Opened 5 years ago

Closed 5 years ago

#890 closed defect (fixed)

OOM with fuzzed avi

Reported by: oanastratulat Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: avi
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description (last modified by michael)

Patch applied, thanks

Attachments (3)

valgrind.txt (3.2 KB) - added by oanastratulat 5 years ago.
crash2 (19.5 KB) - added by oanastratulat 5 years ago.
0001-Fixes-issue-890-OOM-with-zmbv-file.patch (1.1 KB) - added by oanastratulat 5 years ago.
Patch for the ticket

Download all attachments as: .zip

Change History (7)

Changed 5 years ago by oanastratulat

Changed 5 years ago by oanastratulat

comment:1 Changed 5 years ago by oanastratulat

==26566== Memcheck, a memory error detector
==26566== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26566== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==26566== Command: ./ffmpeg_g -i /Users/vladvladvictorvictor/Downloads/crash2 -f null -
==26566== 
--26566-- ./ffmpeg_g:
--26566-- dSYM directory is missing; consider using --dsymutil=yes
ffmpeg version N-36539-g4dfb74c Copyright (c) 2000-2012 the FFmpeg developers
  built on Jan  6 2012 20:24:09 with llvm_gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.1.00)
  configuration: samples='~/Desktop/fate-suite-ffmpeg/'
  libavutil      51. 34.100 / 51. 34.100
  libavcodec     53. 54.100 / 53. 54.100
  libavformat    53. 29.100 / 53. 29.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 57.101 /  2. 57.101
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  5.100 /  0.  5.100
Input #0, avi, from '/Users/vladvladvictorvictor/Downloads/crash2':
  Duration: 00:00:45.55, start: 0.000000, bitrate: 3 kb/s
    Stream #0:0: Video: zmbv (ZMBV / 0x56424D5A), rgb24, 320x200, 70.09 fps, 70.09 tbr, 70.09 tbn, 70.09 tbc
    Stream #0:1: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, 2 channels, s16, 1411 kb/s
[buffer @ 0x101141780] w:320 h:200 pixfmt:rgb24 tb:1/1000000 sar:0/1 sws_param:
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf53.29.100
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x200, q=2-31, 200 kb/s, 90k tbn, 70.09 tbc
    Stream #0:1: Audio: pcm_s16le, 44100 Hz, 2 channels, s16, 1411 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (zmbv -> rawvideo)
  Stream #0:1 -> #0:1 (pcm_s16le -> pcm_s16le)
Press [q] to stop, [?] for help
==26566== Use of uninitialised value of size 8
==26566==    at 0x1005776AE: decode_frame (in ./ffmpeg_g)
==26566== 
==26566== Use of uninitialised value of size 8
==26566==    at 0x1005776D3: decode_frame (in ./ffmpeg_g)
==26566== 
==26566== Use of uninitialised value of size 8
==26566==    at 0x1005776F9: decode_frame (in ./ffmpeg_g)
==26566== 
==26566== 
==26566== Process terminating with default action of signal 11 (SIGSEGV)
==26566==  General Protection Fault
==26566==    at 0x3B066CD: misaligned_stack_error_entering_dyld_stub_binder (in /usr/lib/system/libdyld.dylib)
==26566==    by 0x10077002F: ??? (in ./ffmpeg_g)
==26566==    by 0x5B3: ???
==26566==    by 0x10000377D: sigterm_handler (in ./ffmpeg_g)
==26566== 
==26566== HEAP SUMMARY:
==26566==     in use at exit: 70,982,369 bytes in 858,069 blocks
==26566==   total heap usage: 858,835 allocs, 766 frees, 72,545,803 bytes allocated
==26566== 
==26566== LEAK SUMMARY:
==26566==    definitely lost: 18 bytes in 1 blocks
==26566==    indirectly lost: 0 bytes in 0 blocks
==26566==      possibly lost: 0 bytes in 0 blocks
==26566==    still reachable: 70,982,351 bytes in 858,068 blocks
==26566==         suppressed: 0 bytes in 0 blocks
==26566== Rerun with --leak-check=full to see details of leaked memory
==26566== 
==26566== For counts of detected and suppressed errors, rerun with: -v
==26566== Use --track-origins=yes to see where uninitialised values come from
==26566== ERROR SUMMARY: 192000 errors from 3 contexts (suppressed: 448 from 8)
Segmentation fault: 11

comment:2 Changed 5 years ago by cehoyos

  • Component changed from FFmpeg to undetermined
  • Keywords avi added
  • Reproduced by developer set
  • Status changed from new to open
  • Summary changed from Use of uninitialised value of size 8 with zmbv file to OOM with fuzzed avi

Changed 5 years ago by oanastratulat

Patch for the ticket

comment:3 Changed 5 years ago by cehoyos

Please send patches to ffmpeg-devel, they are easily missed here (also because trac sends no emails for attachments).

comment:4 Changed 5 years ago by michael

  • Description modified (diff)
  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.