You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A SEGV has occurred when running program dec265
NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
git clone https://github.com/strukturag/libde265.git
cd libde265
./autogen.sh
export CFLAGS="-g -O0 -lpthread -fsanitize=address"
export CXXFLAGS="-g -O0 -lpthread -fsanitize=address"
export LDFLAGS="-fsanitize=address"
./configure --disable-shared
make -j
cd dec265
./dec265 SEGV-POC
WARNING: non-existing PPS referenced
WARNING: maximum number of reference pictures exceeded
WARNING: maximum number of reference pictures exceeded
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
WARNING: non-existing PPS referenced
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3838968==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e2220 bp 0x7ffc6cbf5fd0 sp 0x7ffc6cbf5ac0 T0)
==3838968==The signal is caused by a READ memory access.
==3838968==Hint: address points to the zero page.
#0 0x4e2220 in decoder_context::process_slice_segment_header(slice_segment_header*, de265_error*, long, nal_header*, void*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:2007:20
#1 0x4e1012 in decoder_context::read_slice_NAL(bitreader&, NAL_unit*, nal_header&) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:649:7
#2 0x4eb7f1 in decoder_context::decode_NAL(NAL_unit*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:1240:11
#3 0x4ec6a1 in decoder_context::decode(int*) /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:1328:16
#4 0x4d3645 in de265_decode /home/lzy/fuzz/oss/libde265/libde265/de265.cc:367:15
#5 0x4d0363 in main /home/lzy/fuzz/oss/libde265/dec265/dec265.cc:764:17
#6 0x7efcae0bc082 in __libc_start_main /build/glibc-KZwQYS/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41e5bd in _start (/home/lzy/fuzz/oss/libde265/dec265/dec265+0x41e5bd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lzy/fuzz/oss/libde265/libde265/decctx.cc:2007:20 in decoder_context::process_slice_segment_header(slice_segment_header*, de265_error*, long, nal_header*, void*)
==3838968==ABORTING
Due to incorrect access control, a SEGV caused by a READ memory access occurred at line 2007 of the code. This issue can cause a Denial of Service attack.
The text was updated successfully, but these errors were encountered:
blu3sh0rk
changed the title
SEGV:NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
SEGV:occur in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Feb 20, 2023
blu3sh0rk
changed the title
SEGV:occur in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
SEGV:occured in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Feb 20, 2023
Desctiption
A SEGV has occurred when running program dec265
NULL Pointer Dereference in function decoder_context::process_slice_segment_header at decctx.cc:2007:20
Version
Steps to reproduce
POC
https://github.com/blu3sh0rk/Fuzzing-crash/blob/main/SEGV.zip
GDB INFO
Impact
Due to incorrect access control, a SEGV caused by a READ memory access occurred at line 2007 of the code. This issue can cause a Denial of Service attack.
The text was updated successfully, but these errors were encountered: