[FFmpeg-trac] #6831(undetermined:new): tivo: crash with fuzzed file 2

FFmpeg trac at avcodec.org
Sun Nov 12 22:47:12 EET 2017 

#6831: tivo: crash with fuzzed file 2
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 https://files.fm/u/78wzjjsx

 {{{
 (gdb) r -i f/ty/scheduled_fuzz.ty+
 The program being debugged has been started already.
 Start it from the beginning? (y or n) y

 Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i f/ty/scheduled_fuzz.ty+
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 3.4.git Copyright (c) 2000-2017 the FFmpeg developers
   built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
   configuration: --enable-gpl --disable-ffprobe --disable-ffplay
 --disable-ffserver
   libavutil      56.  0.100 / 56.  0.100
   libavcodec     58.  2.100 / 58.  2.100
   libavformat    58.  2.100 / 58.  2.100
   libavdevice    58.  0.100 / 58.  0.100
   libavfilter     7.  0.101 /  7.  0.101
   libswscale      5.  0.101 /  5.  0.101
   libswresample   3.  0.101 /  3.  0.101
   libpostproc    55.  0.100 / 55.  0.100

 Program received signal SIGSEGV, Segmentation fault.
 0x08388b88 in parse_master (s=0x9aa91a0) at libavformat/ty.c:381
 381             ty->seq_table[j].timestamp = AV_RB64(ty->chunk +
 ty->cur_chunk_pos);
 (gdb) bt
 #0  0x08388b88 in parse_master (s=0x9aa91a0) at libavformat/ty.c:381
 #1  get_chunk (s=<optimized out>) at libavformat/ty.c:414
 #2  ty_read_packet (s=0x9aa91a0, pkt=0xbfffe7e8) at libavformat/ty.c:729
 #3  0x0838f4c2 in ff_read_packet (s=0x9aa91a0, pkt=0xbfffe7e8)
     at libavformat/utils.c:823
 #4  0x0839305c in read_frame_internal (s=s at entry=0x9aa91a0,
     pkt=pkt at entry=0xbfffea54) at libavformat/utils.c:1526
 #5  0x08398506 in avformat_find_stream_info (ic=0x9aa91a0,
 options=0x9aa97e0)
     at libavformat/utils.c:3704
 #6  0x080cc2a1 in open_input_file (o=o at entry=0xbfffed58,
     filename=<optimized out>) at fftools/ffmpeg_opt.c:1078
 #7  0x080ce56d in open_files (l=0x9aa902c, l=0x9aa902c,
     open_file=0x80caf90 <open_input_file>, inout=0x8d95be9 "input")
     at fftools/ffmpeg_opt.c:3281
 #8  ffmpeg_parse_options (argc=3, argv=0xbffff144) at
 fftools/ffmpeg_opt.c:3321
 #9  0x080c6a4a in main (argc=3, argv=0xbffff144) at fftools/ffmpeg.c:4775
 (gdb)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6831>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list