[FFmpeg-trac] #10310(undetermined:new): stack-buffer-overflow in FFmpeg (fftools/ffmpeg_mux_init.c:610 in new_output_stream)

FFmpeg trac at avcodec.org
Tue Apr 4 08:10:21 EEST 2023 

#10310: stack-buffer-overflow in FFmpeg (fftools/ffmpeg_mux_init.c:610 in
new_output_stream)
-------------------------------------+-------------------------------------
             Reporter:  Youngseok    |                     Type:  defect
  Choi                               |
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  fuzzing,     |               Blocked By:
  stack-overflow                     |
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Our fuzzer found a new stack overflow bug.

 **Command Input**

 {{{
 ffmpeg -i poc_file -aac_pred true .mpd
 }}}

 poc_file is attached.

 **Command Output**

 {{{
   libavutil      58.  5.100 / 58.  5.100
   libavcodec     60.  9.100 / 60.  9.100
   libavformat    60.  4.101 / 60.  4.101
   libavdevice    60.  2.100 / 60.  2.100
   libavfilter     9.  5.100 /  9.  5.100
   libswscale      7.  2.100 /  7.  2.100
   libswresample   4. 11.100 /  4. 11.100
 [amr @ 0x617000000080] Estimating duration from bitrate, this may be
 inaccurate
 Input #0, amr, from
 '/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/5_id:012265/poc_file':
   Duration: 00:00:00.03, bitrate: 14 kb/s
   Stream #0:0: Audio: amr_nb (samr / 0x726D6173), 8000 Hz, mono, fltp, 12
 kb/s
 }}}

 **Stack Trace**
 {{{
 ==21207==ERROR: AddressSanitizer: heap-buffer-overflow on address
 0x602000000470 at pc 0x555555ab684c bp 0x7fffffffb8f0 sp 0x7fffffffb8e0
 READ of size 4 at 0x602000000470 thread T0
     #0 0x555555ab684b in new_output_stream fftools/ffmpeg_mux_init.c:610
     #1 0x555555ac20a6 in new_audio_stream fftools/ffmpeg_mux_init.c:952
     #2 0x555555ac72ae in map_auto_audio fftools/ffmpeg_mux_init.c:1230
     #3 0x555555ac9214 in create_streams fftools/ffmpeg_mux_init.c:1432
     #4 0x555555ad2482 in of_open fftools/ffmpeg_mux_init.c:2274
     #5 0x555555adb403 in open_files fftools/ffmpeg_opt.c:1244
     #6 0x555555adb820 in ffmpeg_parse_options fftools/ffmpeg_opt.c:1297
     #7 0x555555b195ba in main fftools/ffmpeg.c:4165
     #8 0x7ffff5601c86 in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x21c86)
     #9 0x555555a84499 in _start
 (/home/youngseok/subjects/latest_asan_install/ffmpeg/bin/ffmpeg+0x530499)
 }}}

 **Environment**

 OS: Ubuntu 18.04
 GCC: 7.5.0
 FFmpeg: version N-110167-g97c95961f0, configured with following flags:
 {{{
 --extra-cflags='-fsanitize=address -g -O0' --extra-
 cxxflags='-fsanitize=address -g -O0' --extra-ldflags='-fsanitize=address
 -g -O0' --disable-optimizations --disable-stripping
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10310>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list