[FFmpeg-trac] #9120(avformat:open): dss seek crash (was: heap buffer overflow write when extracting frames from the video)

FFmpeg trac at avcodec.org
Thu Feb 25 00:36:23 EET 2021


#9120: dss seek crash
------------------------------------+------------------------------------
             Reporter:  bird        |                    Owner:
                 Type:  defect      |                   Status:  open
             Priority:  important   |                Component:  avformat
              Version:  git-master  |               Resolution:
             Keywords:  dss crash   |               Blocked By:
             Blocking:              |  Reproduced by developer:  1
Analyzed by developer:  0           |
------------------------------------+------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  ffmpeg => avformat
 * priority:  normal => important
 * keywords:   => dss crash


Comment:

 {{{
 $ valgrind ffmpeg_g -ss 0 -i 1
 ==1963== Memcheck, a memory error detector
 ==1963== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
 ==1963== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright
 info
 ==1963== Command: ffmpeg_g -ss 0 -i 1
 ==1963==
 ffmpeg version N-101291-gd3d99a0a06 Copyright (c) 2000-2021 the FFmpeg
 developers
   built with gcc 10 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      56. 66.100 / 56. 66.100
   libavcodec     58.125.100 / 58.125.100
   libavformat    58. 68.100 / 58. 68.100
   libavdevice    58. 12.100 / 58. 12.100
   libavfilter     7.107.100 /  7.107.100
   libswscale      5.  8.100 /  5.  8.100
   libswresample   3.  8.100 /  3.  8.100
   libpostproc    55.  8.100 / 55.  8.100
 [dss @ 0x5082540] Estimating duration from bitrate, this may be inaccurate
 ==1963== Invalid write of size 2
 ==1963==    at 0x483DEC3: memcpy at GLIBC_2.2.5 (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==1963==    by 0x720723: avio_read (aviobuf.c:673)
 ==1963==    by 0x7366F3: dss_sp_read_packet (dss.c:246)
 ==1963==    by 0x7366F3: dss_read_packet (dss.c:321)
 ==1963==    by 0x833BE9: ff_read_packet (utils.c:823)
 ==1963==    by 0x834D7A: read_frame_internal (utils.c:1526)
 ==1963==    by 0x835C27: av_read_frame (utils.c:1730)
 ==1963==    by 0x83780C: seek_frame_generic (utils.c:2388)
 ==1963==    by 0x83780C: seek_frame_internal (utils.c:2461)
 ==1963==    by 0x83780C: av_seek_frame (utils.c:2481)
 ==1963==    by 0x8373F9: avformat_seek_file (utils.c:2533)
 ==1963==    by 0x49C7A0: open_input_file (ffmpeg_opt.c:1252)
 ==1963==    by 0x4A0117: open_files (ffmpeg_opt.c:3335)
 ==1963==    by 0x4A0117: ffmpeg_parse_options (ffmpeg_opt.c:3375)
 ==1963==    by 0x494C97: main (ffmpeg.c:4964)
 ==1963==  Address 0x5094874 is 12 bytes before a block of size 68 alloc'd
 ==1963==    at 0x483BEB8: memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==1963==    by 0x483BFEE: posix_memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==1963==    by 0x121A74F: av_malloc (mem.c:86)
 ==1963==    by 0x121A74F: av_mallocz (mem.c:239)
 ==1963==    by 0x83CC04: avformat_open_input (utils.c:581)
 ==1963==    by 0x49C973: open_input_file (ffmpeg_opt.c:1174)
 ==1963==    by 0x4A0117: open_files (ffmpeg_opt.c:3335)
 ==1963==    by 0x4A0117: ffmpeg_parse_options (ffmpeg_opt.c:3375)
 ==1963==    by 0x494C97: main (ffmpeg.c:4964)
 ==1963==
 1: could not seek to position 0.000
 Input #0, dss, from '1':
   Metadata:
     author          : ��0� ?B�
                     : ������
     date            : 2077-77-77T77:77:77
     comment         :
   Duration: 00:00:00.29, start: 0.000000, bitrate: 13 kb/s
   Stream #0:0: Audio: dss_sp, 11025 Hz, mono, s16
 At least one output file must be specified
 ==1963==
 ==1963== HEAP SUMMARY:
 ==1963==     in use at exit: 0 bytes in 0 blocks
 ==1963==   total heap usage: 206 allocs, 206 frees, 100,610 bytes
 allocated
 ==1963==
 ==1963== All heap blocks were freed -- no leaks are possible
 ==1963==
 ==1963== For lists of detected and suppressed errors, rerun with: -s
 ==1963== ERROR SUMMARY: 12 errors from 1 contexts (suppressed: 0 from 0)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/9120#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list