SEGV in huffman_decode_step() at huffman.c:371

Marsman1996 commented 5 years ago

Test Environment

Ubuntu 14.04, 64bit, ffjpeg(master 627c8a9)

How to trigger

compile ffjpeg with cmake file from https://github.com/rockcarry/ffjpeg/issues/6
$ ./ffjpeg -d $POC

POC file

https://github.com/Marsman1996/pocs/blob/master/ffjpeg/poc21-huffman_decode_step-SEGV

Details

Asan report

ASAN:SIGSEGV
=================================================================
==19241== ERROR: AddressSanitizer: SEGV on unknown address 0x000000001590 (pc 0x000000410e8b sp 0x7fff54e12780 bp 0x7fff54e127a0 T0)
AddressSanitizer can not provide additional info.
    #0 0x410e8a in huffman_decode_step /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
    #1 0x405f04 in jfif_decode /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:493
    #2 0x401a70 in main /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25
    #3 0x7f8d44273f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #4 0x401858 in _start (/home/aota10/MARS_fuzzcompare/test/ffjpeg/bin_asan/bin/ffjpeg+0x401858)
SUMMARY: AddressSanitizer: SEGV /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371 huffman_decode_step
==19241== ABORTING

GDB report

Program received signal SIGSEGV, Segmentation fault.
0x000000000040775f in huffman_decode_step (phc=0x0)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
371         if (!phc->input) return EOF;
(gdb) bt
#0  0x000000000040775f in huffman_decode_step (phc=0x0)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/huffman.c:371
#1  0x0000000000403357 in jfif_decode (ctxt=0x60a010, pb=0x7fffffffe190)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/jfif.c:493
#2  0x0000000000401672 in main (argc=3, argv=0x7fffffffe298)
    at /home/aota10/MARS_fuzzcompare/test/ffjpeg/code/ffjpeg.c:25

rockcarry commented 5 years ago

i make a new commit

commit b3039ae8022da67078c130bd19bc3008a037adb3

which fix issue #10 #11 and #12

can you test again ?