#9906 closed defect (fixed)
flac parser asserts on flac file with large hole of zero bytes
| Reported by: | Mattias Wadman | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | flac crash abort |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
Corrupt flac files with large hole of zero bytes causes libavcodec flac parser to assert.
How to reproduce:
# create a 540MB test file with a large (> 0x20000000) zero bytes hole in the middle $ ffmpeg -y -f lavfi -i anoisesrc -t 4000 test.flac $ dd if=/dev/zero conv=notrunc of=test.flac oseek=20000 bs=1024 count=540000 # try decode it $ ffmpeg -i test.flac -f null - ... Assertion index > -0x20000000 failed at libavcodec/parser.c:165
Reproducible with 5.1.1 and master (b881d2db8892e88a625dfa4ac2d5b8ca53ab9595)
The large negative error code seems to come here https://github.com/FFmpeg/FFmpeg/blob/master/libavcodec/flac_parser.c#L653. Based on the assert and comment in libavcodec/parser.c i get a feeling there should be some limit on position delta or pos should be signalled in some other way?
Change History (2)
comment:1 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 by , 2 years ago
| Keywords: | flac crash abort added |
|---|---|
| Priority: | normal → important |
Note:
See TracTickets
for help on using tickets.
Fixed in cf2cf31805448dd11692313440a21821773a6128