Opened 7 years ago
Closed 7 years ago
#6618 closed defect (duplicate)
flac: infinite loop with fuzzed file
| Reported by: | jrummell | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
The attached file (generated by Chrome's fuzzers) causes an infinite loop. Original bug https://crbug.com/714370
How to reproduce:
ffmpeg -i testcase.flac dummy.mp4 ffmpeg version N-87069-g1e34019d62 Copyright (c) 2000-2017 the FFmpeg developers built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.3) configuration: ... libavutil 55. 74.100 / 55. 74.100 libavcodec 57.103.100 / 57.103.100 libavformat 57. 77.100 / 57. 77.100 libavdevice 57. 7.101 / 57. 7.101 libavfilter 6.100.100 / 6.100.100 libswscale 4. 7.103 / 4. 7.103 libswresample 2. 8.100 / 2. 8.100 libpostproc 54. 6.100 / 54. 6.100 [flac @ 0x3397360] Format flac detected only with low score of 13, misdetection possible! ... [NULL @ 0x2d998a0] crc check failed from offset 0 (frame 1) to 6 (frame 1) [NULL @ 0x2d998a0] sample/frame number mismatch in adjacent frames
In tracing through the code flac_parse() gets a buffer of 2 bytes, and ends up in handle_error:, returning 0. Code in parse_packet() detects that nothing is returned, and tries to parse the same 2 bytes again.
Attachments (1)
Change History (2)
by , 7 years ago
| Attachment: | testcase.flac added |
|---|
comment:1 by , 7 years ago
| Priority: | normal → important |
|---|---|
| Resolution: | → duplicate |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Duplicate of ticket #6112.