SEGV in libde265 in slice_segment_header::dump_slice_segment_header #426
Comments
|
Thank you. Fixed by above commit. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SEGV in libde265
Description
Libde265 v1.0.12 was discovered to contain a SEGV via the function slice_segment_header::dump_slice_segment_header at slice.cc.
Version
ASAN Log
./dec265/dec265 -c -d -f 153 poc1libde265
AddressSanitizer:DEADLYSIGNAL ================================================================= ==38==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000551716 bp 0x7ffff7ad66a0 sp 0x7fffffff3de0 T0) ==38==The signal is caused by a READ memory access. ==38==Hint: address points to the zero page. #0 0x551716 in slice_segment_header::dump_slice_segment_header(decoder_context const*, int) const /afltest/libde265/libde265/slice.cc:1281:3 #1 0x4db1b1 in decoder_context::read_slice_NAL(bitreader&, NAL_unit*, nal_header&) /afltest/libde265/libde265/decctx.cc:646:11 #2 0x4e5626 in decoder_context::decode_NAL(NAL_unit*) /afltest/libde265/libde265/decctx.cc:1241:11 #3 0x4e6247 in decoder_context::decode(int*) /afltest/libde265/libde265/decctx.cc:1329:16 #4 0x4cd5c4 in main /afltest/libde265/dec265/dec265.cc:784:17 #5 0x7ffff790d082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16 #6 0x41e66d in _start (/afltest/libde265/dec265/dec265+0x41e66d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /afltest/libde265/libde265/slice.cc:1281:3 in slice_segment_header::dump_slice_segment_header(decoder_context const*, int) const ==38==ABORTINGReproduction
PoC
poc1libde265: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc1libde265
Reference
https://github.com/strukturag/libde265
Environment
Credit
Zeng Yunxiang
Song Jiaxuan
The text was updated successfully, but these errors were encountered: