Opened 5 years ago

Closed 5 years ago

#3864 closed defect (fixed)

caf: deadlock (fuzzed file)

Reported by: ami_stuff Owned by:
Priority: important Component: avformat
Version: git-master Keywords: caf deadlock
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/d/c026a39d

(gdb) r -i deadf.caf
Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i deadf.caf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-ffprobe
  libavutil      54.  3.100 / 54.  3.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  0.100 /  1.  0.100
  libpostproc    53.  0.100 / 53.  0.100
[caf @ 0x93af340] skipping CAF chunk: 6368716E (chqn), size 12

Program received signal SIGINT, Interrupt.
0x089e64eb in av_dict_get (m=0x93a8420, 
    key=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I", prev=0x0, flags=0)
    at libavutil/dict.c:57
57	            for (j = 0; av_toupper(s[j]) == av_toupper(key[j]) && key[j]; j++)
(gdb) bt
#0  0x089e64eb in av_dict_get (m=0x93a8420, 
    key=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I", prev=0x0, flags=0)
    at libavutil/dict.c:57
#1  0x089e65a9 in av_dict_set (pm=pm@entry=0x93af7b4, 
    key=key@entry=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I", 
    value=value@entry=0xbfffee80 "\367\324\342\062\365n\340", <incomplete sequence \344\232>, flags=flags@entry=0) at libavutil/dict.c:72
#2  0x08195e37 in read_info_chunk (s=s@entry=0x93af340, 
    size=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at libavformat/cafdec.c:213
#3  0x08196464 in read_header (s=0x93af340) at libavformat/cafdec.c:285
#4  0x08294543 in avformat_open_input (ps=ps@entry=0xbffff43c, 
    filename=filename@entry=0xbffffb77 "deadf.caf", fmt=fmt@entry=0x0, 
    options=0x93a884c) at libavformat/utils.c:437
#5  0x080be28d in open_input_file (o=o@entry=0xbffff53c, 
    filename=<optimized out>) at ffmpeg_opt.c:870
#6  0x080b7d17 in open_files (inout=inout@entry=0x8a76cbb "input", 
    open_file=open_file@entry=0x80bdf90 <open_input_file>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at ffmpeg_opt.c:2670
---Type <return> to continue, or q <return> to quit---
#7  0x080bff09 in ffmpeg_parse_options (argc=argc@entry=3, 
    argv=argv@entry=0xbffff9e4) at ffmpeg_opt.c:2707
#8  0x080af43a in main (argc=3, argv=0xbffff9e4) at ffmpeg.c:3824
(gdb) 

Attachments (1)

deadf.caf (2.1 MB) - added by cehoyos 5 years ago.

Change History (3)

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avformat
  • Keywords caf deadlock added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

Changed 5 years ago by cehoyos

comment:2 Changed 5 years ago by richardpl

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.