Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#3862 closed defect (fixed)

wav: fpe (fuzzed file)

Reported by: ami_stuff Owned by:
Priority: important Component: avformat
Version: git-master Keywords: wav crash fpe regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

(gdb) r -i f.wav
Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i f.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-ffprobe
  libavutil      54.  3.100 / 54.  3.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  0.100 /  1.  0.100
  libpostproc    53.  0.100 / 53.  0.100
[wav @ 0x93af340] too big INFO subchunk

Program received signal SIGFPE, Arithmetic exception.
0x08a1261b in __divdi3 ()
(gdb) bt
#0  0x08a1261b in __divdi3 ()
#1  0x0829a043 in wav_read_header (s=0x93af340) at libavformat/wavdec.c:405
#2  0x08294543 in avformat_open_input (ps=ps@entry=0xbffff44c, 
    filename=filename@entry=0xbffffb7b "f.wav", fmt=fmt@entry=0x0, 
    options=0x93a884c) at libavformat/utils.c:437
#3  0x080be28d in open_input_file (o=o@entry=0xbffff54c, 
    filename=<optimized out>) at ffmpeg_opt.c:870
#4  0x080b7d17 in open_files (inout=inout@entry=0x8a76cbb "input", 
    open_file=open_file@entry=0x80bdf90 <open_input_file>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at ffmpeg_opt.c:2670
#5  0x080bff09 in ffmpeg_parse_options (argc=argc@entry=3, 
    argv=argv@entry=0xbffff9f4) at ffmpeg_opt.c:2707
#6  0x080af43a in main (argc=3, argv=0xbffff9f4) at ffmpeg.c:3824
(gdb) 
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-snapshot/ffmpeg_g -i f.wav
==8353== Memcheck, a memory error detector
==8353== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==8353== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==8353== Command: ffmpeg-snapshot/ffmpeg_g -i f.wav
==8353== 
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-ffprobe
  libavutil      54.  3.100 / 54.  3.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  0.100 /  1.  0.100
  libpostproc    53.  0.100 / 53.  0.100
[wav @ 0x4226560] too big INFO subchunk
==8353== 
==8353== Process terminating with default action of signal 8 (SIGFPE)
==8353==  Integer divide by zero at address 0x65A0A7AD
==8353==    at 0x8A12614: __divdi3 (in /media/sdb1/ffmpeg-snapshot/ffmpeg_g)
==8353==    by 0x829A042: wav_read_header (wavdec.c:405)
==8353==    by 0x8294542: avformat_open_input (utils.c:437)
==8353==    by 0x18: ???
==8353== 
==8353== HEAP SUMMARY:
==8353==     in use at exit: 87,026 bytes in 52 blocks
==8353==   total heap usage: 80 allocs, 28 frees, 125,442 bytes allocated
==8353== 
==8353== LEAK SUMMARY:
==8353==    definitely lost: 0 bytes in 0 blocks
==8353==    indirectly lost: 0 bytes in 0 blocks
==8353==      possibly lost: 0 bytes in 0 blocks
==8353==    still reachable: 87,026 bytes in 52 blocks
==8353==         suppressed: 0 bytes in 0 blocks
==8353== Reachable blocks (those to which a pointer was found) are not shown.
==8353== To see them, rerun with: --leak-check=full --show-reachable=yes
==8353== 
==8353== For counts of detected and suppressed errors, rerun with: -v
==8353== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6)
Floating point exception

Attachments (1)

f.wav (274.5 KB) - added by ami_stuff 5 years ago.

Download all attachments as: .zip

Change History (4)

Changed 5 years ago by ami_stuff

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avformat
  • Keywords wav crash fpe added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

comment:2 Changed 5 years ago by jamal

  • Resolution set to fixed
  • Status changed from open to closed

comment:3 Changed 5 years ago by cehoyos

  • Keywords regression added

Regression since 47c84c0b

Note: See TracTickets for help on using tickets.