[FFmpeg-trac] #4294(avformat:new): tta: crash with fuzzed file
FFmpeg
trac at avcodec.org
Tue Feb 3 13:20:46 CET 2015
#4294: tta: crash with fuzzed file
----------------------------------+--------------------------------------
Reporter: tholin | Type: defect
Status: new | Priority: important
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
The attached file segfaults.
I had to manually edit the file to make the seek table crc match. It would
be nice if the tta code could honor the avctx->err_recognition &
AV_EF_CRCCHECK flag. It's easier to fuzz that way.
{{{
$ gdb --args ./ffmpeg -i ~/fuzz/ffmpeg_tta_crash.tta
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffmpeg...done.
(gdb) r
Starting program: /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg_build/ffmpeg -i
/home/cocobo/fuzz/ffmpeg_tta_crash.tta
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-69499-gfc35df8 Copyright (c) 2000-2015 the FFmpeg
developers
built with gcc 4.8.3 (Gentoo 4.8.3 p1.1, pie-0.5.9)
configuration: --prefix=/home/cocobo/repository/mpv-
build_ffmpeg_vanilla/build_libs --enable-static --disable-shared --enable-
gpl --enable-avresample --enable-debug=gdb --disable-doc --disable-
optimizations --disable-stripping
libavutil 54. 18.100 / 54. 18.100
libavcodec 56. 21.102 / 56. 21.102
libavformat 56. 19.100 / 56. 19.100
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 9.103 / 5. 9.103
libavresample 2. 1. 0 / 2. 1. 0
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
Program received signal SIGSEGV, Segmentation fault.
0x00000000006c17d8 in tta_read_packet (s=0x1e83360, pkt=0x7fffffffce80)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/libavformat/tta.c:156
156 size = st->index_entries[c->currentframe].size;
(gdb) bt
#0 0x00000000006c17d8 in tta_read_packet (s=0x1e83360,
pkt=0x7fffffffce80)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/libavformat/tta.c:156
#1 0x00000000006c76d1 in ff_read_packet (s=0x1e83360, pkt=0x7fffffffce80)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/libavformat/utils.c:665
#2 0x00000000006ca0b3 in read_frame_internal (s=0x1e83360,
pkt=0x7fffffffd120)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/libavformat/utils.c:1317
#3 0x00000000006d0573 in avformat_find_stream_info (ic=0x1e83360,
options=0x1e829e0)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/libavformat/utils.c:3171
#4 0x0000000000411202 in open_input_file (o=0x7fffffffd440,
filename=0x7fffffffde2b "/home/cocobo/fuzz/ffmpeg_tta_crash.tta")
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/ffmpeg_opt.c:908
#5 0x000000000041931a in open_files (l=0x1e6f0d8, inout=0x1238af7
"input",
open_file=0x410953 <open_input_file>)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/ffmpeg_opt.c:2718
#6 0x00000000004194a7 in ffmpeg_parse_options (argc=3,
argv=0x7fffffffd9e8)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/ffmpeg_opt.c:2755
#7 0x000000000042ce83 in main (argc=3, argv=0x7fffffffd9e8)
at /home/cocobo/repository/mpv-
build_ffmpeg_vanilla/ffmpeg/ffmpeg.c:3996
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4294>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list