Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#2840 closed defect (fixed)

jpeg2000: crash with fuzzed file (and limited available memory)

Reported by: ami_stuff Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: j2k crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

It also crashes for me without ulimit under zzuf, but not with ffmpeg ran alone.

ffmpeg-HEAD-18d7074

knoppix@Microknoppix:/media/sdb1/ffmpeg$ ulimit -c unlimited -Sv 1700000
knoppix@Microknoppix:/media/sdb1/ffmpeg$ ./ffmpeg_g -i ../fuzzed.avi -f null -
ffmpeg version 2.0 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug  6 2013 21:17:38 with gcc 4.7 (Debian 4.7.2-4)
  configuration: --enable-gpl --disable-yasm --disable-ffprobe --disable-ffserver
  libavutil      52. 40.100 / 52. 40.100
  libavcodec     55. 20.100 / 55. 20.100
  libavformat    55. 13.101 / 55. 13.101
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.100 /  3. 82.100
  libswscale      2.  4.100 /  2.  4.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
[jpeg2000 @ 0x90d4620] Support for 0 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
[jpeg2000 @ 0x90d4620] Unknown pix_fmt, profile: 0, colour_space: 0, components: 3, precision: 8, cdx[1]: 9, cdy[1]: 1, cdx[2]: 1, cdy[2]: 1
[jpeg2000 @ 0x90d4620] [IMGUTILS @ 0xbfdedf44] Picture size 134217920x128 is invalid
[jpeg2000 @ 0x90d4620] video_get_buffer: image parameters invalid
[jpeg2000 @ 0x90d4620] get_buffer() failed
[jpeg2000 @ 0x90d4620] thread_get_buffer() failed
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52
[mp3 @ 0x90d5160] Header missing
    Last message repeated 1 times
Input #0, avi, from '../fuzzed.avi':
  Duration: 00:00:05.96, start: 0.000000, bitrate: 320 kb/s
    Stream #0:0: Video: jpeg2000 (JPEG 2000 codestream restriction 0) (MJ2C / 0x43324A4D), rgb24, 192x128, 24 fps, 24 tbr, 24 tbn, 24 tbc
    Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 11025 Hz, mono, s16p, 7 kb/s
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.13.101
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 192x128, q=2-31, 200 kb/s, 90k tbn, 24 tbc
    Stream #0:1: Audio: pcm_s16le, 11025 Hz, mono, s16, 176 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (jpeg2000 -> rawvideo)
  Stream #0:1 -> #0:1 (mp3 -> pcm_s16le)
Press [q] to stop, [?] for help
[jpeg2000 @ 0x90d4620] Support for 0 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] [IMGUTILS @ 0xbfdee214] Picture size 134217920x128 is invalid
[jpeg2000 @ 0x90d4620] video_get_buffer: image parameters invalid
[jpeg2000 @ 0x90d4620] get_buffer() failed
[jpeg2000 @ 0x90d4620] thread_get_buffer() failed
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52 
Error while decoding stream #0:0: Operation not permitted
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF58 at pos 0x41
[jpeg2000 @ 0x90d4620] Psot 1496 too big
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] extra cblk styles 40
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF50 at pos 0x2
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52
Error while decoding stream #0:0: Operation not permitted
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] cblk size invalid
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52
Error while decoding stream #0:0: Invalid data found when processing input
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Operation not permitted
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF1A at pos 0x33
[jpeg2000 @ 0x90d4620] Psot 268436888 too big
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] Invalid tile dimension -2147483456x128.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF54 at pos 0x41
[jpeg2000 @ 0x90d4620] [IMGUTILS @ 0xbfdee214] Picture size 4194496x12583040 is invalid
[jpeg2000 @ 0x90d4620] video_get_buffer: image parameters invalid
[jpeg2000 @ 0x90d4620] get_buffer() failed
[jpeg2000 @ 0x90d4620] thread_get_buffer() failed
Error while decoding stream #0:0: Invalid argument
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[null @ 0x90d5f20] Application provided invalid, non monotonically increasing dts to muxer in stream 1: 56327 >= 51624
[null @ 0x90d5f20] Application provided invalid, non monotonically increasing dts to muxer in stream 1: 56327 >= 56327
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] cblk size invalid
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] unsupported marker 0xDF51 at pos 0x2
[jpeg2000 @ 0x90d4620] unsupported marker 0xFFDC at pos 0x41
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] unsupported marker 0xDF51 at pos 0x2
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] unsupported marker 0xF751 at pos 0x2
[jpeg2000 @ 0x90d4620] unsupported marker 0x7F52 at pos 0x33
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF80 at pos 0x66
[jpeg2000 @ 0x90d4620] Missing SOT
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] nreslevels 70 is invalid
[jpeg2000 @ 0x90d4620] error during processing marker segment ff52
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] [IMGUTILS @ 0xbfdee214] Picture size 1048768x128 is invalid
[jpeg2000 @ 0x90d4620] video_get_buffer: image parameters invalid
[jpeg2000 @ 0x90d4620] get_buffer() failed
[jpeg2000 @ 0x90d4620] thread_get_buffer() failed
Error while decoding stream #0:0: Invalid argument
[mp3 @ 0x90d5160] overread, skip -5 enddists: -2 -2
[mp3 @ 0x90d5160] overread, skip -7 enddists: -3 -3
[jpeg2000 @ 0x90d4620] Psot 134219156 too big
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] unsupported marker 0xFE51 at pos 0x2
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF5A at pos 0x33
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] Psot 8390025 too big
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] unsupported marker 0xFF71 at pos 0x2
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Segmentation fault (core dumped)
knoppix@Microknoppix:/media/sdb1/ffmpeg$ gdb -c core ffmpeg_g
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg/ffmpeg_g...done.
[New LWP 10797]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Failed to read a valid object file image from memory.
Core was generated by `./ffmpeg_g -i ../fuzzed.avi -f null -'.
Program terminated with signal 11, Segmentation fault.
#0  ff_jpeg2000_cleanup (comp=0x0, codsty=0x5b718404)
    at libavcodec/jpeg2000.c:505
505	         comp->reslevel && reslevelno < codsty->nreslevels;
(gdb) bt
#0  ff_jpeg2000_cleanup (comp=0x0, codsty=0x5b718404)
    at libavcodec/jpeg2000.c:505
#1  0x08507c00 in jpeg2000_dec_cleanup (s=0x90c4c20)
    at libavcodec/jpeg2000dec.c:1346
#2  jpeg2000_decode_frame (avctx=0x90d4620, data=0x90c43c0, 
    got_frame=0xbfdee6c4, avpkt=0xbfdee468) at libavcodec/jpeg2000dec.c:1634
#3  0x08671abe in avcodec_decode_video2 (avctx=0x90d4620, 
    picture=picture@entry=0x90c43c0, 
    got_picture_ptr=got_picture_ptr@entry=0xbfdee6c4, 
    avpkt=avpkt@entry=0xbfdee910) at libavcodec/utils.c:1986
#4  0x080b2cdd in decode_video (ist=ist@entry=0x90d6de0, 
    pkt=pkt@entry=0xbfdee910, got_output=got_output@entry=0xbfdee6c4)
    at ffmpeg.c:1653
#5  0x080b6422 in output_packet (pkt=0xbfdee8a8, ist=0x90d6de0)
    at ffmpeg.c:1851
#6  process_input (file_index=2) at ffmpeg.c:3063
#7  0x080a1fc3 in transcode_step () at ffmpeg.c:3159
#8  transcode () at ffmpeg.c:3211
#9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
(gdb) 

Attachments (1)

fuzzed.avi (233.0 KB) - added by ami_stuff 6 years ago.

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by ami_stuff

comment:1 Changed 6 years ago by michael

  • Component changed from undetermined to avcodec
  • Keywords jpeg2000 added
  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed

comment:2 Changed 6 years ago by cehoyos

  • Keywords j2k crash SIGSEGV added; jpeg2000 removed
  • Version changed from unspecified to git-master
Note: See TracTickets for help on using tickets.