[FFmpeg-trac] #6805(avformat:open): deadlock with fuzzed file

FFmpeg trac at avcodec.org
Sat Nov 4 01:08:03 EET 2017


#6805: deadlock with fuzzed file
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avformat
              Version:  git-master   |               Resolution:
             Keywords:  mvdec        |               Blocked By:
  deadlock regression                |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avformat
 * priority:  normal => important
 * version:  unspecified => git-master
 * keywords:   => mvdec deadlock regression


Comment:

 It seems that the code should terminate at some point but I gave up
 before.

 Regression since 6fb40779cd3457a819e20d6db91a142c47cad3c2
 {{{
 (gdb) bt
 #0  0x00007ffff636e2d0 in __read_nocancel () from /lib64/libpthread.so.0
 #1  0x00000000007565e7 in file_read (h=<optimized out>, buf=<optimized
 out>, size=<optimized out>)
     at libavformat/file.c:112
 #2  0x000000000061551b in retry_transfer_wrapper (transfer_func=0x7565d0
 <file_read>, size_min=1, size=32768,
     buf=0x205de70 "MOVI", h=0x2055a40) at libavformat/avio.c:376
 #3  ffurl_read (h=0x2055a40, buf=0x205de70 "MOVI", size=32768) at
 libavformat/avio.c:411
 #4  0x0000000000617736 in read_packet_wrapper (size=32768, buf=<optimized
 out>, s=0x205dd60) at libavformat/aviobuf.c:533
 #5  fill_buffer (s=0x205dd60) at libavformat/aviobuf.c:583
 #6  0x000000000061b852 in avio_feof (s=0x205dd60) at
 libavformat/aviobuf.c:362
 #7  avio_read (s=s at entry=0x205dd60, buf=<optimized out>,
 buf at entry=0x7fffffffce80 "__NUM_I_TRACKS", size=size at entry=16)
     at libavformat/aviobuf.c:690
 #8  0x00000000006b5d50 in read_table (st=0x0, parse=<optimized out>,
 avctx=0x2055240) at libavformat/mvdec.c:238
 #9  mv_read_header (avctx=0x2055240) at libavformat/mvdec.c:355
 #10 0x0000000000737456 in avformat_open_input (ps=ps at entry=0x7fffffffcfc0,
     filename=filename at entry=0x7fffffffe1d8 "deadlock_fuzz.mov",
 fmt=fmt at entry=0x0, options=0x2055128)
     at libavformat/utils.c:599
 #11 0x0000000000488c0d in open_input_file (o=o at entry=0x7fffffffd160,
 filename=<optimized out>) at fftools/ffmpeg_opt.c:1052
 #12 0x000000000048a42f in open_files (l=0x2055058, l=0x2055058,
 open_file=0x4872d0 <open_input_file>,
     inout=0x117f5f1 "input") at fftools/ffmpeg_opt.c:3277
 #13 ffmpeg_parse_options (argc=argc at entry=3,
 argv=argv at entry=0x7fffffffdd38) at fftools/ffmpeg_opt.c:3317
 #14 0x0000000000480287 in main (argc=3, argv=0x7fffffffdd38) at
 fftools/ffmpeg.c:4769
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6805#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list