[FFmpeg-trac] #2977(undetermined:new): smv: deadlock with fuzzed file

FFmpeg trac at avcodec.org
Sat Sep 21 16:17:00 CEST 2013 

#2977: smv: deadlock with fuzzed file
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www1.datafilehost.com/d/7e21f32b

 {{{
 (gdb) r -threads 1 -i deadlock.smv -vn -f null -
 The program being debugged has been started already.
 Start it from the beginning? (y or n) y

 Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -threads 1 -i
 deadlock.smv -vn -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
   built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-
 ffserver
   libavutil      52. 44.100 / 52. 44.100
   libavcodec     55. 31.101 / 55. 31.101
   libavformat    55. 18.100 / 55. 18.100
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 86.101 /  3. 86.101
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 [NULL @ 0x9115d20] [IMGUTILS @ 0xbfffee44] Picture size 162x8405112 is
 invalid
 [NULL @ 0x9115d20] Ignoring invalid width/height values
 [mjpeg @ 0x9117cc0] huffman table decode error
 [wav @ 0x9114e40] decoding for stream 1 failed
 [wav @ 0x9114e40] Could not find codec parameters for stream 1 (Video:
 smv, yuvj420p): unspecified size
 Consider increasing the value for the 'analyzeduration' and 'probesize'
 options
 Guessed Channel Layout for  Input Stream #0.0 : mono
 Input #0, wav, from 'deadlock.smv':
   Duration: 291:32:23.00, start: 0.000000, bitrate: 0 kb/s
     Stream #0:0: Audio: adpcm_ima_wav ([17][0][0][0] / 0x0011), 22050 Hz,
 mono, s16p, 88 kb/s
     Stream #0:1: Video: smv, yuvj420p, 2 fps, 2 tbr, 2 tbn, 2 tbc
 [New Thread 0xb7df8b70 (LWP 23716)]
 [New Thread 0xb75f8b70 (LWP 23717)]
 [New Thread 0xb6df8b70 (LWP 23718)]
 [New Thread 0xb65f8b70 (LWP 23719)]
 [New Thread 0xb5df8b70 (LWP 23720)]
 [New Thread 0xb55f8b70 (LWP 23721)]
 [New Thread 0xb4df8b70 (LWP 23722)]
 [New Thread 0xb45f8b70 (LWP 23723)]
 [New Thread 0xb3df8b70 (LWP 23724)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.18.100
     Stream #0:0: Audio: pcm_s16le, 22050 Hz, mono, s16, 352 kb/s
 Stream mapping:
   Stream #0:0 -> #0:0 (adpcm_ima_wav -> pcm_s16le)
 Press [q] to stop, [?] for help
 size=N/A time=00:00:00.00 bitrate=N/A
 Program received signal SIGINT, Interrupt.
 0xb7f8ed41 in read () at ../sysdeps/unix/syscall-template.S:82
 82      ../sysdeps/unix/syscall-template.S: No such file or directory.
 (gdb) bt
 #0  0xb7f8ed41 in read () at ../sysdeps/unix/syscall-template.S:82
 #1  0x08167cfe in file_read (h=0x9115380,
     buf=0x911d4c8 "\tJ\001\377\330\377", <incomplete sequence \340>,
     size=<optimized out>) at libavformat/file.c:86
 #2  0x0815169d in retry_transfer_wrapper (transfer_func=0x8167cd0
 <file_read>,
     size_min=1, size=32768,
     buf=0x911d4c8 "\tJ\001\377\330\377", <incomplete sequence \340>,
     h=0x9115380) at libavformat/avio.c:278
 #3  ffurl_read (h=0x9115380,
     buf=0x911d4c8 "\tJ\001\377\330\377", <incomplete sequence \340>,
     size=32768) at libavformat/avio.c:309
 #4  0x0815226a in fill_buffer (s=s at entry=0x911d440)
     at libavformat/aviobuf.c:428
 #5  0x081553df in avio_r8 (s=0x911d440) at libavformat/aviobuf.c:474
 #6  avio_rl16 (s=0x911d440) at libavformat/aviobuf.c:580
 #7  avio_rl24 (s=0x911d440) at libavformat/aviobuf.c:588
 #8  0x08246a4e in wav_read_packet (s=0x9114e40, pkt=0xbffff338)
     at libavformat/wavdec.c:485
 #9  0x082377e7 in ff_read_packet (s=s at entry=0x9114e40,
     pkt=pkt at entry=0xbffff338) at libavformat/utils.c:658
 #10 0x0823a129 in read_frame_internal (s=s at entry=0x9114e40,
     pkt=pkt at entry=0xbffff6e8) at libavformat/utils.c:1316
 #11 0x0823ad6a in av_read_frame (s=0x9114e40, pkt=pkt at entry=0xbffff6e8)
 ---Type <return> to continue, or q <return> to quit---
     at libavformat/utils.c:1420
 #12 0x080b6eb6 in get_input_packet (pkt=0xbffff6c8, f=0x911b380)
     at ffmpeg.c:2878
 #13 process_input (file_index=0) at ffmpeg.c:2915
 #14 0x080a3043 in transcode_step () at ffmpeg.c:3185
 #15 transcode () at ffmpeg.c:3237
 #16 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2977>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list