[FFmpeg-trac] #3866(undetermined:new): mov: deadlock (fuzzed file)

FFmpeg trac at avcodec.org
Sun Aug 17 15:58:36 CEST 2014 

#3866: mov: deadlock (fuzzed file)
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www.datafilehost.com/d/fe6e5a25

 {{{
 (gdb) r -i deadf.mov
 Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i deadf.mov
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
   built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-
 ffprobe
   libavutil      54.  3.100 / 54.  3.100
   libavcodec     56.  0.101 / 56.  0.101
   libavformat    56.  1.100 / 56.  1.100
   libavdevice    56.  0.100 / 56.  0.100
   libavfilter     5.  0.100 /  5.  0.100
   libswscale      3.  0.100 /  3.  0.100
   libswresample   1.  0.100 /  1.  0.100
   libpostproc    53.  0.100 / 53.  0.100
 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x93af340] overread end of atom 'dref' by
 1073741824 bytes
 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x93af340] multiple fourcc not supported
     Last message repeated 66632 times
 Program received signal SIGINT, Interrupt.
 0xb7ef991e in __write_nocancel () at ../sysdeps/unix/syscall-template.S:82
 82      ../sysdeps/unix/syscall-template.S: No such file or directory.
 (gdb) bt
 #0  0xb7ef991e in __write_nocancel () at ../sysdeps/unix/syscall-
 template.S:82
 #1  0xb7ea06c4 in _IO_new_file_write (f=0xb7f7e560, data=0xbfffb2d0, n=38)
     at fileops.c:1276
 #2  0xb7ea036f in new_do_write (fp=0xb7f7e560,
     data=0xbfffb2d0 "    Last message repeated 66633
 times\r\377\277\026\006\352\267;", to_do=38) at fileops.c:530
 #3  0xb7ea0616 in _IO_new_file_xsputn (f=0xb7f7e560, data=0xbfffb2d0,
 n=38)
     at fileops.c:1370
 #4  0xb7e786a8 in buffered_vfprintf (s=0xb7f7e560, format=<optimized out>,
     args=<optimized out>) at vfprintf.c:2310
 #5  0xb7e73833 in _IO_vfprintf_internal (s=0xb7f7e560,
     format=0x8c65abc "    Last message repeated %d times\r",
     ap=0xbfffd968 "I\004\001") at vfprintf.c:1309
 #6  0xb7e7d8df in __fprintf (stream=0xb7f7e560,
     format=format at entry=0x8c65abc "    Last message repeated %d times\r")
     at fprintf.c:33
 #7  0x089ef5af in av_log_default_callback (ptr=0x93af340, level=24,
     fmt=0x8a63a5c "multiple fourcc not supported\n", vl=0xbfffeddc "\001")
     at libavutil/log.c:318
 #8  0x089ef882 in av_vlog (vl=0xbfffeddc "\001",
     fmt=0x8a63a5c "multiple fourcc not supported\n", level=<optimized
 out>,
     avcl=0x93af340) at libavutil/log.c:360
 #9  av_log (avcl=0x93af340, level=<optimized out>, level at entry=24,
 ---Type <return> to continue, or q <return> to quit---
     fmt=fmt at entry=0x8a63a5c "multiple fourcc not supported\n")
     at libavutil/log.c:352
 #10 0x081f3861 in mov_skip_multiple_stsd (size=-17, format=-1,
     codec_tag=909201230, pb=0x93aed20, c=<optimized out>)
     at libavformat/mov.c:1658
 #11 ff_mov_read_stsd_entries (c=0x93aee60, pb=0x93aed20,
 entries=134217729)
     at libavformat/mov.c:1702
 #12 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 #13 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 #14 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 #15 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 #16 0x081f11c3 in mov_read_trak (c=c at entry=0x93aee60,
 pb=pb at entry=0x93aed20,
     atom=...) at libavformat/mov.c:2426
 #17 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 #18 0x081ebb77 in mov_read_moov (c=c at entry=0x93aee60,
 pb=pb at entry=0x93aed20,
     atom=...) at libavformat/mov.c:777
 #19 0x081eb0c8 in mov_read_default (c=c at entry=0x93aee60,
     pb=pb at entry=0x93aed20, atom=...) at libavformat/mov.c:3247
 ---Type <return> to continue, or q <return> to quit---
 #20 0x081effb4 in mov_read_header (s=0x93af340) at libavformat/mov.c:3572
 #21 0x08294543 in avformat_open_input (ps=ps at entry=0xbffff44c,
     filename=filename at entry=0xbffffb78 "deadf.mov", fmt=fmt at entry=0x0,
     options=0x93a884c) at libavformat/utils.c:437
 #22 0x080be28d in open_input_file (o=o at entry=0xbffff54c,
     filename=<optimized out>) at ffmpeg_opt.c:870
 #23 0x080b7d17 in open_files (inout=inout at entry=0x8a76cbb "input",
     open_file=open_file at entry=0x80bdf90 <open_input_file>,
     l=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
     l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
     at ffmpeg_opt.c:2670
 #24 0x080bff09 in ffmpeg_parse_options (argc=argc at entry=3,
     argv=argv at entry=0xbffff9f4) at ffmpeg_opt.c:2707
 #25 0x080af43a in main (argc=3, argv=0xbffff9f4) at ffmpeg.c:3824
 (gdb)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3866>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list