[FFmpeg-devel] Patch for issue 1973 (targa decoder crash on corrupted file)

Jean-Daniel Dupas devlists
Sun May 30 02:34:07 CEST 2010


Le 29 mai 2010 ? 23:37, Carl Eugen Hoyos a ?crit :

> Kostya <kostya.shishkov <at> gmail.com> writes:
> 
>> If that is done can somebody please test this patch on existing samples
>> and apply it? I just can't do that (yet).
> 
> I was unable to reproduce the crash and asked for more information on roundup.


My first test was on Mac OS X.

I did a test on Linux 64 and you're right, it does not crash.
That the problem when you read and write at random location. It cannot be reliably reproduce on all configurations.

That said, you can run ffmpeg using valgrind to show where the bug append:

valgrind --tool=memcheck ./ffmpeg -i tga_bgra32_rle_with_deadly_invalid_frame_cut.mov test.mov
?
==21956== Invalid read of size 4 
?
==21956==  Address 0x69938e0 is 190,624 bytes inside a block of size 190,626 alloc'd
?
==21956== Invalid read of size 1
?
==21956==  Address 0x69938e4 is 2 bytes after a block of size 190,626 alloc'd
?
==21956== Invalid read of size 4
?
==21956==  Address 0x6993c9e is not stack'd, malloc'd or (recently) free'd


-- Jean-Daniel







More information about the ffmpeg-devel mailing list