From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id B8349405D0
	for <ffmpegdev@gitmailbox.com>; Sun, 17 Aug 2025 01:26:14 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 15C1768D2EF;
	Sun, 17 Aug 2025 04:26:10 +0300 (EEST)
Received: from relay15.mail.gandi.net (relay15.mail.gandi.net [217.70.178.235])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 59DAC687ACC
 for <ffmpeg-devel@ffmpeg.org>; Sun, 17 Aug 2025 04:26:03 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 4FC4243180;
 Sun, 17 Aug 2025 01:26:02 +0000 (UTC)
Date: Sun, 17 Aug 2025 03:26:01 +0200
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>,
 Lynne <dev@lynne.ee>
Message-ID: <20250817012601.GV29660@pb2>
MIME-Version: 1.0
X-GND-State: clean
X-GND-Score: -85
X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddugeekgedtucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdduhedmnecujfgurhepfffhvffukfggtggusehgtderredttddvnecuhfhrohhmpefoihgthhgrvghlucfpihgvuggvrhhmrgihvghruceomhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtqeenucggtffrrghtthgvrhhnpeehtddtleeitdehtefgkeefleeuteduvdffgefgkeeileefudfgkeeitddtleetudenucffohhmrghinhepohhsshdqfhhuiiiirdgtohhmnecukfhppeeguddrieeirdeihedrudejieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeihedrudejiedphhgvlhhopehlohgtrghlhhhoshhtpdhmrghilhhfrhhomhepmhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepfhhfmhhpvghgqdguvghvvghlsehffhhmphgvghdrohhrghdprhgtphhtthhopeguvghvsehlhihnnhgvrdgvvg
Subject: [FFmpeg-devel] AAC AVERROR_BUG
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
From: Michael Niedermayer via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Michael Niedermayer <michael@niedermayer.cc>
Content-Type: multipart/mixed; boundary="===============7289115199499925554=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250817012601.GV29660@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============7289115199499925554==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="oQqBonIB1oJJW7j0"
Content-Disposition: inline


--oQqBonIB1oJJW7j0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Lynne, ffmpeg-devel

the following (testcase public, not cattegorized as a security issue)
https://issues.oss-fuzz.com/issues/416134551

hits
            if (!ics->num_swb || !ics->swb_offset) {
                ret_fail =3D AVERROR_BUG;
                goto fail;
            }

Assertion ret !=3D (-(int)(('B') | (('U') << 8) | (('G') << 16) | ((unsigne=
d)('!') << 24))) failed at tools/target_dec_fuzzer.c:556
MemorySanitizer:DEADLYSIGNAL
=3D=3D399=3D=3DERROR: MemorySanitizer: ABRT on unknown address 0x0539000001=
8f (pc 0x7d47828ed00b bp 0x7ffc5e5cb040 sp 0x7ffc5e5cac70 T399)
    #0 0x7d47828ed00b in raise /build/glibc-LcI20x/glibc-2.31/sysdeps/unix/=
sysv/linux/raise.c:51:1
    #1 0x7d47828cc858 in abort /build/glibc-LcI20x/glibc-2.31/stdlib/abort.=
c:79:7
    #2 0x586ab3406fdc in LLVMFuzzerTestOneInput ffmpeg/tools/target_dec_fuz=
zer.c:0
    #3 0x586ab32f7fe0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char cons=
t*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:=
614:13
    #4 0x586ab32e3255 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, u=
nsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327=
:6
    #5 0x586ab32e8cef in fuzzer::FuzzerDriver(int*, char***, int (*)(unsign=
ed char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/Fu=
zzerDriver.cpp:862:9
    #6 0x586ab3313f92 in main /src/llvm-project/compiler-rt/lib/fuzzer/Fuzz=
erMain.cpp:20:10
    #7 0x7d47828ce082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/c=
su/libc-start.c:308:16
    #8 0x586ab32db43d in _start


thx
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Any man who breaks a law that conscience tells him is unjust and willingly=
=20
accepts the penalty by staying in jail in order to arouse the conscience of=
=20
the community on the injustice of the law is at that moment expressing the=
=20
very highest respect for law. - Martin Luther King Jr

--oQqBonIB1oJJW7j0
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaKEvpgAKCRBhHseHBAsP
q5lTAJ9sSNw0x0GKeIA/sm9ilHgZFJKAKQCfa4LPjyszfAxAb1KS9vSlESww6tg=
=QgNs
-----END PGP SIGNATURE-----

--oQqBonIB1oJJW7j0--

--===============7289115199499925554==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============7289115199499925554==--