A SIGSEGV signal appear when running program Thordec

[fCorleone]

An issue has been discovered when use Thordec:

ASAN:SIGSEGV
=================================================================
==22231==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fec86fb7425 bp 0x7fffe85bc968 sp 0x7fffe85aceb8 T0)
    #0 0x7fec86fb7424 in strrchr (/lib/x86_64-linux-gnu/libc.so.6+0x8d424)
    #1 0x4022a9 in main dec/maindec.c:116
    #2 0x7fec86f4a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #3 0x406ce8 in _start (/home/mfc_fuzz/thor/build/Thordec+0x406ce8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strrchr
==22231==ABORTING

The input file is displayed at: https://github.com/fCorleone/fuzz_programs/blob/master/thor/test.bit
The command line is ./Thordec test.bit out.yuv

[stemidts]

Thanks for the report. Can you specify the commit id you're using to decode?

[fCorleone]

I have checked the commit id, it's commit e42047d.It's strange that I cloned the code from the https://github.com/cisco/thor.git 12 days ago. Does it mean that I would get the latest version of the code? But when I check the commit id using command line:

git reflog

I got this :

e42047d HEAD@{0}: clone: from https://github.com/cisco/thor.git

[stemidts]

Thanks. It looks to me that the bitstream contains illegal elements, which indicates that there is an encoder bug as well. Are you able to share how you produced the stream? (config file, options & input video)

Does the following patch for you work? (it should fix the crash, but the file will not be decodable):
patch.txt

[fCorleone]

My command line to produce the stream is like:

./Thordec test.bit out.yuv

with no options and config file , I just try to input a file and the issue happened.
The input file has been placed at:https://github.com/fCorleone/fuzz_programs/blob/master/thor/test.bit
I will try the patch later.
By the way, I'm wondering that could I get a CVE ID for this issue?
Thank you for your reply to this issue anyway.

[stemidts]

I meant the Thorenc command used to produce test.bit (and test2.bit in #37)

[fCorleone]

Oh, the test bit was not produced by Thorenc using a certain video. The test bit was created in fuzzing process. I put a seed into the fuzzing process and afl mutated the seed and got the test bit which would make a crash to the program.

[fCorleone]

@stemidts Could I get CVE-IDs for this two issues please?

[stemidts]

We haven't issued CVE's yet. In order for me to understand this problem correctly, it would be helpful if you could give feedback whether the patch helps.

[fCorleone]

Yes , the patch fix the problem for me.

[fCorleone]

@stemidts will I get CVE-ids for these two issues?

[stemidts]

The issues seem to have the same root cause and the CVD ID is CVE-2018-0429.

A patch has been committed into the repository.