oss-sec mailing list archives
ffmpeg afl bugs
From: cookieopfer () gmx net
Date: Sun, 25 Sep 2016 22:06:58 +0200
Hi, couldn't build ffmpeg, because of "register size specification" error. tried to catch this overflow from afl fuzzer: $ ./ffmpeg -i /tmp/ffmpeg-h264-call-stack-overflow.mp4 19.mp3 ffmpeg version N-81723-g6d9a46e Copyright (c) 2000-2016 the FFmpeg developers built with gcc 4.4.5 (Debian 4.4.5-8) configuration: --disable-yasm libavutil 55. 30.100 / 55. 30.100 libavcodec 57. 57.101 / 57. 57.101 libavformat 57. 50.100 / 57. 50.100 libavdevice 57. 0.102 / 57. 0.102 libavfilter 6. 62.100 / 6. 62.100 libswscale 4. 1.100 / 4. 1.100 libswresample 2. 1.100 / 2. 1.100 bla bla bla bla bla bla bla bla bla bla bla bla bla bla bla [mov,mp4,m4a,3gp,3g2,mj2 @ 0xa256360] overread end of atom 'stsd' by 4294967134 bytes bla bla bla bla bla bla Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/tmp/ffmpeg-h264-call-stack-overflow.mp4': Metadata: major_brand : mp42 minor_version : 19529854 compatible_brands: mp42isom creation_time : 2014-11-14T07:34:24.000000Z Duration: 00:02:55.78, bitrate: 0 kb/s Stream #0:0(eng): Data: none ([0][16][0]1 / 0x31001000), 3 kb/s (default) Metadata: creation_time : 2014-11-14T07:34:24.000000Z handler_name : dia Handler Output #0, mp3, to '19.mp3': Output file #0 does not contain any stream ./libavformat/mov.c $ grep -n bla ./libavformat/mov.c 4789: printf("bla\n"); Have fun with ffmpeg-h264-call-stack-overflow.mp4
Current thread:
- ffmpeg afl bugs cookieopfer (Sep 25)
- Re: ffmpeg afl bugs Solar Designer (Sep 25)
- Re: ffmpeg afl bugs Michal Zalewski (Sep 25)
- Re: Re: ffmpeg afl bugs cookieopfer (Sep 25)
- Re: Re: ffmpeg afl bugs cookieopfer (Sep 26)
- Re: ffmpeg afl bugs Michal Zalewski (Sep 25)
- Re: ffmpeg afl bugs cve-assign (Sep 25)
- Re: Re: ffmpeg afl bugs Hanno Böck (Sep 26)
- Re: ffmpeg afl bugs Solar Designer (Sep 25)