Closed
Bug 1225306
Opened 9 years ago
Closed 9 years ago
FFMPEG: use-of-uninitialized-value in [@avcodec_string]
Categories
(Core :: Audio/Video: Playback, defect, P1)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
Details
(Keywords: csectype-uninitialized, sec-audit, testcase)
Attachments
(4 files)
Found fuzzing ffmpeg commit: 3692d859f45fa8765fa5a330e79108b03c17c6bd
Reproduced with the following command with MSan build:
./ffmpeg -nostats -v 0 -i test_case.vpx -f null -
|
Reporter | |
Comment 1•9 years ago
|
||
|
|
Reporter | |
Comment 2•9 years ago
|
||
Another one in utils.c
|
|
Reporter | |
Updated•9 years ago
|
Blocks: fuzzing-ffmpeg
|
||
Comment 3•9 years ago
|
||
not reproduceable with --disable-yasm (and reproduceable with yasm)
|
|
Reporter | |
Comment 4•9 years ago
|
||
(In reply to Michael Niedermayer [:mn] from comment #3)
> not reproduceable with --disable-yasm (and reproduceable with yasm)
Thanks Micheal. I have switched at a --disable-yasm build to avoid false positives.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 5•9 years ago
|
||
Actually I am still seeing this. Seems to be related to compiler optimizations. With optimizations disabled I have no issues but with -O3 this comes back. I am building with both --disable-asm and --disable-yasm.
I am building with clang3.7.
What are your thoughts Micheal?
Status: RESOLVED → REOPENED
Flags: needinfo?(michael)
Resolution: INVALID → ---
|
|
Reporter | |
Comment 6•9 years ago
|
||
Updated call stack with more info.
|
|
||
Comment 7•9 years ago
|
||
I cannot reproduce an issue with -O3 and clang version 3.8.0 (trunk 247874) which is what i used previously too but with -O1
Flags: needinfo?(michael)
|
||
Updated•9 years ago
|
Priority: -- → P1
|
||
Comment 8•9 years ago
|
||
Ralph: Note that there's nothing we can do on this bug, the issue is upstream. Setting a priority will do little I think
|
|
Reporter | |
Comment 9•9 years ago
|
||
To avoid driving Michael crazy false positive I am blacklisting a bunch of this stuff for now.
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → INVALID
|
||
Updated•9 years ago
|
Group: media-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•