[FFmpeg-trac] #2923(avcodec:open): ffv1: invalid read
FFmpeg
trac at avcodec.org
Sun Sep 1 13:49:17 CEST 2013
#2923: ffv1: invalid read
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: ffv1 crash | Blocked By:
SIGSEGV regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avcodec
* priority: normal => important
* version: unspecified => git-master
* keywords: ffv1 => ffv1 crash SIGSEGV regression
Comment:
My first download was corrupted.
{{{
(gdb) r -threads 4 -i ffv1_fuzz2.avi -f null -
Starting program: ffmpeg_g -threads 4 -i ffv1_fuzz2.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-55944-g7c18058 Copyright (c) 2000-2013 the FFmpeg
developers
built on Sep 1 2013 13:14:38 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 43.100 / 52. 43.100
libavcodec 55. 30.100 / 55. 30.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[avi @ 0x16e6a20] Something went wrong during header parsing, I will
ignore it and try to continue anyway.
[ffv1 @ 0x16e7440] Cannot decode non-keyframe without valid keyframe
Last message repeated 1 times
[ffv1 @ 0x16e7440] read_quant_table error
Input #0, avi, from 'ffv1_fuzz2.avi':
Metadata:
encoder : Lavf55.13.101
Duration: 00:00:12.64, start: 0.000000, bitrate: 5802 kb/s
Stream #0:0: Video: ffv1 (FFV1 / 0x31564646), yuv410p, 320x240, 23.98
fps, 23.97 tbr, 23.97 tbn, 23.97 tbc
[New Thread 0x7ffff57e2700 (LWP 3092)]
[New Thread 0x7ffff4fe1700 (LWP 3093)]
[New Thread 0x7ffff47e0700 (LWP 3094)]
[New Thread 0x7ffff3fdf700 (LWP 3095)]
[New Thread 0x7ffff37de700 (LWP 3096)]
[New Thread 0x7ffff2fdd700 (LWP 3097)]
[New Thread 0x7ffff27dc700 (LWP 3098)]
[New Thread 0x7ffff1fdb700 (LWP 3099)]
[New Thread 0x7ffff17da700 (LWP 3100)]
[New Thread 0x7ffff0fd9700 (LWP 3101)]
[New Thread 0x7ffff07d8700 (LWP 3102)]
[New Thread 0x7fffeffd7700 (LWP 3103)]
[New Thread 0x7fffef7d6700 (LWP 3104)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.15.100
Stream #0:0: Video: rawvideo (YUV9 / 0x39565559), yuv410p, 320x240,
q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (ffv1 -> rawvideo)
Press [q] to stop, [?] for help
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] read_quant_table error
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dd840] Invalid change of global parameters
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dd840] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16d9f40] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dc780] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x16dcfe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 1 times
[null @ 0x16e8880] Encoder did not produce proper pts, making some up.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0fd9700 (LWP 3101)]
0x00000000006b6acb in get_vlc_symbol (state=0x0, gb=0x1713898,
bits=<optimized out>)
at libavcodec/ffv1dec.c:74
74 while (i < state->error_sum) { // FIXME: optimize
(gdb) print state
$1 = (VlcState * const) 0x0
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6b6aab to 0x6b6aeb:
0x00000000006b6aab <decode_plane+1579>: and $0xc,%al
0x00000000006b6aad <decode_plane+1581>: xor %ebp,%ebp
0x00000000006b6aaf <decode_plane+1583>: test %ebx,%ebx
0x00000000006b6ab1 <decode_plane+1585>: jns 0x6b6792
<decode_plane+786>
0x00000000006b6ab7 <decode_plane+1591>: movslq %edi,%rdi
0x00000000006b6aba <decode_plane+1594>: mov 0xa10(%rdx),%rcx
0x00000000006b6ac1 <decode_plane+1601>: lea (%rdi,%rdi,2),%rsi
0x00000000006b6ac5 <decode_plane+1605>: lea (%rcx,%rsi,2),%rdi
0x00000000006b6ac9 <decode_plane+1609>: xor %esi,%esi
=> 0x00000000006b6acb <decode_plane+1611>: movzwl 0x2(%rdi),%ebx
0x00000000006b6acf <decode_plane+1615>: movzbl 0x5(%rdi),%ecx
0x00000000006b6ad3 <decode_plane+1619>: movzwl %bx,%r8d
0x00000000006b6ad7 <decode_plane+1623>: cmp %r8d,%ecx
0x00000000006b6ada <decode_plane+1626>: jge 0x6b6aea
<decode_plane+1642>
0x00000000006b6adc <decode_plane+1628>: nopl 0x0(%rax)
0x00000000006b6ae0 <decode_plane+1632>: add %ecx,%ecx
0x00000000006b6ae2 <decode_plane+1634>: add $0x1,%esi
0x00000000006b6ae5 <decode_plane+1637>: cmp %r8d,%ecx
0x00000000006b6ae8 <decode_plane+1640>: jl 0x6b6ae0
<decode_plane+1632>
0x00000000006b6aea <decode_plane+1642>: mov 0x248(%r14),%r11d
End of assembler dump.
(gdb) info register
rax 0x16dab72 23964530
rbx 0xffffffff 4294967295
rcx 0x0 0
rdx 0x1714998 24201624
rsi 0x0 0
rdi 0x0 0
rbp 0x0 0x0
rsp 0x7ffff0fd8b40 0x7ffff0fd8b40
r8 0x0 0
r9 0x0 0
r10 0x1 1
r11 0x34910 215312
r12 0x0 0
r13 0x1713670 24196720
r14 0x1713660 24196704
r15 0x16da8e4 23963876
rip 0x6b6acb 0x6b6acb <decode_plane+1611>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2923#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list