scpr: crash with fuzzed file 4

[ami_stuff]

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -i sp_24bit_q62_fuzz.avi -f null -
==22253== Memcheck, a memory error detector
==22253== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==22253== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==22253== Command: ffmpeg/ffmpeg_g -i sp_24bit_q62_fuzz.avi -f null -
==22253== 
ffmpeg version 3.2.git Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --disable-ffplay --enable-gpl
  libavutil      55. 47.100 / 55. 47.100
  libavcodec     57. 81.100 / 57. 81.100
  libavformat    57. 66.102 / 57. 66.102
  libavdevice    57.  2.100 / 57.  2.100
  libavfilter     6. 73.100 /  6. 73.100
  libswscale      4.  3.101 /  4.  3.101
  libswresample   2.  4.100 /  2.  4.100
  libpostproc    54.  2.100 / 54.  2.100
Input #0, avi, from 'sp_24bit_q62_fuzz.avi':
  Metadata:
    encoder         : Lavf57.36.100
  Duration: 00:00:04.44, start: 0.000000, bitrate: 658 kb/s
    Stream #0:0: Video: scpr (SCPR / 0x52504353), bgr0, 320x200, 25 fps, 25 tbr, 25 tbn, 25 tbc
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.66.102
    Stream #0:0: Video: wrapped_avframe, bgr0, 320x200, q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc57.81.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (scpr (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 14 times
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
Error while decoding stream #0:0: Invalid data found when processing input
==22253== Invalid read of size 4s
==22253==    at 0x86AF4A6: decompress_p (scpr.c:514)
==22253==    by 0x86AF4A6: decode_frame (scpr.c:736)
==22253==    by 0x8729AF8: avcodec_decode_video2 (utils.c:2263)
==22253==    by 0x872AA7C: do_decode (utils.c:2796)
==22253==    by 0x872B84F: avcodec_send_packet (utils.c:2885)
==22253==    by 0x80E8456: decode (ffmpeg.c:2052)
==22253==    by 0x80E8456: decode_video (ffmpeg.c:2248)
==22253==    by 0x80E9815: process_input_packet (ffmpeg.c:2491)
==22253==    by 0x80C78E5: process_input (ffmpeg.c:4251)
==22253==    by 0x80C78E5: transcode_step (ffmpeg.c:4339)
==22253==    by 0x80C78E5: transcode (ffmpeg.c:4393)
==22253==    by 0x80C78E5: main (ffmpeg.c:4598)
==22253==  Address 0x4b31d48 is 16 bytes after a block of size 376 free'd
==22253==    at 0x402B3D8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==22253==    by 0x810C39B: return_or_keep_frame (buffersink.c:81)
==22253==    by 0x810C39B: get_frame_internal (buffersink.c:104)
==22253==    by 0x810C39B: av_buffersink_get_frame_flags (buffersink.c:121)
==22253==    by 0x80E6AB4: reap_filters (ffmpeg.c:1418)
==22253==    by 0x80C78FE: transcode_step (ffmpeg.c:4349)
==22253==    by 0x80C78FE: transcode (ffmpeg.c:4393)
==22253==    by 0x80C78FE: main (ffmpeg.c:4598)
==22253== 
    Last message repeated 17 times
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 25 times
Error while decoding stream #0:0: Invalid data found when processing input9x    
    Last message repeated 10 times
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 5 times
frame=   23 fps=0.0 q=-0.0 Lsize=N/A time=00:00:04.08 bitrate=N/A speed=5.83x    
video:8kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
Conversion failed!
==22253== 
==22253== HEAP SUMMARY:
==22253==     in use at exit: 0 bytes in 0 blocks
==22253==   total heap usage: 1,662 allocs, 1,662 frees, 28,133,124 bytes allocated
==22253== 
==22253== All heap blocks were freed -- no leaks are possible
==22253== 
==22253== For counts of detected and suppressed errors, rerun with: -v
==22253== ERROR SUMMARY: 57 errors from 1 contexts (suppressed: 0 from 0)

(gdb) r -i sp_24bit_q62_fuzz.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i sp_24bit_q62_fuzz.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.2.git Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --disable-ffplay --enable-gpl
  libavutil      55. 47.100 / 55. 47.100
  libavcodec     57. 81.100 / 57. 81.100
  libavformat    57. 66.102 / 57. 66.102
  libavdevice    57.  2.100 / 57.  2.100
  libavfilter     6. 73.100 /  6. 73.100
  libswscale      4.  3.101 /  4.  3.101
  libswresample   2.  4.100 /  2.  4.100
  libpostproc    54.  2.100 / 54.  2.100
Input #0, avi, from 'sp_24bit_q62_fuzz.avi':
  Metadata:
    encoder         : Lavf57.36.100
  Duration: 00:00:04.44, start: 0.000000, bitrate: 658 kb/s
    Stream #0:0: Video: scpr (SCPR / 0x52504353), bgr0, 320x200, 25 fps, 25 tbr, 25 tbn, 25 tbc
[New Thread 0xb68c6b40 (LWP 28454)]
[New Thread 0xb60c5b40 (LWP 28455)]
[New Thread 0xb58c4b40 (LWP 28456)]
[New Thread 0xb50c3b40 (LWP 28457)]
[New Thread 0xb48c2b40 (LWP 28458)]
[New Thread 0xb40c1b40 (LWP 28459)]
[New Thread 0xb38c0b40 (LWP 28460)]
[New Thread 0xb30bfb40 (LWP 28461)]
[New Thread 0xb28beb40 (LWP 28462)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.66.102
    Stream #0:0: Video: wrapped_avframe, bgr0, 320x200, q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc57.81.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (scpr (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 14 times
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 9 times
Program received signal SIGSEGV, Segmentation fault.
decompress_p (plinesize=<optimized out>, prev=0xb207f020, 
    linesize=<optimized out>, dst=0xb2040020, avctx=0x9a29940)
    at libavcodec/scpr.c:514
514	                        dst[(by + i + sy1) * linesize + bx + sx1 + j] = prev[(by + mvy + sy1 + i) * plinesize + bx + sx1 + mvx + j];
(gdb) bt
#0  decompress_p (plinesize=<optimized out>, prev=0xb207f020, 
    linesize=<optimized out>, dst=0xb2040020, avctx=0x9a29940)
    at libavcodec/scpr.c:514
#1  decode_frame (avctx=0x9a29940, data=0x9a2bee0, got_frame=0xbfffe83c, 
    avpkt=0xbfffe7ac) at libavcodec/scpr.c:736
#2  0x08729af9 in avcodec_decode_video2 (avctx=0x9a29940, picture=0x9a2bee0, 
    got_picture_ptr=0xbfffe83c, avpkt=0xbfffe938) at libavcodec/utils.c:2263
#3  0x0872aa7d in do_decode (avctx=avctx@entry=0x9a29940, 
    pkt=pkt@entry=0xbfffe938) at libavcodec/utils.c:2796
#4  0x0872b850 in avcodec_send_packet (avctx=0x9a29940, avpkt=<optimized out>)
    at libavcodec/utils.c:2885
#5  0x080e8457 in decode (pkt=0xbfffe938, got_frame=0xbfffead4, 
    frame=<optimized out>, avctx=0x9a29940) at ffmpeg.c:2052
#6  decode_video (ist=ist@entry=0x9a29780, pkt=pkt@entry=0xbfffeb14, 
    got_output=got_output@entry=0xbfffead4, eof=0) at ffmpeg.c:2248
#7  0x080e9816 in process_input_packet (ist=0x9a29780, pkt=0xbfffed44, 
    no_eof=0) at ffmpeg.c:2491
#8  0x080c78e6 in process_input (file_index=<optimized out>) at ffmpeg.c:4251
#9  transcode_step () at ffmpeg.c:4339
#10 transcode () at ffmpeg.c:4393
#11 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4598
(gdb) 

[Elon Musk]

Fixed in 0a28c505063f0fdbfa24c28dc1e67704e10127b5.