[FFmpeg-devel] Buffer overflow in ALS decoder

Thilo Borgmann thilo.borgmann
Wed Feb 17 23:27:43 CET 2010


Am 17.02.10 18:39, schrieb Reimar D?ffinger:
> On Wed, Feb 17, 2010 at 02:35:18PM +0100, Thilo Borgmann wrote:
>> Am 16.02.10 23:32, schrieb Reimar D?ffinger:
>>> On Tue, Feb 16, 2010 at 11:13:47PM +0100, Reimar D?ffinger wrote:
>>>> attached patch fixes it for me while seemingly still playing the files
>>>> correctly (I haven't actually run the CRC though).
>>>
>>> CRCs for all files in the FATE suite remain unchanged.
>>
>> I hope my virtual system will be up and running this evening to test
>> this and the other reported failures, especially on 64bit.
>>
>> Thanks for the patch I will hopefully see soon what is going wrong on
>> all that 64bitters...
> 
> Uh, valgrind reports the same issue for 32 bit x86 - that it's more likely
> to crash on 64 bit systems is probably "random" due to different heap layout.

Thanks to your 'not knowing what you're doing' a quite big logical error
revealed. I checked the solution (attached patch) with my local normal
testsuite of several MCC files as well as with that 04 on a 64bit
gcc-4.3.2 driven Linux:




thilo at FFLinux64:~/dev/ffmpeg$ gdb --args ./ffmpeg_g -i
/SharedFolder/mp4data/als_04_2ch48k16b.mp4 -f crc -
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r
Starting program: /home/thilo/dev/ffmpeg/ffmpeg_g -i
/SharedFolder/mp4data/als_04_2ch48k16b.mp4 -f crc -
FFmpeg version SVN-r21870, Copyright (c) 2000-2010 Fabrice Bellard, et al.
  built on Feb 17 2010 22:54:23 with gcc 4.3.2
  configuration:
  libavutil     50. 9. 0 / 50. 9. 0
  libavcodec    52.54. 0 / 52.54. 0
  libavformat   52.52. 0 / 52.52. 0
  libavdevice   52. 2. 0 / 52. 2. 0
  libswscale     0.10. 0 /  0.10. 0
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'/SharedFolder/mp4data/als_04_2ch48k16b.mp4':
  Metadata:
    major_brand     : mp42
    minor_version   : 0
    compatible_brands: mp42isom
  Duration: 00:00:14.81, start: 0.000000, bitrate: 442 kb/s
    Stream #0.0(und): Audio: als, 48000 Hz, 2 channels, s16, 441 kb/s
Output #0, crc, to 'pipe:':
  Metadata:
    encoder         : Lavf52.52.0
    Stream #0.0(und): Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding
Multiple frames in a packet from stream 0
CRC=0x7e67db0b
size=       0kB time=14.81 bitrate=   0.0kbits/s
video:0kB audio:2777kB global headers:0kB muxing overhead -99.999473%

Program exited normally.
(gdb) q


thilo at FFLinux64:~/dev/ffmpeg$ valgrind ./ffmpeg_g -i
/SharedFolder/mp4data/als_04_2ch48k16b.mp4 -f crc -==14864== Memcheck, a
memory error detector.
==14864== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==14864== Using LibVEX rev 1854, a library for dynamic binary translation.
==14864== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==14864== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation
framework.
==14864== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==14864== For more details, rerun with: -v
==14864==
FFmpeg version SVN-r21870, Copyright (c) 2000-2010 Fabrice Bellard, et al.
  built on Feb 17 2010 22:54:23 with gcc 4.3.2
  configuration:
  libavutil     50. 9. 0 / 50. 9. 0
  libavcodec    52.54. 0 / 52.54. 0
  libavformat   52.52. 0 / 52.52. 0
  libavdevice   52. 2. 0 / 52. 2. 0
  libswscale     0.10. 0 /  0.10. 0
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'/SharedFolder/mp4data/als_04_2ch48k16b.mp4':
  Metadata:
    major_brand     : mp42
    minor_version   : 0
    compatible_brands: mp42isom
  Duration: 00:00:14.81, start: 0.000000, bitrate: 442 kb/s
    Stream #0.0(und): Audio: als, 48000 Hz, 2 channels, s16, 441 kb/s
Output #0, crc, to 'pipe:':
  Metadata:
    encoder         : Lavf52.52.0
    Stream #0.0(und): Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding
Multiple frames in a packet from stream 0
CRC=0x7e67db0b
size=       0kB time=14.81 bitrate=   0.0kbits/s
video:0kB audio:2777kB global headers:0kB muxing overhead -99.999473%
==14864==
==14864== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 8 from 1)
==14864== malloc/free: in use at exit: 0 bytes in 0 blocks.
==14864== malloc/free: 805 allocs, 805 frees, 6,002,187 bytes allocated.
==14864== For counts of detected errors, rerun with: -v
==14864== All heap blocks were freed -- no leaks are possible.
thilo at FFLinux64:~/dev/ffmpeg$


I'm new to valgrind and I don't trust the shiny new FFLinux64 by now.
So, Mans, please check your file(s) again with the attached patch before
I'm going to apply something potentially wrong.

-Thilo
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: als_mccfix.patch
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100217/183e9d41/attachment.txt>



More information about the ffmpeg-devel mailing list