aa1 in avformat_open_input libavformat/utils.c:631
...
0x60b0001786c0 is located 0 bytes inside of 100-byte region
[0x60b0001786c0,0x60b000178724)
freed by thread T0 here:
#0 0x7fa2106f9e4f in __interceptor_free (/usr/lib/gcc/x86_64-pc-linux-
gnu/9.2.0/libasan.so.5+0x10be4f)
#1 0x55903275b357 in free_segment_dynarray libavformat/hls.c:223
#2 0x55903275b357 in parse_playlist libavformat/hls.c:950
previously allocated by thread T0 here:
#0 0x7fa2106fa669 in realloc (/usr/lib/gcc/x86_64-pc-linux-
gnu/9.2.0/libasan.so.5+0x10c669)
#1 0x559033149454 in av_strdup libavutil/mem.c:256
#2 0x2d736c682d666479 (<unknown module>)
How to reproduce:
{{{
AVFormatContext *ifcx = NULL;
if (avformat_open_input(&ifcx, "http://zdf-
hls-02.akamaized.net/hls/live/2002461/de/high/master.m3u8", NULL, NULL) !=
0) {
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8503>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list