[gstreamer-bugs] [Bug 399342] [mpeg2dec] crash in libmpeg2 with specially crafted .m2v file
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Thu Mar 8 05:17:22 PST 2007
Do not reply to this via email (we are currently unable to handle email
responses and they get discarded). You can add comments to this bug at
http://bugzilla.gnome.org/show_bug.cgi?id=399342
GStreamer | gst-plugins-ugly | Ver: 0.10.5
Tim-Philipp Müller changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Summary|Crash in the libmpeg2 plugin|[mpeg2dec] crash in libmpeg2
|when trying to play a |with specially crafted .m2v
|specially crafted MPEG 2 |file
|Video file |
------- Comment #1 from Tim-Philipp Müller 2007-03-08 13:15 UTC -------
Stack trace against libmpeg2 CVS from today:
Program received signal SIGSEGV, Segmentation fault.
mpeg2_init_fbuf (decoder=0x813a840, current_fbuf=0x0, forward_fbuf=0x813ec40,
backward_fbuf=0x813ec30) at slice.c:1600
1600 decoder->picture_dest[0] = current_fbuf[0] + offset;
(gdb) print current_fbuf[0]
Cannot access memory at address 0x0
(gdb) bt
#0 mpeg2_init_fbuf (decoder=0x813a840, current_fbuf=0x0,
forward_fbuf=0x813ec40, backward_fbuf=0x813ec30) at slice.c:1600
#1 0xb75789fb in mpeg2_header_slice_start (mpeg2dec=0x813a840) at header.c:923
#2 0xb756205e in mpeg2_parse (mpeg2dec=0x813a840) at decode.c:159
#3 0xb755f721 in gst_mpeg2dec_chain (pad=0x8120400, buf=0x8144ed0) at
gstmpeg2dec.c:985
Anyone know if this is our fault or libmpeg2dec's?
(Also - regarding the security keyword - is a NULL dereference actually
exploitable?)
--
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
More information about the Gstreamer-bugs
mailing list