[FFmpeg-trac] #8592(undetermined:new): UBSan: applying zero offset to null pointer

FFmpeg trac at avcodec.org
Tue Mar 31 18:27:25 EEST 2020 

#8592: UBSan: applying zero offset to null pointer
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:  defect
  andreafioraldi                     |
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  ubsan        |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:

 pkt->data in parse_packet() can be NULL. The len return value of
 av_parser_parse2 is not checked against 0 and the `data += len` statement
 is UB.

 How to reproduce:
 {{{
 % ffmpeg -i id:000002,sig:04,src:000000,time:20508,op:MOpt_havoc,rep:128
 out.mp3
 ffmpeg version N-97118-gfa164bc50e Copyright (c) 2000-2020 the FFmpeg
 developers
   built with clang version 10.0.0
 (git at github.com:andreafioraldi/ConstrainedMemorySanitizer.git
 5b365c37a959d429121850f6d91ed160d4cdf76f)
   configuration: --cc=clang-10 --cxx=clang++-10
   libavutil      56. 42.102 / 56. 42.102
   libavcodec     58. 77.101 / 58. 77.101
   libavformat    58. 42.100 / 58. 42.100
   libavdevice    58.  9.103 / 58.  9.103
   libavfilter     7. 77.101 /  7. 77.101
   libswscale      5.  6.101 /  5.  6.101
   libswresample   3.  6.100 /  3.  6.100
 [h263 @ 0x61b000000080] Format h263 detected only with low score of 25,
 misdetection possible!
 libavformat/utils.c:1475:14: runtime error: applying zero offset to null
 pointer
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 libavformat/utils.c:1475:14 in
 [h263 @ 0x619000000580] Bad UFEP type (2)
 [h263 @ 0x619000000580] header damaged
 [h263 @ 0x61b000000080] decoding for stream 0 failed
 [h263 @ 0x61b000000080] Could not find codec parameters for stream 0
 (Video: h263, none): unspecified size
 Consider increasing the value for the 'analyzeduration' and 'probesize'
 options
 Input #0, h263, from
 './id:000002,sig:04,src:000000,time:20508,op:MOpt_havoc,rep:128':
   Duration: N/A, bitrate: N/A
     Stream #0:0: Video: h263, none, 25 tbr, 1200k tbn, 25 tbc
 Output #0, mp3, to 'out.mp3':
 Output file #0 does not contain any stream
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8592>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list