[FFmpeg-trac] #4152(avformat:open): jacosub: deadlock with fuzzed file

FFmpeg trac at avcodec.org
Wed Dec 3 15:18:24 CET 2014

#4152: jacosub: deadlock with fuzzed file
             Reporter:  tholin       |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avformat
              Version:  git-master   |               Resolution:
             Keywords:  jacosub      |               Blocked By:
  deadlock                           |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
Changes (by cehoyos):

 * keywords:   => jacosub deadlock
 * priority:  normal => important
 * status:  new => open
 * reproduced:  0 => 1


 For future tickets: Please understand that while an analysis is helpful,
 never replace the actual report with an analysis of the bug, always
 provide the failing command line together with the complete, uncut console
 output. And please do not compress, encrypt or encode the input sample,
 simply attach it.
 (gdb) r -loglevel 99 -i jacosub.jss
 Starting program: ffmpeg_g -loglevel 99 -i jacosub.jss
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-68182-g534f901 Copyright (c) 2000-2014 the FFmpeg
   built on Dec  3 2014 15:12:58 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      54. 15.100 / 54. 15.100
   libavcodec     56. 13.100 / 56. 13.100
   libavformat    56. 15.102 / 56. 15.102
   libavdevice    56.  3.100 / 56.  3.100
   libavfilter     5.  2.103 /  5.  2.103
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 Splitting the commandline.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-i' ... matched as input file with argument 'jacosub.jss'.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option loglevel (set logging level) with argument 99.
 Successfully parsed a group of options.
 Parsing a group of options: input file jacosub.jss.
 Successfully parsed a group of options.
 Opening an input file: jacosub.jss.
 [jacosub @ 0x1a68ba0] Format jacosub probed with size=2048 and score=51

 Program received signal SIGINT, Interrupt.
 0x00007ffff62752d0 in __read_nocancel () from /lib64/libpthread.so.0
 (gdb) bt
 #0  0x00007ffff62752d0 in __read_nocancel () from /lib64/libpthread.so.0
 #1  0x00000000005679eb in file_read (h=<optimized out>, buf=<optimized
     size=<optimized out>) at libavformat/file.c:86
 #2  0x000000000054ac1c in retry_transfer_wrapper (transfer_func=0x5679d0
     size_min=1, size=32768,
 "\t\n\n\n\v at 1@13\n\n\r\r\r\r.\r\r\r\v\v\v\v\v\241\\\200\001\241\\\200\001\r\r\r\r\r\r\r\r\r\r\200\001\r\r\037\r\t\r\r\r\r\r\r\r\r\v\r\r\r\r",
     at libavformat/avio.c:303
 #3  ffurl_read (h=0x1a67f00,
 "\t\n\n\n\v at 1@13\n\n\r\r\r\r.\r\r\r\v\v\v\v\v\241\\\200\001\241\\\200\001\r\r\r\r\r\r\r\r\r\r\200\001\r\r\037\r\t\r\r\r\r\r\r\r\r\v\r\r\r\r",
     at libavformat/avio.c:334
 #4  0x000000000054b893 in fill_buffer (s=s at entry=0x1a683a0) at
 #5  0x000000000054fa30 in avio_r8 (s=0x1a683a0) at
 #6  ff_get_line (s=s at entry=0x1a683a0, buf=buf at entry=0x7fffffffce90 "\r",
     maxlen=maxlen at entry=512) at libavformat/aviobuf.c:679
 #7  0x0000000000588fcf in jacosub_read_header (s=0x1a68ba0)
     at libavformat/jacosubdec.c:181
 #8  0x000000000063eb75 in avformat_open_input (ps=ps at entry=0x7fffffffd5c8,
     filename=filename at entry=0x7fffffffe203 "jacosub.jss",
 fmt=fmt at entry=0x0,
     options=0x1a604d8) at libavformat/utils.c:463
 #9  0x000000000047cd5d in open_input_file (o=o at entry=0x7fffffffd680,
     filename=<optimized out>) at ffmpeg_opt.c:873
 #10 0x0000000000475ec4 in open_files (inout=inout at entry=0xef769f "input",
     open_file=open_file at entry=0x47b6b0 <open_input_file>, l=<optimized
     l=<optimized out>) at ffmpeg_opt.c:2699
 #11 0x000000000047d309 in ffmpeg_parse_options (argc=argc at entry=5,
     argv=argv at entry=0x7fffffffdd58) at ffmpeg_opt.c:2736
 #12 0x000000000046dd58 in main (argc=5, argv=0x7fffffffdd58) at

Ticket URL: <https://trac.ffmpeg.org/ticket/4152#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list