Opened 11 years ago
Closed 11 years ago
#2844 closed defect (fixed)
flashsv2: crash with fuzzed file
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | flashsv2 crash |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://www1.datafilehost.com/d/079c80f1
knoppix@Microknoppix:/media/sdb1/ffmpeg$ ./ffmpeg_g -i ../fflashsv2.flv -f null -
ffmpeg version 2.0 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 6 2013 21:17:38 with gcc 4.7 (Debian 4.7.2-4)
configuration: --enable-gpl --disable-yasm --disable-ffprobe --disable-ffserver
libavutil 52. 40.100 / 52. 40.100
libavcodec 55. 20.100 / 55. 20.100
libavformat 55. 13.101 / 55. 13.101
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.100 / 3. 82.100
libswscale 2. 4.100 / 2. 4.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Input #0, flv, from '../fflashsv2.flv':
Metadata:
encoder : Lavf55.13.101
Duration: 00:00:12.64, start: 0.000000, bitrate: 7524 kb/s
Stream #0:0: Video: flashsv2, bgr24, 320x240, 200 kb/s, 23.98 tbr, 1k tbn, 1k tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.13.101
Stream #0:0: Video: rawvideo (BGR[24] / 0x18524742), bgr24, 320x240, q=2-31, 200 kb/s, 90k tbn, 23.98 tbc
Stream mapping:
Stream #0:0 -> #0:0 (flashsv2 -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x90e4400] Encoder did not produce proper pts, making some up.
[flashsv2 @ 0x90d4620] Zlib resync occurred
Last message repeated 1 times
Error while decoding stream #0:0: Invalid data found when processing input
[flashsv2 @ 0x90d4620] Zlib resync occurred
Segmentation fault (core dumped)es
knoppix@Microknoppix:/media/sdb1/ffmpeg$ gdb -c core ffmpeg_g
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg/ffmpeg_g...done.
[New LWP 26609]
warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Failed to read a valid object file image from memory.
Core was generated by `./ffmpeg_g -i ../fflashsv2.flv -f null -'.
Program terminated with signal 11, Segmentation fault.
#0 0xb74e7124 in _int_free (av=<optimized out>, p=0x95b4408) at malloc.c:4973
4973 malloc.c: No such file or directory.
(gdb) bt
#0 0xb74e7124 in _int_free (av=<optimized out>, p=0x95b4408) at malloc.c:4973
#1 0xb74ea3ed in *__GI___libc_free (mem=0x95b4440) at malloc.c:3738
#2 0x08858842 in av_free (ptr=<optimized out>) at libavutil/mem.c:210
#3 av_freep (arg=arg@entry=0xbfb5284c) at libavutil/mem.c:217
#4 0x082362cf in read_from_packet_buffer (pkt=<optimized out>,
pkt_buffer_end=<optimized out>, pkt_buffer=<optimized out>)
at libavformat/utils.c:1284
#5 av_read_frame (s=0x90d3d40, pkt=pkt@entry=0xbfb52b38)
at libavformat/utils.c:1448
#6 0x080b5a76 in get_input_packet (pkt=0xbfb52b18, f=0x90d49e0)
at ffmpeg.c:2852
#7 process_input (file_index=0) at ffmpeg.c:2889
#8 0x080a1fc3 in transcode_step () at ffmpeg.c:3159
#9 transcode () at ffmpeg.c:3211
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
(gdb)
Change History (2)
comment:1 by , 11 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | flashsv2 crash added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in 880c73cd76109697447fbfbaa8e5ee5683309446