[FFmpeg-trac] #2925(undetermined:open): wmav2: deadlock with fuzzed file
FFmpeg
trac at avcodec.org
Sun Sep 1 16:38:14 CEST 2013
#2925: wmav2: deadlock with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: open
Priority: important | Component:
Version: git-master | undetermined
Keywords: wmav2 | Resolution:
deadlock regression | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* keywords: => wmav2 deadlock regression
* priority: normal => important
* version: unspecified => git-master
* status: new => open
* reproduced: 0 => 1
Comment:
Regression since 1bdc212 / 8cfbbd9
{{{
(gdb) r -i wmav2_dead.wmv -vn -f null -
Starting program: ffmpeg_g -i wmav2_dead.wmv -vn -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-55950-g8901f48 Copyright (c) 2000-2013 the FFmpeg
developers
built on Sep 1 2013 16:34:25 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 43.100 / 52. 43.100
libavcodec 55. 30.100 / 55. 30.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[asf @ 0x16e6880] ff asf bad header 8a at:5440
[asf @ 0x16e6880] ff asf skip 1218 (unknown stream)
[asf @ 0x16e6880] unexpected packet_replic_size of 3
[asf @ 0x16e6880] ff asf skip 1220 (unknown stream)
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header 63 at:47698
[asf @ 0x16e6880] invalid packet_length -1127480349 at:47702
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf skip 0 (unknown stream)
Last message repeated 3 times
[asf @ 0x16e6880] ff asf bad header 90 at:53712
[asf @ 0x16e6880] invalid padsize 42126 at:53713
[asf @ 0x16e6880] invalid padsize 1278 at:54964
[asf @ 0x16e6880] ff asf bad header c4 at:57418
[asf @ 0x16e6880] packet_replic_size 8519681 is invalid
[asf @ 0x16e6880] ff asf bad header 10 at:122924
[asf @ 0x16e6880] invalid padsize 27664 at:122925
[asf @ 0x16e6880] ff asf bad header f3 at:188290
[asf @ 0x16e6880] invalid packet_length -1513297106 at:188296
[asf @ 0x16e6880] ff asf bad header d5 at:253418
[asf @ 0x16e6880] invalid padsize 33353 at:253423
[asf @ 0x16e6880] packet_frag_size is invalid (69-10)
[asf @ 0x16e6880] ff asf bad header 0 at:319912
[asf @ 0x16e6880] packet_replic_size 37457 is invalid
[asf @ 0x16e6880] ff asf bad header 5a at:321180
[asf @ 0x16e6880] invalid padsize -293877938 at:321186
[asf @ 0x16e6880] ff asf bad header a1 at:322470
[asf @ 0x16e6880] packet_replic_size 74 is invalid
[asf @ 0x16e6880] ff asf bad header 5d at:323830
[asf @ 0x16e6880] invalid padsize 316529875 at:323837
[asf @ 0x16e6880] ff asf bad header 8 at:325292
[asf @ 0x16e6880] packet_replic_size 52693 is invalid
[asf @ 0x16e6880] ff asf bad header e6 at:326984
[asf @ 0x16e6880] invalid packet_length 1529179864 at:326991
[asf @ 0x16e6880] ff asf bad header de at:329126
[asf @ 0x16e6880] invalid padsize -1445783319 at:329135
[asf @ 0x16e6880] ff asf bad header 7f at:330938
[asf @ 0x16e6880] invalid packet_length -1892764079 at:330949
[asf @ 0x16e6880] ff asf bad header c2 at:333510
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header d9 at:338408
[asf @ 0x16e6880] invalid padsize 1188097748 at:338413
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf skip 1220 (unknown stream)
[asf @ 0x16e6880] invalid padsize 5310 at:343418
[asf @ 0x16e6880] ff asf bad header c at:343428
[asf @ 0x16e6880] packet_replic_size 54347 is invalid
[asf @ 0x16e6880] ff asf bad header 44 at:344688
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 34608 at:355800
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 1468 at:359512
[asf @ 0x16e6880] ff asf bad header 80 at:363222
[asf @ 0x16e6880] ff asf skip 1229 (unknown stream)
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header 4 at:364466
[asf @ 0x16e6880] ff asf skip 1225 (unknown stream)
[asf @ 0x16e6880] ff asf bad header 0 at:365710
[asf @ 0x16e6880] unexpected packet_replic_size of 2
[asf @ 0x16e6880] ff asf bad header 35 at:366964
[asf @ 0x16e6880] packet_replic_size 4736 is invalid
[asf @ 0x16e6880] ff asf bad header b6 at:368248
[asf @ 0x16e6880] invalid padsize 32900 at:368254
[asf @ 0x16e6880] ff asf bad header 6d at:369550
[asf @ 0x16e6880] invalid packet_length 998078948 at:369556
[asf @ 0x16e6880] ff asf bad header de at:370916
[asf @ 0x16e6880] invalid padsize 711446516 at:370925
[asf @ 0x16e6880] ff asf bad header a1 at:372416
[asf @ 0x16e6880] ff asf bad header 9f at:374182
[asf @ 0x16e6880] invalid padsize -1026936850 at:374189
[asf @ 0x16e6880] ff asf bad header be at:376476
[asf @ 0x16e6880] invalid padsize 2055202886 at:376484
[asf @ 0x16e6880] ff asf bad header c2 at:379316
[asf @ 0x16e6880] freeing incomplete packet size 4962, new 23
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad header 0 at:385528
[asf @ 0x16e6880] ff asf skip 1229 (unknown stream)
[asf @ 0x16e6880] ff asf bad header 48 at:386788
[asf @ 0x16e6880] packet_replic_size 127541202 is invalid
[asf @ 0x16e6880] ff asf bad header f2 at:420378
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header ad at:454098
[asf @ 0x16e6880] invalid padsize 252 at:454101
[asf @ 0x16e6880] ff asf bad header 52 at:488118
[asf @ 0x16e6880] packet_replic_size 1811351201 is invalid
[asf @ 0x16e6880] ff asf bad header 23 at:507954
[asf @ 0x16e6880] packet_replic_size 63176 is invalid
[asf @ 0x16e6880] invalid padsize 49516 at:509312
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 49812 at:513026
[asf @ 0x16e6880] invalid padsize -748944202 at:515502
[asf @ 0x16e6880] ff asf bad header 83 at:519210
[asf @ 0x16e6880] ff asf skip 0 (unknown stream)
Last message repeated 1 times
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 50913 at:525406
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header 2a at:530310
[asf @ 0x16e6880] invalid padsize 233 at:530312
[asf @ 0x16e6880] ff asf bad header 19 at:532706
[asf @ 0x16e6880] invalid padsize 1397656782 at:532709
[asf @ 0x16e6880] invalid padsize 276 at:534071
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 39172 at:537785
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] packet fragment position invalid 1208017424,24 not in 2
[asf @ 0x16e6880] ff asf bad header 99 at:546398
[asf @ 0x16e6880] invalid padsize -549495214 at:546401
[asf @ 0x16e6880] ff asf bad header 80 at:548922
[asf @ 0x16e6880] ff asf skip 1229 (unknown stream)
[asf @ 0x16e6880] packet_replic_size 169 is invalid
[asf @ 0x16e6880] ff asf bad header 40 at:552656
[asf @ 0x16e6880] packet_replic_size 512 is invalid
[asf @ 0x16e6880] ff asf bad header 95 at:553920
[asf @ 0x16e6880] invalid padsize 40953 at:553923
[asf @ 0x16e6880] ff asf bad header 86 at:555196
[asf @ 0x16e6880] packet_replic_size 57737 is invalid
[asf @ 0x16e6880] ff asf bad header 60 at:556536
[asf @ 0x16e6880] invalid packet_length 1569834841 at:556539
[asf @ 0x16e6880] ff asf bad header cf at:557948
[asf @ 0x16e6880] packet_replic_size 152372822 is invalid
[asf @ 0x16e6880] ff asf bad header b6 at:618384
[asf @ 0x16e6880] invalid padsize 21489 at:618390
[asf @ 0x16e6880] ff asf bad header 35 at:678564
[asf @ 0x16e6880] invalid padsize 12003 at:678568
[asf @ 0x16e6880] ff asf bad header 12 at:739496
[asf @ 0x16e6880] invalid padsize 33388 at:739498
[asf @ 0x16e6880] ff asf bad header 8c at:799456
[asf @ 0x16e6880] packet_replic_size 59592 is invalid
[asf @ 0x16e6880] ff asf bad header 80 at:801164
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] invalid padsize 1253 at:806430
[asf @ 0x16e6880] ff asf skip 3 (unknown stream)
[asf @ 0x16e6880] invalid padsize 896804030 at:812622
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] invalid padsize 33972 at:817572
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad header 0 at:823780
[asf @ 0x16e6880] ff asf skip 1229 (unknown stream)
[asf @ 0x16e6880] ff asf bad header 35 at:825040
[asf @ 0x16e6880] invalid padsize 10333 at:825044
[asf @ 0x16e6880] ff asf bad header 69 at:825098
[asf @ 0x16e6880] invalid packet_length -819551906 at:825102
[asf @ 0x16e6880] ff asf bad header 10 at:825214
[asf @ 0x16e6880] invalid padsize 57801 at:825215
[asf @ 0x16e6880] ff asf bad header 13 at:825440
[asf @ 0x16e6880] invalid padsize 52806 at:825442
[asf @ 0x16e6880] ff asf bad header b3 at:825894
[asf @ 0x16e6880] invalid padsize 11797 at:825897
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] ff asf bad header 83 at:829948
[asf @ 0x16e6880] ff asf skip 0 (unknown stream)
[asf @ 0x16e6880] invalid padsize 1278 at:831190
[asf @ 0x16e6880] invalid padsize 15584 at:832430
[asf @ 0x16e6880] invalid padsize 15784 at:834906
[asf @ 0x16e6880] ff asf bad header 43 at:837368
[asf @ 0x16e6880] ff asf skip 0 (unknown stream)
Last message repeated 1 times
[asf @ 0x16e6880] packet fragment position invalid 512,0 not in 0
[asf @ 0x16e6880] ff asf skip 0 (unknown stream)
Last message repeated 13 times
[asf @ 0x16e6880] ff asf bad header a7 at:874962
[asf @ 0x16e6880] packet_replic_size 209 is invalid
[asf @ 0x16e6880] ff asf bad header 1f at:876656
[asf @ 0x16e6880] invalid padsize 473893035 at:876663
[asf @ 0x16e6880] ff asf bad header d at:878788
[asf @ 0x16e6880] packet_frag_size is invalid (1111-9)
[asf @ 0x16e6880] ff asf bad header 4f at:880602
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad non zero
[asf @ 0x16e6880] packet_frag_size is invalid (36-10)
[asf @ 0x16e6880] ff asf bad header 8 at:910438
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad header f6 at:911714
[asf @ 0x16e6880] invalid packet_length -381568174 at:911723
[asf @ 0x16e6880] ff asf bad header 4c at:913016
[asf @ 0x16e6880] packet_obj_size invalid
[asf @ 0x16e6880] ff asf bad header 5e at:937480
[asf @ 0x16e6880] invalid padsize -27015494 at:937489
[asf @ 0x16e6880] ff asf bad header 18 at:961624
[asf @ 0x16e6880] invalid padsize -377878436 at:961627
[asf @ 0x16e6880] invalid padsize 1074 at:962087
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, asf, from 'wmav2_dead.wmv':
Metadata:
WMFSDKVersion : 7.01.00.3055
WMFSDKNeeded : 0.0.0.0000
Duration: 00:02:12.53, start: 0.192000, bitrate: 59 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 8000 Hz, mono, fltp,
0 kb/s
Stream #0:1: Video: mss1 (MSS1 / 0x3153534D), pal8, 1024x768, 48.92
tbr, 1k tbn, 1k tbc
[New Thread 0x7ffff59eb700 (LWP 7009)]
[New Thread 0x7ffff51ea700 (LWP 7010)]
[New Thread 0x7ffff49e9700 (LWP 7011)]
[New Thread 0x7ffff41e8700 (LWP 7012)]
[New Thread 0x7ffff39e7700 (LWP 7013)]
[New Thread 0x7ffff31e6700 (LWP 7014)]
[New Thread 0x7ffff29e5700 (LWP 7015)]
[New Thread 0x7ffff21e4700 (LWP 7016)]
[New Thread 0x7ffff19e3700 (LWP 7017)]
Output #0, null, to 'pipe:':
Metadata:
WMFSDKVersion : 7.01.00.3055
WMFSDKNeeded : 0.0.0.0000
encoder : Lavf55.15.100
Stream #0:0: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (wmav2 -> pcm_s16le)
Press [q] to stop, [?] for help
Multiple frames in a packet from stream 0
[null @ 0x16e8ec0] Application provided invalid, non monotonically
increasing dts to muxer in stream 0: 388800 >= 383040
[null @ 0x16e8ec0] Application provided invalid, non monotonically
increasing dts to muxer in stream 0: 388800 >= 388800
[wmav2 @ 0x16e7420] overflow in spectral RLE, ignoring
Last message repeated 5 times
Program received signal SIGINT, Interrupt.
get_bits (n=7, s=0x170bec8) at libavcodec/get_bits.h:261
261 tmp = SHOW_UBITS(re, s, n);
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2925#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list