[FFmpeg-trac] #7335(avcodec:new): Low-level error in DCA XLL decode becomes ignored in dcadec.c then SWResample crashes NPX
FFmpeg
trac at avcodec.org
Mon Jul 30 14:05:37 EEST 2018
#7335: Low-level error in DCA XLL decode becomes ignored in dcadec.c then
SWResample crashes NPX
-------------------------------------+-------------------------------------
Reporter: DjangoTX | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: git-
Keywords: DCA XLL | master
SWResampler AVERROR_INVALIDDATA | Blocked By:
Invalid NAVI position | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
* Input: (dca) DTS 48000 Hz, 8 ch 7.1 (s32p)
* Call: API avcodec_receive_frame(), after avcodec_send_packet()
-> libavcodec/dca_xll.c/parse_band_data() produces and logs error "Invalid
NAVI position\n"
OK.
-> parse_band_data returns AVERROR_INVALIDDATA
OK.
* Up-stack: Caller
libavcodec/dcadec.c/dcadec_decode_frame().ff_dca_xll_parse() handles
AVERROR(EAGAIN), AVERROR(ENOMEM) and AV_EF_EXPLODE but ignores
AVERROR_INVALIDDATA
* Crash: 2 out of 8 planes (the XLL channels) of the "successfully"
decoded frame are unassigned => the next unit in flow, the SWResampler,
crashes with NPX.
ffmpeg version 4.0
built with gcc 7.3.0 (GCC)
configuration: --disable-static --enable-shared --enable-gpl --enable-
version3 --enable-sdl2 --enable-bzlib --enable-fontconfig --enable-gnutls
--enable-iconv --enable-libass --enable-libbluray --enable-libfreetype
--enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb
--enable-libopenjpeg --enable-libopus --enable-libshine --enable-libsnappy
--enable-libsoxr --enable-libtheora --enable-libtwolame --enable-libvpx
--enable-libwavpack --enable-libwebp --enable-libx264 --enable-libx265
--enable-libxml2 --enable-libzimg --enable-lzma --enable-zlib --enable-gmp
--enable-libvidstab --enable-libvorbis --enable-libvo-amrwbenc --enable-
libmysofa --enable-libspeex --enable-libxvid --enable-libaom --enable-
libmfx --enable-amf --enable-ffnvcodec --enable-cuvid --enable-d3d11va
--enable-nvenc --enable-nvdec --enable-dxva2 --enable-avisynth
libavutil 56. 14.100 / 56. 14.100
libavcodec 58. 18.100 / 58. 18.100
libswscale 5. 1.100 / 5. 1.100
libswresample 3. 1.100 / 3. 1.100
How to reproduce:
* own Java/JNI i/f to libavcodec et al with elementary DTS MA stream of
copyrighted material
* [SWR] FC: FL:0.160189 FR:0.160189 FC:0.226541 LFE:0.000000 BL:0.113270
BR:0.113270 SL:0.113270 SR:0.113270
* BUG HUNTING OUTPUT:
{{{
send 6760 B <<< pre avcodec_receive_frame
swr 1 1 1 1 1 1 1 1 ok <<< SWR input planes ok/NULL
send 4116 B
#>> E Invalid NAVI position <<< av_log (from BUG HUNTING)
swr 1 1 1 1 1 1 -99 -99 # <<< ok ok ok ok ok ok NULL NULL
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00007fffb3ec0feb,
pid=13912, tid=0x0000000000003e94
#
# JRE version: Java(TM) SE Runtime Environment (8.0_162-b12) (build
1.8.0_162-b12)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.162-b12 mixed mode
windows-amd64 compressed oops)
# Problematic frame:
# C [swresample-3.dll+0x10feb]
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7335>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list