[FFmpeg-trac] #4262(avformat:new): mpc8: deadlock with fuzzed file
FFmpeg
trac at avcodec.org
Wed Jan 14 18:30:30 CET 2015
#4262: mpc8: deadlock with fuzzed file
----------------------------------+--------------------------------------
Reporter: tholin | Type: defect
Status: new | Priority: normal
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
The attached file hangs in an infinite loop.
{{{
$ gdb --args ./ffmpeg -v 9 -loglevel 99 -i ~/fuzz/hang.mpc
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffmpeg...done.
(gdb) r
Starting program: /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg_build/ffmpeg -v 9 -loglevel 99 -i
/home/cocobo/fuzz/hang.mpc
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-69051-ga9d700f Copyright (c) 2000-2015 the FFmpeg
developers
built on Jan 14 2015 12:54:19 with gcc 4.8.3 (Gentoo 4.8.3 p1.1,
pie-0.5.9)
configuration: --prefix=/home/cocobo/repository/mpv-
build_vanilla_debug/build_libs --enable-static --disable-shared --enable-
gpl --enable-avresample --enable-debug=gdb --disable-doc --disable-
optimizations --disable-stripping
libavutil 54. 16.100 / 54. 16.100
libavcodec 56. 20.100 / 56. 20.100
libavformat 56. 18.101 / 56. 18.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 7.101 / 5. 7.101
libavresample 2. 1. 0 / 2. 1. 0
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as input file with argument
'/home/cocobo/fuzz/hang.mpc'.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file /home/cocobo/fuzz/hang.mpc.
Successfully parsed a group of options.
Opening an input file: /home/cocobo/fuzz/hang.mpc.
[mpc8 @ 0x1e803a0] Format mpc8 probed with size=2048 and score=49
Program received signal SIGINT, Interrupt.
0x000000000059663e in avio_r8 (s=0x1e7faa0)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/aviobuf.c:513
513 if (s->buf_ptr >= s->buf_end)
(gdb) bt full
#0 0x000000000059663e in avio_r8 (s=0x1e7faa0)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/aviobuf.c:513
No locals.
#1 0x00000000005971be in ffio_read_varlen (bc=0x1e7faa0)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/aviobuf.c:744
val = 0
tmp = 32767
#2 0x0000000000627993 in mpc8_get_chunk_header (pb=0x1e7faa0,
tag=0x7fffffffd224, size=0x7fffffffd228)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/mpc8.c:129
pos = 145
#3 0x0000000000627eb4 in mpc8_read_header (s=0x1e803a0)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/mpc8.c:225
c = 0x1e7f840
pb = 0x1e7faa0
st = 0xc1fa
tag = 0
size = -3
pos = 145
#4 0x00000000006cb10b in avformat_open_input (ps=0x7fffffffd360,
filename=0x7fffffffde47 "/home/cocobo/fuzz/hang.mpc", fmt=0x0,
options=0x1e76098)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/libavformat/utils.c:467
s = 0x1e803a0
ret = 49
tmp = 0x1e7f5c0
id3v2_extra_meta = 0x0
#5 0x00000000004110e8 in open_input_file (o=0x7fffffffd440,
filename=0x7fffffffde47 "/home/cocobo/fuzz/hang.mpc")
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/ffmpeg_opt.c:883
f = 0x0
ic = 0x1e803a0
file_iformat = 0x0
err = 0
i = 48
ret = 0
timestamp = 17179869184
opts = 0x1235e97
unused_opts = 0x0
e = 0x0
orig_nb_streams = 0
video_codec_name = 0x0
audio_codec_name = 0x0
subtitle_codec_name = 0x0
scan_all_pmts_set = 1
#6 0x0000000000419254 in open_files (l=0x1e6c0d8, inout=0x1235e97
"input",
open_file=0x4109f0 <open_input_file>)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/ffmpeg_opt.c:2710
g = 0x1e76070
o = {g = 0x1e76070, start_time = -9223372036854775808, format =
0x0, codec_names = 0x0,
nb_codec_names = 0, audio_channels = 0x0, nb_audio_channels = 0,
audio_sample_rate = 0x0,
nb_audio_sample_rate = 0, frame_rates = 0x0, nb_frame_rates = 0,
frame_sizes = 0x0,
nb_frame_sizes = 0, frame_pix_fmts = 0x0, nb_frame_pix_fmts = 0,
input_ts_offset = 0, rate_emu = 0,
accurate_seek = 1, ts_scale = 0x0, nb_ts_scale = 0,
dump_attachment = 0x0, nb_dump_attachment = 0,
hwaccels = 0x0, nb_hwaccels = 0, hwaccel_devices = 0x0,
nb_hwaccel_devices = 0, stream_maps = 0x0,
nb_stream_maps = 0, audio_channel_maps = 0x0,
nb_audio_channel_maps = 0, metadata_global_manual = 0,
metadata_streams_manual = 0, metadata_chapters_manual = 0,
attachments = 0x0, nb_attachments = 0,
chapters_input_file = 2147483647, recording_time =
9223372036854775807,
stop_time = 9223372036854775807, limit_filesize =
18446744073709551615, mux_preload = 0,
mux_max_delay = 0.699999988, shortest = 0, video_disable = 0,
audio_disable = 0,
subtitle_disable = 0, data_disable = 0, streamid_map = 0x0,
nb_streamid_map = 0, metadata = 0x0,
nb_metadata = 0, max_frames = 0x0, nb_max_frames = 0,
bitstream_filters = 0x0,
nb_bitstream_filters = 0, codec_tags = 0x0, nb_codec_tags = 0,
sample_fmts = 0x0, nb_sample_fmts = 0,
qscale = 0x0, nb_qscale = 0, forced_key_frames = 0x0,
nb_forced_key_frames = 0, force_fps = 0x0,
nb_force_fps = 0, frame_aspect_ratios = 0x0,
nb_frame_aspect_ratios = 0, rc_overrides = 0x0,
nb_rc_overrides = 0, intra_matrices = 0x0, nb_intra_matrices =
0, inter_matrices = 0x0,
nb_inter_matrices = 0, chroma_intra_matrices = 0x0,
nb_chroma_intra_matrices = 0,
top_field_first = 0x0, nb_top_field_first = 0, metadata_map =
0x0, nb_metadata_map = 0,
presets = 0x0, nb_presets = 0, copy_initial_nonkeyframes = 0x0,
nb_copy_initial_nonkeyframes = 0,
copy_prior_start = 0x0, nb_copy_prior_start = 0, filters = 0x0,
nb_filters = 0, filter_scripts = 0x0,
nb_filter_scripts = 0, reinit_filters = 0x0, nb_reinit_filters =
0, fix_sub_duration = 0x0,
nb_fix_sub_duration = 0, canvas_sizes = 0x0, nb_canvas_sizes =
0, pass = 0x0, nb_pass = 0,
passlogfiles = 0x0, nb_passlogfiles = 0, guess_layout_max = 0x0,
nb_guess_layout_max = 0, apad = 0x0,
nb_apad = 0, discard = 0x0, nb_discard = 0}
i = 0
ret = 0
#7 0x00000000004193e1 in ffmpeg_parse_options (argc=7,
argv=0x7fffffffd9d8)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/ffmpeg_opt.c:2747
octx = {global_opts = {group_def = 0x1234020 <global_group>, arg =
0x12326fb "", opts = 0x1e75860,
nb_opts = 2, codec_opts = 0x0, format_opts = 0x0,
resample_opts = 0x0, sws_opts = 0x0,
swr_opts = 0x0}, groups = 0x1e6c0c0, nb_groups = 2, cur_group
= {group_def = 0x0, arg = 0x0,
opts = 0x0, nb_opts = 0, codec_opts = 0x0, format_opts = 0x0,
resample_opts = 0x0, sws_opts = 0x0,
swr_opts = 0x0}}
error = "\000\000\000\000\000\000\000\000\002-#\001", '\000'
<repeats 28 times>,
"\347{m\000\000\000\000\000\300\330\377\377\377\177\000\000\274\331A\000\000\000\000\000\002-#\001\000\000\000\000\340\062O\001\001\000\000\000\004`\000\000\005\000\000\000\277\000\000\000\061\n\000\000\000\003\034\177\025\004\000\001\000\021\023\032\000\022\017\027\026",
'\000' <repeats 14 times>
ret = 0
#8 0x000000000042ca2a in main (argc=7, argv=0x7fffffffd9d8)
at /home/cocobo/repository/mpv-
build_vanilla_debug/ffmpeg/ffmpeg.c:3941
ret = 32767
ti = 0
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4262>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list