Skip to content

[oss-fuzz 5314701694402560] Null-dereference · FLAC_ParseSyncInfo

Ref:

 	[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
	+----------------------------------------Release Build Stacktrace----------------------------------------+
	Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_vlc_ec7da601ad4ba2548e708a6a10d97e34bc915675/revisions/vlc-demux-dec-libfuzzer-flac -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-f2ed5b40679d7bcd5bcf45d6bb594439243eca21
	Time ran: 0.49056553840637207
	
	INFO: Running with entropic power schedule (0xFF, 100).
	INFO: Seed: 721287847
	INFO: Loaded 1 modules   (96380 inline 8-bit counters): 96380 [0x562fd0a24de8, 0x562fd0a3c664),
	INFO: Loaded 1 PC tables (96380 PCs): 96380 [0x562fd0a3c668,0x562fd0bb4e28),
	/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_vlc_ec7da601ad4ba2548e708a6a10d97e34bc915675/revisions/vlc-demux-dec-libfuzzer-flac: Running 1 inputs 100 time(s) each.
	Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-f2ed5b40679d7bcd5bcf45d6bb594439243eca21
	packetizer/flac.h:249:22: runtime error: member access within null pointer of type 'const struct flac_stream_info'
	    #0 0x562fd04378a2 in FLAC_ParseSyncInfo /src/vlc/modules/packetizer/flac.h:249:22
	    #1 0x562fd04356b8 in Packetize /src/vlc/modules/packetizer/flac.c:376:21
	    #2 0x562fd0378f7e in GetPacketizedBlock /src/vlc/modules/demux/flac.c:227:24
	    #3 0x562fd0377e44 in Demux /src/vlc/modules/demux/flac.c:380:27
	    #4 0x562fd033345c in demux_process_stream /src/vlc/test/src/input/demux-run.c:312:19
	    #5 0x562fd0333283 in LLVMFuzzerTestOneInput /src/vlc/test/vlc-demux-libfuzzer.c:63:5
	    #6 0x562fd0295760 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
	    #7 0x562fd02809d5 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
	    #8 0x562fd028646f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
	    #9 0x562fd02b1712 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
	    #10 0x7eed68cbd082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
	    #11 0x562fd0278bbd in _start

Samples:

Edited by Thomas Guillem
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance