Opened 6 years ago

Closed 6 years ago

#6831 closed defect (fixed)

tivo: crash with fuzzed file 2

Reported by: ami_stuff Owned by:
Priority: important Component: avformat
Version: git-master Keywords: tivo crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

https://files.fm/u/78wzjjsx

(gdb) r -i f/ty/scheduled_fuzz.ty+
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i f/ty/scheduled_fuzz.ty+
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.4.git Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-gpl --disable-ffprobe --disable-ffplay --disable-ffserver
  libavutil      56.  0.100 / 56.  0.100
  libavcodec     58.  2.100 / 58.  2.100
  libavformat    58.  2.100 / 58.  2.100
  libavdevice    58.  0.100 / 58.  0.100
  libavfilter     7.  0.101 /  7.  0.101
  libswscale      5.  0.101 /  5.  0.101
  libswresample   3.  0.101 /  3.  0.101
  libpostproc    55.  0.100 / 55.  0.100

Program received signal SIGSEGV, Segmentation fault.
0x08388b88 in parse_master (s=0x9aa91a0) at libavformat/ty.c:381
381	        ty->seq_table[j].timestamp = AV_RB64(ty->chunk + ty->cur_chunk_pos);
(gdb) bt
#0  0x08388b88 in parse_master (s=0x9aa91a0) at libavformat/ty.c:381
#1  get_chunk (s=<optimized out>) at libavformat/ty.c:414
#2  ty_read_packet (s=0x9aa91a0, pkt=0xbfffe7e8) at libavformat/ty.c:729
#3  0x0838f4c2 in ff_read_packet (s=0x9aa91a0, pkt=0xbfffe7e8)
    at libavformat/utils.c:823
#4  0x0839305c in read_frame_internal (s=s@entry=0x9aa91a0, 
    pkt=pkt@entry=0xbfffea54) at libavformat/utils.c:1526
#5  0x08398506 in avformat_find_stream_info (ic=0x9aa91a0, options=0x9aa97e0)
    at libavformat/utils.c:3704
#6  0x080cc2a1 in open_input_file (o=o@entry=0xbfffed58, 
    filename=<optimized out>) at fftools/ffmpeg_opt.c:1078
#7  0x080ce56d in open_files (l=0x9aa902c, l=0x9aa902c, 
    open_file=0x80caf90 <open_input_file>, inout=0x8d95be9 "input")
    at fftools/ffmpeg_opt.c:3281
#8  ffmpeg_parse_options (argc=3, argv=0xbffff144) at fftools/ffmpeg_opt.c:3321
#9  0x080c6a4a in main (argc=3, argv=0xbffff144) at fftools/ffmpeg.c:4775
(gdb) 

Attachments (1)

scheduled_fuzz_cut.ty (2.4 MB ) - added by Carl Eugen Hoyos 6 years ago.

Change History (3)

comment:1 by Carl Eugen Hoyos, 6 years ago

Component: undeterminedavformat
Keywords: tivo crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

by Carl Eugen Hoyos, 6 years ago

Attachment: scheduled_fuzz_cut.ty added

comment:2 by Carl Eugen Hoyos, 6 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.