[FFmpeg-trac] #6618(avcodec:new): flac: infinite loop with fuzzed file

FFmpeg trac at avcodec.org
Sat Aug 26 01:54:51 EEST 2017


#6618: flac: infinite loop with fuzzed file
----------------------------------+--------------------------------------
             Reporter:  jrummell  |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avcodec   |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+--------------------------------------
 Summary of the bug:
 The attached file (generated by Chrome's fuzzers) causes an infinite loop.
 Original bug https://crbug.com/714370

 How to reproduce:
 {{{
 ffmpeg -i testcase.flac dummy.mp4
 ffmpeg version N-87069-g1e34019d62 Copyright (c) 2000-2017 the FFmpeg
 developers
   built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
   configuration: ...
   libavutil      55. 74.100 / 55. 74.100
   libavcodec     57.103.100 / 57.103.100
   libavformat    57. 77.100 / 57. 77.100
   libavdevice    57.  7.101 / 57.  7.101
   libavfilter     6.100.100 /  6.100.100
   libswscale      4.  7.103 /  4.  7.103
   libswresample   2.  8.100 /  2.  8.100
   libpostproc    54.  6.100 / 54.  6.100
 [flac @ 0x3397360] Format flac detected only with low score of 13,
 misdetection possible!
 ...
 [NULL @ 0x2d998a0] crc check failed from offset 0 (frame 1) to 6 (frame 1)
 [NULL @ 0x2d998a0] sample/frame number mismatch in adjacent frames
 }}}

 In tracing through the code flac_parse() gets a buffer of 2 bytes, and
 ends up in handle_error:, returning 0. Code in parse_packet() detects that
 nothing is returned, and tries to parse the same 2 bytes again.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6618>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list