Opened 7 years ago

Closed 7 years ago

#6498 closed defect (fixed)

interplayvideo: assertion failure with fuzzed file

Reported by: ami_stuff Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

(gdb) r -i vopen_fuzz.mve -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i vopen_fuzz.mve -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.3.git Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      55. 67.100 / 55. 67.100
  libavcodec     57.100.102 / 57.100.102
  libavformat    57. 75.100 / 57. 75.100
  libavdevice    57.  7.100 / 57.  7.100
  libavfilter     6. 94.100 /  6. 94.100
  libswscale      4.  7.101 /  4.  7.101
  libswresample   2.  8.100 /  2.  8.100
  libpostproc    54.  6.100 / 54.  6.100
Input #0, ipmovie, from 'vopen_fuzz.mve':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: interplayvideo, pal8, 320x128, 10 fps, 10 tbr, 1000k tbn, 1000k tbc
Stream mapping:
  Stream #0:0 -> #0:0 (interplayvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[interplayvideo @ 0x9a7df40] Invalid decode type, corrupted header?
[New Thread 0xb7596b40 (LWP 28728)]
[New Thread 0xb6d95b40 (LWP 28729)]
[New Thread 0xb6594b40 (LWP 28730)]
[New Thread 0xb5d93b40 (LWP 28731)]
[New Thread 0xb5592b40 (LWP 28732)]
[New Thread 0xb4d91b40 (LWP 28733)]
[New Thread 0xb4590b40 (LWP 28734)]
[New Thread 0xb3d8fb40 (LWP 28735)]
[New Thread 0xb358eb40 (LWP 28736)]
    Last message repeated 1 times
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.75.100
    Stream #0:0: Video: wrapped_avframe, pal8, 320x128, q=2-31, 200 kb/s, 10 fps, 10 tbn, 10 tbc
    Metadata:
      encoder         : Lavc57.100.102 wrapped_avframe
[interplayvideo @ 0x9a7df40] motion offset < 0 (-3360)
[interplayvideo @ 0x9a7df40] motion offset above limit (42712 >= 38712)
[interplayvideo @ 0x9a7df40] motion offset < 0 (-16239)
[interplayvideo @ 0x9a7df40] motion offset < 0 (-11056)
[interplayvideo @ 0x9a7df40] motion offset < 0 (-5816)
[interplayvideo @ 0x9a7df40] motion offset above limit (44667 >= 38712)
Assertion buf_size >= 0 failed at libavcodec/bytestream.h:137

Program received signal SIGABRT, Aborted.
0xb7fdccb0 in ?? ()
(gdb) bt
#0  0xb7fdccb0 in ?? ()
#1  0x088c4cf0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) 

Attachments (1)

vopen_fuzz.mve (435.6 KB ) - added by ami_stuff 7 years ago.

Download all attachments as: .zip

Change History (2)

by ami_stuff, 7 years ago

Attachment: vopen_fuzz.mve added

comment:1 by Elon Musk, 7 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.