Closed
Bug 1224277
Opened 9 years ago
Closed 9 years ago
FFMPEG: heap-buffer-overflow in [@av_image_copy_plane]
Categories
(Core :: Audio/Video: Playback, defect)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox45 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
Details
(Keywords: csectype-bounds, testcase)
Attachments
(2 files)
Found fuzzing ffmpeg commit: 3692d859f45fa8765fa5a330e79108b03c17c6bd
Reporter | ||
Comment 1•9 years ago
|
||
Comment 2•9 years ago
|
||
Could we ensure and liaise with ffmpeg's folks to get them notified of those security issue. They are extremely responsive in fixing bugs. But they need to know about it.
I can contact one of their key member, it would then be a matter of ccing him on all bugs related to ffmpeg
Reporter | ||
Comment 3•9 years ago
|
||
That would be great. I have more bugs to log and if they are happy using BZ that makes tracking simple for us.
Comment 4•9 years ago
|
||
I cant reproduce this one with the testcase and command line ffmpeg but i belive this is a duplicate of ac6ab77741f5e57c8c1d3980bfaf3690eb1cd8c0 (https://github.com/FFmpeg/FFmpeg/commit/ac6ab77741f5e57c8c1d3980bfaf3690eb1cd8c0)
Comment 5•9 years ago
|
||
The tests are done using a ASAN build ; that will crash if any memory conditions are found such as buffer overflow or use after free etc...
Comment 6•9 years ago
|
||
the problem i have with reproducing isnt that it doesnt crash but more that command line ffmpeg considers this file invalid before it even reaches the code.
./ffmpeg -i test_case.vp9 -f null -
test_case.vp9: Invalid data found when processing input
I can force various containers and the rscc codec but no combination i tried seems to reproduce the crash (that was with a asan ffmpeg build from a few hours before the bugfix)
but the commit (ac6ab77741f5e57c8c1d3980bfaf3690eb1cd8c0) should have fixed this i think
Reporter | ||
Comment 7•9 years ago
|
||
Hi Michael,
Thanks for looking at this. I did a pull this morning (now at a62178be80dd6a643973f62002fc0ed42495c358) and the bug appears to be fixed.
For completeness the command line I used to run the test case was:
$ ./ffmpeg -f ivf -i test_case.vp9 -f null -
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•9 years ago
|
Blocks: fuzzing-ffmpeg
Updated•9 years ago
|
Group: media-core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•