Skip to content
Snippets Groups Projects

chroma_probe: fix possible use-after-free

Merged chroma_probe: fix possible use-after-free
tguillem/vlc:chroma-probe-use-after-free into master
Merged Thomas Guillem requested to merge tguillem/vlc:chroma-probe-use-after-free into master

Asan report:

$ ASAN_OPTIONS=halt_on_error=false ./test/test_src_misc_chroma_probe VAOP

==411069==ERROR: AddressSanitizer: heap-use-after-free on address 0x524000042830 at pc 0x7f16fd14e49e bp 0x7ffda23620c0 sp 0x7ffda23620b8
READ of size 8 at 0x524000042830 thread T0
    #0 0x7f16fd14e49d in vlc_chroma_conv_result_Equals ../../src/misc/chroma_probe.c:336
    #1 0x7f16fd14e49d in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:442
    #2 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
    #3 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #4 0x7f16fc51630a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #5 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)

0x524000042830 is located 1840 bytes inside of 6976-byte region [0x524000042100,0x524000043c40)
freed by thread T0 here:
    #0 0x7f16fe07c7d8 in realloc.part.0 (/lib64/libasan.so.8+0xc17d8) (BuildId: 5294bd2731fcae07af92dfea7808576c57d53bc9)
    #1 0x7f16fd14d635 in vlc_reallocarray ../../include/vlc_common.h:1079
    #2 0x7f16fd14d635 in vlc_vector_reallocdata_ ../../include/vlc_vector.h:171
    #3 0x7f16fd14d635 in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:447
    #4 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
    #5 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #6 0x7f16fc51630a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #7 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)

previously allocated by thread T0 here:
    #0 0x7f16fe07d8d7 in malloc (/lib64/libasan.so.8+0xc28d7) (BuildId: 5294bd2731fcae07af92dfea7808576c57d53bc9)
    #1 0x7f16fd14c23c in vlc_reallocarray ../../include/vlc_common.h:1079
    #2 0x7f16fd14c23c in vlc_vector_reallocdata_ ../../include/vlc_vector.h:171
    #3 0x7f16fd14c23c in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:402
    #4 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
    #5 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #6 0x7f16fc51630a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
    #7 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)
Edited by Thomas Guillem

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply

VideoLAN code repository instance