Context Navigation

#5209 closed defect (fixed)

cfhd: crash with fuzzed file 2

Reported by:	ami_stuff	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	cfhd crash SIGSEGV
Cc:	Michael Niedermayer	Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

http://www.datafilehost.com/d/7891eeb4

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz.avi -f null -
==13941== Memcheck, a memory error detector
==13941== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==13941== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==13941== Command: ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz.avi -f null -
==13941== 
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
  configuration: --disable-ffprobe --disable-ffplay --disable-ffserver --enable-gpl
  libavutil      55. 16.101 / 55. 16.101
  libavcodec     57. 24.100 / 57. 24.100
  libavformat    57. 23.101 / 57. 23.101
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 27.100 /  6. 27.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[cfhd @ 0x4272300] Too many lowpass coefficients
Input #0, avi, from '3_fuzz.avi':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Adobe Premiere Pro CC 2015 (Windows)
  Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
    Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc), 720x480, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn, 2145368.28 tbc
Output #0, null, to 'pipe:':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Lavf57.23.101
    Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480, q=2-31, 200 kb/s, 2145368.28 fps, 2145368.28 tbn, 2145368.28 tbc
    Metadata:
      encoder         : Lavc57.24.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x4a5f420] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Invalid bits per channel
[cfhd @ 0x4a5f420] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Channel Count of 2 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Subband Count of 74 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Channel Count of 3598 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Sample format of 259 is unsupported
[cfhd @ 0x4a5f420]  is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Subband Count of 4132 is unsupported
[cfhd @ 0x4a5f420] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Channel Count of 16387 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x4a5f420] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837D35E: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837D35E: filter (cfhd.c:113)
==13941==    by 0x837D35E: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837D35E: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837D39D: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837D39D: filter (cfhd.c:118)
==13941==    by 0x837D39D: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837D39D: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837DD04: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837DD04: filter (cfhd.c:103)
==13941==    by 0x837DD04: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837DD04: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837DD51: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837DD51: filter (cfhd.c:108)
==13941==    by 0x837DD51: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837DD51: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837DD9E: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837DD9E: filter (cfhd.c:93)
==13941==    by 0x837DD9E: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837DD9E: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Conditional jump or move depends on uninitialised value(s)
==13941==    at 0x837DDDF: av_clip_uintp2_c (common.h:231)
==13941==    by 0x837DDDF: filter (cfhd.c:98)
==13941==    by 0x837DDDF: horiz_filter_clip (cfhd.c:130)
==13941==    by 0x837DDDF: cfhd_decode (cfhd.c:708)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== Invalid write of size 2
==13941==    at 0x837E45F: filter (cfhd.c:91)
==13941==    by 0x837E45F: vert_filter (cfhd.c:136)
==13941==    by 0x837E45F: cfhd_decode (cfhd.c:593)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941==  Address 0x3c is not stack'd, malloc'd or (recently) free'd
==13941== 
==13941== 
==13941== Process terminating with default action of signal 11 (SIGSEGV)
==13941==  Access not within mapped region at address 0x3C
==13941==    at 0x837E45F: filter (cfhd.c:91)
==13941==    by 0x837E45F: vert_filter (cfhd.c:136)
==13941==    by 0x837E45F: cfhd_decode (cfhd.c:593)
==13941==    by 0x871C7C5: avcodec_decode_video2 (utils.c:2125)
==13941==    by 0x80D776E: decode_video (ffmpeg.c:2075)
==13941==    by 0x80DFF95: process_input_packet (ffmpeg.c:2324)
==13941==    by 0x80DFF95: process_input (ffmpeg.c:3986)
==13941==    by 0x80E2B2F: transcode_step (ffmpeg.c:4074)
==13941==    by 0x80E2B2F: transcode (ffmpeg.c:4128)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941==  If you believe this happened as a result of a stack
==13941==  overflow in your program's main thread (unlikely but
==13941==  possible), you can try to increase the size of the
==13941==  main thread stack using the --main-stacksize= flag.
==13941==  The main thread stack size used in this run was 8388608.
==13941== 
==13941== HEAP SUMMARY:
==13941==     in use at exit: 6,692,416 bytes in 142 blocks
==13941==   total heap usage: 1,719 allocs, 1,577 frees, 265,822,225 bytes allocated
==13941== 
==13941== 544 bytes in 4 blocks are possibly lost in loss record 105 of 123
==13941==    at 0x402C109: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13941==    by 0x401117E: allocate_dtv (dl-tls.c:296)
==13941==    by 0x40118EB: _dl_allocate_tls (dl-tls.c:460)
==13941==    by 0x409C7A2: allocate_stack (allocatestack.c:589)
==13941==    by 0x409C7A2: pthread_create@@GLIBC_2.1 (pthread_create.c:500)
==13941==    by 0x810BCA9: thread_init_internal (pthread.c:180)
==13941==    by 0x810BCA9: ff_graph_thread_init (pthread.c:211)
==13941==    by 0x80FEEA7: avfilter_graph_alloc_filter (avfiltergraph.c:182)
==13941==    by 0x8109F35: create_filter (graphparser.c:114)
==13941==    by 0x8109F35: parse_filter (graphparser.c:176)
==13941==    by 0x810A99C: avfilter_graph_parse2 (graphparser.c:411)
==13941==    by 0x80D495E: configure_filtergraph (ffmpeg_filter.c:1002)
==13941==    by 0x80DDCFA: transcode_init (ffmpeg.c:3042)
==13941==    by 0x80E1EED: transcode (ffmpeg.c:4099)
==13941==    by 0x80C0144: main (ffmpeg.c:4319)
==13941== 
==13941== LEAK SUMMARY:
==13941==    definitely lost: 0 bytes in 0 blocks
==13941==    indirectly lost: 0 bytes in 0 blocks
==13941==      possibly lost: 544 bytes in 4 blocks
==13941==    still reachable: 6,691,872 bytes in 138 blocks
==13941==         suppressed: 0 bytes in 0 blocks
==13941== Reachable blocks (those to which a pointer was found) are not shown.
==13941== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==13941== 
==13941== For counts of detected and suppressed errors, rerun with: -v
==13941== Use --track-origins=yes to see where uninitialised values come from
==13941== ERROR SUMMARY: 4190 errors from 8 contexts (suppressed: 0 from 0)
Killed

(gdb) r -threads 1 -i 3_fuzz.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
  configuration: --disable-ffprobe --disable-ffplay --disable-ffserver --enable-gpl
  libavutil      55. 16.101 / 55. 16.101
  libavcodec     57. 24.100 / 57. 24.100
  libavformat    57. 23.101 / 57. 23.101
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 27.100 /  6. 27.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[cfhd @ 0x9640dc0] Too many lowpass coefficients
Input #0, avi, from '3_fuzz.avi':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Adobe Premiere Pro CC 2015 (Windows)
  Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
    Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc), 720x480, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn, 2145368.28 tbc
[New Thread 0xb7daeb40 (LWP 13954)]
[New Thread 0xb75adb40 (LWP 13955)]
[New Thread 0xb6dacb40 (LWP 13956)]
[New Thread 0xb65abb40 (LWP 13957)]
[New Thread 0xb5daab40 (LWP 13958)]
Output #0, null, to 'pipe:':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Lavf57.23.101
    Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480, q=2-31, 200 kb/s, 2145368.28 fps, 2145368.28 tbn, 2145368.28 tbc
    Metadata:
      encoder         : Lavc57.24.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x9642e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Invalid bits per channel
[cfhd @ 0x9642e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Channel Count of 2 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Subband Count of 74 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Channel Count of 3598 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Sample format of 259 is unsupported
[cfhd @ 0x9642e20]  is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Subband Count of 4132 is unsupported
[cfhd @ 0x9642e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Channel Count of 16387 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9642e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument

Program received signal SIGSEGV, Segmentation fault.
0x0837e45f in filter (clip=<optimized out>, len=<optimized out>, 
    high_stride=<optimized out>, high=<optimized out>, 
    low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
91	            output[(2*i+0)*out_stride] = (tmp + high[0*high_stride]) >> 1;
(gdb) bt
#0  0x0837e45f in filter (clip=<optimized out>, len=<optimized out>, 
    high_stride=<optimized out>, high=<optimized out>, 
    low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
#1  vert_filter (len=<optimized out>, high_stride=<optimized out>, 
    high=<optimized out>, low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>)
    at libavcodec/cfhd.c:136
#2  cfhd_decode (avctx=0x9642e20, data=0x965dae0, got_frame=0xbfffe330, 
    avpkt=0xbfffe0ec) at libavcodec/cfhd.c:593
#3  0x0871c7c6 in avcodec_decode_video2 (avctx=0x9642e20,
    picture=picture@entry=0x965dae0, 
    got_picture_ptr=got_picture_ptr@entry=0xbfffe330, 
    avpkt=avpkt@entry=0xbfffe378) at libavcodec/utils.c:2125
#4  0x080d776f in decode_video (ist=ist@entry=0x9642740, 
    pkt=pkt@entry=0xbfffe378, got_output=got_output@entry=0xbfffe330)
    at ffmpeg.c:2075
#5  0x080dff96 in process_input_packet (no_eof=0, pkt=0xbfffe334, 
    ist=0x9642740) at ffmpeg.c:2324
#6  process_input (file_index=<optimized out>) at ffmpeg.c:3986
#7  0x080e2b30 in transcode_step () at ffmpeg.c:4074
#8  transcode () at ffmpeg.c:4128
#9  0x080c0145 in main (argc=<optimized out>, argv=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at ffmpeg.c:4319
(gdb)

Change History (10)

comment:1 by Carl Eugen Hoyos, 9 years ago

Component:	undetermined → avcodec
Keywords:	cfhd crash SIGSEGV added
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open
Version:	unspecified → git-master

comment:2 by Carl Eugen Hoyos, 9 years ago

Resolution:	→ fixed
Status:	open → closed

Fixed by Andreas Cadhalpun in 916da13d6dac8b0d3e8f7b1cb87fa37801cee3f8

comment:3 by Carl Eugen Hoyos, 9 years ago

Resolution:	fixed
Status:	closed → reopened

The sample still crashes occasionally:

(gdb) r -threads 3 -i 3_fuzz.avi -f null -
Starting program: ffmpeg_g -threads 3 -i 3_fuzz.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-78313-g6632802 Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --enable-libmp3lame
  libavutil      55. 17.100 / 55. 17.100
  libavcodec     57. 24.101 / 57. 24.101
  libavformat    57. 24.100 / 57. 24.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 28.100 /  6. 28.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[cfhd @ 0x1d7c500] Too many lowpass coefficients
Input #0, avi, from '3_fuzz.avi':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Adobe Premiere Pro CC 2015 (Windows)
  Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
    Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc), 720x480, SAR 1:1 DAR 3:2, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn, 2145368.28 tbc

...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffeba71700 (LWP 7493)]
0x00007ffff6270ce4 in pthread_mutex_lock () from /lib64/libpthread.so.0
(gdb) bt
#0  0x00007ffff6270ce4 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1  0x0000000001033f95 in pool_release_buffer (opaque=0x7fffe4487860,
    data=<optimized out>) at libavutil/buffer.c:312
#2  0x000000000103424f in buffer_replace (src=0x0, dst=0x1dc0540)
    at libavutil/buffer.c:119
#3  av_buffer_unref (buf=buf@entry=0x1dc0540) at libavutil/buffer.c:129
#4  0x000000000103b986 in av_frame_unref (frame=0x1dc0420) at libavutil/frame.c:483
#5  0x0000000000a85da4 in frame_worker_thread (arg=0x1dbf3e0)
    at libavcodec/pthread_frame.c:153
#6  0x00007ffff626ee0e in start_thread () from /lib64/libpthread.so.0
#7  0x00007ffff4fe22cd in clone () from /lib64/libc.so.6

comment:4 by Carl Eugen Hoyos, 9 years ago

Still reproducible with 0abdf70:

Program received signal SIGINT, Interrupt.
0x00007ffff62728f4 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
(gdb) bt
#0  0x00007ffff62728f4 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x0000000000a8963b in ff_thread_decode_frame (avctx=avctx@entry=0x1d8a7a0,
    picture=picture@entry=0x1dc8880,
    got_picture_ptr=got_picture_ptr@entry=0x7fffffffd7bc,
    avpkt=avpkt@entry=0x7fffffffd510) at libavcodec/pthread_frame.c:432
#2  0x0000000000b7747a in avcodec_decode_video2 (avctx=0x1d8a7a0,
    picture=picture@entry=0x1dc8880,
    got_picture_ptr=got_picture_ptr@entry=0x7fffffffd7bc,
    avpkt=avpkt@entry=0x7fffffffdac0) at libavcodec/utils.c:2126
#3  0x000000000049820d in decode_video (ist=ist@entry=0x1d86220,
    pkt=pkt@entry=0x7fffffffdac0, got_output=got_output@entry=0x7fffffffd7bc)
    at ffmpeg.c:2075
#4  0x000000000049b81d in process_input_packet (no_eof=0, pkt=0x7fffffffda60,
    ist=0x1d86220) at ffmpeg.c:2324
#5  process_input (file_index=61) at ffmpeg.c:3986
#6  transcode_step () at ffmpeg.c:4074
#7  transcode () at ffmpeg.c:4128
#8  0x000000000047d9eb in main (argc=<optimized out>, argv=0x7fffffffdd08)
    at ffmpeg.c:4319

comment:5 by Michael Niedermayer, 9 years ago

Cc:	Michael Niedermayer added

comment:6 by Elon Musk, 8 years ago

Still crashes?

comment:7 by ami_stuff, 8 years ago

yes

follow-up: 9 comment:8 by ami_stuff, 8 years ago

I can't reproduce this anymore, so maybe fixed together with #5215.

Last edited 8 years ago by ami_stuff (previous) (diff)

in reply to: 8 comment:9 by Michael Niedermayer, 8 years ago

Resolution:	→ fixed
Status:	reopened → closed

Replying to ami_stuff:

I can't reproduce this anymore, so maybe fixed together with #5215.

ok, closed, please reopen in case it reproduces again

comment:10 by Carl Eugen Hoyos, 8 years ago

I can confirm that this issue is not reproducible since 056a4ae771b00645184c639fe9fd6b7217eb6d87

Note: See TracTickets for help on using tickets.

Download in other formats: