Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <trinity-b4ba7486-1df9-44b1-927e-feeb38f0466e-1474851796223@3capp-gmx-bs55>
Date: Mon, 26 Sep 2016 03:03:16 +0200
From: cookieopfer@....net
To: oss-security@...ts.openwall.com
Subject: Re: Re: ffmpeg afl bugs



> Have fun with ffmpeg-h264-call-stack-overflow.mp4
> > Perhaps you meant to share this file with this community?

yes, I forgot to mention it is in
/usr/share/doc/afl/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4
 
> Hmm... I think that
> docs/vuln_samples/ffmpeg-h264-call-stack-overflow.mp4 is just a sample
> file that comes with AFL (and dates back to December 2014). I doubt it
> still crashes anything

see above! not crashing, but:

 "overread end of atom 'stsd' by 4294967134 bytes"

> and I'm not sure what the original reporter was trying to say.
> 
> /mz

I just can't fix it further on this machine, so I only could post the
trace.

Also thanks for afl-fuzz!
Download attachment "ffmpeg-h264-call-stack-overflow.mp4" of type "video/mp4" (1259 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.