[Bug 774859] New: flic decoder: Invalid memory read in flx_decode_chunks

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Tue Nov 22 18:52:42 UTC 2016 

https://bugzilla.gnome.org/show_bug.cgi?id=774859

            Bug ID: 774859
           Summary: flic decoder: Invalid memory read in flx_decode_chunks
    Classification: Platform
           Product: GStreamer
           Version: git master
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: hanno at hboeck.de
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Created attachment 340550
  --> https://bugzilla.gnome.org/attachment.cgi?id=340550&action=edit
poc file

The attached file will cause a read access to invalid memory and a crash in the
flic decoder of gst-plugins-good. Tested with the latest git code, found with
the tool american fuzzy lop.

With a build with address sanitizer I get this error message:
==14717==ERROR: AddressSanitizer: SEGV on unknown address 0x61d0303670be (pc
0x7f10f1f76910 bp 0x7f10f3dec770 sp 0x7f10f3dec520 T1)
==14717==The signal is caused by a READ memory access.
    #0 0x7f10f1f7690f in flx_decode_chunks
/f/gstreamer/gst-plugins-good/gst/flx/gstflxdec.c:255:9
    #1 0x7f10f1f7690f in gst_flxdec_chain
/f/gstreamer/gst-plugins-good/gst/flx/gstflxdec.c:636
    #2 0x7f11009a90b7 in gst_pad_chain_data_unchecked
/f/gstreamer/gstreamer/gst/gstpad.c:4206:11
    #3 0x7f11009ac887 in gst_pad_push_data
/f/gstreamer/gstreamer/gst/gstpad.c:4458:9
    #4 0x7f11009abeff in gst_pad_push
/f/gstreamer/gstreamer/gst/gstpad.c:4577:9
    #5 0x7f10f5633af9 in gst_type_find_element_loop
/f/gstreamer/gstreamer/plugins/elements/gsttypefindelement.c:1180:11
    #6 0x7f1100a735c3 in gst_task_func
/f/gstreamer/gstreamer/gst/gsttask.c:334:5
    #7 0x7f10ffd80867  (/usr/lib64/libglib-2.0.so.0+0x70867)
    #8 0x7f10ffd7fed4  (/usr/lib64/libglib-2.0.so.0+0x6fed4)
    #9 0x7f10ff6ef443 in start_thread (/lib64/libpthread.so.0+0x7443)
    #10 0x7f10ff21e92c in clone (/lib64/libc.so.6+0xe792c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/f/gstreamer/gst-plugins-good/gst/flx/gstflxdec.c:255:9 in flx_decode_chunks
Thread T1 (typefind:sink) created by T0 here:
    #0 0x42e81d in __interceptor_pthread_create
(/usr/bin/gst-launch-1.0+0x42e81d)
    #1 0x7f10ffd9dadf  (/usr/lib64/libglib-2.0.so.0+0x8dadf)

==14717==ABORTING

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list