Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audio:decode: lack check of av_frame_alloc #11792

Closed
void0red opened this issue Jun 15, 2023 · 0 comments · Fixed by #11822
Closed

audio:decode: lack check of av_frame_alloc #11792

void0red opened this issue Jun 15, 2023 · 0 comments · Fixed by #11822
Labels
os:linux

Comments

@void0red
Copy link

TL;DR

we perfom a fuzz on mpv and find this bug.
here lacks a fail alloc check

mpv/audio/decode/ad_lavc.c

Line 106 in f1c9daa

ctx->avframe = av_frame_alloc();

and it will crash at below if avframe is null

mpv/audio/decode/ad_lavc.c

Line 203 in f1c9daa

int ret = avcodec_receive_frame(avctx, priv->avframe);

by the way, I think avctx and avpkt need to be checked too.

Important Information

mpv 1c9daa-dirty Copyright © 2000-2023 mpv/MPlayer/mplayer2 projects
 built on Thu Jun 15 08:49:22 2023
FFmpeg version: 4.4.2-0ubuntu0.22.04.1
FFmpeg library versions:
   libavutil       56.70.100
   libavcodec      58.134.100
   libavformat     58.76.100
   libswscale      5.9.100
   libavfilter     7.110.100
   libswresample   3.9.100

Log file


AddressSanitizer:DEADLYSIGNAL
=================================================================
==3186==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000120 (pc 0x7f55f5dce830 bp 0x619000005f80 sp 0x7ffed7e502f0 T0)
==3186==The signal is caused by a READ memory access.
==3186==Hint: address points to the zero page.
    #0 0x7f55f5dce830  (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27c830) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48)
    #1 0x7f55f5dcf99a in avcodec_receive_frame (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27d99a) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48)
    #2 0x555cac024e89 in receive_frame /root/mpv/build/../audio/decode/ad_lavc.c:203:15
    #3 0x555cac147832 in lavc_process /root/mpv/build/../filters/f_decoder_wrapper.c:1271:20
    #4 0x555cac176249 in mp_filter_graph_run /root/mpv/build/../filters/filter.c:262:13
    #5 0x555cac2ac635 in run_playloop /root/mpv/build/../player/playloop.c:1245:9
    #6 0x555cac28ea29 in play_current_file /root/mpv/build/../player/loadfile.c:1688:9
    #7 0x555cac28ea29 in mp_play_files /root/mpv/build/../player/loadfile.c:1874:13
    #8 0x555cac297d54 in mpv_main /root/mpv/build/../player/main.c:438:9
    #9 0x7f55f4d81d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #10 0x7f55f4d81e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
    #11 0x555cabf50914 in _start (/root/mpv/build/mpv+0x150914) (BuildId: 8783f8dbcdeb230f5b3395c900aeb5a2c07e1ed9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27c830) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48)
==3186==ABORTING
N-R-K added a commit to N-R-K/mpv that referenced this issue Jun 21, 2023
@N-R-K
ad_lavc: check for allocation failure
9432a75 
Fixes: mpv-player#11792
@N-R-K N-R-K mentioned this issue Jun 21, 2023
Merged
N-R-K added a commit to N-R-K/mpv that referenced this issue Jun 22, 2023
@N-R-K
ad_lavc: check for allocation failure
dfb1963 
Fixes: mpv-player#11792
sfan5 pushed a commit that referenced this issue Jun 22, 2023
@N-R-K @sfan5
ad_lavc: check for allocation failure
3214795 
Fixes: #11792
dyphire pushed a commit to dyphire/mpv that referenced this issue Jul 8, 2023
@N-R-K @dyphire
ad_lavc: check for allocation failure
e848cb4 
Fixes: mpv-player#11792
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os:linux
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ad_lavc: check for allocation failure N-R-K/mpv
1 participant
@void0red