Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#3866 closed defect (fixed)

mov: deadlock (fuzzed file)

Reported by: ami_stuff Owned by:
Priority: important Component: avformat
Version: git-master Keywords: mov deadlock regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/d/fe6e5a25

(gdb) r -i deadf.mov
Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i deadf.mov
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-ffprobe
  libavutil      54.  3.100 / 54.  3.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  0.100 /  1.  0.100
  libpostproc    53.  0.100 / 53.  0.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x93af340] overread end of atom 'dref' by 1073741824 bytes
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x93af340] multiple fourcc not supported
    Last message repeated 66632 times
Program received signal SIGINT, Interrupt.
0xb7ef991e in __write_nocancel () at ../sysdeps/unix/syscall-template.S:82
82	../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) bt
#0  0xb7ef991e in __write_nocancel () at ../sysdeps/unix/syscall-template.S:82
#1  0xb7ea06c4 in _IO_new_file_write (f=0xb7f7e560, data=0xbfffb2d0, n=38)
    at fileops.c:1276
#2  0xb7ea036f in new_do_write (fp=0xb7f7e560, 
    data=0xbfffb2d0 "    Last message repeated 66633 times\r\377\277\026\006\352\267;", to_do=38) at fileops.c:530
#3  0xb7ea0616 in _IO_new_file_xsputn (f=0xb7f7e560, data=0xbfffb2d0, n=38)
    at fileops.c:1370
#4  0xb7e786a8 in buffered_vfprintf (s=0xb7f7e560, format=<optimized out>, 
    args=<optimized out>) at vfprintf.c:2310
#5  0xb7e73833 in _IO_vfprintf_internal (s=0xb7f7e560, 
    format=0x8c65abc "    Last message repeated %d times\r", 
    ap=0xbfffd968 "I\004\001") at vfprintf.c:1309
#6  0xb7e7d8df in __fprintf (stream=0xb7f7e560, 
    format=format@entry=0x8c65abc "    Last message repeated %d times\r")
    at fprintf.c:33
#7  0x089ef5af in av_log_default_callback (ptr=0x93af340, level=24, 
    fmt=0x8a63a5c "multiple fourcc not supported\n", vl=0xbfffeddc "\001")
    at libavutil/log.c:318
#8  0x089ef882 in av_vlog (vl=0xbfffeddc "\001", 
    fmt=0x8a63a5c "multiple fourcc not supported\n", level=<optimized out>, 
    avcl=0x93af340) at libavutil/log.c:360
#9  av_log (avcl=0x93af340, level=<optimized out>, level@entry=24, 
---Type <return> to continue, or q <return> to quit---
    fmt=fmt@entry=0x8a63a5c "multiple fourcc not supported\n")
    at libavutil/log.c:352
#10 0x081f3861 in mov_skip_multiple_stsd (size=-17, format=-1, 
    codec_tag=909201230, pb=0x93aed20, c=<optimized out>)
    at libavformat/mov.c:1658
#11 ff_mov_read_stsd_entries (c=0x93aee60, pb=0x93aed20, entries=134217729)
    at libavformat/mov.c:1702
#12 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
#13 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
#14 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
#15 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
#16 0x081f11c3 in mov_read_trak (c=c@entry=0x93aee60, pb=pb@entry=0x93aed20, 
    atom=...) at libavformat/mov.c:2426
#17 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
#18 0x081ebb77 in mov_read_moov (c=c@entry=0x93aee60, pb=pb@entry=0x93aed20, 
    atom=...) at libavformat/mov.c:777
#19 0x081eb0c8 in mov_read_default (c=c@entry=0x93aee60, 
    pb=pb@entry=0x93aed20, atom=...) at libavformat/mov.c:3247
---Type <return> to continue, or q <return> to quit---
#20 0x081effb4 in mov_read_header (s=0x93af340) at libavformat/mov.c:3572
#21 0x08294543 in avformat_open_input (ps=ps@entry=0xbffff44c, 
    filename=filename@entry=0xbffffb78 "deadf.mov", fmt=fmt@entry=0x0, 
    options=0x93a884c) at libavformat/utils.c:437
#22 0x080be28d in open_input_file (o=o@entry=0xbffff54c, 
    filename=<optimized out>) at ffmpeg_opt.c:870
#23 0x080b7d17 in open_files (inout=inout@entry=0x8a76cbb "input", 
    open_file=open_file@entry=0x80bdf90 <open_input_file>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>, 
    l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at ffmpeg_opt.c:2670
#24 0x080bff09 in ffmpeg_parse_options (argc=argc@entry=3, 
    argv=argv@entry=0xbffff9f4) at ffmpeg_opt.c:2707
#25 0x080af43a in main (argc=3, argv=0xbffff9f4) at ffmpeg.c:3824
(gdb) 

Change History (4)

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avformat
  • Keywords mov deadlock added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

comment:2 Changed 5 years ago by kurosu

  • Analyzed by developer set
  • Resolution set to fixed
  • Status changed from open to closed

comment:3 Changed 5 years ago by cehoyos

  • Analyzed by developer unset

comment:4 Changed 5 years ago by cehoyos

  • Keywords regression added

Regression since b32a6da1

Note: See TracTickets for help on using tickets.