[FFmpeg-trac] #2925(undetermined:new): wmav2: deadlock with fuzzed file
FFmpeg
trac at avcodec.org
Sun Sep 1 15:01:36 CEST 2013
#2925: wmav2: deadlock with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
(gdb) r -i ./wmav2_dead.wmv -vn -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-c042684/ffmpeg_g -i
./wmav2_dead.wmv -vn -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-c042684 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 30 2013 20:55:53 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[asf @ 0x9104d60] ff asf bad header 8a at:5440
[asf @ 0x9104d60] ff asf skip 1218 (unknown stream)
[asf @ 0x9104d60] unexpected packet_replic_size of 3
[asf @ 0x9104d60] ff asf skip 1220 (unknown stream)
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header 63 at:47698
[asf @ 0x9104d60] invalid packet_length -1127480349 at:47702
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf skip 0 (unknown stream)
Last message repeated 3 times
[asf @ 0x9104d60] ff asf bad header 90 at:53712
[asf @ 0x9104d60] invalid padsize 42126 at:53713
[asf @ 0x9104d60] invalid padsize 1278 at:54964
[asf @ 0x9104d60] ff asf bad header c4 at:57418
[asf @ 0x9104d60] packet_replic_size 8519681 is invalid
[asf @ 0x9104d60] ff asf bad header 10 at:122924
[asf @ 0x9104d60] invalid padsize 27664 at:122925
[asf @ 0x9104d60] ff asf bad header f3 at:188290
[asf @ 0x9104d60] invalid packet_length -1513297106 at:188296
[asf @ 0x9104d60] ff asf bad header d5 at:253418
[asf @ 0x9104d60] invalid padsize 33353 at:253423
[asf @ 0x9104d60] packet_frag_size is invalid (69-10)
[asf @ 0x9104d60] ff asf bad header 0 at:319912
[asf @ 0x9104d60] packet_replic_size 37457 is invalid
[asf @ 0x9104d60] ff asf bad header 5a at:321180
[asf @ 0x9104d60] invalid padsize -293877938 at:321186
[asf @ 0x9104d60] ff asf bad header a1 at:322470
[asf @ 0x9104d60] packet_replic_size 74 is invalid
[asf @ 0x9104d60] ff asf bad header 5d at:323830
[asf @ 0x9104d60] invalid padsize 316529875 at:323837
[asf @ 0x9104d60] ff asf bad header 8 at:325292
[asf @ 0x9104d60] packet_replic_size 52693 is invalid
[asf @ 0x9104d60] ff asf bad header e6 at:326984
[asf @ 0x9104d60] invalid packet_length 1529179864 at:326991
[asf @ 0x9104d60] ff asf bad header de at:329126
[asf @ 0x9104d60] invalid padsize -1445783319 at:329135
[asf @ 0x9104d60] ff asf bad header 7f at:330938
[asf @ 0x9104d60] invalid packet_length -1892764079 at:330949
[asf @ 0x9104d60] ff asf bad header c2 at:333510
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header d9 at:338408
[asf @ 0x9104d60] invalid padsize 1188097748 at:338413
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf skip 1220 (unknown stream)
[asf @ 0x9104d60] invalid padsize 5310 at:343418
[asf @ 0x9104d60] ff asf bad header c at:343428
[asf @ 0x9104d60] packet_replic_size 54347 is invalid
[asf @ 0x9104d60] ff asf bad header 44 at:344688
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 34608 at:355800
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 1468 at:359512
[asf @ 0x9104d60] ff asf bad header 80 at:363222
[asf @ 0x9104d60] ff asf skip 1229 (unknown stream)
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header 4 at:364466
[asf @ 0x9104d60] ff asf skip 1225 (unknown stream)
[asf @ 0x9104d60] ff asf bad header 0 at:365710
[asf @ 0x9104d60] unexpected packet_replic_size of 2
[asf @ 0x9104d60] ff asf bad header 35 at:366964
[asf @ 0x9104d60] packet_replic_size 4736 is invalid
[asf @ 0x9104d60] ff asf bad header b6 at:368248
[asf @ 0x9104d60] invalid padsize 32900 at:368254
[asf @ 0x9104d60] ff asf bad header 6d at:369550
[asf @ 0x9104d60] invalid packet_length 998078948 at:369556
[asf @ 0x9104d60] ff asf bad header de at:370916
[asf @ 0x9104d60] invalid padsize 711446516 at:370925
[asf @ 0x9104d60] ff asf bad header a1 at:372416
[asf @ 0x9104d60] ff asf bad header 9f at:374182
[asf @ 0x9104d60] invalid padsize -1026936850 at:374189
[asf @ 0x9104d60] ff asf bad header be at:376476
[asf @ 0x9104d60] invalid padsize 2055202886 at:376484
[asf @ 0x9104d60] ff asf bad header c2 at:379316
[asf @ 0x9104d60] freeing incomplete packet size 4962, new 23
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad header 0 at:385528
[asf @ 0x9104d60] ff asf skip 1229 (unknown stream)
[asf @ 0x9104d60] ff asf bad header 48 at:386788
[asf @ 0x9104d60] packet_replic_size 127541202 is invalid
[asf @ 0x9104d60] ff asf bad header f2 at:420378
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header ad at:454098
[asf @ 0x9104d60] invalid padsize 252 at:454101
[asf @ 0x9104d60] ff asf bad header 52 at:488118
[asf @ 0x9104d60] packet_replic_size 1811351201 is invalid
[asf @ 0x9104d60] ff asf bad header 23 at:507954
[asf @ 0x9104d60] packet_replic_size 63176 is invalid
[asf @ 0x9104d60] invalid padsize 49516 at:509312
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 49812 at:513026
[asf @ 0x9104d60] invalid padsize -748944202 at:515502
[asf @ 0x9104d60] ff asf bad header 83 at:519210
[asf @ 0x9104d60] ff asf skip 0 (unknown stream)
Last message repeated 1 times
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 50913 at:525406
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header 2a at:530310
[asf @ 0x9104d60] invalid padsize 233 at:530312
[asf @ 0x9104d60] ff asf bad header 19 at:532706
[asf @ 0x9104d60] invalid padsize 1397656782 at:532709
[asf @ 0x9104d60] invalid padsize 276 at:534071
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 39172 at:537785
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] packet fragment position invalid 1208017424,24 not in 2
[asf @ 0x9104d60] ff asf bad header 99 at:546398
[asf @ 0x9104d60] invalid padsize -549495214 at:546401
[asf @ 0x9104d60] ff asf bad header 80 at:548922
[asf @ 0x9104d60] ff asf skip 1229 (unknown stream)
[asf @ 0x9104d60] packet_replic_size 169 is invalid
[asf @ 0x9104d60] ff asf bad header 40 at:552656
[asf @ 0x9104d60] packet_replic_size 512 is invalid
[asf @ 0x9104d60] ff asf bad header 95 at:553920
[asf @ 0x9104d60] invalid padsize 40953 at:553923
[asf @ 0x9104d60] ff asf bad header 86 at:555196
[asf @ 0x9104d60] packet_replic_size 57737 is invalid
[asf @ 0x9104d60] ff asf bad header 60 at:556536
[asf @ 0x9104d60] invalid packet_length 1569834841 at:556539
[asf @ 0x9104d60] ff asf bad header cf at:557948
[asf @ 0x9104d60] packet_replic_size 152372822 is invalid
[asf @ 0x9104d60] ff asf bad header b6 at:618384
[asf @ 0x9104d60] invalid padsize 21489 at:618390
[asf @ 0x9104d60] ff asf bad header 35 at:678564
[asf @ 0x9104d60] invalid padsize 12003 at:678568
[asf @ 0x9104d60] ff asf bad header 12 at:739496
[asf @ 0x9104d60] invalid padsize 33388 at:739498
[asf @ 0x9104d60] ff asf bad header 8c at:799456
[asf @ 0x9104d60] packet_replic_size 59592 is invalid
[asf @ 0x9104d60] ff asf bad header 80 at:801164
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] invalid padsize 1253 at:806430
[asf @ 0x9104d60] ff asf skip 3 (unknown stream)
[asf @ 0x9104d60] invalid padsize 896804030 at:812622
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] invalid padsize 33972 at:817572
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad header 0 at:823780
[asf @ 0x9104d60] ff asf skip 1229 (unknown stream)
[asf @ 0x9104d60] ff asf bad header 35 at:825040
[asf @ 0x9104d60] invalid padsize 10333 at:825044
[asf @ 0x9104d60] ff asf bad header 69 at:825098
[asf @ 0x9104d60] invalid packet_length -819551906 at:825102
[asf @ 0x9104d60] ff asf bad header 10 at:825214
[asf @ 0x9104d60] invalid padsize 57801 at:825215
[asf @ 0x9104d60] ff asf bad header 13 at:825440
[asf @ 0x9104d60] invalid padsize 52806 at:825442
[asf @ 0x9104d60] ff asf bad header b3 at:825894
[asf @ 0x9104d60] invalid padsize 11797 at:825897
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] ff asf bad header 83 at:829948
[asf @ 0x9104d60] ff asf skip 0 (unknown stream)
[asf @ 0x9104d60] invalid padsize 1278 at:831190
[asf @ 0x9104d60] invalid padsize 15584 at:832430
[asf @ 0x9104d60] invalid padsize 15784 at:834906
[asf @ 0x9104d60] ff asf bad header 43 at:837368
[asf @ 0x9104d60] ff asf skip 0 (unknown stream)
Last message repeated 1 times
[asf @ 0x9104d60] packet fragment position invalid 512,0 not in 0
[asf @ 0x9104d60] ff asf skip 0 (unknown stream)
Last message repeated 13 times
[asf @ 0x9104d60] ff asf bad header a7 at:874962
[asf @ 0x9104d60] packet_replic_size 209 is invalid
[asf @ 0x9104d60] ff asf bad header 1f at:876656
[asf @ 0x9104d60] invalid padsize 473893035 at:876663
[asf @ 0x9104d60] ff asf bad header d at:878788
[asf @ 0x9104d60] packet_frag_size is invalid (1111-9)
[asf @ 0x9104d60] ff asf bad header 4f at:880602
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad non zero
[asf @ 0x9104d60] packet_frag_size is invalid (36-10)
[asf @ 0x9104d60] ff asf bad header 8 at:910438
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad header f6 at:911714
[asf @ 0x9104d60] invalid packet_length -381568174 at:911723
[asf @ 0x9104d60] ff asf bad header 4c at:913016
[asf @ 0x9104d60] packet_obj_size invalid
[asf @ 0x9104d60] ff asf bad header 5e at:937480
[asf @ 0x9104d60] invalid padsize -27015494 at:937489
[asf @ 0x9104d60] ff asf bad header 18 at:961624
[asf @ 0x9104d60] invalid padsize -377878436 at:961627
[asf @ 0x9104d60] invalid padsize 1074 at:962087
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, asf, from './wmav2_dead.wmv':
Metadata:
WMFSDKVersion : 7.01.00.3055
WMFSDKNeeded : 0.0.0.0000
Duration: 00:02:12.53, start: 0.192000, bitrate: 59 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 8000 Hz, mono, fltp,
0 kb/s
Stream #0:1: Video: mss1 (MSS1 / 0x3153534D), pal8, 1024x768, 48.92
tbr, 1k tbn, 1k tbc
[New Thread 0xb7dd1b70 (LWP 30691)]
[New Thread 0xb75d1b70 (LWP 30692)]
[New Thread 0xb6dd1b70 (LWP 30693)]
[New Thread 0xb65d1b70 (LWP 30694)]
[New Thread 0xb5dd1b70 (LWP 30695)]
[New Thread 0xb55d1b70 (LWP 30696)]
[New Thread 0xb4dd1b70 (LWP 30697)]
[New Thread 0xb45d1b70 (LWP 30698)]
[New Thread 0xb3dd1b70 (LWP 30699)]
Output #0, null, to 'pipe:':
Metadata:
WMFSDKVersion : 7.01.00.3055
WMFSDKNeeded : 0.0.0.0000
encoder : Lavf55.15.100
Stream #0:0: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (wmav2 -> pcm_s16le)
Press [q] to stop, [?] for help
Multiple frames in a packet from stream 0
[null @ 0x9106ba0] Application provided invalid, non monotonically
increasing dts to muxer in stream 0: 388800 >= 383040
[null @ 0x9106ba0] Application provided invalid, non monotonically
increasing dts to muxer in stream 0: 388800 >= 388800
[wmav2 @ 0x9105620] overflow in spectral RLE, ignoring
Last message repeated 5 times
Program received signal SIGINT, Interrupt.
wma_decode_block (s=s at entry=0x911d3e0) at libavcodec/wmadec.c:516
516 total_gain += a;
(gdb) bt
#0 wma_decode_block (s=s at entry=0x911d3e0) at libavcodec/wmadec.c:516
#1 0x0871a3f7 in wma_decode_frame (samples_offset=0, samples=0x9109be0,
s=0x911d3e0) at libavcodec/wmadec.c:780
#2 wma_decode_superframe (avctx=0x9105620, data=0x9109be0,
got_frame_ptr=0xbffff504, avpkt=0xbffff218) at libavcodec/wmadec.c:918
#3 0x086774f5 in avcodec_decode_audio4 (avctx=avctx at entry=0x9105620,
frame=frame at entry=0x9109be0,
got_frame_ptr=got_frame_ptr at entry=0xbffff504,
avpkt=avpkt at entry=0xbffff750) at libavcodec/utils.c:2124
#4 0x080b534a in decode_audio (ist=ist at entry=0x9106800,
pkt=pkt at entry=0xbffff750, got_output=got_output at entry=0xbffff504)
at ffmpeg.c:1526
#5 0x080b8760 in output_packet (pkt=0xbffff6e8, ist=0x9106800)
at ffmpeg.c:1863
#6 process_input (file_index=2) at ffmpeg.c:3085
#7 0x080a2e33 in transcode_step () at ffmpeg.c:3181
#8 transcode () at ffmpeg.c:3233
#9 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3411
(gdb)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2925>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list