[Bug string/21347] crash in memcpy.S during attempted libvpx decoding
fweimer at redhat dot com
sourceware-bugzilla@sourceware.org
Sun Apr 2 19:32:00 GMT 2017
https://sourceware.org/bugzilla/show_bug.cgi?id=21347
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |fweimer at redhat dot com
Resolution|--- |INVALID
Flags| |security-
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Looks like fwrite is called with an invalid buffer:
(gdb) frame
#4 0x00000000004049b4 in write_image_file (img=img@entry=0x7c5218,
planes=planes@entry=0x7fffffffcb40, file=file@entry=0x7c4ec0) at
vpxdec.c:286
286 fwrite(buf, bytes_per_sample, w, file);
(gdb) ptype buf
type = const unsigned char *
(gdb) print bytes_per_sample
$8 = 1
(gdb) print w
$9 = 12336
(gdb) print buf[0]
$10 = 0 '\000'
(gdb) print buf[w - 1]
Cannot access memory at address 0x80802f
You need to report this to the libvpx developers.
It's also odd that a supposedly-ASAN-enabled build does not have an ASAN
interceptor for fwrite. The libvpx build system is non-standard, so I haven't
investigated this further.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Glibc-bugs
mailing list