Program received signal SIGSEGV, Segmentation fault. at fbitstr_putc in bitstr.c:137 #62
Description
Desctiption
When I used the bitstr_putc function to handle a specific input, a segmentation fault (SEGV) was triggered at fbitstr_putc in bitstr.c:137
Lines 209 to 219 in caade60
Lines 133 to 138 in caade60
The primary cause is that the parameter stream in bitstr_putc is corrupted. Specifically, context→fp points to an inaccessible address, leading to a segmentation fault.
Test Environment
Ubuntu 22.04.1, 64bit
ffjpeg(master caade60)
program source file
How to trigger
Download the poc file , program and run the following cmd:
$ ./fbitstr_putc ./poc
Detail
GDB report
(gdb) r
Starting program: /data/ambrose/output/ffjpeg_temperature_test/ffjpeg_deepseek/crashes/bitstr.c/bitstr_putc/fbitstr_putc/fbitstr_putc output/default/crashes/id:000000,sig:11,src:000000,time:1635,execs:106,op:havoc,rep:3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7c87561 in fputc (c=6, fp=0xf7463c0000007fff) at ./libio/fputc.c:35
35 ./libio/fputc.c: No such file or directory.
(gdb) bt
#0 0x00007ffff7c87561 in fputc (c=6, fp=0xf7463c0000007fff) at ./libio/fputc.c:35
#1 0x00005555555556c9 in fbitstr_putc (c=6, stream=0x7fffffffdb54)
at /home/ambrose/vsproject/TestLib/ffjpeg/src/bitstr.c:137
#2 0x0000555555555971 in bitstr_putc (c=6, stream=0x7fffffffdb54)
at /home/ambrose/vsproject/TestLib/ffjpeg/src/bitstr.c:216
#3 0x0000555555555e88 in main (argc=2, argv=0x7fffffffdc88)
at /home/ambrose/vsproject/HIMFuzz/harness/output/ffjpeg_deepseek/harness/code/bitstr.c/bitstr_putc/fbitstr_putc.c:36
(gdb) frame 1
#1 0x00005555555556c9 in fbitstr_putc (c=6, stream=0x7fffffffdb54)
at /home/ambrose/vsproject/TestLib/ffjpeg/src/bitstr.c:137
warning: Source file is more recent than executable.
137 return fputc(c, context->fp);
(gdb) p *context
$1 = {type = 1, bitbuf = 1431671456, bitnum = 21845, fp = 0xf7463c0000007fff}