[FFmpeg-trac] #5598(avcodec:new): image2pipe disruption and OOM crash on BMP sequences with certain pixel values

FFmpeg trac at avcodec.org
Mon May 30 17:20:19 CEST 2016 

#5598: image2pipe disruption and OOM crash on BMP sequences with certain pixel
values
-------------------------------------+-------------------------------------
             Reporter:  CoJaBo       |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  bmp          |               Blocked By:
  regression                         |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by CoJaBo):

 Replying to [comment:1 cehoyos]:
 > Is {{{-f image2pipe}}} necessary to reproduce? I ask because generally
 forcing an input format can make a ticket less important.

 It actually is not required; testing without it, I see that ffmpeg auto-
 detects the format as bmp_pipe instead of image2pipe, but this still
 exhibits the described bug.

 > > If such a frame occurs in the middle of a large input stream, upon
 hitting it ffmpeg will stop producing output and attempt to read the
 remainder of the input stream into RAM until it runs out of memory and
 dies.
 >
 > How can I reproduce this?

 Just repeat the blank frame until the input stream won't fit in RAM;
 here's a one-liner to do this (increase 500 as needed):

 {{{
 (cat blank.bmp error.bmp; for i in `seq 1 500`; do cat blank.bmp; done;) |
 ffmpeg -i - junk.mkv
 }}}

 For comparison, it works with only the blank frame, generating the
 expected 502 frames of output with no errors:

 {{{
 (cat blank.bmp blank.bmp; for i in `seq 1 500`; do cat blank.bmp; done;) |
 ffmpeg -i - junk.mkv
 }}}

 > So far you have reported that input exists for which the bmp parser is
 unable to produce correct output. This is a regression for the given input
 but it may be "wontfix" (because parsing bmp can be difficult).

 Should it be that difficult though? The size of the file including header
 is the 4 bytes at offset 0x02; once the format has been identified as BMP,
 ffmpeg should read that many bytes before expecting either another header
 or EOF. Instead, it seems to be continuously scanning for anything that
 appears to be another header; that's only a 2-byte sequence (BM), so it
 will inevitably happen.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5598#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list