Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#9908 closed defect (fixed)

Trigger assertion during converting mp4

Reported by: microfuzz Owned by:
Priority: important Component: swresample
Version: git-master Keywords: crash abort
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: yes

Description (last modified by microfuzz)

Summary of the bug:

I triggered an assertion failure during converting the mp4 file.
The sample is attached below.
How to reproduce:

% ./ffmpeg -f mp4 -i crash1.mp4 -f mxf aa37 -y

Full output log:
/home/microfuzz/FFmpeg/ffmpeg -f mp4 -i ~/ffmpeg_crashes/crash1.mp4 -f mxf aa37 -y
ffmpeg version git-2022-09-05-8913539 Copyright (c) 2000-2022 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=/home/microfuzz/MicroFuzz/benchmarks/fuzzers/AFLplusplus/afl-clang --cxx=/home/microfuzz/MicroFuzz/benchmarks/fuzzers/AFLplusplus/afl-clang++
  libavutil      57. 36.101 / 57. 36.101
  libavcodec     59. 42.104 / 59. 42.104
  libavformat    59. 30.101 / 59. 30.101
  libavdevice    59.  8.101 / 59.  8.101
  libavfilter     8. 48.100 /  8. 48.100
  libswscale      6.  8.104 /  6.  8.104
  libswresample   4.  9.100 /  4.  9.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] multiple fourcc not supported
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] overread end of atom 'stsd' by 1076899745 bytes
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] stream 0, timescale not set
[NULL @ 0x4b4fc40] Codec type or id mismatches
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] Failed to open codec in avformat_find_stream_info
[NULL @ 0x4b4fc40] Codec type or id mismatches
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] Failed to open codec in avformat_find_stream_info
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x4b44480] Could not find codec parameters for stream 1 (Audio: mpeg2video (mp4a / 0x6134706D), 12336 Hz, 12336 channels): unspecified sample format
Consider increasing the value for the 'analyzeduration' (0) and 'probesize' (5000000) options
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/home/microfuzz/ffmpeg_crashes/crash1.mp4':
  Metadata:
    major_brand     : 0000
    minor_version   : 808464432
    compatible_brands: 000
    creation_time   : 1995-08-15T05:27:12.000000Z
  Duration: 00:04:16.00, start: 0.000000, bitrate: 0 kb/s
  Stream #0:0[0x1]: Audio: pcm_u8 (raw  / 0x20776172), 12328 Hz, 255 channels, u8, 25149 kb/s (default)
    Metadata:
      handler_name    : 0000000000000
      vendor_id       : [0][0][0][0]
  Stream #0:1[0x1](lap): Audio: mpeg2video (mp4a / 0x6134706D), 12336 Hz, 12336 channels (default)
    Metadata:
      creation_time   : 2014-02-23T23:09:36.000000Z
      handler_name    : 0000000000000
      vendor_id       : [0][0]0[0]
    Side data:
      unknown side data type 24 (84 bytes)
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_u8 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[pcm_u8 @ 0x4b533c0] Multiple frames in a packet.
[auto_aresample_0 @ 0x4ba4680] [SWR @ 0x4ba47c0] Input channel layout "255 channels" is invalid or unsupported.
[auto_aresample_0 @ 0x4ba4680] [SWR @ 0x4ba47c0] Output channel layout "255 channels" is invalid or unsupported.
Assertion ctx->channels == out->ch_count failed at libswresample/audioconvert.c:202
[1]    255437 abort      ./ffmpeg -f mp4 -i ~/ffmpeg_crashes/crash1.mp4 -


ffmpeg version:
ffmpeg version git-2022-09-05-8913539 Copyright (c) 2000-2022 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)


built on:
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.6 LTS
Release:	18.04
Codename:	bionic

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (1)

crash1.mp4 (1.8 KB ) - added by microfuzz 2 years ago.
assertion sample

Download all attachments as: .zip

Change History (4)

by microfuzz, 2 years ago

Attachment: crash1.mp4 added

assertion sample

comment:1 by microfuzz, 2 years ago

Description: modified (diff)

comment:2 by James, 2 years ago

Analyzed by developer: set
Component: ffmpegswresample
Reproduced by developer: set
Resolution: fixed
Status: newclosed

comment:3 by Carl Eugen Hoyos, 2 years ago

Keywords: crash abort added
Note: See TracTickets for help on using tickets.