[FFmpeg-trac] #2997(undetermined:new): tak: deadlock with fuzzed file (and max_alloc)
FFmpeg
trac at avcodec.org
Wed Sep 25 21:01:38 CEST 2013
#2997: tak: deadlock with fuzzed file (and max_alloc)
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
http://www.datafilehost.com/d/ba6d93f1
{{{
(gdb) r -max_alloc 5500000 -threads 1 -acodec tak -i v/vc1.wmv -vn -f null
-
Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -max_alloc
5500000 -threads 1 -acodec tak -i v/vc1.wmv -vn -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-
ffserver
libavutil 52. 44.100 / 52. 44.100
libavcodec 55. 31.101 / 55. 31.101
libavformat 55. 18.100 / 55. 18.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 86.101 / 3. 86.101
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Guessed Channel Layout for Input Stream #0.1 : stereo
Input #0, asf, from 'v/vc1.wmv':
Metadata:
WMFSDKNeeded : 0.0.0.0000
DeviceConformanceTemplate: N1
WM/WMADRCPeakReference: 32734
WM/WMADRCPeakTarget: 32734
WM/WMADRCAverageReference: 2710
WM/WMADRCAverageTarget: 2710
WMFSDKVersion : 10.00.00.4054
IsVBR : 1
Duration: 00:02:51.79, bitrate: 1112 kb/s
Stream #0:0(eng): Video: vc1 (Advanced) (WMVA / 0x41564D57), yuv420p,
160x120, 571 kb/s, 24 tbr, 1k tbn, 1k tbc
Stream #0:1(eng): Audio: tak (c[1][0][0] / 0x0163), 44100 Hz, stereo,
s16p, 677 kb/s
[New Thread 0xb7d3cb70 (LWP 21474)]
[New Thread 0xb753cb70 (LWP 21475)]
[New Thread 0xb6d3cb70 (LWP 21476)]
[New Thread 0xb653cb70 (LWP 21477)]
[New Thread 0xb5d3cb70 (LWP 21478)]
[New Thread 0xb553cb70 (LWP 21479)]
[New Thread 0xb4d3cb70 (LWP 21480)]
[New Thread 0xb453cb70 (LWP 21481)]
[New Thread 0xb3d3cb70 (LWP 21482)]
Output #0, null, to 'pipe:':
Metadata:
WMFSDKNeeded : 0.0.0.0000
DeviceConformanceTemplate: N1
WM/WMADRCPeakReference: 32734
WM/WMADRCPeakTarget: 32734
WM/WMADRCAverageReference: 2710
WM/WMADRCAverageTarget: 2710
WMFSDKVersion : 10.00.00.4054
IsVBR : 1
encoder : Lavf55.18.100
Stream #0:0(eng): Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
Stream mapping:
Stream #0:1 -> #0:0 (tak -> pcm_s16le)
Press [q] to stop, [?] for help
Program received signal SIGINT, Interrupt.
0x085bba92 in ff_combine_frame (pc=pc at entry=0x911ccc0, next=<optimized
out>,
next at entry=-100, buf=buf at entry=0xbffff034,
buf_size=buf_size at entry=0xbffff030) at libavcodec/parser.c:279
279 }
(gdb) bt
#0 0x085bba92 in ff_combine_frame (pc=pc at entry=0x911ccc0,
next=<optimized out>, next at entry=-100, buf=buf at entry=0xbffff034,
buf_size=buf_size at entry=0xbffff030) at libavcodec/parser.c:279
#1 0x08658b89 in tak_parse (s=0x911cb40, avctx=0x9116500,
poutbuf=0xbffff184,
poutbuf_size=0xbffff188,
buf=0x9109b08
"\220Ĺş\024QF\371\371\063$\365\222\351\335\063d\005`{\034\373\360\252JZXzv&1\340~\016\244Ůś\203x\fE\363N\360\061\263\n\204/:\373\240pxZ\272\204B\327\325\062\225\345%\267S\241\247\257\342\361r7\353iqh\003S\273\024pnRW\250}\320\t\r\035\322a\037h\026{\237\227\"\313:\037\214Ý(\273!!\371\215.l\251\336ۡ\vxĐŁ\032\207\071\376\024{\032\033\006\016\334s\234\366lj\345v\t+?\214\260>\027\241\016\356Y\374\031\374ut\263f
z\331q\\\207\062qU웦\027H\375\307\370\313k\310\305\361'\236\267#O\203\b7kx'\325\033\063jj:\373O\336",
<incomplete sequence \371>..., buf_size=13375) at
libavcodec/tak_parser.c:64
#2 0x085bb430 in av_parser_parse2 (s=0x911cb40, avctx=0x9116500,
poutbuf=poutbuf at entry=0xbffff184,
poutbuf_size=poutbuf_size at entry=0xbffff188,
buf=buf at entry=0x9109b08
"\220Ĺş\024QF\371\371\063$\365\222\351\335\063d\005`{\034\373\360\252JZXzv&1\340~\016\244Ůś\203x\fE\363N\360\061\263\n\204/:\373\240pxZ\272\204B\327\325\062\225\345%\267S\241\247\257\342\361r7\353iqh\003S\273\024pnRW\250}\320\t\r\035\322a\037h\026{\237\227\"\313:\037\214Ý(\273!!\371\215.l\251\336ۡ\vxĐŁ\032\207\071\376\024{\032\033\006\016\334s\234\366lj\345v\t+?\214\260>\027\241\016\356Y\374\031\374ut\263f
z\331q\\\207\062qU웦\027H\375\307\370\313k\310\305\361'\236\267#O\203\b7kx'\325\033\063jj:\373O\336",
<incomplete seque---Type <return> to continue, or q <return> to quit---
nce \371>..., buf_size=buf_size at entry=13375, pts=-9223372036854775808,
dts=-9223372036854775808, pos=-1) at libavcodec/parser.c:155
#3 0x08239551 in parse_packet (s=s at entry=0x9114ea0,
pkt=pkt at entry=0xbffff318,
stream_index=<optimized out>) at libavformat/utils.c:1201
#4 0x0823a48d in read_frame_internal (s=s at entry=0x9114ea0,
pkt=pkt at entry=0xbffff6c8) at libavformat/utils.c:1379
#5 0x0823ad6a in av_read_frame (s=0x9114ea0, pkt=pkt at entry=0xbffff6c8)
at libavformat/utils.c:1420
#6 0x080b6eb6 in get_input_packet (pkt=0xbffff6a8, f=0x911ad20)
at ffmpeg.c:2878
#7 process_input (file_index=0) at ffmpeg.c:2915
#8 0x080a3043 in transcode_step () at ffmpeg.c:3185
#9 transcode () at ffmpeg.c:3237
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2997>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list