[FFmpeg-trac] #5368(undetermined:new): I am Trying to find crashes in fffuzz using zzuf.
FFmpeg
trac at avcodec.org
Wed Mar 23 12:22:35 CET 2016
#5368: I am Trying to find crashes in fffuzz using zzuf.
-------------------------------------+-------------------------------------
Reporter: | Type:
neerajsinghi | sponsoring request
Status: new | Priority: normal
Component: | Version:
undetermined | unspecified
Keywords: fffuzz | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Problem Encountered: fffuzz crashed while converting these video files
with seed .
Seed File Name
2035 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
22413 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
27310 Mansha.avi
1621 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
With Signal 15.
Command Used: while true; SEED=$RANDOM; do
zzuf -M -1 -q -U 60 -s $SEED ./fffuzz "$file" /dev/null || echo $SEED
$file >> fuzz
done
Signal 15 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
This was on the console and there is an file fuzz with the above output
the seed and filename.
GDB Backtrace output
I first zzufed these files with the seeds using
zzuf -s 27310 cat Mansha.avi > fuzz3.avi
I ran gdb on the above four files .
For Ikari_and_Rei_in_the_hospital-Shadowcry.avi there was no crash in gdb.
But for Mansha.avi
There was an endless loop for fuzz3.avi it was not converting. I waited
for arround 8 hours for it to finish but it was still running. So I
forcefully terminated it.and Here is the backtrack output.
(gdb) bt
#0 0x00007ffff63aa344 in ?? () from /usr/local/lib/libavcodec.so.57
#1 0x00007ffff642b489 in ?? () from /usr/local/lib/libavcodec.so.57
#2 0x00007ffff69045a6 in avcodec_decode_video2 ()
from /usr/local/lib/libavcodec.so.57
#3 0x00000000004025e6 in decode_packet (dec_ctx=0x615e20,
dst_file=0x61cc50,
frame=<optimized out>, got_frame=0x7fffffffdd2c,
frame_count=0x7fffffffdd28, pkt=0x7fffffffdcd0) at main.c:55
#4 0x0000000000402199 in main (argc=<optimized out>, argv=<optimized
out>)
at main.c:342
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff63aa324 to 0x7ffff63aa364:
0x00007ffff63aa324: and $0x28,%al
0x00007ffff63aa326: mov 0x42c(%rbp),%edx
0x00007ffff63aa32c: movq $0x0,0x170(%rsp)
0x00007ffff63aa338: movq $0x0,0x178(%rsp)
=> 0x00007ffff63aa344: rep stos %rax,%es:(%rdi)
0x00007ffff63aa347: mov 0x11c(%rsp),%eax
0x00007ffff63aa34e: mov 0x58(%rsp),%ecx
0x00007ffff63aa352: movq $0x0,0x180(%rsp)
0x00007ffff63aa35e: movq $0x0,0x188(%rsp)
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x1720140 24248640
rcx 0x2 2
rdx 0x17 23
rsi 0xf 15
rdi 0x7fffffffd8b0 140737488345264
rbp 0x627f90 0x627f90
rsp 0x7fffffffd6f0 0x7fffffffd6f0
r8 0x16 22
r9 0x0 0
r10 0x6267b8 6449080
r11 0x626e40 6450752
---Type <return> to continue, or q <return> to quit---
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5368>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list