Opened 6 years ago

Closed 6 years ago

#2841 closed defect (fixed)

jpeg2000: fpe with fuzzed file

Reported by: ami_stuff Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

knoppix@Microknoppix:/media/sdb1$ gdb ffmpeg/ffmpeg_g
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg/ffmpeg_g...done.
(gdb) r -i fuzzed2.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i fuzzed2.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug  6 2013 21:17:38 with gcc 4.7 (Debian 4.7.2-4)
  configuration: --enable-gpl --disable-yasm --disable-ffprobe --disable-ffserver
  libavutil      52. 40.100 / 52. 40.100
  libavcodec     55. 20.100 / 55. 20.100
  libavformat    55. 13.101 / 55. 13.101
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.100 /  3. 82.100
  libswscale      2.  4.100 /  2.  4.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, avi, from 'fuzzed2.avi':
  Duration: 00:00:05.96, start: 0.000000, bitrate: 320 kb/s
    Stream #0:0: Video: jpeg2000 (JPEG 2000 codestream restriction 0) (MJ2C / 0x43324A4D), rgb24, 192x128, 24 fps, 24 tbr, 24 tbn, 24 tbc
    Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 11025 Hz, mono, s16p, 7 kb/s
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.13.101
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 192x128, q=2-31, 200 kb/s, 90k tbn, 24 tbc
    Stream #0:1: Audio: pcm_s16le, 11025 Hz, mono, s16, 176 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (jpeg2000 -> rawvideo)
  Stream #0:1 -> #0:1 (mp3 -> pcm_s16le)
Press [q] to stop, [?] for help
[null @ 0x90d7500] Encoder did not produce proper pts, making some up.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] extra cblk styles 2
[jpeg2000 @ 0x90d4620] unsupported marker 0xFB90 at pos 0x66
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Operation not permitted
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[mp3 @ 0x90d5160] overread, skip -9 enddists: -3 -3
[jpeg2000 @ 0x90d4620] unsupported marker 0xDF52 at pos 0x33
[jpeg2000 @ 0x90d4620] unsupported marker 0xFB90 at pos 0x66
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] [IMGUTILS @ 0xbffff0c4] Picture size 192x4294963328 is invalid
[jpeg2000 @ 0x90d4620] video_get_buffer: image parameters invalid
[jpeg2000 @ 0x90d4620] get_buffer() failed
[jpeg2000 @ 0x90d4620] thread_get_buffer() failed
Error while decoding stream #0:0: Invalid argument
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[mp3 @ 0x90d5160] overread, skip -9 enddists: -2 -2
[jpeg2000 @ 0x90d4620] Support for 3 components is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[jpeg2000 @ 0x90d4620] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[jpeg2000 @ 0x90d4620] unsupported marker 0xFFD1 at pos 0x2
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
Error while decoding stream #0:0: Invalid data found when processing input
[mp3 @ 0x90d5160] overread, skip -7 enddists: -2 -2
[jpeg2000 @ 0x90d4620] unsupported marker 0xBF90 at pos 0x66
[jpeg2000 @ 0x90d4620] Missing SOT
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] EPH marker not found.
    Last message repeated 8 times
Input stream #0:0 frame changed from size:192x128 fmt:rgb24 to size:194x128 fmt:rgb24
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument
[avi @ 0x90d3d40] Invalid stream + prefix combination, assuming audio.
[mp3 @ 0x90d5160] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] unsupported marker 0xFD51 at pos 0x2
[jpeg2000 @ 0x90d4620] error during processing marker segment ff90
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] SOC marker not present
Error while decoding stream #0:0: Invalid data found when processing input
[jpeg2000 @ 0x90d4620] error during processing marker segment ff51
Error while decoding stream #0:0: Invalid argument

Program received signal SIGFPE, Arithmetic exception.
0x08504745 in ff_jpeg2000_ceildiv (b=0, a=<optimized out>)
    at libavcodec/jpeg2000.h:214
214	    return (a + b - 1) / b;
(gdb) bt
#0  0x08504745 in ff_jpeg2000_ceildiv (b=0, a=<optimized out>)
    at libavcodec/jpeg2000.h:214
#1  ff_jpeg2000_init_component (comp=0x90d9340, codsty=codsty@entry=0x90d8ce8, 
    qntsty=qntsty@entry=0x90d8e38, cbps=8, dx=3, dy=0, avctx=0x90d4620)
    at libavcodec/jpeg2000.c:369
#2  0x08508927 in init_tile (tileno=<optimized out>, s=0x90c4ba0)
    at libavcodec/jpeg2000dec.c:668
#3  jpeg2000_read_bitstream_packets (s=0x90c4ba0)
    at libavcodec/jpeg2000dec.c:1459
#4  jpeg2000_decode_frame (avctx=0x90d4620, data=0x90c4320, 
    got_frame=0xbffff574, avpkt=0xbffff318) at libavcodec/jpeg2000dec.c:1617
#5  0x08671abe in avcodec_decode_video2 (avctx=0x90d4620, 
    picture=picture@entry=0x90c4320, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff574, 
    avpkt=avpkt@entry=0xbffff7c0) at libavcodec/utils.c:1986
#6  0x080b2cdd in decode_video (ist=ist@entry=0x910e640, 
    pkt=pkt@entry=0xbffff7c0, got_output=got_output@entry=0xbffff574)
    at ffmpeg.c:1653
#7  0x080b6422 in output_packet (pkt=0xbffff758, ist=0x910e640)
    at ffmpeg.c:1851
#8  process_input (file_index=2) at ffmpeg.c:3063
#9  0x080a1fc3 in transcode_step () at ffmpeg.c:3159
#10 transcode () at ffmpeg.c:3211
---Type <return> to continue, or q <return> to quit---
#11 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
(gdb) 

Attachments (1)

fuzzed2.avi (233.0 KB) - added by ami_stuff 6 years ago.

Download all attachments as: .zip

Change History (2)

Changed 6 years ago by ami_stuff

comment:1 Changed 6 years ago by michael

  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.