Opened 7 years ago
Closed 7 years ago
#6196 closed defect (fixed)
scpr: SIGFPE with fuzzed file
Reported by: | ami_stuff | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | git-master | Keywords: | scpr |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
(gdb) r -i browsing_fuzz.avi -f null - Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i browsing_fuzz.avi -f null - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". ffmpeg version 3.2.git Copyright (c) 2000-2017 the FFmpeg developers built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204 configuration: --disable-ffprobe --disable-ffplay --disable-ffserver --enable-gpl libavutil 55. 47.100 / 55. 47.100 libavcodec 57. 81.100 / 57. 81.100 libavformat 57. 66.102 / 57. 66.102 libavdevice 57. 2.100 / 57. 2.100 libavfilter 6. 74.100 / 6. 74.100 libswscale 4. 3.101 / 4. 3.101 libswresample 2. 4.100 / 2. 4.100 libpostproc 54. 2.100 / 54. 2.100 [avi @ 0x9a28200] Something went wrong during header parsing, tag Y[220][216]f has size 2968288127, I will ignore it and try to continue anyway. Input #0, avi, from 'browsing_fuzz.avi': Duration: 00:00:54.67, start: 0.000000, bitrate: 315 kb/s Stream #0:0: Video: scpr (SCPR / 0x52504353), bgr0, 932x720, 15 fps, 15 tbr, 15 tbn, 15 tbc [New Thread 0xb68c6b40 (LWP 2913)] [New Thread 0xb60c5b40 (LWP 2914)] [New Thread 0xb58c4b40 (LWP 2915)] [New Thread 0xb50c3b40 (LWP 2916)] [New Thread 0xb48c2b40 (LWP 2917)] [New Thread 0xb40c1b40 (LWP 2918)] [New Thread 0xb38c0b40 (LWP 2919)] [New Thread 0xb30bfb40 (LWP 2920)] [New Thread 0xb28beb40 (LWP 2921)] Output #0, null, to 'pipe:': Metadata: encoder : Lavf57.66.102 Stream #0:0: Video: wrapped_avframe, bgr0, 932x720, q=2-31, 200 kb/s, 15 fps, 15 tbn, 15 tbc Metadata: encoder : Lavc57.81.100 wrapped_avframe Stream mapping: Stream #0:0 -> #0:0 (scpr (native) -> wrapped_avframe (native)) Press [q] to stop, [?] for help Error while decoding stream #0:0: Invalid argument Last message repeated 11 times Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome Error while decoding stream #0:0: Invalid argument Last message repeated 3 times Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome Error while decoding stream #0:0: Invalid argument Last message repeated 53 times Program received signal SIGFPE, Arithmetic exception. 0x08c5d888 in __udivdi3 () (gdb) bt #0 0x08c5d888 in __udivdi3 () #1 0x086ad541 in decode0 (gb=0xb68c7028, rc=0xb68c7034, cumFreq=0, freq=0, total_freq=0) at libavcodec/scpr.c:164 #2 0x086adc27 in decode_value (s=s@entry=0xb68c7020, cnt=cnt@entry=0xb7594900, step=step@entry=1, rval=0xbfffe724, maxc=256) at libavcodec/scpr.c:205 #3 0x086aea7f in decompress_p (plinesize=<optimized out>, prev=<optimized out>, linesize=<optimized out>, dst=<optimized out>, avctx=0x9a29f00) at libavcodec/scpr.c:482 #4 decode_frame (avctx=0x9a29f00, data=0x9a2c240, got_frame=0xbfffe83c, avpkt=0xbfffe7ac) at libavcodec/scpr.c:770 #5 0x0872a939 in avcodec_decode_video2 (avctx=0x9a29f00, picture=0x9a2c240, got_picture_ptr=0xbfffe83c, avpkt=0xbfffe938) at libavcodec/utils.c:2263 #6 0x0872b8bd in do_decode (avctx=avctx@entry=0x9a29f00, pkt=pkt@entry=0xbfffe938) at libavcodec/utils.c:2796 #7 0x0872c690 in avcodec_send_packet (avctx=0x9a29f00, avpkt=<optimized out>) at libavcodec/utils.c:2885 #8 0x080e85b7 in decode (pkt=0xbfffe938, got_frame=0xbfffead4, frame=<optimized out>, avctx=0x9a29f00) at ffmpeg.c:2052 #9 decode_video (ist=ist@entry=0x9a29da0, pkt=pkt@entry=0xbfffeb14, got_output=got_output@entry=0xbfffead4, eof=0) at ffmpeg.c:2248 #10 0x080e9976 in process_input_packet (ist=0x9a29da0, pkt=0xbfffed44, no_eof=0) at ffmpeg.c:2491 ---Type <return> to continue, or q <return> to quit--- #11 0x080c7a46 in process_input (file_index=<optimized out>) at ffmpeg.c:4251 #12 transcode_step () at ffmpeg.c:4339 #13 transcode () at ffmpeg.c:4393 #14 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4598 (gdb)
Attachments (1)
Change History (2)
by , 7 years ago
Attachment: | browsing_fuzz.avi added |
---|
comment:1 by , 7 years ago
Component: | undetermined → avcodec |
---|---|
Keywords: | scpr added |
Priority: | normal → important |
Reproduced by developer: | set |
Resolution: | → fixed |
Status: | new → closed |
Version: | unspecified → git-master |
Note:
See TracTickets
for help on using tickets.
Fixed in 86ab6b6e08e2982fb5785e0691c0a7e289339ffb.