Context Navigation

#5495 closed defect (fixed)

dsf: fpe with fuzzed file

Reported by:	ami_stuff	Owned by:
Priority:	important	Component:	avformat
Version:	git-master	Keywords:	dsf crash fpe
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

https://www.datafilehost.com/d/3e49d49c

(gdb) r -i fpe_fuzz.dsf 
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i fpe_fuzz.dsf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.1)
  configuration: --enable-gpl --disable-ffprobe --disable-ffplay --disable-ffserver
  libavutil      55. 23.100 / 55. 23.100
  libavcodec     57. 38.100 / 57. 38.100
  libavformat    57. 34.103 / 57. 34.103
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 44.100 /  6. 44.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[dsf @ 0x973d1a0] Failed to uncompress tag: -3

Program received signal SIGFPE, Arithmetic exception.
0x0822f1e8 in dsf_read_header (s=0x973d1a0) at libavformat/dsfdec.c:120
120	    if (st->codecpar->block_align > INT_MAX / st->codecpar->channels) {
(gdb) bt
#0  0x0822f1e8 in dsf_read_header (s=0x973d1a0) at libavformat/dsfdec.c:120
#1  0x0834960d in avformat_open_input (ps=ps@entry=0xbfffecdc, 
    filename=filename@entry=0xbffff346 "fpe_fuzz.dsf", fmt=fmt@entry=0x0, 
    options=0x973d0ec) at libavformat/utils.c:552
#2  0x080d63a5 in open_input_file (o=o@entry=0xbfffed8c, 
    filename=<optimized out>) at ffmpeg_opt.c:949
#3  0x080da66b in open_files (inout=0x8c73202 "input", 
    open_file=0x80d4a80 <open_input_file>, l=<optimized out>, 
    l=<optimized out>) at ffmpeg_opt.c:3003
#4  ffmpeg_parse_options (argc=argc@entry=3, argv=argv@entry=0xbffff154)
    at ffmpeg_opt.c:3040
#5  0x080c8c5a in main (argc=3, argv=0xbffff154) at ffmpeg.c:4321
(gdb)

Attachments (1)

fpe_fuzz_cut.dsf (2.4 MB ) - added by Carl Eugen Hoyos 8 years ago.

Change History (3)

by Carl Eugen Hoyos, 8 years ago

Attachment:	fpe_fuzz_cut.dsf added

comment:1 by Carl Eugen Hoyos, 8 years ago

Component:	undetermined → avformat
Keywords:	dsf crash fpe added
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open
Version:	unspecified → git-master

comment:2 by Elon Musk, 8 years ago

Resolution:	→ fixed
Status:	open → closed

Fixed in d171cd076f611b70a9d2e08bc261b470affcb932.

Note: See TracTickets for help on using tickets.

Download in other formats: