Opened 7 years ago

Closed 7 years ago

#6502 closed defect (fixed)

interplayvideo: deadlock with fuzzed file 2

Reported by: ami_stuff Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

(gdb) r -i eg12_fuzz2.mve -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i eg12_fuzz2.mve -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.3.git Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      55. 67.100 / 55. 67.100
  libavcodec     57.100.102 / 57.100.102
  libavformat    57. 75.100 / 57. 75.100
  libavdevice    57.  7.100 / 57.  7.100
  libavfilter     6. 94.100 /  6. 94.100
  libswscale      4.  7.101 /  4.  7.101
  libswresample   2.  8.100 /  2.  8.100
  libpostproc    54.  6.100 / 54.  6.100
Input #0, ipmovie, from 'eg12_fuzz2.mve':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: interplayvideo, pal8, 2336x224, 1000k tbr, 1000k tbn, 1000k tbc
    Stream #0:1: Audio: pcm_u8, 11025 Hz, mono, u8, 88 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (interplayvideo (native) -> wrapped_avframe (native))
  Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[New Thread 0xb7596b40 (LWP 8407)]
[New Thread 0xb6d95b40 (LWP 8408)]
[New Thread 0xb6594b40 (LWP 8409)]
[New Thread 0xb5d93b40 (LWP 8410)]
[New Thread 0xb5592b40 (LWP 8411)]
[New Thread 0xb4d91b40 (LWP 8412)]
[New Thread 0xb4590b40 (LWP 8413)]
[New Thread 0xb3d8fb40 (LWP 8414)]
[New Thread 0xb358eb40 (LWP 8415)]

Program received signal SIGINT, Interrupt.
0x08564565 in bytestream2_get_le16 (g=<synthetic pointer>)
    at libavcodec/bytestream.h:90
90	DEF(unsigned int, le16, 2, AV_RL16, AV_WL16)
(gdb) bt
#0  0x08564565 in bytestream2_get_le16 (g=<synthetic pointer>)
    at libavcodec/bytestream.h:90
#1  ipvideo_decode_format_10_opcodes (frame=<optimized out>, s=<optimized out>)
    at libavcodec/interplayvideo.c:1053
#2  ipvideo_decode_frame (avctx=0x9a80d00, data=0x9a95e40, 
    got_frame=0xbfffe424, avpkt=0xbfffe42c) at libavcodec/interplayvideo.c:1321
#3  0x084100b6 in decode_simple_internal (avctx=avctx@entry=0x9a80d00, 
    frame=frame@entry=0x9a95e40) at libavcodec/decode.c:417
#4  0x08410bc1 in decode_simple_receive_frame (frame=<optimized out>, 
    avctx=<optimized out>) at libavcodec/decode.c:620
#5  decode_receive_frame_internal (frame=0x9a95e40, avctx=0x9a80d00)
    at libavcodec/decode.c:638
#6  avcodec_send_packet (avctx=0x9a80d00, avpkt=0xbfffe518)
    at libavcodec/decode.c:678
#7  0x080e5663 in decode (pkt=0xbfffe518, got_frame=0xbfffe680, 
    frame=<optimized out>, avctx=0x9a80d00) at ffmpeg.c:2265
#8  decode_video (ist=ist@entry=0x9a96d80, pkt=pkt@entry=0xbfffe6c4, 
    got_output=got_output@entry=0xbfffe680, eof=0, decode_failed=0xbfffe684)
    at ffmpeg.c:2409
#9  0x080e731a in process_input_packet (ist=0x9a96d80, pkt=0xbfffe8e4, 
    no_eof=0) at ffmpeg.c:2644
#10 0x080e8f8b in process_input (file_index=<optimized out>) at ffmpeg.c:4432
#11 transcode_step () at ffmpeg.c:4543
---Type <return> to continue, or q <return> to quit---
#12 transcode () at ffmpeg.c:4597
#13 0x080c5349 in main (argc=<optimized out>, argv=<optimized out>)
    at ffmpeg.c:4803
(gdb) 

Attachments (1)

eg12_fuzz2.mve (2.4 MB ) - added by ami_stuff 7 years ago.

Change History (2)

by ami_stuff, 7 years ago

Attachment: eg12_fuzz2.mve added

comment:1 by Elon Musk, 7 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.