Opened 8 years ago

Closed 8 years ago

#5052 closed defect (fixed)

ffv1 fuzzing crash with API

Reported by: Kieran Kunhya Owned by:
Priority: important Component: avcodec
Version: 2.4.11 Keywords: ffv1 crash regression
Cc: Michael Niedermayer Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

FFmpeg compiled with:

--disable-everything --enable-demuxer=matroska --enable-decoder=ffv1 --enable-muxer=rawvideo --enable-encoder=rawvideo --enable-protocol=file

Test application:
http://paste.ubuntu.com/13600344/

./fffuzz fuzz.mkv /dev/null

Sample:
http://obe.tv/Downloads/fuzz/fuzz.mkv

Crash:
http://paste.ubuntu.com/13600369/

Change History (18)

comment:1 by Michael Niedermayer, 8 years ago

Which ffmpeg revission is that ? the line numbers from the stack trace seem not to match ffmpeg master

comment:2 by Michael Niedermayer, 8 years ago

Cannot reproduce this (tried attached app with provided configure with and without valgrind

comment:3 by Michael Niedermayer, 8 years ago

Cc: Michael Niedermayer added

comment:4 by Kieran Kunhya, 8 years ago

The fuzzer is using 93f3752b970cc7c9e1a360037fff1ddb9dcbb86e (FFmpeg 2.7.3)

comment:5 by Carl Eugen Hoyos, 8 years ago

Component: undeterminedavcodec
Keywords: ffv1 crash regression added
Priority: normalimportant
Version: unspecified2.8.3

Regression since a0c0900e still reproducible with 2.0.7, 2.1.8, 2.2.16, 2.3.6 and 2.4.11.

Last edited 8 years ago by Carl Eugen Hoyos (previous) (diff)

comment:6 by Kieran Kunhya, 8 years ago

Resolution: fixed
Status: newclosed

Fixed in release branches

comment:7 by Carl Eugen Hoyos, 8 years ago

Resolution: fixed
Status: closedreopened

comment:8 by Kieran Kunhya, 8 years ago

This is fixed, no?

comment:9 by Carl Eugen Hoyos, 8 years ago

No.

comment:10 by Kieran Kunhya, 8 years ago

Michael's backports fixed it for me, which revision fails?

comment:11 by Carl Eugen Hoyos, 8 years ago

What is unclear about comment:5?

comment:12 by Carl Eugen Hoyos, 8 years ago

(Whose backports?)

comment:14 by Carl Eugen Hoyos, 8 years ago

Ah, my backports from today.

comment:15 by Kieran Kunhya, 8 years ago

Ah sorry, your backports.

comment:16 by Michael Niedermayer, 8 years ago

Version: 2.8.32.4.11

IIUC the newest release branch this is still unfixed on is 2.4, thus updating version

comment:17 by Michael Niedermayer, 8 years ago

backported the commits that fixed it in previous releases to 2.4

in reply to:  17 comment:18 by Carl Eugen Hoyos, 8 years ago

Resolution: fixed
Status: reopenedclosed

Replying to michael:

backported the commits that fixed it in previous releases to 2.4

Thank you!

Note: See TracTickets for help on using tickets.