Context Navigation

#5099 closed defect (fixed)

dxv: crash with fuzzed file 2

Reported by:	ami_stuff	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	dxv crash SIGSEGV
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

http://www.datafilehost.com/d/20ff4a86

(gdb) r -i 2_fuzz.mov -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 2_fuzz.mov -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (Debian 4.7.2-4)
  configuration: --enable-gpl --disable-ffprobe --disable-ffplay
  libavutil      55.  7.100 / 55.  7.100
  libavcodec     57. 15.100 / 57. 15.100
  libavformat    57. 17.100 / 57. 17.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 15.100 /  6. 15.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x9729200] overread end of atom 'stsd' by 256 bytes
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '2_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2015-12-21 17:17:04
  Duration: 00:00:12.64, start: 0.000000, bitrate: 6237 kb/s
    Stream #0:0(eng): Video: dxv (DXD3 / 0x33445844), rgba, 320x240, 1407876 kb/s, 23.97 fps, 23.97 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2015-12-21 17:17:04
      handler_name    : Procedura obsďż˝ugi skrďż˝tďż˝w danych Apple
      encoder         : DXV 3
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf57.17.100
    Stream #0:0(eng): Video: wrapped_avframe, rgba, 320x240, q=2-31, 200 kb/s, 23.97 fps, 23.97 tbn, 23.97 tbc (default)
    Metadata:
      creation_time   : 2015-12-21 17:17:04
      handler_name    : Procedura obsďż˝ugi skrďż˝tďż˝w danych Apple
      encoder         : Lavc57.15.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (dxv (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x083d12d9 in dxv_decompress_dxt5 (avctx=avctx@entry=0x972eca0)
    at libavcodec/dxv.c:300
300	                prev = AV_RL32(ctx->tex_data + 4 * (pos - idx));
(gdb)

Attachments (1)

2_fuzz_cut.mov (2.4 MB ) - added by Carl Eugen Hoyos 8 years ago.

Change History (3)

by Carl Eugen Hoyos, 8 years ago

Attachment:	2_fuzz_cut.mov added

comment:1 by Carl Eugen Hoyos, 8 years ago

Component:	undetermined → avcodec
Keywords:	dxv crash SIGSEGV added
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open
Version:	unspecified → git-master

comment:2 by Michael Niedermayer, 8 years ago

Resolution:	→ fixed
Status:	open → closed

Fixed in eb8a67de75ef6fd043f5749f6448c1874f149783

Note: See TracTickets for help on using tickets.

Download in other formats: