test: incorrect usage of decoder owner leading to Heap-buffer-overflow

Previous title: Heap-buffer-overflow in function es_format_Copy()

Describe the bug

We found a heap-buffer-overflow in function es_format_Copy() after testing one of the harnesses provided on the OSS-Fuzz repository (vlc-demux-dec-libfuzzer).

All the info related to where the overflow happened and the state of the memory can be found in the provided ASan log.

We are confident that developers with knowledge on the codebase will be able to find the root of the issue with little effort, and we remain available to assist you in case of need.

To Reproduce

In the attached archive you will find:

the executable on which we performed our tests
the input file that caused the bug
the output of ASan confirming our finding

To reproduce the errors, simply run the given binary with the testcase files with a command like ./vlc-demux-dec-libfuzzer /path_to_testcases/input

The program has been tested on the standard Docker image provided on OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag --sanitizer=address.

The hash commit used to perform the tests is fb18df8.

Environment

OS: Linux
Version/Distribution: Ubuntu 20.04
Architecture: x86_64

Edited Sep 09, 2024 by Thomas Guillem

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information