[FFmpeg-trac] #2923(avcodec:open): ffv1: invalid read

FFmpeg trac at avcodec.org
Sun Sep 1 13:49:17 CEST 2013


#2923: ffv1: invalid read
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  ffv1 crash   |               Blocked By:
  SIGSEGV regression                 |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avcodec
 * priority:  normal => important
 * version:  unspecified => git-master
 * keywords:  ffv1 => ffv1 crash SIGSEGV regression


Comment:

 My first download was corrupted.
 {{{
 (gdb) r -threads 4 -i ffv1_fuzz2.avi -f null -
 Starting program: ffmpeg_g -threads 4 -i ffv1_fuzz2.avi -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-55944-g7c18058 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Sep  1 2013 13:14:38 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --disable-indev=jack
   libavutil      52. 43.100 / 52. 43.100
   libavcodec     55. 30.100 / 55. 30.100
   libavformat    55. 15.100 / 55. 15.100
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 82.102 /  3. 82.102
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 [avi @ 0x16e6a20] Something went wrong during header parsing, I will
 ignore it and try to continue anyway.
 [ffv1 @ 0x16e7440] Cannot decode non-keyframe without valid keyframe
     Last message repeated 1 times
 [ffv1 @ 0x16e7440] read_quant_table error
 Input #0, avi, from 'ffv1_fuzz2.avi':
   Metadata:
     encoder         : Lavf55.13.101
   Duration: 00:00:12.64, start: 0.000000, bitrate: 5802 kb/s
     Stream #0:0: Video: ffv1 (FFV1 / 0x31564646), yuv410p, 320x240, 23.98
 fps, 23.97 tbr, 23.97 tbn, 23.97 tbc
 [New Thread 0x7ffff57e2700 (LWP 3092)]
 [New Thread 0x7ffff4fe1700 (LWP 3093)]
 [New Thread 0x7ffff47e0700 (LWP 3094)]
 [New Thread 0x7ffff3fdf700 (LWP 3095)]
 [New Thread 0x7ffff37de700 (LWP 3096)]
 [New Thread 0x7ffff2fdd700 (LWP 3097)]
 [New Thread 0x7ffff27dc700 (LWP 3098)]
 [New Thread 0x7ffff1fdb700 (LWP 3099)]
 [New Thread 0x7ffff17da700 (LWP 3100)]
 [New Thread 0x7ffff0fd9700 (LWP 3101)]
 [New Thread 0x7ffff07d8700 (LWP 3102)]
 [New Thread 0x7fffeffd7700 (LWP 3103)]
 [New Thread 0x7fffef7d6700 (LWP 3104)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.15.100
     Stream #0:0: Video: rawvideo (YUV9 / 0x39565559), yuv410p, 320x240,
 q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (ffv1 -> rawvideo)
 Press [q] to stop, [?] for help
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] read_quant_table error
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dd840] Invalid change of global parameters
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
 [ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
 Error while decoding stream #0:0: Invalid data found when processing input
     Last message repeated 1 times
 [null @ 0x16e8880] Encoder did not produce proper pts, making some up.

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0x7ffff0fd9700 (LWP 3101)]
 0x00000000006b6acb in get_vlc_symbol (state=0x0, gb=0x1713898,
 bits=<optimized out>)
     at libavcodec/ffv1dec.c:74
 74          while (i < state->error_sum) { // FIXME: optimize
 (gdb) print state
 $1 = (VlcState * const) 0x0
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x6b6aab to 0x6b6aeb:
    0x00000000006b6aab <decode_plane+1579>:      and    $0xc,%al
    0x00000000006b6aad <decode_plane+1581>:      xor    %ebp,%ebp
    0x00000000006b6aaf <decode_plane+1583>:      test   %ebx,%ebx
    0x00000000006b6ab1 <decode_plane+1585>:      jns    0x6b6792
 <decode_plane+786>
    0x00000000006b6ab7 <decode_plane+1591>:      movslq %edi,%rdi
    0x00000000006b6aba <decode_plane+1594>:      mov    0xa10(%rdx),%rcx
    0x00000000006b6ac1 <decode_plane+1601>:      lea    (%rdi,%rdi,2),%rsi
    0x00000000006b6ac5 <decode_plane+1605>:      lea    (%rcx,%rsi,2),%rdi
    0x00000000006b6ac9 <decode_plane+1609>:      xor    %esi,%esi
 => 0x00000000006b6acb <decode_plane+1611>:      movzwl 0x2(%rdi),%ebx
    0x00000000006b6acf <decode_plane+1615>:      movzbl 0x5(%rdi),%ecx
    0x00000000006b6ad3 <decode_plane+1619>:      movzwl %bx,%r8d
    0x00000000006b6ad7 <decode_plane+1623>:      cmp    %r8d,%ecx
    0x00000000006b6ada <decode_plane+1626>:      jge    0x6b6aea
 <decode_plane+1642>
    0x00000000006b6adc <decode_plane+1628>:      nopl   0x0(%rax)
    0x00000000006b6ae0 <decode_plane+1632>:      add    %ecx,%ecx
    0x00000000006b6ae2 <decode_plane+1634>:      add    $0x1,%esi
    0x00000000006b6ae5 <decode_plane+1637>:      cmp    %r8d,%ecx
    0x00000000006b6ae8 <decode_plane+1640>:      jl     0x6b6ae0
 <decode_plane+1632>
    0x00000000006b6aea <decode_plane+1642>:      mov    0x248(%r14),%r11d
 End of assembler dump.
 (gdb) info register
 rax            0x16dab72        23964530
 rbx            0xffffffff       4294967295
 rcx            0x0      0
 rdx            0x1714998        24201624
 rsi            0x0      0
 rdi            0x0      0
 rbp            0x0      0x0
 rsp            0x7ffff0fd8b40   0x7ffff0fd8b40
 r8             0x0      0
 r9             0x0      0
 r10            0x1      1
 r11            0x34910  215312
 r12            0x0      0
 r13            0x1713670        24196720
 r14            0x1713660        24196704
 r15            0x16da8e4        23963876
 rip            0x6b6acb 0x6b6acb <decode_plane+1611>
 eflags         0x10246  [ PF ZF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2923#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list