Skip to content

Crash in realmedia demuxing

The attached file causes a crash when demuxing realmedia. While this bug likely does not have a serious security impact, I am filing it as confidential just in case. A stack trace is below.

==3320386==The signal is caused by a READ memory access.
0:00:00.175144776 3320386 0x61900020a030 ERROR                  libav :0:: Incorrect intra prediction mode
    #0 0x7ff8bcf7dbd8 in gst_rmdemux_parse_video_packet /usr/local/google/home/natashenka/gst-build/build/../subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c:2241:16
    #1 0x7ff8bcf7dbd8 in gst_rmdemux_parse_packet /usr/local/google/home/natashenka/gst-build/build/../subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c:2573:9
    #2 0x7ff8bcf81221 in gst_rmdemux_chain /usr/local/google/home/natashenka/gst-build/build/../subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c:1245:19
    #3 0x7ff8bcf81eac in gst_rmdemux_loop /usr/local/google/home/natashenka/gst-build/build/../subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c:904:9
    #4 0x7ff8c66b8dfe in gst_task_func /usr/local/google/home/natashenka/gst-build/build/../subprojects/gstreamer/gst/gsttask.c:384:5
    #5 0x7ff8c3bf5973  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b973)
    #6 0x7ff8c3bf508c  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b08c)
    #7 0x7ff8c3ad9ea6 in start_thread nptl/pthread_create.c:477:8
    #8 0x7ff8c3815dee in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/local/google/home/natashenka/gst-build/build/../subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c:2241:16 in gst_rmdemux_parse_video_packet
Thread T6 (rmdemux0:sink) created by T4 (typefind:sink) here:
    #0 0x4c0e0a in pthread_create (/usr/local/google/home/natashenka/Downloads/video/video+0x4c0e0a)
    #1 0x7ff8c3c1cfc0  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2fc0)

Thread T4 (typefind:sink) created by T0 here:
    #0 0x4c0e0a in pthread_create (/usr/local/google/home/natashenka/Downloads/video/video+0x4c0e0a)
    #1 0x7ff8c3c1cfc0  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2fc0)

sig.rm

Edited by Mathieu Duponchelle