[FFmpeg-trac] #6183(undetermined:new): scpr: crash with fuzzed file
FFmpeg
trac at avcodec.org
Thu Feb 23 19:13:39 EET 2017
#6183: scpr: crash with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
(gdb) r -i sp_16bit_q50_fuzz.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i sp_16bit_q50_fuzz.avi -f
null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.2.git Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
configuration: --disable-ffprobe --disable-ffserver --disable-ffplay
--enable-gpl
libavutil 55. 47.100 / 55. 47.100
libavcodec 57. 81.100 / 57. 81.100
libavformat 57. 66.102 / 57. 66.102
libavdevice 57. 2.100 / 57. 2.100
libavfilter 6. 73.100 / 6. 73.100
libswscale 4. 3.101 / 4. 3.101
libswresample 2. 4.100 / 2. 4.100
libpostproc 54. 2.100 / 54. 2.100
Input #0, avi, from 'sp_16bit_q50_fuzz.avi':
Metadata:
encoder : Lavf57.36.10
Duration: 00:00:04.44, start: 0.000000, bitrate: 79 kb/s
Stream #0:0: Video: scpr (SCPR / 0x52504353), rgb0, 320x200, 25 fps,
25 tbr, 25 tbn, 25 tbc
[New Thread 0xb68c6b40 (LWP 3041)]
[New Thread 0xb60c5b40 (LWP 3042)]
[New Thread 0xb58c4b40 (LWP 3043)]
[New Thread 0xb50c3b40 (LWP 3044)]
[New Thread 0xb48c2b40 (LWP 3045)]
[New Thread 0xb40c1b40 (LWP 3046)]
[New Thread 0xb38c0b40 (LWP 3047)]
[New Thread 0xb30bfb40 (LWP 3048)]
[New Thread 0xb28beb40 (LWP 3049)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf57.66.102
Stream #0:0: Video: wrapped_avframe, rgb0, 320x200, q=2-31, 200 kb/s,
25 fps, 25 tbn, 25 tbc
Metadata:
encoder : Lavc57.81.100 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (scpr (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
decode_unit (s=s at entry=0xb68c7020, pixel=0xb759a368,
rval=rval at entry=0xbfffe738, step=400) at libavcodec/scpr.c:224
224 pixel->freq[c] = cnt_c + step;
(gdb) bt
#0 decode_unit (s=s at entry=0xb68c7020, pixel=0xb759a368,
rval=rval at entry=0xbfffe738, step=400) at libavcodec/scpr.c:224
#1 0x086ade03 in decompress_i (linesize=320, dst=0xb2040020,
avctx=0x9a29cc0)
at libavcodec/scpr.c:319
#2 decode_frame (avctx=0x9a29cc0, data=0x9a2d1c0, got_frame=0xbfffe83c,
avpkt=0xbfffe7ac) at libavcodec/scpr.c:686
#3 0x08729a59 in avcodec_decode_video2 (avctx=0x9a29cc0,
picture=0x9a2d1c0,
got_picture_ptr=0xbfffe83c, avpkt=0xbfffe938) at
libavcodec/utils.c:2263
#4 0x0872a9dd in do_decode (avctx=avctx at entry=0x9a29cc0,
pkt=pkt at entry=0xbfffe938) at libavcodec/utils.c:2796
#5 0x0872b7b0 in avcodec_send_packet (avctx=0x9a29cc0, avpkt=<optimized
out>)
at libavcodec/utils.c:2885
#6 0x080e8447 in decode (pkt=0xbfffe938, got_frame=0xbfffead4,
frame=<optimized out>, avctx=0x9a29cc0) at ffmpeg.c:2052
#7 decode_video (ist=ist at entry=0x9a29960, pkt=pkt at entry=0xbfffeb14,
got_output=got_output at entry=0xbfffead4, eof=0) at ffmpeg.c:2248
#8 0x080e9806 in process_input_packet (ist=0x9a29960, pkt=0xbfffed44,
no_eof=0) at ffmpeg.c:2491
#9 0x080c78d6 in process_input (file_index=<optimized out>) at
ffmpeg.c:4251
#10 transcode_step () at ffmpeg.c:4339
#11 transcode () at ffmpeg.c:4393
#12 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4598
(gdb)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6183>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list