Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#4242 closed defect (fixed)

vp9: deadlock with fuzzed file

Reported by: tholin Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vp9 deadlock regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

The attached file hangs in an infinite loop.

$ ./ffmpeg -v 9 -loglevel 99 -i ~/fuzz/vp9_parser_infloop.webm 
ffmpeg version N-68999-g6f838de Copyright (c) 2000-2015 the FFmpeg developers
  built on Jan 10 2015 10:21:01 with gcc 4.8.3 (Gentoo 4.8.3 p1.1, pie-0.5.9)
  configuration: --prefix=/home/cocobo/repository/mpv-build_vanilla_debug/build_libs --enable-static --disable-shared --enable-gpl --enable-avresample --enable-debug=gdb --disable-doc --disable-optimizations --disable-stripping
  libavutil      54. 16.100 / 54. 16.100
  libavcodec     56. 20.100 / 56. 20.100
  libavformat    56. 18.100 / 56. 18.100
  libavdevice    56.  3.100 / 56.  3.100
  libavfilter     5.  7.100 /  5.  7.100
  libavresample   2.  1.  0 /  2.  1.  0
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging level) with argument '99'.
Reading option '-i' ... matched as input file with argument '/home/cocobo/fuzz/vp9_parser_infloop.webm'.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file /home/cocobo/fuzz/vp9_parser_infloop.webm.
Successfully parsed a group of options.
Opening an input file: /home/cocobo/fuzz/vp9_parser_infloop.webm.
[matroska,webm @ 0x3bf53a0] Format matroska,webm probed with size=2048 and score=100
[matroska,webm @ 0x3bf53a0] Unknown entry 0x4C32
Truncating packet of size 1048576 to 14912
[matroska,webm @ 0x3bf53a0] Unknown entry 0x81
[matroska,webm @ 0x3bf53a0] Read error at pos. 171 (0xab)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x82
[matroska,webm @ 0x3bf53a0] Unknown entry 0x84
Truncating packet of size 178937 to 15212
[matroska,webm @ 0x3bf53a0] Unknown entry 0x4C32
Truncating packet of size 1048576 to 14912
[matroska,webm @ 0x3bf53a0] Read error at pos. 1279 (0x4ff)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x93
[matroska,webm @ 0x3bf53a0] Read error at pos. 5142 (0x1416)
[matroska,webm @ 0x3bf53a0] Invalid length 0xffffffffffffff > 0x8 for syntax element 1
[matroska,webm @ 0x3bf53a0] Invalid length 0x103a31 > 0x8 for syntax element 1
[matroska,webm @ 0x3bf53a0] Read error at pos. 7775 (0x1e5f)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x91
[matroska,webm @ 0x3bf53a0] Unknown entry 0x63A2
[matroska,webm @ 0x3bf53a0] Unknown entry 0x23E383
[matroska,webm @ 0x3bf53a0] Read error at pos. 8082 (0x1f92)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x7FFF
    Last message repeated 1 times
[matroska,webm @ 0x3bf53a0] Read error at pos. 8812 (0x226c)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x7FFF
[matroska,webm @ 0x3bf53a0] Read error at pos. 9990 (0x2706)
[matroska,webm @ 0x3bf53a0] Read error at pos. 10510 (0x290e)
[matroska,webm @ 0x3bf53a0] Unknown entry 0x7FFF
st:0 removing common factor 1000000 from timebase
st:1 removing common factor 1000000 from timebase
st:2 removing common factor 1000000 from timebase
[matroska,webm @ 0x3bf53a0] Unknown or unsupported track type 0
st:3 removing common factor 1000000 from timebase
[matroska,webm @ 0x3bf53a0] Unknown or unsupported track type 0
[matroska,webm @ 0x3bf53a0] Unknown/unsupported AVCodecID V_MS/VFWNFOURCC.
st:4 removing common factor 1000000 from timebase
[matroska,webm @ 0x3bf53a0] Before avformat_find_stream_info() pos: 11541 bytes read:15317 seeks:0
[matroska,webm @ 0x3bf53a0] parser not found for codec none, packets or times may be invalid.
[vp9 @ 0x3bf79e0] Superframe packet size too big: 196 > 31
[vp9 @ 0x3bf79e0] Superframe packet size too big: 196 > 0
    Last message repeated 11977132 times
^C

Attachments (1)

vp9_parser_infloop.webm (15.0 KB) - added by tholin 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by tholin

comment:1 Changed 4 years ago by gjdfgh

Patch sent.

comment:2 Changed 4 years ago by michael

  • Resolution set to fixed
  • Status changed from new to closed

patch applied

comment:3 Changed 4 years ago by cehoyos

  • Keywords vp9 deadlock regression added
  • Priority changed from normal to important
  • Reproduced by developer set

Regression since 84d362f0 or 84707287
Related to ticket #3273.

Note: See TracTickets for help on using tickets.