#5495 closed defect (fixed)

dsf: fpe with fuzzed file

Reported by: ami_stuff Owned by:
Priority: important Component: avformat
Version: git-master Keywords: dsf crash fpe
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

https://www.datafilehost.com/d/3e49d49c

(gdb) r -i fpe_fuzz.dsf 
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i fpe_fuzz.dsf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.1)
  configuration: --enable-gpl --disable-ffprobe --disable-ffplay --disable-ffserver
  libavutil      55. 23.100 / 55. 23.100
  libavcodec     57. 38.100 / 57. 38.100
  libavformat    57. 34.103 / 57. 34.103
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 44.100 /  6. 44.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[dsf @ 0x973d1a0] Failed to uncompress tag: -3

Program received signal SIGFPE, Arithmetic exception.
0x0822f1e8 in dsf_read_header (s=0x973d1a0) at libavformat/dsfdec.c:120
120	    if (st->codecpar->block_align > INT_MAX / st->codecpar->channels) {
(gdb) bt
#0  0x0822f1e8 in dsf_read_header (s=0x973d1a0) at libavformat/dsfdec.c:120
#1  0x0834960d in avformat_open_input (ps=ps@entry=0xbfffecdc, 
    filename=filename@entry=0xbffff346 "fpe_fuzz.dsf", fmt=fmt@entry=0x0, 
    options=0x973d0ec) at libavformat/utils.c:552
#2  0x080d63a5 in open_input_file (o=o@entry=0xbfffed8c, 
    filename=<optimized out>) at ffmpeg_opt.c:949
#3  0x080da66b in open_files (inout=0x8c73202 "input", 
    open_file=0x80d4a80 <open_input_file>, l=<optimized out>, 
    l=<optimized out>) at ffmpeg_opt.c:3003
#4  ffmpeg_parse_options (argc=argc@entry=3, argv=argv@entry=0xbffff154)
    at ffmpeg_opt.c:3040
#5  0x080c8c5a in main (argc=3, argv=0xbffff154) at ffmpeg.c:4321
(gdb) 

Attachments (1)

fpe_fuzz_cut.dsf (2.4 MB) - added by cehoyos 18 months ago.

Change History (3)

Changed 18 months ago by cehoyos

comment:1 Changed 18 months ago by cehoyos

  • Component changed from undetermined to avformat
  • Keywords dsf crash fpe added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

comment:2 Changed 18 months ago by richardpl

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.