[FFmpeg-trac] #1205(avcodec:new): Division by Zero in avcodec
FFmpeg
trac at avcodec.org
Sat Apr 14 02:29:36 CEST 2012
#1205: Division by Zero in avcodec
----------------------------------+---------------------------------------
Reporter: daybreak | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+---------------------------------------
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\Users\owner\Desktop\ffmpeg-git-
a4c22e3-win32-shared\bin\avcodec-54.dll -
avcodec_54!avcodec_close+0x8968:
6aa50868 f77f3c idiv eax,dword ptr [edi+3Ch]
ds:002b:02bb0b9c=00000000
0:002:x86> $<dbgcomm.txt
0:002:x86> r
eax=00019000 ebx=00000001 ecx=00000001 edx=00000000 esi=00000000
edi=02bb0b60
eip=6aa50868 esp=0318fa40 ebp=02bb7580 iopl=0 nv up ei ng nz na pe
nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
efl=00010286
avcodec_54!avcodec_close+0x8968:
6aa50868 f77f3c idiv eax,dword ptr [edi+3Ch]
ds:002b:02bb0b9c=00000000
0:002:x86> !load winext\msec.dll
0:002:x86> !exploitable
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\Users\owner\Desktop\ffmpeg-git-
a4c22e3-win32-shared\bin\avutil-51.dll -
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Recommended Bug Title: Integer Divide By Zero starting at
avcodec_54!avcodec_close+0x0000000000008968 (Hash=0x67550b5d.0x67557379)
This is a divide by zero, and is probably not exploitable.
0:002:x86> q
quit:
Tested on the shared build from 2012-04-09 found at
http://ffmpeg.zeranoe.com/builds/
A PoC file:
http://w.rdtsc.net/ffmpegmkv/ProbNOTExploitable/DivByZ.zip
Thanks,
John Villamil
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1205>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list