Skip to content

Heap Out-of-bounds WRITE in read()

There is a Heap Out-of-bounds WRITE bug/vulnerability in VLC 2.1.5 when parsing a MJPG file (attached).

Basically, it is a type conversion vulnerability: an unsigned i_buflen in a reading function that reads from a zcat pipe passed from a function that can pass (user-controlled?) negative values, that of course become huge positive values.

I have a file that reproduces the behavior and triggers the overflow, writing ~45K of heap memory.

n = read (fd, p_buf, i_buflen);

fd - descriptor of a zcat pipe, input read from the file, so in theory user controllable?
p_buf - buffer
i_buflen - in my file, it becomes 4294963556, overflowing p_buf

The parameter i_buflen is computed two functions down in the call stack (decomp.c:210) as buflen - length. Since length might be user controllable, I can make it negative.

I guess this works on Windows too, cause the read is just a recv with the same parameters passed.

What makes it difficult to exploit is that it looks like we don't have enough control of length, and we will end up crashing something by writing so much memory, but this looks worth a look and a fix.

ASAN output:

==17720== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60920014429c at pc 0x7ffff4e56fdd bp 0x7fffe5160930 sp 0x7fffe5160918
WRITE of size 47282 at 0x60920014429c thread T3
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7ffff4e56fdc (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0xbfdc)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7ffff3e9372e (/usr/local/lib/libvlccore.so.7.0.0+0x15072e)
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7fffee14aee9 (/usr/local/lib/vlc/plugins/stream_filter/libdecomp_plugin.so+0x2ee9)
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7fffee14ae28 (/usr/local/lib/vlc/plugins/stream_filter/libdecomp_plugin.so+0x2e28)
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7ffff3e3f153 (/usr/local/lib/libvlccore.so.7.0.0+0xfc153)
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7fffecf16bab (/usr/local/lib/vlc/plugins/stream_filter/librecord_plugin.so+0x1bab)
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7ffff3e3f153 (/usr/local/lib/libvlccore.so.7.0.0+0xfc153)
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7fffdbd30572 (/usr/local/lib/vlc/plugins/demux/libavformat_plugin.so+0xe572)
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7fffdba2cac1 (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0x2cac1)
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x7fffdbac8f4a (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0xc8f4a)
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7fffdbabd3f2 (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0xbd3f2)
    [#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x7fffdbac9726 (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0xc9726)
    [#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x7fffdbacb5b9 (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0xcb5b9)
    [#13](https://code.videolan.org/videolan/vlc/-/issues/13) 0x7fffdbacd722 (/usr/lib/x86_64-linux-gnu/libavformat.so.54.20.4+0xcd722)
    [#14](https://code.videolan.org/videolan/vlc/-/issues/14) 0x7fffdbd28c20 (/usr/local/lib/vlc/plugins/demux/libavformat_plugin.so+0x6c20)
    [#15](https://code.videolan.org/videolan/vlc/-/issues/15) 0x7ffff3eba94f (/usr/local/lib/libvlccore.so.7.0.0+0x17794f)
    [#16](https://code.videolan.org/videolan/vlc/-/issues/16) 0x7ffff3eb9d2d (/usr/local/lib/libvlccore.so.7.0.0+0x176d2d)
    [#17](https://code.videolan.org/videolan/vlc/-/issues/17) 0x7ffff3eba3f0 (/usr/local/lib/libvlccore.so.7.0.0+0x1773f0)
    [#18](https://code.videolan.org/videolan/vlc/-/issues/18) 0x7ffff3ebaaaa (/usr/local/lib/libvlccore.so.7.0.0+0x177aaa)
    [#19](https://code.videolan.org/videolan/vlc/-/issues/19) 0x7ffff3dedaae (/usr/local/lib/libvlccore.so.7.0.0+0xaaaae)
    [#20](https://code.videolan.org/videolan/vlc/-/issues/20) 0x7ffff3e276bc (/usr/local/lib/libvlccore.so.7.0.0+0xe46bc)
    [#21](https://code.videolan.org/videolan/vlc/-/issues/21) 0x7ffff3e1cf2c (/usr/local/lib/libvlccore.so.7.0.0+0xd9f2c)
    [#22](https://code.videolan.org/videolan/vlc/-/issues/22) 0x7ffff3e152b6 (/usr/local/lib/libvlccore.so.7.0.0+0xd22b6)
    [#23](https://code.videolan.org/videolan/vlc/-/issues/23) 0x7ffff3dbadc7 (/usr/local/lib/libvlccore.so.7.0.0+0x77dc7)
    [#24](https://code.videolan.org/videolan/vlc/-/issues/24) 0x7ffff3dbb46d (/usr/local/lib/libvlccore.so.7.0.0+0x7846d)
    [#25](https://code.videolan.org/videolan/vlc/-/issues/25) 0x7ffff4e63b97 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x18b97)
    [#26](https://code.videolan.org/videolan/vlc/-/issues/26) 0x7ffff49f9181 (/lib/x86_64-linux-gnu/libpthread-2.19.so+0x8181)
    [#27](https://code.videolan.org/videolan/vlc/-/issues/27) 0x7ffff4521fbc (/lib/x86_64-linux-gnu/libc-2.19.so+0xfafbc)
0x60920014429c is located 3740 bytes to the right of 32768-byte region [0x60920013b400,0x609200143400)
allocated by thread T3 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7ffff4e6041a (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1541a)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7fffdbd2850b (/usr/local/lib/vlc/plugins/demux/libavformat_plugin.so+0x650b)
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7ffff3eba94f (/usr/local/lib/libvlccore.so.7.0.0+0x17794f)
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7ffff3eb9d2d (/usr/local/lib/libvlccore.so.7.0.0+0x176d2d)
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7ffff3eba3f0 (/usr/local/lib/libvlccore.so.7.0.0+0x1773f0)
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7ffff3ebaaaa (/usr/local/lib/libvlccore.so.7.0.0+0x177aaa)
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7ffff3dedaae (/usr/local/lib/libvlccore.so.7.0.0+0xaaaae)
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7ffff3e276bc (/usr/local/lib/libvlccore.so.7.0.0+0xe46bc)
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7ffff3e1cf2c (/usr/local/lib/libvlccore.so.7.0.0+0xd9f2c)
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x7ffff3e152b6 (/usr/local/lib/libvlccore.so.7.0.0+0xd22b6)
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7ffff3dbadc7 (/usr/local/lib/libvlccore.so.7.0.0+0x77dc7)
    [#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x7ffff3dbb46d (/usr/local/lib/libvlccore.so.7.0.0+0x7846d)
    [#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x7ffff4e63b97 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x18b97)
Thread T3 created by T0 here:
    [#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0x7ffff4e55b5b (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0xab5b)
    [#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0x7ffff3efb698 (/usr/local/lib/libvlccore.so.7.0.0+0x1b8698)
    [#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0x7ffff3efb8ec (/usr/local/lib/libvlccore.so.7.0.0+0x1b88ec)
    [#3](https://code.videolan.org/videolan/vlc/-/issues/3) 0x7ffff3dba7f6 (/usr/local/lib/libvlccore.so.7.0.0+0x777f6)
    [#4](https://code.videolan.org/videolan/vlc/-/issues/4) 0x7ffff3db29df (/usr/local/lib/libvlccore.so.7.0.0+0x6f9df)
    [#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0x7ffff3dc233b (/usr/local/lib/libvlccore.so.7.0.0+0x7f33b)
    [#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0x7ffff3dc0304 (/usr/local/lib/libvlccore.so.7.0.0+0x7d304)
    [#7](https://code.videolan.org/videolan/vlc/-/issues/7) 0x7ffff3dc00fa (/usr/local/lib/libvlccore.so.7.0.0+0x7d0fa)
    [#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0x7ffff3d92785 (/usr/local/lib/libvlccore.so.7.0.0+0x4f785)
    [#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0x7ffff3d92046 (/usr/local/lib/libvlccore.so.7.0.0+0x4f046)
    [#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x7ffff4c1a76a (/usr/local/lib/libvlc.so.5.4.0+0xb76a)
    [#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x401c59 (/usr/local/bin/vlc+0x401c59)
    [#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x7ffff4448ec4 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21ec4)
Shadow bytes around the buggy address:
  0x0c12c0020800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c12c0020850: fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c0020890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c12c00208a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==17720== ABORTING

GDB bt full:

[#0](https://code.videolan.org/videolan/vlc/-/issues/0)  0x00007ffff445dbb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
        resultvar = 0
        pid = 17720
        selftid = 17726
[#1](https://code.videolan.org/videolan/vlc/-/issues/1)  0x00007ffff4460fc8 in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x6, sa_sigaction = 0x6}, sa_mask = {__val = {13274670303408, 13274670303408, 140737351947607, 140733193388037, 0, 8192, 
              140737291410728, 8, 13274670303408, 140737302153374, 140737351976213, 0, 18446744073709551615, 18446744073709551615, 0, 140737354047488}}, sa_flags = -186202377, 
          sa_restorer = 0x7ffff4e6c6f7}
        sigs = {__val = {32, 0 <repeats 15 times>}}
[#2](https://code.videolan.org/videolan/vlc/-/issues/2)  0x00007ffff4e66829 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#3](https://code.videolan.org/videolan/vlc/-/issues/3)  0x00007ffff4e5d3ec in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#4](https://code.videolan.org/videolan/vlc/-/issues/4)  0x00007ffff4e64012 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#5](https://code.videolan.org/videolan/vlc/-/issues/5)  0x00007ffff4e63121 in __asan_report_error () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#6](https://code.videolan.org/videolan/vlc/-/issues/6)  0x00007ffff4e56ff8 in read () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#7](https://code.videolan.org/videolan/vlc/-/issues/7)  0x00007ffff3e9372f in net_Read (p_this=0x60260006f998, fd=10, vs=0x0, p_buf=0x60920014429c, i_buflen=4294963556, waitall=false) at network/io.c:285
        n = 44755199912116380
        ufd = {{fd = 10, events = 1, revents = 179}, {fd = 12, events = 1, revents = 0}}
        i_total = 0
        __PRETTY_FUNCTION__ = "net_Read"
[#8](https://code.videolan.org/videolan/vlc/-/issues/8)  0x00007fffee14aeea in Read (stream=0x60260006f998, buf=0x60920014429c, buflen=4294963556) at decomp.c:215
        p_sys = 0x601a000317a0
        peeked = 0x0
        length = 0
        __PRETTY_FUNCTION__ = "Read"
[#9](https://code.videolan.org/videolan/vlc/-/issues/9)  0x00007fffee14ae29 in Read (stream=0x60260006f998, buf=0x60920013fb4e, buflen=14514) at decomp.c:210
        p_sys = 0x601a000317a0
        peeked = 0x609a00034400
        length = 18254
        __PRETTY_FUNCTION__ = "Read"
[#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0x00007ffff3e3f154 in stream_Read (s=0x60260006f998, p_read=0x60920013b400, i_read=32768) at input/stream.c:1843
No locals.
[#11](https://code.videolan.org/videolan/vlc/-/issues/11) 0x00007fffecf16bac in Read (s=0x60260006f6d8, p_read=0x60920013b400, i_read=32768) at record.c:125
        p_sys = 0x6004000594f0
        p_record = 0x60920013b400
        i_record = 48
[#12](https://code.videolan.org/videolan/vlc/-/issues/12) 0x00007ffff3e3f154 in stream_Read (s=0x60260006f6d8, p_read=0x60920013b400, i_read=32768) at input/stream.c:1843
No locals.
[#13](https://code.videolan.org/videolan/vlc/-/issues/13) 0x00007fffdbd30573 in IORead (opaque=0x60280002f958, 
    buf=0x60920013b400 "\330w\035\004\246K\264Ͽ\362\253/~c}\230\374\315bE!\363\001\030ϽiCcq6\\\306\333}i\372\211\062I\357\232l|\307 \372ս\222\267\065FHʁ\264n\365\253\021\335\061\214n\\\236\374\320\027\324\313 ,jj\006\031\035\352U\223\071\343\037\215\063\315\366\375i\253\210\252bf;\227'\025v\316\332W\f\\m\351֚$\317\360\232r\273s\264\342\230\022C\036\030\234\364\253\n\271\317\065\016\345\214\022\314\005\067r\267\335\071\305E\200\237\311\fę\002\375h6\221\241\a\223\355Q\247\071\247\254\273{~\264\323\v\244J\221F\204\220\t\372\232s0u\306\061\357U\226|g\345\375j@\333{f\220\017\215\244"..., buf_size=32768) at avformat/demux.c:980
        p_demux = 0x60280002f958
        i_ret = 0
[#14](https://code.videolan.org/videolan/vlc/-/issues/14) 0x00007fffdba2cac2 in fill_buffer (s=0x60200001f340) at /build/buildd/libav-9.16/libavformat/aviobuf.c:395
        dst = 0x60920013b400 "\330w\035\004\246K\264Ͽ\362\253/~c}\230\374\315bE!\363\001\030ϽiCcq6\\\306\333}i\372\211\062I\357\232l|\307 \372ս\222\267\065FHʁ\264n\365\253\021\335\061\214n\\\236\374\320\027\324\313 ,jj\006\031\035\352U\223\071\343\037\215\063\315\366\375i\253\210\252bf;\227'\025v\316\332W\f\\m\351֚$\317\360\232r\273s\264\342\230\022C\036\030\234\364\253\n\271\317\065\016\345\214\022\314\005\067r\267\335\071\305E\200\237\311\fę\002\375h6\221\241\a\223\355Q\247\071\247\254\273{~\264\323\v\244J\221F\204\220\t\372\232s0u\306\061\357U\226|g\345\375j@\333{f\220\017\215\244"...
        len = <optimized out>
        max_buffer_size = 32768
[#15](https://code.videolan.org/videolan/vlc/-/issues/15) avio_read (s=s@entry=0x60200001f340, buf=0x607200164445 "", size=5721, size@entry=8606) at /build/buildd/libav-9.16/libavformat/aviobuf.c:474
        len = <optimized out>
        size1 = 8606
[#16](https://code.videolan.org/videolan/vlc/-/issues/16) 0x00007fffdbac8f4b in av_get_packet (s=0x60200001f340, pkt=pkt@entry=0x7fffe5160dc0, size=8606) at /build/buildd/libav-9.16/libavformat/utils.c:227
        ret = <optimized out>
[#17](https://code.videolan.org/videolan/vlc/-/issues/17) 0x00007fffdbabd3f3 in smjpeg_read_packet (s=0x60480003ea80, pkt=0x7fffe5160dc0) at /build/buildd/libav-9.16/libavformat/smjpegdec.c:158
        sc = 0x600a0000efc0
        dtype = <optimized out>
        size = <optimized out>
        timestamp = 400
        ret = <optimized out>
[#18](https://code.videolan.org/videolan/vlc/-/issues/18) 0x00007fffdbac9727 in ff_read_packet (s=s@entry=0x60480003ea80, pkt=pkt@entry=0x7fffe5160dc0) at /build/buildd/libav-9.16/libavformat/utils.c:624
        pktl = 0x0
        ret = <optimized out>
        i = <optimized out>
        st = <optimized out>
[#19](https://code.videolan.org/videolan/vlc/-/issues/19) 0x00007fffdbacb5ba in read_frame_internal (s=s@entry=0x60480003ea80, pkt=pkt@entry=0x7fffe5160f50) at /build/buildd/libav-9.16/libavformat/utils.c:1125
        st = <optimized out>
        cur_pkt = {pts = -9223372036854775808, dts = -9223372036854775808, data = 0x607200163900 "\377\330\377\340\307\020JFIF", size = 8606, stream_index = 0, flags = 0, 
          side_data = 0x0, side_data_elems = 0, duration = 0, destruct = 0x7fffdad68080 <av_destruct_packet>, priv = 0x0, pos = 29883, convergence_duration = 0}
        ret = <optimized out>
        i = <optimized out>
[#20](https://code.videolan.org/videolan/vlc/-/issues/20) 0x00007fffdbacd723 in avformat_find_stream_info (ic=0x60480003ea80, options=<optimized out>) at /build/buildd/libav-9.16/libavformat/utils.c:2342
        i = <optimized out>
        count = 4
        ret = <optimized out>
        read_size = 29783
        j = <optimized out>
        st = <optimized out>
        pkt1 = {pts = -9223372036854775808, dts = -9223372036854775808, data = 0x6074000ac900 "\377\330\377\340\307\020JFIF", size = 9020, stream_index = 0, flags = 0, 
          side_data = 0x0, side_data_elems = 0, duration = 0, destruct = 0x0, priv = 0x0, pos = -1, convergence_duration = 0}
        pkt = <optimized out>
        orig_nb_streams = <optimized out>
[#21](https://code.videolan.org/videolan/vlc/-/issues/21) 0x00007fffdbd28c21 in OpenDemux (p_this=0x60280002f958) at avformat/demux.c:253
        p_demux = 0x60280002f958
        p_sys = 0x601000016320
        pd = {filename = 0x60080008ae50 "/tmp/asa\b", buf = 0x609a00034480 "", buf_size = 51022}
        fmt = 0x7fffdbd1fa00 <ff_smjpeg_demuxer>
        i = 440528
        i_start_time = -1
        b_can_seek = false
        psz_url = 0x60080008ae50 "/tmp/asa\b"
        error = 0
        psz_format = 0x0
        psz_opts = 0x0
        options = 0x7fffe5161168
        nb_streams = 1
        t = 0x7fffe51629c0
[#22](https://code.videolan.org/videolan/vlc/-/issues/22) 0x00007ffff3eba950 in generic_start (func=0x7fffdbd27902 <OpenDemux>, ap=0x7fffe5161730) at modules/modules.c:351
        obj = 0x60280002f958
        activate = 0x7fffdbd27902 <OpenDemux>
[#23](https://code.videolan.org/videolan/vlc/-/issues/23) 0x00007ffff3eb9d2e in module_load (obj=0x60280002f958, m=0x601a00009010, init=0x7ffff3eba83d <generic_start>, args=0x7fffe5161880) at modules/modules.c:185
        ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffe51619f0, reg_save_area = 0x7fffe5161920}}
        ret = 0
[#24](https://code.videolan.org/videolan/vlc/-/issues/24) 0x00007ffff3eba3f1 in vlc_module_load (obj=0x60280002f958, capability=0x7ffff3f60220 "demux", name=0x7ffff3f9e583 "", strict=true, probe=0x7ffff3eba83d <generic_start>)
    at modules/modules.c:277
        cand = 0x601a00009010
        ret = -1
        i = 50
        buf = "any\000F`\000\000\000\004\000\000\000\000\000\000\240\027\003\000\032`\000\000P\236\005\000\004`\000"
        slen = 3
        shortcut = 0x7fffe51618c0 "any"
        var = 0x0
        mods = 0x60340002f600
        total = 63
        module = 0x0
        b_force_backup = false
        args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffe51619f0, reg_save_area = 0x7fffe5161920}}
        __PRETTY_FUNCTION__ = "vlc_module_load"
[#25](https://code.videolan.org/videolan/vlc/-/issues/25) 0x00007ffff3ebaaab in module_need (obj=0x60280002f958, cap=0x7ffff3f60220 "demux", name=0x600400059450 "", strict=true) at modules/modules.c:366
No locals.
[#26](https://code.videolan.org/videolan/vlc/-/issues/26) 0x00007ffff3dedaaf in demux_New (p_obj=0x60220002fdd8, p_parent_input=0x60220002fdd8, psz_access=0x600c0003bc60 "file", psz_demux=0x7ffff3f69920 "", 
    psz_location=0x600800027dd0 "/tmp/asan_heap-oob_7f9adf616fdd_1699_br_09.mjpg", s=0x60260006f6d8, out=0x600800027f50, b_quick=true) at input/demux.c:188
        p_demux = 0x60280002f958
        psz_module = 0x600400059450 ""
        psz_ext = 0x600800027d7b "mjpg"
[#27](https://code.videolan.org/videolan/vlc/-/issues/27) 0x00007ffff3e276bd in InputSourceInit (p_input=0x60220002fdd8, in=0x60540006cd30, psz_mrl=0x600c00025d00 "file:///tmp/asan_heap-oob_7f9adf616fdd_1699_br_09.mjpg", 
    psz_forced_demux=0x0, b_in_can_fail=false) at input/input.c:2535
        p_access = 0x60280002fc58
        i_input_list = 0
        ppsz_input_list = 0x0
        psz_stream_filter = 0x0
        psz_access = 0x600c0003bc60 "file"
        psz_demux = 0x7ffff3f69920 ""
        psz_path = 0x600c0003bc67 "/tmp/asan_heap-oob_7f9adf616fdd_1699_br_09.mjpg"
        psz_anchor = 0x7ffff3f69920 ""
        psz_var_demux = 0x0
        f_fps = 0
        __PRETTY_FUNCTION__ = "InputSourceInit"
        psz_dup = 0x600c0003bc60 "file"
        i_pts_delay = 140737036819808
[#28](https://code.videolan.org/videolan/vlc/-/issues/28) 0x00007ffff3e1cf2d in Init (p_input=0x60220002fdd8) at input/input.c:1225
        p_meta = 0x0
        i = 0
        i_length = 0
[#29](https://code.videolan.org/videolan/vlc/-/issues/29) 0x00007ffff3e152b7 in input_Preparse (p_parent=0x60380000a018, p_item=0x60280001a8c0) at input/input.c:200
        p_input = 0x60220002fdd8
[#30](https://code.videolan.org/videolan/vlc/-/issues/30) 0x00007ffff3dbadc8 in Preparse (obj=0x60380000a018, p_item=0x60280001a8c0) at playlist/preparser.c:137
        i_type = 1
[#31](https://code.videolan.org/videolan/vlc/-/issues/31) 0x00007ffff3dbb46e in Thread (data=0x6018000079c0) at playlist/preparser.c:217
        p_current = 0x60280001a8c0
        p_preparser = 0x6018000079c0
        obj = 0x60380000a018
[#32](https://code.videolan.org/videolan/vlc/-/issues/32) 0x00007ffff4e63b98 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#33](https://code.videolan.org/videolan/vlc/-/issues/33) 0x00007ffff49f9182 in start_thread (arg=0x7fffe5162700) at pthread_create.c:312
        __res = <optimized out>
        p_access = 0x60280002fc58
        i_input_list = 0
        ppsz_input_list = 0x0
        psz_stream_filter = 0x0
        psz_access = 0x600c0003bc60 "file"
        psz_demux = 0x7ffff3f69920 ""
        psz_path = 0x600c0003bc67 "/tmp/asan_heap-oob_7f9adf616fdd_1699_br_09.mjpg"
        psz_anchor = 0x7ffff3f69920 ""
        psz_var_demux = 0x0
        f_fps = 0
        __PRETTY_FUNCTION__ = "InputSourceInit"
        psz_dup = 0x600c0003bc60 "file"
        i_pts_delay = 140737036819808
[#28](https://code.videolan.org/videolan/vlc/-/issues/28) 0x00007ffff3e1cf2d in Init (p_input=0x60220002fdd8) at input/input.c:1225
        p_meta = 0x0
        i = 0
        i_length = 0
[#29](https://code.videolan.org/videolan/vlc/-/issues/29) 0x00007ffff3e152b7 in input_Preparse (p_parent=0x60380000a018, p_item=0x60280001a8c0) at input/input.c:200
        p_input = 0x60220002fdd8
[#30](https://code.videolan.org/videolan/vlc/-/issues/30) 0x00007ffff3dbadc8 in Preparse (obj=0x60380000a018, p_item=0x60280001a8c0) at playlist/preparser.c:137
        i_type = 1
[#31](https://code.videolan.org/videolan/vlc/-/issues/31) 0x00007ffff3dbb46e in Thread (data=0x6018000079c0) at playlist/preparser.c:217
        p_current = 0x60280001a8c0
        p_preparser = 0x6018000079c0
        obj = 0x60380000a018
[#32](https://code.videolan.org/videolan/vlc/-/issues/32) 0x00007ffff4e63b98 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.0
No symbol table info available.
[#33](https://code.videolan.org/videolan/vlc/-/issues/33) 0x00007ffff49f9182 in start_thread (arg=0x7fffe5162700) at pthread_create.c:312
        __res = <optimized out>
---Type <return> to continue, or q <return> to quit---
        pd = 0x7fffe5162700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737036822272, 4905195451019242664, 0, 0, 140737036822976, 140737036822272, -4905251868611105624, -4905219918019482456}, 
           mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
    not_first_call = <optimized out>
    pagesize_m1 = <optimized out>
    sp = <optimized out>
    freesize = <optimized out>
    __PRETTY_FUNCTION__ = "start_thread"

#34 (closed) 0x00007ffff4521fbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals. }}}

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance