[FFmpeg-trac] #1206(avformat:open): Controlled EDX in avformat

FFmpeg trac at avcodec.org
Sat Apr 14 09:23:43 CEST 2012


#1206: Controlled EDX in avformat
-------------------------------------+-------------------------------------
             Reporter:  daybreak     |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avformat
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV mkv                        |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avformat
 * priority:  normal => important
 * version:  unspecified => git-master
 * keywords:   => crash SIGSEGV mkv


Comment:

 {{{
 (gdb) r -i 243391nosound.mkvtest107.mkv -f null -
 Starting program: ffmpeg_g -i 243391nosound.mkvtest107.mkv -f null -
 [Thread debugging using libthread_db enabled]
 [New Thread 0xb7b6b6c0 (LWP 11511)]
 ffmpeg version N-39787-gcca9528 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on Apr 14 2012 08:48:33 with gcc 4.3.2
   configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl
   libavutil      51. 46.100 / 51. 46.100
   libavcodec     54. 14.101 / 54. 14.101
   libavformat    54.  3.100 / 54.  3.100
   libavdevice    53.  4.100 / 53.  4.100
   libavfilter     2. 69.101 /  2. 69.101
   libswscale      2.  1.100 /  2.  1.100
   libswresample   0. 11.100 /  0. 11.100
   libpostproc    52.  0.100 / 52.  0.100
 [matroska,webm @ 0x8ee3380] Unknown entry 0x233100
 [matroska,webm @ 0x8ee3380] Read error
 [matroska,webm @ 0x8ee3380] Unknown entry 0x82
     Last message repeated 1 times
 [matroska,webm @ 0x8ee3380] Unknown entry 0x84
     Last message repeated 1 times
 [matroska,webm @ 0x8ee3380] Unknown entry 0x233100
 [matroska,webm @ 0x8ee3380] Read error

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0xb7b6b6c0 (LWP 11511)]
 avio_rb16 (s=0xbfd45c88) at libavformat/aviobuf.c:459
 459             return *s->buf_ptr++;
 (gdb) bt
 #0  avio_rb16 (s=0xbfd45c88) at libavformat/aviobuf.c:459
 #1  0x08105dc5 in matroska_read_header (s=0x8ee3380) at
 libavformat/matroskadec.c:1590
 #2  0x0818f066 in avformat_open_input (ps=0xbfd45ed4, filename=0xbfd48269
 "243391nosound.mkvtest107.mkv",
     fmt=0x0, options=0x8e1fcec) at libavformat/utils.c:634
 #3  0x080545db in opt_input_file (o=0xbfd45fd0, opt=0xbfd48267 "i",
     filename=0xbfd48269 "243391nosound.mkvtest107.mkv") at ffmpeg.c:3777
 #4  0x0805f9d2 in parse_option (optctx=0xbfd45fd0, opt=0xbfd48267 "i",
     arg=0xbfd48269 "243391nosound.mkvtest107.mkv", options=0x87d96e0) at
 cmdutils.c:303
 #5  0x0805fd63 in parse_options (optctx=0xbfd45fd0, argc=6,
 argv=0xbfd46204, options=0x87d96e0,
     parse_arg_function=0x805a580 <opt_output_file>) at cmdutils.c:336
 #6  0x08059806 in main (argc=6, argv=0xbfd46204) at ffmpeg.c:5255
 (gdb) disass $pc-28 $pc+32
 Dump of assembler code from 0x80d9a8b to 0x80d9ac7:
 0x080d9a8b:     mov    $0x0,%edi
 0x080d9a90 <avio_rb16+0>:       sub    $0xc,%esp
 0x080d9a93 <avio_rb16+3>:       mov    %esi,0x8(%esp)
 0x080d9a97 <avio_rb16+7>:       mov    0x10(%esp),%esi
 0x080d9a9b <avio_rb16+11>:      mov    %ebx,0x4(%esp)
 0x080d9a9f <avio_rb16+15>:      mov    0xc(%esi),%eax
 0x080d9aa2 <avio_rb16+18>:      cmp    0x10(%esi),%eax
 0x080d9aa5 <avio_rb16+21>:      jae    0x80d9ad8 <avio_rb16+72>
 0x080d9aa7 <avio_rb16+23>:      movzbl (%eax),%ebx
 0x080d9aaa <avio_rb16+26>:      add    $0x1,%eax
 0x080d9aad <avio_rb16+29>:      mov    %eax,0xc(%esi)
 0x080d9ab0 <avio_rb16+32>:      shl    $0x8,%ebx
 0x080d9ab3 <avio_rb16+35>:      cmp    0x10(%esi),%eax
 0x080d9ab6 <avio_rb16+38>:      jae    0x80d9ae9 <avio_rb16+89>
 0x080d9ab8 <avio_rb16+40>:      movzbl (%eax),%edx
 0x080d9abb <avio_rb16+43>:      add    $0x1,%eax
 0x080d9abe <avio_rb16+46>:      mov    %eax,0xc(%esi)
 0x080d9ac1 <avio_rb16+49>:      mov    0x8(%esp),%esi
 0x080d9ac5 <avio_rb16+53>:      or     %edx,%ebx
 (gdb) info register
 eax            0x16     22
 ecx            0x2e7261 3043937
 edx            0x0      0
 ebx            0xbfd45c88       -1076601720
 esp            0xbfd45bc0       0xbfd45bc0
 ebp            0x8ee4340        0x8ee4340
 esi            0xbfd45c88       -1076601720
 edi            0x15000  86016
 eip            0x80d9aa7        0x80d9aa7 <avio_rb16+23>
 eflags         0x10283  [ CF SF IF RF ]
 cs             0x73     115
 ss             0x7b     123
 ds             0x7b     123
 es             0x7b     123
 fs             0x0      0
 gs             0x33     51
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1206#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list