SEGV Error In decoder_context::compute_framedrop_table() #484
Description
version
reproduce
sh autogen.sh
mkdir build
cd build
CC=clang CXX=clang++ cmake ../ -DCMAKE_CXX_FLAGS="-fsanitize=address -g"
make -j$(nproc)
./dec265/dec265 -T 2147483648 $POC
AddressSanitizer:DEADLYSIGNAL
=================================================================
==184685==ERROR: AddressSanitizer: SEGV on unknown address 0x620e00000ed4 (pc 0x7fc778bad48d bp 0x7ffe9a4506e0 sp 0x7ffe9a450650 T0)
==184685==The signal is caused by a WRITE memory access.
#0 0x7fc778bad48d in decoder_context::compute_framedrop_table() /home/reproduce/libde265/libde265/decctx.cc:2231:30
#1 0x7fc778bc022a in decoder_context::calc_tid_and_framerate_ratio() /home/reproduce/libde265/libde265/decctx.cc:2253:5
#2 0x7fc778bb1de6 in decoder_context::process_slice_segment_header(slice_segment_header*, de265_error*, long, nal_header*, void*) /home/reproduce/libde265/libde265/decctx.cc:2021:3
#3 0x7fc778bb0d85 in decoder_context::read_slice_NAL(bitreader&, NAL_unit*, nal_header&) /home/reproduce/libde265/libde265/decctx.cc:650:7
#4 0x7fc778bb7598 in decoder_context::decode_NAL(NAL_unit*) /home/reproduce/libde265/libde265/decctx.cc:1244:11
#5 0x7fc778bb7eee in decoder_context::decode(int*) /home/reproduce/libde265/libde265/decctx.cc:1332:16
#6 0x7fc778b8d984 in de265_decode /home/reproduce/libde265/libde265/de265.cc:369:15
#7 0x4c8f1b in main /home/reproduce/libde265/dec265/dec265.cc:784:17
#8 0x7fc778554082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41c48d in _start (/home/reproduce/libde265/asan_build/dec265/dec265+0x41c48d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/reproduce/libde265/libde265/decctx.cc:2231:30 in decoder_context::compute_framedrop_table()
==184685==ABORTINGThis vulnerability is found by CodeQL , while the POC is generated by OptionFuzz.