NULL Pointer Dereference in idct2d8x8() at dct.c:201

Marsman1996 commented 5 years ago

Test Environment

Ubuntu 14.04, 64bit, ffjpeg(master 627c8a9)

How to trigger

compile ffjpeg with cmake file from https://github.com/rockcarry/ffjpeg/issues/6
$ ./ffjpeg -d $POC

POC file

https://github.com/Marsman1996/pocs/blob/master/ffjpeg/poc20-idct2d8x8-SEGV

Details

Asan report

ASAN:SIGSEGV
=================================================================
==21545== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000040db78 sp 0x7ffd4681f2e0 bp 0x7ffd4681f340 T0)
AddressSanitizer can not provide additional info.
    #0 0x40db77 in idct2d8x8 /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/dct.c:201
    #1 0x40605b in jfif_decode /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:508
    #2 0x401a70 in main /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25
    #3 0x7f8448218f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #4 0x401858 in _start (/home/aota10/MARS_fuzzcompare/test/ffjpeg/bin_asan/bin/ffjpeg+0x401858)
SUMMARY: AddressSanitizer: SEGV /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/dct.c:201 idct2d8x8
==21545== ABORTING

GDB report

Program received signal SIGSEGV, Segmentation fault.
0x0000000000406402 in idct2d8x8 (data=0x7fffffffe070, ftab=0xffffffff)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/dct.c:201
201             data[ctr] *= ftab[ctr];
(gdb) bt
#0  0x0000000000406402 in idct2d8x8 (data=0x7fffffffe070, ftab=0xffffffff)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/dct.c:201
#1  0x0000000000403435 in jfif_decode (ctxt=0x60a010, pb=0x7fffffffe1a0)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:508
#2  0x0000000000401672 in main (argc=3, argv=0x7fffffffe2a8)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25

rockcarry commented 5 years ago

i make a new commit

commit b3039ae8022da67078c130bd19bc3008a037adb3

which fix issue #10 #11 and #12

can you test again ?