Opened 9 years ago

Closed 9 years ago

#4256 closed defect (fixed)

mxf: crash with fuzzed file

Reported by: tholin Owned by:
Priority: important Component: avformat
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

The attached file crash with a free(): invalid pointer error.

$ gdb --args ./ffmpeg -i ~/fuzz/invalid_pointer.mxf 
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffmpeg...done.
(gdb) r
Starting program: /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg -i /home/cocobo/fuzz/invalid_pointer.mxf
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-69043-gc648879 Copyright (c) 2000-2015 the FFmpeg developers
  built on Jan 13 2015 14:52:18 with gcc 4.8.3 (Gentoo 4.8.3 p1.1, pie-0.5.9)
  configuration: --prefix=/home/cocobo/repository/mpv-build_vanilla_debug/build_libs --enable-static --disable-shared --enable-gpl --enable-avresample --enable-debug=gdb --disable-doc --disable-optimizations --disable-stripping
  libavutil      54. 16.100 / 54. 16.100
  libavcodec     56. 20.100 / 56. 20.100
  libavformat    56. 18.101 / 56. 18.101
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5.  7.101 /  5.  7.101
  libavresample   2.  1.  0 /  2.  1.  0
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
[mxf @ 0x1e80360] error reading header metadata
*** Error in `/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg': free(): invalid pointer: 0x0000000001e7fda0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x772cf)[0x7ffff56762cf]
/lib64/libc.so.6(+0x7cc0e)[0x7ffff567bc0e]
/lib64/libc.so.6(+0x7d936)[0x7ffff567c936]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x120aeaa]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x120aecf]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x648705]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x647947]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x6cb0ee]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x4110e8]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x419254]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x4193e1]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x42ca2a]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff5623dc5]
/home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg[0x4073c9]
======= Memory map: ========
00400000-015cf000 r-xp 00000000 fe:01 5134677                            /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg
017ce000-017cf000 r--p 011ce000 fe:01 5134677                            /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg
017cf000-01806000 rw-p 011cf000 fe:01 5134677                            /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg_build/ffmpeg
01806000-01eb1000 rw-p 00000000 00:00 0                                  [heap]
7ffff4bd3000-7ffff4be8000 r-xp 00000000 fe:01 5934388                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1
7ffff4be8000-7ffff4de7000 ---p 00015000 fe:01 5934388                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1
7ffff4de7000-7ffff4de8000 r--p 00014000 fe:01 5934388                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1
7ffff4de8000-7ffff4de9000 rw-p 00015000 fe:01 5934388                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.3/libgcc_s.so.1
7ffff4de9000-7ffff4df0000 r-xp 00000000 fe:01 6217550                    /lib64/librt-2.19.so
7ffff4df0000-7ffff4fef000 ---p 00007000 fe:01 6217550                    /lib64/librt-2.19.so
7ffff4fef000-7ffff4ff0000 r--p 00006000 fe:01 6217550                    /lib64/librt-2.19.so
7ffff4ff0000-7ffff4ff1000 rw-p 00007000 fe:01 6217550                    /lib64/librt-2.19.so
7ffff4ff1000-7ffff4ff6000 r-xp 00000000 fe:01 5921246                    /usr/lib64/libXdmcp.so.6.0.0
7ffff4ff6000-7ffff51f5000 ---p 00005000 fe:01 5921246                    /usr/lib64/libXdmcp.so.6.0.0
7ffff51f5000-7ffff51f6000 r--p 00004000 fe:01 5921246                    /usr/lib64/libXdmcp.so.6.0.0
7ffff51f6000-7ffff51f7000 rw-p 00005000 fe:01 5921246                    /usr/lib64/libXdmcp.so.6.0.0
7ffff51f7000-7ffff51fa000 r-xp 00000000 fe:01 5918030                    /usr/lib64/libXau.so.6.0.0
7ffff51fa000-7ffff53f9000 ---p 00003000 fe:01 5918030                    /usr/lib64/libXau.so.6.0.0
7ffff53f9000-7ffff53fa000 r--p 00002000 fe:01 5918030                    /usr/lib64/libXau.so.6.0.0
7ffff53fa000-7ffff53fb000 rw-p 00003000 fe:01 5918030                    /usr/lib64/libXau.so.6.0.0
7ffff53fb000-7ffff53fd000 r-xp 00000000 fe:01 6217549                    /lib64/libdl-2.19.so
7ffff53fd000-7ffff55fd000 ---p 00002000 fe:01 6217549                    /lib64/libdl-2.19.so
7ffff55fd000-7ffff55fe000 r--p 00002000 fe:01 6217549                    /lib64/libdl-2.19.so
7ffff55fe000-7ffff55ff000 rw-p 00003000 fe:01 6217549                    /lib64/libdl-2.19.so
7ffff55ff000-7ffff579d000 r-xp 00000000 fe:01 6217512                    /lib64/libc-2.19.so
7ffff579d000-7ffff599c000 ---p 0019e000 fe:01 6217512                    /lib64/libc-2.19.so
7ffff599c000-7ffff59a0000 r--p 0019d000 fe:01 6217512                    /lib64/libc-2.19.so
7ffff59a0000-7ffff59a2000 rw-p 001a1000 fe:01 6217512                    /lib64/libc-2.19.so
7ffff59a2000-7ffff59a6000 rw-p 00000000 00:00 0 
7ffff59a6000-7ffff59a9000 r-xp 00000000 fe:01 6318047                    /usr/lib64/libvdpau.so.1.0.0
7ffff59a9000-7ffff5ba8000 ---p 00003000 fe:01 6318047                    /usr/lib64/libvdpau.so.1.0.0
7ffff5ba8000-7ffff5ba9000 r--p 00002000 fe:01 6318047                    /usr/lib64/libvdpau.so.1.0.0
7ffff5ba9000-7ffff5baa000 rw-p 00003000 fe:01 6318047                    /usr/lib64/libvdpau.so.1.0.0
7ffff5baa000-7ffff5bbf000 r-xp 00000000 fe:01 5786060                    /lib64/libz.so.1.2.8
7ffff5bbf000-7ffff5dbe000 ---p 00015000 fe:01 5786060                    /lib64/libz.so.1.2.8
7ffff5dbe000-7ffff5dbf000 r--p 00014000 fe:01 5786060                    /lib64/libz.so.1.2.8
7ffff5dbf000-7ffff5dc0000 rw-p 00015000 fe:01 5786060                    /lib64/libz.so.1.2.8
7ffff5dc0000-7ffff5dcf000 r-xp 00000000 fe:01 6466011                    /lib64/libbz2.so.1.0.6
7ffff5dcf000-7ffff5fcf000 ---p 0000f000 fe:01 6466011                    /lib64/libbz2.so.1.0.6
7ffff5fcf000-7ffff5fd0000 r--p 0000f000 fe:01 6466011                    /lib64/libbz2.so.1.0.6
7ffff5fd0000-7ffff5fd1000 rw-p 00010000 fe:01 6466011                    /lib64/libbz2.so.1.0.6
7ffff5fd1000-7ffff5ff5000 r-xp 00000000 fe:01 3016                       /lib64/liblzma.so.5.2.0
7ffff5ff5000-7ffff61f5000 ---p 00024000 fe:01 3016                       /lib64/liblzma.so.5.2.0
7ffff61f5000-7ffff61f6000 r--p 00024000 fe:01 3016                       /lib64/liblzma.so.5.2.0
7ffff61f6000-7ffff61f7000 rw-p 00025000 fe:01 3016                       /lib64/liblzma.so.5.2.0
7ffff61f7000-7ffff62f0000 r-xp 00000000 fe:01 6217538                    /lib64/libm-2.19.so
7ffff62f0000-7ffff64ef000 ---p 000f9000 fe:01 6217538                    /lib64/libm-2.19.so
7ffff64ef000-7ffff64f0000 r--p 000f8000 fe:01 6217538                    /lib64/libm-2.19.so
7ffff64f0000-7ffff64f1000 rw-p 000f9000 fe:01 6217538                    /lib64/libm-2.19.so
7ffff64f1000-7ffff650a000 r-xp 00000000 fe:01 6217536                    /lib64/libpthread-2.19.so
7ffff650a000-7ffff6709000 ---p 00019000 fe:01 6217536                    /lib64/libpthread-2.19.so
7ffff6709000-7ffff670a000 r--p 00018000 fe:01 6217536                    /lib64/libpthread-2.19.so
7ffff670a000-7ffff670b000 rw-p 00019000 fe:01 6217536                    /lib64/libpthread-2.19.so
7ffff670b000-7ffff670f000 rw-p 00000000 00:00 0 
7ffff670f000-7ffff6767000 r-xp 00000000 fe:01 6177530                    /usr/lib64/libSDL-1.2.so.0.11.4
7ffff6767000-7ffff6966000 ---p 00058000 fe:01 6177530                    /usr/lib64/libSDL-1.2.so.0.11.4
7ffff6966000-7ffff6967000 r--p 00057000 fe:01 6177530                    /usr/lib64/libSDL-1.2.so.0.11.4
7ffff6967000-7ffff6968000 rw-p 00058000 fe:01 6177530                    /usr/lib64/libSDL-1.2.so.0.11.4
7ffff6968000-7ffff6971000 rw-p 00000000 00:00 0 
7ffff6971000-7ffff6a32000 r-xp 00000000 fe:01 6307746                    /usr/lib64/libasound.so.2.0.0
7ffff6a32000-7ffff6c32000 ---p 000c1000 fe:01 6307746                    /usr/lib64/libasound.so.2.0.0
7ffff6c32000-7ffff6c38000 r--p 000c1000 fe:01 6307746                    /usr/lib64/libasound.so.2.0.0
7ffff6c38000-7ffff6c3a000 rw-p 000c7000 fe:01 6307746                    /usr/lib64/libasound.so.2.0.0
7ffff6c3a000-7ffff6c4e000 r-xp 00000000 fe:01 38790                      /usr/lib64/libjack.so.0.0.28
7ffff6c4e000-7ffff6e4d000 ---p 00014000 fe:01 38790                      /usr/lib64/libjack.so.0.0.28
7ffff6e4d000-7ffff6e4e000 r--p 00013000 fe:01 38790                      /usr/lib64/libjack.so.0.0.28
7ffff6e4e000-7ffff6e4f000 rw-p 00014000 fe:01 38790                      /usr/lib64/libjack.so.0.0.28
7ffff6e4f000-7ffff6e58000 rw-p 00000000 00:00 0 
7ffff6e58000-7ffff6e5a000 r-xp 00000000 fe:01 5819235                    /usr/lib64/libxcb-shape.so.0.0.0
7ffff6e5a000-7ffff705a000 ---p 00002000 fe:01 5819235                    /usr/lib64/libxcb-shape.so.0.0.0
7ffff705a000-7ffff705b000 r--p 00002000 fe:01 5819235                    /usr/lib64/libxcb-shape.so.0.0.0
7ffff705b000-7ffff705c000 rw-p 00003000 fe:01 5819235                    /usr/lib64/libxcb-shape.so.0.0.0
7ffff705c000-7ffff7062000 r-xp 00000000 fe:01 5819260                    /usr/lib64/libxcb-xfixes.so.0.0.0
7ffff7062000-7ffff7261000 ---p 00006000 fe:01 5819260                    /usr/lib64/libxcb-xfixes.so.0.0.0
7ffff7261000-7ffff7262000 r--p 00005000 fe:01 5819260                    /usr/lib64/libxcb-xfixes.so.0.0.0
7ffff7262000-7ffff7263000 rw-p 00006000 fe:01 5819260                    /usr/lib64/libxcb-xfixes.so.0.0.0
7ffff7263000-7ffff7265000 r-xp 00000000 fe:01 5819267                    /usr/lib64/libxcb-shm.so.0.0.0
7ffff7265000-7ffff7464000 ---p 00002000 fe:01 5819267                    /usr/lib64/libxcb-shm.so.0.0.0
7ffff7464000-7ffff7465000 r--p 00001000 fe:01 5819267                    /usr/lib64/libxcb-shm.so.0.0.0
7ffff7465000-7ffff7466000 rw-p 00002000 fe:01 5819267                    /usr/lib64/libxcb-shm.so.0.0.0
7ffff7466000-7ffff7486000 r-xp 00000000 fe:01 5819230                    /usr/lib64/libxcb.so.1.1.0
7ffff7486000-7ffff7685000 ---p 00020000 fe:01 5819230                    /usr/lib64/libxcb.so.1.1.0
7ffff7685000-7ffff7686000 r--p 0001f000 fe:01 5819230                    /usr/lib64/libxcb.so.1.1.0
7ffff7686000-7ffff7687000 rw-p 00020000 fe:01 5819230                    /usr/lib64/libxcb.so.1.1.0
7ffff7687000-7ffff7699000 r-xp 00000000 fe:01 6168771                    /usr/lib64/libXext.so.6.4.0
7ffff7699000-7ffff7898000 ---p 00012000 fe:01 6168771                    /usr/lib64/libXext.so.6.4.0
7ffff7898000-7ffff7899000 r--p 00011000 fe:01 6168771                    /usr/lib64/libXext.so.6.4.0
7ffff7899000-7ffff789a000 rw-p 00012000 fe:01 6168771                    /usr/lib64/libXext.so.6.4.0
7ffff789a000-7ffff79d0000 r-xp 00000000 fe:01 6434906                    /usr/lib64/libX11.so.6.3.0
7ffff79d0000-7ffff7bd0000 ---p 00136000 fe:01 6434906                    /usr/lib64/libX11.so.6.3.0
7ffff7bd0000-7ffff7bd1000 r--p 00136000 fe:01 6434906                    /usr/lib64/libX11.so.6.3.0
7ffff7bd1000-7ffff7bd6000 rw-p 00137000 fe:01 6434906                    /usr/lib64/libX11.so.6.3.0
7ffff7bd6000-7ffff7bda000 r-xp 00000000 fe:01 5918641                    /usr/lib64/libXv.so.1.0.0
7ffff7bda000-7ffff7dda000 ---p 00004000 fe:01 5918641                    /usr/lib64/libXv.so.1.0.0
7ffff7dda000-7ffff7ddb000 r--p 00004000 fe:01 5918641                    /usr/lib64/libXv.so.1.0.0
7ffff7ddb000-7ffff7ddc000 rw-p 00005000 fe:01 5918641                    /usr/lib64/libXv.so.1.0.0
7ffff7ddc000-7ffff7dfd000 r-xp 00000000 fe:01 6217279                    /lib64/ld-2.19.so
7ffff7fac000-7ffff7fb7000 rw-p 00000000 00:00 0 
7ffff7ff6000-7ffff7ff8000 rw-p 00000000 00:00 0 
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 fe:01 6217279                    /lib64/ld-2.19.so
7ffff7ffd000-7ffff7ffe000 rw-p 00021000 fe:01 6217279                    /lib64/ld-2.19.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffdd000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff5637597 in raise () from /lib64/libc.so.6
(gdb) bt full
#0  0x00007ffff5637597 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff56388d8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff56762d4 in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff567bc0e in malloc_printerr () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007ffff567c936 in _int_free () from /lib64/libc.so.6
No symbol table info available.
#5  0x000000000120aeaa in av_free (ptr=0x1e7fda0)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/libavutil/mem.c:232
No locals.
#6  0x000000000120aecf in av_freep (arg=0x1e7fc60)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/libavutil/mem.c:239
        ptr = 0x1e7fc60
#7  0x0000000000648705 in mxf_read_close (s=0x1e80360)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/libavformat/mxfdec.c:2923
        mxf = 0x1e7fc60
        i = 0
#8  0x0000000000647947 in mxf_read_header (s=0x1e80360)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/libavformat/mxfdec.c:2643
        mxf = 0x1e7fc60
        klv = {key = "\006\016+4\002S\001\001\r\001\001\001\001\001\030", offset = 1555, 
          length = 112}
        essence_offset = 0
        ret = -12
#9  0x00000000006cb0ee in avformat_open_input (ps=0x7fffffffd390, 
    filename=0x7fffffffde3c "/home/cocobo/fuzz/invalid_pointer.mxf", fmt=0x0, options=0x1e76098)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/libavformat/utils.c:467
        s = 0x1e80360
        ret = 100
        tmp = 0x1e7f540
        id3v2_extra_meta = 0x0
#10 0x00000000004110e8 in open_input_file (o=0x7fffffffd470, 
    filename=0x7fffffffde3c "/home/cocobo/fuzz/invalid_pointer.mxf")
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/ffmpeg_opt.c:883
        f = 0x0
        ic = 0x1e80360
        file_iformat = 0x0
        err = 0
        i = 48
        ret = 0
        timestamp = 17179869184
        opts = 0x1235db7
        unused_opts = 0x0
        e = 0x0
        orig_nb_streams = 0
        video_codec_name = 0x0
        audio_codec_name = 0x0
        subtitle_codec_name = 0x0
        scan_all_pmts_set = 1
#11 0x0000000000419254 in open_files (l=0x1e6c0d8, inout=0x1235db7 "input", 
    open_file=0x4109f0 <open_input_file>)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/ffmpeg_opt.c:2710
        g = 0x1e76070
        o = {g = 0x1e76070, start_time = -9223372036854775808, format = 0x0, codec_names = 0x0, 
          nb_codec_names = 0, audio_channels = 0x0, nb_audio_channels = 0, audio_sample_rate = 0x0, 
          nb_audio_sample_rate = 0, frame_rates = 0x0, nb_frame_rates = 0, frame_sizes = 0x0, 
          nb_frame_sizes = 0, frame_pix_fmts = 0x0, nb_frame_pix_fmts = 0, input_ts_offset = 0, 
          rate_emu = 0, accurate_seek = 1, ts_scale = 0x0, nb_ts_scale = 0, dump_attachment = 0x0, 
          nb_dump_attachment = 0, hwaccels = 0x0, nb_hwaccels = 0, hwaccel_devices = 0x0, 
          nb_hwaccel_devices = 0, stream_maps = 0x0, nb_stream_maps = 0, audio_channel_maps = 0x0, 
          nb_audio_channel_maps = 0, metadata_global_manual = 0, metadata_streams_manual = 0, 
          metadata_chapters_manual = 0, attachments = 0x0, nb_attachments = 0, 
          chapters_input_file = 2147483647, recording_time = 9223372036854775807, 
          stop_time = 9223372036854775807, limit_filesize = 18446744073709551615, mux_preload = 0, 
          mux_max_delay = 0.699999988, shortest = 0, video_disable = 0, audio_disable = 0, 
          subtitle_disable = 0, data_disable = 0, streamid_map = 0x0, nb_streamid_map = 0, 
          metadata = 0x0, nb_metadata = 0, max_frames = 0x0, nb_max_frames = 0, 
          bitstream_filters = 0x0, nb_bitstream_filters = 0, codec_tags = 0x0, nb_codec_tags = 0, 
          sample_fmts = 0x0, nb_sample_fmts = 0, qscale = 0x0, nb_qscale = 0, 
          forced_key_frames = 0x0, nb_forced_key_frames = 0, force_fps = 0x0, nb_force_fps = 0, 
          frame_aspect_ratios = 0x0, nb_frame_aspect_ratios = 0, rc_overrides = 0x0, 
          nb_rc_overrides = 0, intra_matrices = 0x0, nb_intra_matrices = 0, inter_matrices = 0x0, 
          nb_inter_matrices = 0, chroma_intra_matrices = 0x0, nb_chroma_intra_matrices = 0, 
          top_field_first = 0x0, nb_top_field_first = 0, metadata_map = 0x0, nb_metadata_map = 0, 
          presets = 0x0, nb_presets = 0, copy_initial_nonkeyframes = 0x0, 
          nb_copy_initial_nonkeyframes = 0, copy_prior_start = 0x0, nb_copy_prior_start = 0, 
          filters = 0x0, nb_filters = 0, filter_scripts = 0x0, nb_filter_scripts = 0, 
          reinit_filters = 0x0, nb_reinit_filters = 0, fix_sub_duration = 0x0, 
          nb_fix_sub_duration = 0, canvas_sizes = 0x0, nb_canvas_sizes = 0, pass = 0x0, 
          nb_pass = 0, passlogfiles = 0x0, nb_passlogfiles = 0, guess_layout_max = 0x0, 
          nb_guess_layout_max = 0, apad = 0x0, nb_apad = 0, discard = 0x0, nb_discard = 0}
        i = 0
        ret = 0
#12 0x00000000004193e1 in ffmpeg_parse_options (argc=3, argv=0x7fffffffda08)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/ffmpeg_opt.c:2747
        octx = {global_opts = {group_def = 0x1233f40 <global_group>, arg = 0x123261b "", 
            opts = 0x0, nb_opts = 0, codec_opts = 0x0, format_opts = 0x0, resample_opts = 0x0, 
            sws_opts = 0x0, swr_opts = 0x0}, groups = 0x1e6c0c0, nb_groups = 2, cur_group = {
            group_def = 0x0, arg = 0x0, opts = 0x0, nb_opts = 0, codec_opts = 0x0, 
            format_opts = 0x0, resample_opts = 0x0, sws_opts = 0x0, swr_opts = 0x0}}
        error = "\000\000\000\000\000\000\000\000\",#\001", '\000' <repeats 28 times>, "\312{m\000\000\000\000\000\360\330\377\377\377\177\000\000\274\331A\000\000\000\000\000\",#\001\000\000\000\000\000\062O\001\001\000\000\000\004`\000\000\005\000\000\000\277\000\000\000\061\n\000\000\000\003\034\177\025\004\000\001\000\021\023\032\000\022\017\027\026", '\000' <repeats 14 times>
        ret = 0
#13 0x000000000042ca2a in main (argc=3, argv=0x7fffffffda08)
    at /home/cocobo/repository/mpv-build_vanilla_debug/ffmpeg/ffmpeg.c:3941
        ret = 32767
        ti = 0

Attachments (2)

invalid_pointer.mxf (2.3 KB ) - added by tholin 9 years ago.
patchmxf.diff (1.7 KB ) - added by Carl Eugen Hoyos 9 years ago.

Download all attachments as: .zip

Change History (5)

by tholin, 9 years ago

Attachment: invalid_pointer.mxf added

by Carl Eugen Hoyos, 9 years ago

Attachment: patchmxf.diff added

comment:1 by Carl Eugen Hoyos, 9 years ago

Please test attached patch.

comment:2 by tholin, 9 years ago

Patch works for me. No crash or valgrind warnings.

comment:3 by Michael Niedermayer, 9 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.