Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Sep 2016 22:06:58 +0200
From: cookieopfer@....net
To: oss-security@...ts.openwall.com
Subject: ffmpeg afl bugs

Hi,

couldn't build ffmpeg, because of
"register size specification" error.

tried to catch this overflow from afl
fuzzer:


$ ./ffmpeg -i /tmp/ffmpeg-h264-call-stack-overflow.mp4 19.mp3
ffmpeg version N-81723-g6d9a46e Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.4.5 (Debian 4.4.5-8)
  configuration: --disable-yasm
  libavutil      55. 30.100 / 55. 30.100
  libavcodec     57. 57.101 / 57. 57.101
  libavformat    57. 50.100 / 57. 50.100
  libavdevice    57.  0.102 / 57.  0.102
  libavfilter     6. 62.100 /  6. 62.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  1.100 /  2.  1.100
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
bla
[mov,mp4,m4a,3gp,3g2,mj2 @ 0xa256360] overread end of atom 'stsd' by 4294967134 bytes
bla
bla
bla
bla
bla
bla
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/tmp/ffmpeg-h264-call-stack-overflow.mp4':
  Metadata:
    major_brand     : mp42
    minor_version   : 19529854
    compatible_brands: mp42isom
    creation_time   : 2014-11-14T07:34:24.000000Z
  Duration: 00:02:55.78, bitrate: 0 kb/s
    Stream #0:0(eng): Data: none ([0][16][0]1 / 0x31001000), 3 kb/s (default)
    Metadata:
      creation_time   : 2014-11-14T07:34:24.000000Z
      handler_name    : dia Handler
Output #0, mp3, to '19.mp3':
Output file #0 does not contain any stream









./libavformat/mov.c
$ grep -n bla ./libavformat/mov.c
4789:              printf("bla\n");


Have fun with ffmpeg-h264-call-stack-overflow.mp4

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ