Bug#920231: bs1770gain: Segfault in av_packet_copy_props() on mp3
Package: bs1770gain
Version: 0.5.1-3
While using bs1770gain to measure the loudness of a lot of files, I ran
into a file causing bs1770gain to segfault. This is the valgrind output
from the crash:
$ valgrind bs1770gain --xml --truepeak DTNormieS_01.mp3
==24286== Memcheck, a memory error detector
==24286== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==24286== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==24286== Command: bs1770gain --xml --truepeak DTNormieS_01.mp3
==24286==
<bs1770gain>
<album>
<track total="1" number="1" file="DTNormieS_01.mp3">
==24286== Invalid read of size 4
==24286== at 0x4EDD7F4: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F826C3: avcodec_send_packet (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F84C22: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x111892: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== Address 0x11de38b8 is 8 bytes inside a block of size 16 free'd
==24286== at 0x48369AB: free (vg_replace_malloc.c:530)
==24286== by 0x4EDCDE8: av_packet_free_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD86C: av_packet_unref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x112693: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== by 0x64DB09A: (below main) (libc-start.c:308)
==24286== Block was alloc'd at
==24286== at 0x48356AF: malloc (vg_replace_malloc.c:298)
==24286== by 0x4837DE7: realloc (vg_replace_malloc.c:826)
==24286== by 0x4EDCF12: av_packet_add_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDCFDC: av_packet_new_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD805: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4C7E24A: ??? (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x4C84563: av_read_frame (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x11269F: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286==
==24286== Invalid read of size 4
==24286== at 0x4EDD7F8: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F826C3: avcodec_send_packet (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F84C22: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x111892: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== Address 0x11de38bc is 12 bytes inside a block of size 16 free'd
==24286== at 0x48369AB: free (vg_replace_malloc.c:530)
==24286== by 0x4EDCDE8: av_packet_free_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD86C: av_packet_unref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x112693: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== by 0x64DB09A: (below main) (libc-start.c:308)
==24286== Block was alloc'd at
==24286== at 0x48356AF: malloc (vg_replace_malloc.c:298)
==24286== by 0x4837DE7: realloc (vg_replace_malloc.c:826)
==24286== by 0x4EDCF12: av_packet_add_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDCFDC: av_packet_new_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD805: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4C7E24A: ??? (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x4C84563: av_read_frame (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x11269F: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286==
==24286== Invalid read of size 8
==24286== at 0x4EDD7FB: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F826C3: avcodec_send_packet (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F84C22: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x111892: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== Address 0x11de38b0 is 0 bytes inside a block of size 16 free'd
==24286== at 0x48369AB: free (vg_replace_malloc.c:530)
==24286== by 0x4EDCDE8: av_packet_free_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD86C: av_packet_unref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x112693: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10C3F2: ??? (in /usr/bin/bs1770gain)
==24286== by 0x64DB09A: (below main) (libc-start.c:308)
==24286== Block was alloc'd at
==24286== at 0x48356AF: malloc (vg_replace_malloc.c:298)
==24286== by 0x4837DE7: realloc (vg_replace_malloc.c:826)
==24286== by 0x4EDCF12: av_packet_add_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDCFDC: av_packet_new_side_data (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDD805: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4C7E24A: ??? (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x4C84563: av_read_frame (in /usr/lib/x86_64-linux-gnu/libavformat.so.58.20.100)
==24286== by 0x11269F: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286==
==24286== Invalid read of size 8
==24286== at 0x483C97D: memmove (vg_replace_strmem.c:1270)
==24286== by 0x4EDD7E0: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F826C3: avcodec_send_packet (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F84C22: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x111892: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==24286==
==24286==
==24286== Process terminating with default action of signal 11 (SIGSEGV)
==24286== Access not within mapped region at address 0x0
==24286== at 0x483C97D: memmove (vg_replace_strmem.c:1270)
==24286== by 0x4EDD7E0: av_packet_copy_props (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4EDDF82: av_packet_ref (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F826C3: avcodec_send_packet (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x4F84C22: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.35.100)
==24286== by 0x111892: ??? (in /usr/bin/bs1770gain)
==24286== by 0x111EBF: ??? (in /usr/bin/bs1770gain)
==24286== by 0x1139ED: ??? (in /usr/bin/bs1770gain)
==24286== by 0x113ADD: ??? (in /usr/bin/bs1770gain)
==24286== by 0x4877932: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==24286== by 0x110777: ??? (in /usr/bin/bs1770gain)
==24286== by 0x10E7C8: ??? (in /usr/bin/bs1770gain)
==24286== If you believe this happened as a result of a stack
==24286== overflow in your program's main thread (unlikely but
==24286== possible), you can try to increase the size of the
==24286== main thread stack using the --main-stacksize= flag.
==24286== The main thread stack size used in this run was 8388608.
==24286==
==24286== HEAP SUMMARY:
==24286== in use at exit: 3,036,194 bytes in 1,048 blocks
==24286== total heap usage: 690,380 allocs, 689,332 frees, 113,824,724 bytes allocated
==24286==
==24286== LEAK SUMMARY:
==24286== definitely lost: 0 bytes in 0 blocks
==24286== indirectly lost: 0 bytes in 0 blocks
==24286== possibly lost: 1,352 bytes in 18 blocks
==24286== still reachable: 3,034,842 bytes in 1,030 blocks
==24286== of which reachable via heuristic:
==24286== newarray : 1,536 bytes in 16 blocks
==24286== suppressed: 0 bytes in 0 blocks
==24286== Rerun with --leak-check=full to see details of leaked memory
==24286==
==24286== For counts of detected and suppressed errors, rerun with: -v
==24286== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
Segmentation fault
%
Can this be a security issue?
--
Happy hacking
Petter Reinholdtsen
Reply to: