We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
we perfom a fuzz on mpv and find this bug. here lacks a fail alloc check
mpv/audio/decode/ad_lavc.c
Line 106 in f1c9daa
avframe
Line 203 in f1c9daa
by the way, I think avctx and avpkt need to be checked too.
avctx
avpkt
mpv 1c9daa-dirty Copyright © 2000-2023 mpv/MPlayer/mplayer2 projects built on Thu Jun 15 08:49:22 2023 FFmpeg version: 4.4.2-0ubuntu0.22.04.1 FFmpeg library versions: libavutil 56.70.100 libavcodec 58.134.100 libavformat 58.76.100 libswscale 5.9.100 libavfilter 7.110.100 libswresample 3.9.100
AddressSanitizer:DEADLYSIGNAL ================================================================= ==3186==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000120 (pc 0x7f55f5dce830 bp 0x619000005f80 sp 0x7ffed7e502f0 T0) ==3186==The signal is caused by a READ memory access. ==3186==Hint: address points to the zero page. #0 0x7f55f5dce830 (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27c830) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48) #1 0x7f55f5dcf99a in avcodec_receive_frame (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27d99a) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48) #2 0x555cac024e89 in receive_frame /root/mpv/build/../audio/decode/ad_lavc.c:203:15 #3 0x555cac147832 in lavc_process /root/mpv/build/../filters/f_decoder_wrapper.c:1271:20 #4 0x555cac176249 in mp_filter_graph_run /root/mpv/build/../filters/filter.c:262:13 #5 0x555cac2ac635 in run_playloop /root/mpv/build/../player/playloop.c:1245:9 #6 0x555cac28ea29 in play_current_file /root/mpv/build/../player/loadfile.c:1688:9 #7 0x555cac28ea29 in mp_play_files /root/mpv/build/../player/loadfile.c:1874:13 #8 0x555cac297d54 in mpv_main /root/mpv/build/../player/main.c:438:9 #9 0x7f55f4d81d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #10 0x7f55f4d81e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #11 0x555cabf50914 in _start (/root/mpv/build/mpv+0x150914) (BuildId: 8783f8dbcdeb230f5b3395c900aeb5a2c07e1ed9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libavcodec.so.58+0x27c830) (BuildId: 275d20beefaac834b14cd4f8c8754d59beec5c48) ==3186==ABORTING
The text was updated successfully, but these errors were encountered:
ad_lavc: check for allocation failure
9432a75
Fixes: mpv-player#11792
dfb1963
3214795
Fixes: #11792
e848cb4
Successfully merging a pull request may close this issue.
TL;DR
we perfom a fuzz on mpv and find this bug.
here lacks a fail alloc check
mpv/audio/decode/ad_lavc.c
Line 106 in f1c9daa
and it will crash at below if
avframe
is nullmpv/audio/decode/ad_lavc.c
Line 203 in f1c9daa
by the way, I think
avctx
andavpkt
need to be checked too.Important Information
Log file
The text was updated successfully, but these errors were encountered: