Opened 8 years ago
Closed 8 years ago
#5098 closed defect (fixed)
dxv: crash with fuzzed file
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | dxv crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://www.datafilehost.com/d/610485bc
(gdb) r -i 1_fuzz.mov -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 1_fuzz.mov -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --enable-gpl --disable-ffprobe --disable-ffplay
libavutil 55. 7.100 / 55. 7.100
libavcodec 57. 15.100 / 57. 15.100
libavformat 57. 17.100 / 57. 17.100
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 15.100 / 6. 15.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '1_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2015-12-21 17:16:20
Duration: 00:00:12.64, start: 0.000000, bitrate: 6235 kb/s
Stream #0:0(eng): Video: dxv (DXD3 / 0x33445844), rgba, 320x240, 6233 kb/s, 23.97 fps, 23.97 tbr, 1000k tbn, 1000k tbc (default)
Metadata:
creation_time : 2015-12-21 17:16:20
handler_name : Procedura obs�ugi skr�t�w danych Apple
encoder : DXV 3
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf57.17.100
Stream #0:0(eng): Video: wrapped_avframe, rgba, 320x240, q=2-31, 200 kb/s, 23.97 fps, 23.97 tbn, 23.97 tbc (default)
Metadata:
creation_time : 2015-12-21 17:16:20
handler_name : Procedura obs�ugi skr�t�w danych Apple
encoder : Lavc57.15.100 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (dxv (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x083d0c01 in dxv_decompress_dxt1 (avctx=avctx@entry=0x972ec80)
at libavcodec/dxv.c:153
153 prev = AV_RL32(ctx->tex_data + 4 * (pos - idx));
(gdb) bt
#0 0x083d0c01 in dxv_decompress_dxt1 (avctx=avctx@entry=0x972ec80)
at libavcodec/dxv.c:153
#1 0x083d17c8 in dxv_decode (avctx=0x972ec80, data=0x97309c0,
got_frame=0xbffff468, avpkt=0xbffff24c) at libavcodec/dxv.c:427
#2 0x0880c916 in avcodec_decode_video2 (avctx=0x972ec80,
picture=picture@entry=0x97309c0,
got_picture_ptr=got_picture_ptr@entry=0xbffff468,
avpkt=avpkt@entry=0xbffff4ac) at libavcodec/utils.c:2103
#3 0x080e3a74 in decode_video (ist=ist@entry=0x972ace0,
pkt=pkt@entry=0xbffff4ac, got_output=got_output@entry=0xbffff468)
at ffmpeg.c:2090
#4 0x080e6315 in process_input_packet (ist=0x972ace0, pkt=0xbffff840,
no_eof=0) at ffmpeg.c:2339
#5 0x080e85d6 in process_input (file_index=158510304) at ffmpeg.c:3960
#6 transcode_step () at ffmpeg.c:4048
#7 transcode () at ffmpeg.c:4102
#8 0x080c6c16 in main (argc=<optimized out>, argv=<optimized out>)
at ffmpeg.c:4295
(gdb)
Attachments (1)
Change History (3)
by , 8 years ago
| Attachment: | 1_fuzz_cut.mov added |
|---|
comment:1 by , 8 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | dxv crash SIGSEGV added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in eb8a67de75ef6fd043f5749f6448c1874f149783