Opened 4 years ago

Closed 4 years ago

#2997 closed defect (duplicate)

tak: deadlock with fuzzed file (and max_alloc)

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: tak deadlock
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

http://www.datafilehost.com/d/ba6d93f1

(gdb) r -max_alloc 5500000 -threads 1 -acodec tak -i v/vc1.wmv -vn -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -max_alloc 5500000 -threads 1 -acodec tak -i v/vc1.wmv -vn -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-ffserver
  libavutil      52. 44.100 / 52. 44.100
  libavcodec     55. 31.101 / 55. 31.101
  libavformat    55. 18.100 / 55. 18.100
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 86.101 /  3. 86.101
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Guessed Channel Layout for  Input Stream #0.1 : stereo
Input #0, asf, from 'v/vc1.wmv':
  Metadata:
    WMFSDKNeeded    : 0.0.0.0000
    DeviceConformanceTemplate: N1
    WM/WMADRCPeakReference: 32734
    WM/WMADRCPeakTarget: 32734
    WM/WMADRCAverageReference: 2710
    WM/WMADRCAverageTarget: 2710
    WMFSDKVersion   : 10.00.00.4054
    IsVBR           : 1
  Duration: 00:02:51.79, bitrate: 1112 kb/s
    Stream #0:0(eng): Video: vc1 (Advanced) (WMVA / 0x41564D57), yuv420p, 160x120, 571 kb/s, 24 tbr, 1k tbn, 1k tbc
    Stream #0:1(eng): Audio: tak (c[1][0][0] / 0x0163), 44100 Hz, stereo, s16p, 677 kb/s
[New Thread 0xb7d3cb70 (LWP 21474)]
[New Thread 0xb753cb70 (LWP 21475)]
[New Thread 0xb6d3cb70 (LWP 21476)]
[New Thread 0xb653cb70 (LWP 21477)]
[New Thread 0xb5d3cb70 (LWP 21478)]
[New Thread 0xb553cb70 (LWP 21479)]
[New Thread 0xb4d3cb70 (LWP 21480)]
[New Thread 0xb453cb70 (LWP 21481)]
[New Thread 0xb3d3cb70 (LWP 21482)]
Output #0, null, to 'pipe:':
  Metadata:
    WMFSDKNeeded    : 0.0.0.0000
    DeviceConformanceTemplate: N1
    WM/WMADRCPeakReference: 32734
    WM/WMADRCPeakTarget: 32734
    WM/WMADRCAverageReference: 2710
    WM/WMADRCAverageTarget: 2710
    WMFSDKVersion   : 10.00.00.4054
    IsVBR           : 1
    encoder         : Lavf55.18.100
    Stream #0:0(eng): Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
Stream mapping:
  Stream #0:1 -> #0:0 (tak -> pcm_s16le)
Press [q] to stop, [?] for help

Program received signal SIGINT, Interrupt.
0x085bba92 in ff_combine_frame (pc=pc@entry=0x911ccc0, next=<optimized out>, 
    next@entry=-100, buf=buf@entry=0xbffff034, 
    buf_size=buf_size@entry=0xbffff030) at libavcodec/parser.c:279
279	}
(gdb) bt
#0  0x085bba92 in ff_combine_frame (pc=pc@entry=0x911ccc0, 
    next=<optimized out>, next@entry=-100, buf=buf@entry=0xbffff034, 
    buf_size=buf_size@entry=0xbffff030) at libavcodec/parser.c:279
#1  0x08658b89 in tak_parse (s=0x911cb40, avctx=0x9116500, poutbuf=0xbffff184, 
    poutbuf_size=0xbffff188, 
    buf=0x9109b08 "\220ź\024QF\371\371\063$\365\222\351\335\063d\005`{\034\373\360\252JZXzv&1\340~\016\244ٜ\203x\fE\363N\360\061\263\n\204/:\373\240pxZ\272\204B\327\325\062\225\345%\267S\241\247\257\342\361r7\353iqh\003S\273\024pnRW\250}\320\t\r\035\322a\037h\026{\237\227\"\313:\037\214ݐ(\273!!\371\215.l\251\336ۡ\vxУ\032\207\071\376\024{\032\033\006\016\334s\234\366lj\345v\t+?\214\260>\027\241\016\356Y\374\031\374ut\263f z\331q\\\207\062qU웦\027H\375\307\370\313k\310\305\361'\236\267#O\203\b7kx'\325\033\063jj:\373O\336", <incomplete sequence \371>..., buf_size=13375) at libavcodec/tak_parser.c:64
#2  0x085bb430 in av_parser_parse2 (s=0x911cb40, avctx=0x9116500, 
    poutbuf=poutbuf@entry=0xbffff184, 
    poutbuf_size=poutbuf_size@entry=0xbffff188, 
    buf=buf@entry=0x9109b08 "\220ź\024QF\371\371\063$\365\222\351\335\063d\005`{\034\373\360\252JZXzv&1\340~\016\244ٜ\203x\fE\363N\360\061\263\n\204/:\373\240pxZ\272\204B\327\325\062\225\345%\267S\241\247\257\342\361r7\353iqh\003S\273\024pnRW\250}\320\t\r\035\322a\037h\026{\237\227\"\313:\037\214ݐ(\273!!\371\215.l\251\336ۡ\vxУ\032\207\071\376\024{\032\033\006\016\334s\234\366lj\345v\t+?\214\260>\027\241\016\356Y\374\031\374ut\263f z\331q\\\207\062qU웦\027H\375\307\370\313k\310\305\361'\236\267#O\203\b7kx'\325\033\063jj:\373O\336", <incomplete seque---Type <return> to continue, or q <return> to quit---
nce \371>..., buf_size=buf_size@entry=13375, pts=-9223372036854775808, 
    dts=-9223372036854775808, pos=-1) at libavcodec/parser.c:155
#3  0x08239551 in parse_packet (s=s@entry=0x9114ea0, pkt=pkt@entry=0xbffff318, 
    stream_index=<optimized out>) at libavformat/utils.c:1201
#4  0x0823a48d in read_frame_internal (s=s@entry=0x9114ea0, 
    pkt=pkt@entry=0xbffff6c8) at libavformat/utils.c:1379
#5  0x0823ad6a in av_read_frame (s=0x9114ea0, pkt=pkt@entry=0xbffff6c8)
    at libavformat/utils.c:1420
#6  0x080b6eb6 in get_input_packet (pkt=0xbffff6a8, f=0x911ad20)
    at ffmpeg.c:2878
#7  process_input (file_index=0) at ffmpeg.c:2915
#8  0x080a3043 in transcode_step () at ffmpeg.c:3185
#9  transcode () at ffmpeg.c:3237
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415

Change History (1)

comment:1 Changed 4 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords tak deadlock added
  • Priority changed from normal to important
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version changed from unspecified to git-master

This was a duplicate of ticket #2982.

Note: See TracTickets for help on using tickets.