[FFmpeg-trac] #10243(ffmpeg:new): heap overflow in ffmpeg (ffmpeg_mux_init.c:2066)

FFmpeg trac at avcodec.org
Thu Mar 9 06:27:16 EET 2023 

#10243: heap overflow in ffmpeg (ffmpeg_mux_init.c:2066)
-------------------------------------+-------------------------------------
             Reporter:  Youngseok    |                     Type:  defect
  Choi                               |
               Status:  new          |                 Priority:  normal
            Component:  ffmpeg       |                  Version:  git-
                                     |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Hi, we are developing new fuzzing technique, and it found a heap overflow
 bug in ffmpeg.

 How to reproduce:
 {{{
 % ./ffmpeg -i <input_file> -f mp4 -force_key_frames "" @
 }}}

 <input_file> is available at https://github.com/3-24/oss-fuzz-
 reports/raw/master/ffmpeg/poc_3/poc_file.

 Stack Trace:
 {{{
 ==25723==ERROR: AddressSanitizer: heap-buffer-overflow on address
 0x602000000491 at pc 0x7f5128adff54 bp 0x7ffecadeb900 sp 0x7ffecadeb0a8
 READ of size 8 at 0x602000000491 thread T0
     #0 0x7f5128adff53  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53)
     #1 0x56090781a109 in parse_forced_key_frames
 fftools/ffmpeg_mux_init.c:2066
     #2 0x56090781b026 in process_forced_keyframes
 fftools/ffmpeg_mux_init.c:2130
     #3 0x56090781d4e1 in of_open fftools/ffmpeg_mux_init.c:2378
     #4 0x5609078252f4 in open_files fftools/ffmpeg_opt.c:1244
     #5 0x560907825711 in ffmpeg_parse_options fftools/ffmpeg_opt.c:1297
     #6 0x5609078630df in main fftools/ffmpeg.c:4160
     #7 0x7f5127219c86 in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x21c86)
     #8 0x5609077ce499 in _start (/home/youngseok/latest-
 subjects/ffmpeg/ffmpeg+0x52f499)
 }}}



 Environment:
 - OS: Ubuntu 18.04
 - gcc: 7.5.0
 - ffmpeg: version N-109968-gcc76e8340d (git-master)

 Note that I built ffmpeg with address sanitizer.
 {{{
 ./configure --extra-cflags="-fsanitize=address -g -O0" \
 --extra-cxxflags="-fsanitize=address -g -O0" --extra-
 ldflags="-fsanitize=address -g -O0" \
 --disable-optimizations --disable-stripping
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10243>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list