Context Navigation

#2978 closed defect (fixed)

png: deadlock with fuzzed file

Reported by:	ami_stuff	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	png deadlock regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

http://www1.datafilehost.com/d/26922af6

knoppix@Microknoppix:/media/sdb1$ gdb ffmpeg-HEAD-93439e8/ffmpeg_g
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g...done.
(gdb) r -threads 1 -i ./png_deadlock.avi -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -threads 1 -i ./png_deadlock.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-ffserver
  libavutil      52. 44.100 / 52. 44.100
  libavcodec     55. 31.101 / 55. 31.101
  libavformat    55. 18.100 / 55. 18.100
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 86.101 /  3. 86.101
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, avi, from './png_deadlock.avi':
  Duration: 00:00:04.00, start: 0.000000, bitrate: 8987 kb/s
    Stream #0:0: Video: png (MPNG / 0x474E504D), rgba, 160x120 [SAR 2834:2834 DAR 4:3], 40 tbr, 40 tbn, 40 tbc
[New Thread 0xb7df8b70 (LWP 1842)]
[New Thread 0xb75f8b70 (LWP 1843)]
[New Thread 0xb6df8b70 (LWP 1844)]
[New Thread 0xb65f8b70 (LWP 1845)]
[New Thread 0xb5df8b70 (LWP 1846)]
[New Thread 0xb55f8b70 (LWP 1847)]
[New Thread 0xb4df8b70 (LWP 1849)]
[New Thread 0xb45f8b70 (LWP 1850)]
[New Thread 0xb3df8b70 (LWP 1851)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.18.100
    Stream #0:0: Video: rawvideo (RGBA / 0x41424752), rgba, 160x120 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 40 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x9117680] Encoder did not produce proper pts, making some up.
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
Input stream #0:0 frame changed from size:160x120 fmt:rgba to size:160x120 fmt:pal8
[Thread 0xb75f8b70 (LWP 1843) exited]
[Thread 0xb7df8b70 (LWP 1842) exited]
[Thread 0xb6df8b70 (LWP 1844) exited]
[Thread 0xb5df8b70 (LWP 1846) exited]
[Thread 0xb3df8b70 (LWP 1851) exited]
[Thread 0xb4df8b70 (LWP 1849) exited]
[Thread 0xb55f8b70 (LWP 1847) exited]
[Thread 0xb45f8b70 (LWP 1850) exited]
[Thread 0xb65f8b70 (LWP 1845) exited]
[New Thread 0xb3df8b70 (LWP 1892)]
[New Thread 0xb45f8b70 (LWP 1893)]
[New Thread 0xb4df8b70 (LWP 1894)]
[New Thread 0xb55f8b70 (LWP 1895)]
[New Thread 0xb5df8b70 (LWP 1897)]
[New Thread 0xb7df8b70 (LWP 1898)]
[New Thread 0xb75f8b70 (LWP 1899)]
[New Thread 0xb6df8b70 (LWP 1900)]
[New Thread 0xb65f8b70 (LWP 1901)]
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
Input stream #0:0 frame changed from size:160x120 fmt:pal8 to size:160x120 fmt:gray
[Thread 0xb4df8b70 (LWP 1894) exited]
[Thread 0xb55f8b70 (LWP 1895) exited]
[Thread 0xb5df8b70 (LWP 1897) exited]
[Thread 0xb7df8b70 (LWP 1898) exited]
[Thread 0xb45f8b70 (LWP 1893) exited]
[Thread 0xb65f8b70 (LWP 1901) exited]
[Thread 0xb3df8b70 (LWP 1892) exited]
[Thread 0xb6df8b70 (LWP 1900) exited]
[Thread 0xb75f8b70 (LWP 1899) exited]
[New Thread 0xb65f8b70 (LWP 1933)]
[New Thread 0xb6df8b70 (LWP 1934)]
[New Thread 0xb75f8b70 (LWP 1935)]
[New Thread 0xb7df8b70 (LWP 1936)]
[New Thread 0xb5df8b70 (LWP 1937)]
[New Thread 0xb55f8b70 (LWP 1938)]
[New Thread 0xb4df8b70 (LWP 1939)]
[New Thread 0xb45f8b70 (LWP 1940)]
[New Thread 0xb3df8b70 (LWP 1941)]
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x9115700] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input

Program received signal SIGINT, Interrupt.
0x4160a84c in inflate () from /lib/i386-linux-gnu/libz.so.1
(gdb) bt
#0  0x4160a84c in inflate () from /lib/i386-linux-gnu/libz.so.1
#1  0x085c18e2 in png_decode_idat (length=<optimized out>, s=<optimized out>)
    at libavcodec/pngdec.c:372
#2  decode_frame (avctx=0x9115700, data=0x911a680, got_frame=0xbffff4e4, 
    avpkt=0xbffff288) at libavcodec/pngdec.c:690
#3  0x0867a58e in avcodec_decode_video2 (avctx=0x9115700, 
    picture=picture@entry=0x911a680, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff4e4, 
    avpkt=avpkt@entry=0xbffff730) at libavcodec/utils.c:1995
#4  0x080b394d in decode_video (ist=ist@entry=0x9117200, 
    pkt=pkt@entry=0xbffff730, got_output=got_output@entry=0xbffff4e4)
    at ffmpeg.c:1668
#5  0x080b786a in output_packet (pkt=0xbffff6c8, ist=0x9117200)
    at ffmpeg.c:1866
#6  process_input (file_index=1) at ffmpeg.c:3089
#7  0x080a3043 in transcode_step () at ffmpeg.c:3185
#8  transcode () at ffmpeg.c:3237
#9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
(gdb)

Change History (4)

comment:1 by Carl Eugen Hoyos, 11 years ago

Component:	undetermined → avcodec
Keywords:	png deadlock added
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open
Version:	unspecified → git-master

Regression since 2ee6dca.

comment:2 by Carl Eugen Hoyos, 11 years ago

Keywords:	regression added

follow-up: 4 comment:3 by Michael Niedermayer, 11 years ago

Resolution:	→ fixed
Status:	open → closed

Fixed in c91e905123b96efe72654f47a4ae5ecd931ef048

in reply to: 3 comment:4 by Clément Bœsch, 11 years ago

Replying to michael:

Fixed in c91e905123b96efe72654f47a4ae5ecd931ef048

This hash doesn't exist, it's likely 65bf9a44d7b0295e03463fd143499ab5b85d0cb7

Note: See TracTickets for help on using tickets.

Download in other formats: