Segmentation fault from bundled ffmpeg.exe - SECURITY RISK

The included ffmpeg.exe binary was built in 2021, and has known critical bugs and security issues, including memory corruption in some demuxers, non thread-safe filters and format handlers, and other use-after-free bugs. (arbitrary code execution risks).

Additionally, although it is static, it relies upon libnss for DNS resolution. If mismatched to system libraries, it can cause crashes. This is relevant as __nss_readline is the cause of the coredumps observed. I have recently reported issues regarding the speed and performance of UNA. Hypothetically, this type of regular core dumping due to the included static ffmpeg binary would be a significant bottleneck that may be a contributing factor.

Aug  6 16:58:45 hostname kernel: ffmpeg.exe[1162854]: segfault at 47 ip 00007fa1c6f39e54 sp 00007ffee0c3fbb0 error 4 in libc.so.6[7fa1c6e28000+175000] likely on CPU 7 (core 3, socket 1)
Aug  6 16:58:45 hostname kernel: Code: ff 48 85 c0 0f 84 99 00 00 00 41 80 3c 24 ff 0f 85 b4 00 00 00 48 8b 05 9a ef 0b 00 49 0f be 16 4c 89 f5 64 48 8b 08 48 89 d0 <f6> 44 51 01 20 74 18 0f 1f 44 00 00 48 0f be 55 01 48 83 c5 01
Aug  6 16:58:45 hostname systemd[1]: Started Process Core Dump (PID 1162855/UID 0).
Aug  6 16:58:45 hostname systemd-coredump[1162856]: Process 1162854 (ffmpeg.exe) of user 1001033 dumped core.#012#012Stack trace of thread 832570:#012#0  0x00007fa1c6f39e54 __nss_readline (/usr/lib64/libc.so.6 + 0x139e54)#012#1  
Aug  6 16:58:45 hostname systemd[1]: systemd-coredump@14697-1162855-0.service: Deactivated successfully.
Aug  6 16:58:45 hostname kernel: ffmpeg.exe[1162864]: segfault at 47 ip 00007f75d8d39e54 sp 00007ffc3bdd5d70 error 4 in libc.so.6[7f75d8c28000+175000] likely on CPU 11 (core 5, socket 1)
Aug  6 16:58:45 hostname kernel: Code: ff 48 85 c0 0f 84 99 00 00 00 41 80 3c 24 ff 0f 85 b4 00 00 00 48 8b 05 9a ef 0b 00 49 0f be 16 4c 89 f5 64 48 8b 08 48 89 d0 <f6> 44 51 01 20 74 18 0f 1f 44 00 00 48 0f be 55 01 48 83 c5 01
Aug  6 16:58:45 hostname systemd[1]: Started Process Core Dump (PID 1162865/UID 0).
Aug  6 16:58:45 hostname systemd-coredump[1162867]: Process 1162864 (ffmpeg.exe) of user 1001033 dumped core.#012#012Stack trace of thread 832572:#012#0  0x00007f75d8d39e54 __nss_readline (/usr/lib64/libc.so.6 + 0x139e54)#012#1  
Aug  6 16:58:45 hostname systemd[1]: systemd-coredump@14698-1162865-0.service: Deactivated successfully.
  • Up vote
    4
    Down vote
  • View
    519
  • More
Replies (1)
    Login or Join to comment.