Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV in huffman_decode_step() at huffman.c:371 #11

Closed
Marsman1996 opened this issue Aug 18, 2019 · 2 comments
Closed

SEGV in huffman_decode_step() at huffman.c:371 #11

Marsman1996 opened this issue Aug 18, 2019 · 2 comments

Comments

@Marsman1996
Copy link
Contributor

Marsman1996 commented Aug 18, 2019

Test Environment

Ubuntu 14.04, 64bit, ffjpeg(master 627c8a9)

How to trigger

  1. compile ffjpeg with cmake file from CMake Support && FPE on unknown address #6
  2. $ ./ffjpeg -d $POC

POC file

https://github.com/Marsman1996/pocs/blob/master/ffjpeg/poc21-huffman_decode_step-SEGV

Details

Asan report

ASAN:SIGSEGV
=================================================================
==19241== ERROR: AddressSanitizer: SEGV on unknown address 0x000000001590 (pc 0x000000410e8b sp 0x7fff54e12780 bp 0x7fff54e127a0 T0)
AddressSanitizer can not provide additional info.
    #0 0x410e8a in huffman_decode_step /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
    #1 0x405f04 in jfif_decode /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:493
    #2 0x401a70 in main /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25
    #3 0x7f8d44273f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #4 0x401858 in _start (/home/aota10/MARS_fuzzcompare/test/ffjpeg/bin_asan/bin/ffjpeg+0x401858)
SUMMARY: AddressSanitizer: SEGV /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371 huffman_decode_step
==19241== ABORTING

GDB report

Program received signal SIGSEGV, Segmentation fault.
0x000000000040775f in huffman_decode_step (phc=0x0)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
371         if (!phc->input) return EOF;
(gdb) bt
#0  0x000000000040775f in huffman_decode_step (phc=0x0)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
#1  0x0000000000403357 in jfif_decode (ctxt=0x60a010, pb=0x7fffffffe190)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:493
#2  0x0000000000401672 in main (argc=3, argv=0x7fffffffe298)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25
@rockcarry
Copy link
Owner

i make a new commit

commit b3039ae

which fix issue #10 #11 and #12

can you test again ?

@Marsman1996
Copy link
Contributor Author

I tested it with commit b3039ae
and I think it has been fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants