Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Builder ffmpeg-solaris10-i386 Build #13578

Results:

Failed shell_2 shell_3 shell_4 shell_5

SourceStamp:

Projectffmpeg
Repositoryhttps://git.ffmpeg.org/ffmpeg.git
Branchmaster
Revisione90c2ff4b5a5922d2cad1acd41595084f71d74a8
Got Revisione90c2ff4b5a5922d2cad1acd41595084f71d74a8
Changes1 change

BuildSlave:

unstable10x

Reason:

The SingleBranchScheduler scheduler named 'schedule-ffmpeg-solaris10-i386' triggered this build

Steps and Logfiles:

  1. git update ( 4 secs )
    1. stdio
  2. shell 'gsed -i ...' ( 0 secs )
    1. stdio
  3. shell_1 'gsed -i ...' ( 0 secs )
    1. stdio
  4. shell_2 'gsed -i ...' failed ( 0 secs )
    1. stdio
  5. shell_3 './configure --samples="../../../ffmpeg/fate-suite" ...' failed ( 7 secs )
    1. stdio
    2. config.log
  6. shell_4 'gmake fate-rsync' failed ( 0 secs )
    1. stdio
  7. shell_5 '../../../ffmpeg/fate.sh ../../../ffmpeg/fate_config.sh' failed ( 0 secs )
    1. stdio
    2. configure.log
    3. compile.log
    4. test.log

Build Properties:

NameValueSource
branch master Build
builddir /export/home/buildbot/slave/ffmpeg-solaris10-i386 slave
buildername ffmpeg-solaris10-i386 Builder
buildnumber 13578 Build
codebase Build
got_revision e90c2ff4b5a5922d2cad1acd41595084f71d74a8 Git
project ffmpeg Build
repository https://git.ffmpeg.org/ffmpeg.git Build
revision e90c2ff4b5a5922d2cad1acd41595084f71d74a8 Build
scheduler schedule-ffmpeg-solaris10-i386 Scheduler
slavename unstable10x BuildSlave
workdir /export/home/buildbot/slave/ffmpeg-solaris10-i386 slave (deprecated)

Forced Build Properties:

NameLabelValue

Responsible Users:

  1. Ruikai Peng

Timing:

StartTue Apr 7 01:44:55 2026
EndTue Apr 7 01:45:09 2026
Elapsed13 secs

All Changes:

:

  1. Change #263826

    Category ffmpeg
    Changed by Ruikai Peng <ruikaiohnoyoudont@pwno.io>
    Changed at Tue 07 Apr 2026 01:39:40
    Repository https://git.ffmpeg.org/ffmpeg.git
    Project ffmpeg
    Branch master
    Revision e90c2ff4b5a5922d2cad1acd41595084f71d74a8

    Comments

    avcodec/libdav1d: fix heap overflow in US ITU-T T.35 metadata parsing
The US country_code path in parse_itut_t35_metadata() reads the
the provider_code with bytestream2_get_be16u(), which is a
unchecked version that does not validate the remaining
length before reading. When an AV1 stream contains ITU-T T.35
metadata with country_code set to 0xB5 (which is US) and a
payload shorter than 2 bytes, this results in a heap overflow
reading 2 bytes past the allocation.

The UK country code already guards against this issue by
checking it before the unchecked read. We're using the same
pattern to the US country code path.

Pwno crafted an AV1 IVF with a metadata OBU containing ITU-T T.35
with country_code=0xB5 and a 1-byte payload. Decoding with libdav1d
triggers the overflow. ASan says:

ERROR: AddressSanitizer: heap-buffer-overflow
READ of size 2 at 0x5020000003f0 thread T0
  #0 bytestream_get_be16 src/libavcodec/bytestream.h:98
  #1 bytestream2_get_be16u src/libavcodec/bytestream.h:98
  #2 parse_itut_t35_metadata src/libavcodec/libdav1d.c:376

0x5020000003f1 is located 0 bytes after 1-byte region

Found-by: Pwno

    Changed files

    • libavcodec/libdav1d.c
BuildBot (0.8.14) working for the OpenCSW Buildbot project.
Page built: Tue 07 Apr 2026 04:24:27 (CEST)