[FFmpeg-trac] #2844(undetermined:new): flashsv2: crash with fuzzed file

FFmpeg trac at avcodec.org
Thu Aug 8 00:13:34 CEST 2013


#2844: flashsv2: crash with fuzzed file
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www1.datafilehost.com/d/079c80f1

 {{{
 knoppix at Microknoppix:/media/sdb1/ffmpeg$ ./ffmpeg_g -i ../fflashsv2.flv -f
 null -
 ffmpeg version 2.0 Copyright (c) 2000-2013 the FFmpeg developers
   built on Aug  6 2013 21:17:38 with gcc 4.7 (Debian 4.7.2-4)
   configuration: --enable-gpl --disable-yasm --disable-ffprobe --disable-
 ffserver
   libavutil      52. 40.100 / 52. 40.100
   libavcodec     55. 20.100 / 55. 20.100
   libavformat    55. 13.101 / 55. 13.101
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 82.100 /  3. 82.100
   libswscale      2.  4.100 /  2.  4.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 Input #0, flv, from '../fflashsv2.flv':
   Metadata:
     encoder         : Lavf55.13.101
   Duration: 00:00:12.64, start: 0.000000, bitrate: 7524 kb/s
     Stream #0:0: Video: flashsv2, bgr24, 320x240, 200 kb/s, 23.98 tbr, 1k
 tbn, 1k tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.13.101
     Stream #0:0: Video: rawvideo (BGR[24] / 0x18524742), bgr24, 320x240,
 q=2-31, 200 kb/s, 90k tbn, 23.98 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (flashsv2 -> rawvideo)
 Press [q] to stop, [?] for help
 [null @ 0x90e4400] Encoder did not produce proper pts, making some up.
 [flashsv2 @ 0x90d4620] Zlib resync occurred
     Last message repeated 1 times
 Error while decoding stream #0:0: Invalid data found when processing input
 [flashsv2 @ 0x90d4620] Zlib resync occurred
 Segmentation fault (core dumped)es
 knoppix at Microknoppix:/media/sdb1/ffmpeg$ gdb -c core ffmpeg_g
 GNU gdb (GDB) 7.4.1-debian
 Copyright (C) 2012 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "i486-linux-gnu".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>...
 Reading symbols from /media/sdb1/ffmpeg/ffmpeg_g...done.
 [New LWP 26609]

 warning: Can't read pathname for load map: Input/output error.
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 Failed to read a valid object file image from memory.
 Core was generated by `./ffmpeg_g -i ../fflashsv2.flv -f null -'.
 Program terminated with signal 11, Segmentation fault.
 #0  0xb74e7124 in _int_free (av=<optimized out>, p=0x95b4408) at
 malloc.c:4973
 4973    malloc.c: No such file or directory.
 (gdb) bt
 #0  0xb74e7124 in _int_free (av=<optimized out>, p=0x95b4408) at
 malloc.c:4973
 #1  0xb74ea3ed in *__GI___libc_free (mem=0x95b4440) at malloc.c:3738
 #2  0x08858842 in av_free (ptr=<optimized out>) at libavutil/mem.c:210
 #3  av_freep (arg=arg at entry=0xbfb5284c) at libavutil/mem.c:217
 #4  0x082362cf in read_from_packet_buffer (pkt=<optimized out>,
     pkt_buffer_end=<optimized out>, pkt_buffer=<optimized out>)
     at libavformat/utils.c:1284
 #5  av_read_frame (s=0x90d3d40, pkt=pkt at entry=0xbfb52b38)
     at libavformat/utils.c:1448
 #6  0x080b5a76 in get_input_packet (pkt=0xbfb52b18, f=0x90d49e0)
     at ffmpeg.c:2852
 #7  process_input (file_index=0) at ffmpeg.c:2889
 #8  0x080a1fc3 in transcode_step () at ffmpeg.c:3159
 #9  transcode () at ffmpeg.c:3211
 #10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2844>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list