[FFmpeg-trac] #123(FFplay:new): Fuzzed sample crashes ffplay

FFmpeg trac at avcodec.org
Tue Apr 26 20:54:32 CEST 2011 

#123: Fuzzed sample crashes ffplay
----------------------+---------------------
  Reporter:  cehoyos  |      Owner:  michael
      Type:  defect   |     Status:  new
  Priority:  normal   |  Component:  FFplay
   Version:  git      |   Keywords:
Blocked By:           |   Blocking:
Reproduced:  0        |   Analyzed:  0
----------------------+---------------------
 The sample from ticket #74 now crashes ffplay, no useful backtrace,
 valgrind shows some invalid reads.
 {{{
 $ valgrind ./ffplay_g crash_pirateszz_2_s25_r003.fuzz.sample
 ==14017== Memcheck, a memory error detector
 ==14017== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
 ==14017== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright
 info
 ==14017== Command: ./ffplay_g crash_pirateszz_2_s25_r003.fuzz.sample
 ==14017==
 ffplay version git-N-29391-gd84f191, Copyright (c) 2003-2011 the FFmpeg
 developers
   built on Apr 26 2011 20:33:16 with gcc 4.5.2
   configuration: --cc='/usr/local/gcc-4.5.2/bin/gcc -m32' --enable-gpl
   libavutil    51.  0. 0 / 51.  0. 0
   libavcodec   53.  1. 0 / 53.  1. 0
   libavformat  53.  0. 3 / 53.  0. 3
   libavdevice  53.  0. 0 / 53.  0. 0
   libavfilter   2.  0. 0 /  2.  0. 0
   libswscale    0. 13. 0 /  0. 13. 0

 ...

 Input #0, mpegvideo, from 'crash_pirateszz_2_s25_r003.fuzz.sample':
   Duration: 00:00:08.35, bitrate: 9800 kb/s
     Stream #0.0: Video: mpeg2video (4:2:2), yuv420p, 720x4576 [PAR
 4576:405 DAR 16:9], 9800 kb/s, 17.53 fps, 3.33 tbr, 1200k tbn, 6.66 tbc

 ...

 ==14017== Invalid read of size 1
 ==14017==    at 0x644C138: memcpy (in
 /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
 ==14017==    by 0x85BC128: av_image_copy (imgutils.c:230)
 ==14017==  Address 0xf02292f is not stack'd, malloc'd or (recently) free'd
 ==14017==
 ==14017== Invalid read of size 1
 ==14017==    at 0x644C142: memcpy (in
 /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
 ==14017==    by 0x85BC128: av_image_copy (imgutils.c:230)
 ==14017==  Address 0xf02292e is not stack'd, malloc'd or (recently) free'd
 ==14017==
 ==14017== Invalid read of size 1
 ==14017==    at 0x644C14B: memcpy (in
 /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
 ==14017==    by 0x85BC128: av_image_copy (imgutils.c:230)
 ==14017==  Address 0xf02292d is not stack'd, malloc'd or (recently) free'd
 ==14017==
 ==14017== Invalid read of size 1
 ==14017==    at 0x644C154: memcpy (in
 /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
 ==14017==    by 0x85BC128: av_image_copy (imgutils.c:230)
 ==14017==  Address 0xf02292c is not stack'd, malloc'd or (recently) free'd
 ==14017==
 }}}

-- 
Ticket URL: <https://avcodec.org/trac/ffmpeg/ticket/123>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list