[FFmpeg-trac] #3501(undetermined:new): vp7: crash with fuzzed file 2
FFmpeg
trac at avcodec.org
Tue Mar 25 21:02:55 CET 2014
#3501: vp7: crash with fuzzed file 2
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
(gdb) r -threads 1 -i vp7_1_f.avi -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-8f20e3d/ffmpeg_g -threads 1 -i
vp7_1_f.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.2.git-8f20e3d Copyright (c) 2000-2014 the FFmpeg
developers
built on Mar 25 2014 20:28:17 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-ffprobe --disable-ffserver --enable-gpl
--disable-yasm
libavutil 52. 69.100 / 52. 69.100
libavcodec 55. 54.100 / 55. 54.100
libavformat 55. 35.101 / 55. 35.101
libavdevice 55. 11.100 / 55. 11.100
libavfilter 4. 3.100 / 4. 3.100
libswscale 2. 5.102 / 2. 5.102
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Input #0, avi, from 'vp7_1_f.avi':
Duration: 00:00:12.64, start: 0.000000, bitrate: 253 kb/s
Stream #0:0: Video: vp7 (VP70 / 0x30375056), yuv420p, 2368x240, 23.97
tbr, 23.97 tbn, 23.97 tbc
[New Thread 0xb7df8b70 (LWP 5138)]
[New Thread 0xb75f8b70 (LWP 5139)]
[New Thread 0xb6df8b70 (LWP 5140)]
[New Thread 0xb65f8b70 (LWP 5141)]
[New Thread 0xb5df8b70 (LWP 5142)]
[New Thread 0xb55f8b70 (LWP 5143)]
[New Thread 0xb4df8b70 (LWP 5144)]
[New Thread 0xb45f8b70 (LWP 5145)]
[New Thread 0xb3df8b70 (LWP 5146)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.35.101
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 2368x240,
q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (vp7 -> rawvideo)
Press [q] to stop, [?] for help
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[...]
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x37)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
Input stream #0:0 frame changed from size:2368x240 fmt:yuv420p to
size:320x240 fmt:yuv420p
[Thread 0xb45f8b70 (LWP 5145) exited]
[Thread 0xb65f8b70 (LWP 5141) exited]
[Thread 0xb6df8b70 (LWP 5140) exited]
[Thread 0xb7df8b70 (LWP 5138) exited]
[Thread 0xb55f8b70 (LWP 5143) exited]
[Thread 0xb75f8b70 (LWP 5139) exited]
[Thread 0xb4df8b70 (LWP 5144) exited]
[Thread 0xb3df8b70 (LWP 5146) exited]
[Thread 0xb5df8b70 (LWP 5142) exited]
[New Thread 0xb3df8b70 (LWP 5147)]
[New Thread 0xb45f8b70 (LWP 5148)]
[New Thread 0xb4df8b70 (LWP 5149)]
[New Thread 0xb55f8b70 (LWP 5150)]
[New Thread 0xb5df8b70 (LWP 5151)]
[New Thread 0xb7df8b70 (LWP 5152)]
[New Thread 0xb75f8b70 (LWP 5153)]
[New Thread 0xb6df8b70 (LWP 5154)]
[New Thread 0xb65f8b70 (LWP 5155)]
[null @ 0x92ea320] Encoder did not produce proper pts, making some up.
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
Last message repeated 8 times
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
Last message repeated 285 times
[vp7 @ 0x92e9800] Unknown profile 4 is not implemented. Update your FFmpeg
version to the newest one from Git. If the problem still occurs, it means
that your file has a feature which has not been implemented.
[vp7 @ 0x92e9800] If you want to help, upload a sample of this file to
ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel
mailing list.
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x10)
Last message repeated 85 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xc)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x10)
Last message repeated 107 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x10)
Last message repeated 46 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x10)
Last message repeated 31 times
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0xc7)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x29)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[...]
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0xe8)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x29)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x29)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0xc7)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x29)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0xc7)
Last message repeated 1 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature blit-pitch present in macroblock (value 0xc7)
Input stream #0:0 frame changed from size:320x240 fmt:yuv420p to
size:36x1128 fmt:yuv420p
[Thread 0xb6df8b70 (LWP 5154) exited]
[Thread 0xb7df8b70 (LWP 5152) exited]
[Thread 0xb45f8b70 (LWP 5148) exited]
[Thread 0xb75f8b70 (LWP 5153) exited]
[Thread 0xb5df8b70 (LWP 5151) exited]
[Thread 0xb65f8b70 (LWP 5155) exited]
[Thread 0xb55f8b70 (LWP 5150) exited]
[Thread 0xb4df8b70 (LWP 5149) exited]
[Thread 0xb3df8b70 (LWP 5147) exited]
[New Thread 0xb65f8b70 (LWP 5156)]
[New Thread 0xb6df8b70 (LWP 5157)]
[New Thread 0xb75f8b70 (LWP 5158)]
[New Thread 0xb7df8b70 (LWP 5159)]
[New Thread 0xb5df8b70 (LWP 5160)]
[New Thread 0xb55f8b70 (LWP 5161)]
[New Thread 0xb4df8b70 (LWP 5162)]
[New Thread 0xb45f8b70 (LWP 5163)]
[New Thread 0xb3df8b70 (LWP 5164)]
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xd)
[...]
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x1f)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
Last message repeated 1 times
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xd)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
Last message repeated 1 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x1f)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x1f)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x28)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
Last message repeated 1 times
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x1f)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xd)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x28)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xd)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0xd)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature lf-delta present in macroblock (value 0x28)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Feature q-index present in macroblock (value 0x0)
[vp7 @ 0x92e9800] Feature partial-golden-update present in macroblock
(value 0x0)
[vp7 @ 0x92e9800] Unknown profile 2 is not implemented. Update your FFmpeg
version to the newest one from Git. If the problem still occurs, it means
that your file has a feature which has not been implemented.
[vp7 @ 0x92e9800] If you want to help, upload a sample of this file to
ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel
mailing list.
Error while decoding stream #0:0: Invalid data found when processing input
frame= 139 fps= 91 q=0.0 size=N/A time=00:00:05.96 bitrate=N/A
Program received signal SIGSEGV, Segmentation fault.
0x08739ef5 in bytestream_get_be24 (b=0x92ee0fc) at
libavcodec/bytestream.h:91
91 DEF(unsigned int, be24, 3, AV_RB24, AV_WB24)
(gdb) bt
#0 0x08739ef5 in bytestream_get_be24 (b=0x92ee0fc)
at libavcodec/bytestream.h:91
#1 ff_vp56_init_range_decoder (c=c at entry=0x92ee0f4,
buf=buf at entry=0x94242e7 <Address 0x94242e7 out of bounds>,
buf_size=buf_size at entry=-654883) at libavcodec/vp56rac.c:46
#2 0x087639e5 in vp7_decode_frame_header (s=0x92ecf00,
buf=0x94242e7 <Address 0x94242e7 out of bounds>, buf_size=-654883)
at libavcodec/vp8.c:489
#3 0x0875dba9 in ff_vp8_decode_frame (avctx=0x92e9800, data=0x92eee20,
got_frame=0xbffff50c, avpkt=0xbffff298) at libavcodec/vp8.c:2350
#4 0x086d5c5f in avcodec_decode_video2 (avctx=0x92e9800,
picture=picture at entry=0x92eee20,
got_picture_ptr=got_picture_ptr at entry=0xbffff50c,
avpkt=avpkt at entry=0xbffff778) at libavcodec/utils.c:2182
#5 0x080c415d in decode_video (ist=ist at entry=0x92ec860,
pkt=pkt at entry=0xbffff778, got_output=got_output at entry=0xbffff50c)
at ffmpeg.c:1844
#6 0x080c88e7 in output_packet (pkt=0xbffff710, ist=0x92ec860)
at ffmpeg.c:2064
#7 process_input (file_index=154047680) at ffmpeg.c:3413
#8 0x080ac0db in transcode_step () at ffmpeg.c:3507
#9 transcode () at ffmpeg.c:3559
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3739
(gdb)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3501>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list