A SEGV has occurred when running program dec265
NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
git clone https://github.com/strukturag/libde265.git
cd libde265
./autogen.sh
export CFLAGS="-g -O0 -lpthread -fsanitize=address"
export CXXFLAGS="-g -O0 -lpthread -fsanitize=address"
export LDFLAGS="-fsanitize=address"
./configure --disable-shared
make -j
cd dec265
./dec265 SEGV-POC
WARNING: non-existing PPS referenced
WARNING: maximum number of reference pictures exceeded
WARNING: maximum number of reference pictures exceeded
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3838968==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e2220 bp 0x7ffc6cbf5fd0 sp 0x7ffc6cbf5ac0 T0)
==3838968==The signal is caused by a READ memory access.
==3838968==Hint: address points to the zero page.
#0 0x4e2220 in decoder_context::process_slice_segment_header(slice_segment_header*, de265_error*, long, nal_header*, void*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:2007:20
#1 0x4e1012 in decoder_context::read_slice_NAL(bitreader&, NAL_unit*, nal_header&) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:649:7
#2 0x4eb7f1 in decoder_context::decode_NAL(NAL_unit*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:1240:11
#3 0x4ec6a1 in decoder_context::decode(int*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:1328:16
#4 0x4d3645 in de265_decode /home/lzy/fuzz/oss/libde265/libde265/de265.cc:367:15
#5 0x4d0363 in main /home/lzy/fuzz/oss/libde265/dec265/dec265.cc:764:17
#6 0x7efcae0bc082 in __libc_start_main /build/glibc-KZwQYS/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41e5bd in _start (/home/lzy/fuzz/oss/libde265/dec265/dec265+0x41e5bd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:2007:20 in decoder_context::process_slice_segment_header(slice_segment_header*, de265_error*, long, nal_header*, void*)
==3838968==ABORTING
Due to incorrect access control, a SEGV caused by a READ memory access occurred at line 2007 of the code. This issue can cause a Denial of Service attack.
The text was updated successfully, but these errors were encountered:
blu3sh0rk
changed the title
SEGV:NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
SEGV:occur in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Feb 20, 2023
blu3sh0rk
changed the title
SEGV:occur in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
SEGV:occured in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Feb 20, 2023
Desctiption
A SEGV has occurred when running program dec265
NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Version
Steps to reproduce
POC
https://github.com/blu3sh0rk/Fuzzing-crash/blob/main/SEGV.zip
GDB INFO
Impact
Due to incorrect access control, a SEGV caused by a READ memory access occurred at line 2007 of the code. This issue can cause a Denial of Service attack.
The text was updated successfully, but these errors were encountered: