[FFmpeg-trac] #2987(undetermined:new): wmapro: deadlock with fuzzed file

FFmpeg trac at avcodec.org
Sun Sep 22 18:48:18 CEST 2013 

#2987: wmapro: deadlock with fuzzed file
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 (gdb) r -threads 1 -i ./wmapro_dead.wma -f null -
 Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -threads 1 -i
 ./wmapro_dead.wma -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
   built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-
 ffserver
   libavutil      52. 44.100 / 52. 44.100
   libavcodec     55. 31.101 / 55. 31.101
   libavformat    55. 18.100 / 55. 18.100
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 86.101 /  3. 86.101
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 Input #0, asf, from './wmapro_dead.wma':
   Metadata:
     WMFSDKNeeded    : 0.0.0.0000
     WMFSDKVersion   : 11.0.5721.5275
     IsVBR           : 0
   Duration: 00:00:30.06, start: 0.000000, bitrate: 168 kb/s
     Stream #0:0(pol): Audio: wmapro (b[1][0][0] / 0x0162), 44100 Hz,
 stereo, fltp, 160 kb/s
 [New Thread 0xb7dd1b70 (LWP 28174)]
 [New Thread 0xb75d1b70 (LWP 28175)]
 [New Thread 0xb6dd1b70 (LWP 28176)]
 [New Thread 0xb65d1b70 (LWP 28177)]
 [New Thread 0xb5dd1b70 (LWP 28178)]
 [New Thread 0xb55d1b70 (LWP 28180)]
 [New Thread 0xb4dd1b70 (LWP 28181)]
 [New Thread 0xb45d1b70 (LWP 28182)]
 [New Thread 0xb3dd1b70 (LWP 28183)]
 Output #0, null, to 'pipe:':
   Metadata:
     WMFSDKNeeded    : 0.0.0.0000
     WMFSDKVersion   : 11.0.5721.5275
     IsVBR           : 0
     encoder         : Lavf55.18.100
     Stream #0:0(pol): Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
 Stream mapping:
   Stream #0:0 -> #0:0 (wmapro -> pcm_s16le)
 Press [q] to stop, [?] for help
 Multiple frames in a packet from stream 0
 [wmapro @ 0x91159c0] Reserved bit is not implemented. Update your FFmpeg
 version to the newest one from Git. If the problem still occurs, it means
 that your file has a feature which has not been implemented.
 [wmapro @ 0x91159c0] If you want to help, upload a sample of this file to
 ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel
 mailing list.
 Error while decoding stream #0:0: Invalid data found when processing input
 [wmapro @ 0x91159c0] frame[14] would have to skip 1000 bits
 [wmapro @ 0x91159c0] frame[24] would have to skip 4346 bits
 Error while decoding stream #0:0: Invalid data found when processing input
 [wmapro @ 0x91159c0] overflow in spectral RLE, ignoring
 [wmapro @ 0x91159c0] frame[25] would have to skip -9 bits
 Error while decoding stream #0:0: Invalid data found when processing input

 Program received signal SIGINT, Interrupt.
 decode_tilehdr (s=0x91442e0) at libavcodec/wmaprodec.c:589
 589                 if (contains_subframe[c]) {
 (gdb) bt
 #0  decode_tilehdr (s=0x91442e0) at libavcodec/wmaprodec.c:589
 #1  decode_frame (s=s at entry=0x91442e0, frame=frame at entry=0x91049e0,
     got_frame_ptr=got_frame_ptr at entry=0xbffff4e4)
     at libavcodec/wmaprodec.c:1333
 #2  0x08726279 in decode_packet (avctx=0x91159c0, data=0x91049e0,
     got_frame_ptr=0xbffff4e4, avpkt=0xbffff1f8) at
 libavcodec/wmaprodec.c:1607
 #3  0x0867aa85 in avcodec_decode_audio4 (avctx=avctx at entry=0x91159c0,
     frame=frame at entry=0x91049e0,
 got_frame_ptr=got_frame_ptr at entry=0xbffff4e4,
     avpkt=avpkt at entry=0xbffff730) at libavcodec/utils.c:2137
 #4  0x080b562a in decode_audio (ist=ist at entry=0x911d320,
     pkt=pkt at entry=0xbffff730, got_output=got_output at entry=0xbffff4e4)
     at ffmpeg.c:1526
 #5  0x080b8a40 in output_packet (pkt=0xbffff6c8, ist=0x911d320)
     at ffmpeg.c:1863
 #6  process_input (file_index=1) at ffmpeg.c:3089
 #7  0x080a3043 in transcode_step () at ffmpeg.c:3185
 #8  transcode () at ffmpeg.c:3237
 #9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2987>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list