[FFmpeg-trac] #4510(undetermined:new): hq_hqa: crash withfuzzed file 3
FFmpeg
trac at avcodec.org
Fri Apr 24 23:52:53 CEST 2015
#4510: hq_hqa: crash withfuzzed file 3
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
http://www.datafilehost.com/d/af64df1c
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full
ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
==12470== Memcheck, a memory error detector
==12470== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==12470== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==12470== Command: ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
==12470==
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-ffserver --disable-ffprobe --disable-ffplay
--enable-gpl
libavutil 54. 23.101 / 54. 23.101
libavcodec 56. 35.101 / 56. 35.101
libavformat 56. 31.100 / 56. 31.100
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 14.100 / 5. 14.100
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
[avi @ 0x4c2d0e0] Something went wrong during header parsing, I will
ignore it and try to continue anyway.
[hq_hqa @ 0x4c3f040] Invalid slice size 25116.
Input #0, avi, from 'fuzz9.avi':
Duration: 00:00:24.80, start: 0.000000, bitrate: 1146 kb/s
Stream #0:0: Video: hq_hqa (CUVC / 0x43565543), yuv422p, 720x480 [SAR
9:10 DAR 27:20], 5 fps, 5 tbr, 5 tbn, 5 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf56.31.100
Stream #0:0: Video: rawvideo (Y42B / 0x42323459), yuv422p, 720x480
[SAR 9:10 DAR 27:20], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
Metadata:
encoder : Lavc56.35.101 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (hq_hqa (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[hq_hqa @ 0x4d01c20] Invalid slice size 25116.
[null @ 0x4d02940] Encoder did not produce proper pts, making some up.
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 24696.
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 28844.
[hq_hqa @ 0x4d01c20] HQ Profile 33 is not implemented. Update your FFmpeg
version to the newest one from Git. If the problem still occurs, it means
that your file has a feature which has not been implemented.
[hq_hqa @ 0x4d01c20] If you want to help, upload a sample of this file to
ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing
list. (ffmpeg-devel at ffmpeg.org)
[hq_hqa @ 0x4d01c20] Invalid slice size 29958.
Input stream #0:0 frame changed from size:720x480 fmt:yuv422p to
size:160x120 fmt:yuv422p
[hq_hqa @ 0x4d01c20] Invalid INFO size (268435480).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 1077982.
Input stream #0:0 frame changed from size:160x120 fmt:yuv422p to
size:720x480 fmt:yuv422p
[hq_hqa @ 0x4d01c20] Invalid INFO size (524304).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid INFO size (536870936). bitrate=N/A
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid INFO size (671089688).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 28612.
[hq_hqa @ 0x4d01c20] Error decoding macroblock 0 at slice 5.
[hq_hqa @ 0x4d01c20] Error decoding frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 29198.
[hq_hqa @ 0x4d01c20] Invalid slice size 29732.
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 26448.
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 26390.
[hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x4d01c20] Invalid slice size 30368.
[hq_hqa @ 0x4d01c20] Invalid slice size 30150.
==12470== Invalid write of size 4
==12470== at 0x85A3FD7: hq_hqa_decode_frame (hq_hqa.c:344)
==12470== by 0xD0C9B6: ???
==12470== Address 0x49c3f is not stack'd, malloc'd or (recently) free'd
==12470==
==12470==
==12470== Process terminating with default action of signal 11 (SIGSEGV)
==12470== Access not within mapped region at address 0x49C3F
==12470== at 0x85A3FD7: hq_hqa_decode_frame (hq_hqa.c:344)
==12470== by 0xD0C9B6: ???
==12470== If you believe this happened as a result of a stack
==12470== overflow in your program's main thread (unlikely but
==12470== possible), you can try to increase the size of the
==12470== main thread stack using the --main-stacksize= flag.
==12470== The main thread stack size used in this run was 8388608.
==12470==
==12470== HEAP SUMMARY:
==12470== in use at exit: 1,571,873 bytes in 160 blocks
==12470== total heap usage: 4,138 allocs, 3,978 frees, 8,001,376 bytes
allocated
==12470==
==12470== LEAK SUMMARY:
==12470== definitely lost: 0 bytes in 0 blocks
==12470== indirectly lost: 0 bytes in 0 blocks
==12470== possibly lost: 0 bytes in 0 blocks
==12470== still reachable: 1,571,873 bytes in 160 blocks
==12470== suppressed: 0 bytes in 0 blocks
==12470== Reachable blocks (those to which a pointer was found) are not
shown.
==12470== To see them, rerun with: --leak-check=full --show-reachable=yes
==12470==
==12470== For counts of detected and suppressed errors, rerun with: -v
==12470== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 95 from 6)
Segmentation fault
}}}
{{{
(gdb) r -i fuzz9.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-ffserver --disable-ffprobe --disable-ffplay
--enable-gpl
libavutil 54. 23.101 / 54. 23.101
libavcodec 56. 35.101 / 56. 35.101
libavformat 56. 31.100 / 56. 31.100
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 14.100 / 5. 14.100
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
[avi @ 0x9557a40] Something went wrong during header parsing, I will
ignore it and try to continue anyway.
[hq_hqa @ 0x9558260] Invalid slice size 25116.
Input #0, avi, from 'fuzz9.avi':
Duration: 00:00:24.80, start: 0.000000, bitrate: 1146 kb/s
Stream #0:0: Video: hq_hqa (CUVC / 0x43565543), yuv422p, 720x480 [SAR
9:10 DAR 27:20], 5 fps, 5 tbr, 5 tbn, 5 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf56.31.100
Stream #0:0: Video: rawvideo (Y42B / 0x42323459), yuv422p, 720x480
[SAR 9:10 DAR 27:20], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
Metadata:
encoder : Lavc56.35.101 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (hq_hqa (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[hq_hqa @ 0x9558c80] Invalid slice size 25116.
[null @ 0x9559bc0] Encoder did not produce proper pts, making some up.
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 24696.
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 28844.
[hq_hqa @ 0x9558c80] HQ Profile 33 is not implemented. Update your FFmpeg
version to the newest one from Git. If the problem still occurs, it means
that your file has a feature which has not been implemented.
[hq_hqa @ 0x9558c80] If you want to help, upload a sample of this file to
ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing
list. (ffmpeg-devel at ffmpeg.org)
[hq_hqa @ 0x9558c80] Invalid slice size 29958.
Input stream #0:0 frame changed from size:720x480 fmt:yuv422p to
size:160x120 fmt:yuv422p
[hq_hqa @ 0x9558c80] Invalid INFO size (268435480).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 1077982.
Input stream #0:0 frame changed from size:160x120 fmt:yuv422p to
size:720x480 fmt:yuv422p
[hq_hqa @ 0x9558c80] Invalid INFO size (524304).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid INFO size (536870936).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid INFO size (671089688).
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 28612.
[hq_hqa @ 0x9558c80] Error decoding macroblock 0 at slice 5.
[hq_hqa @ 0x9558c80] Error decoding frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 29198.
[hq_hqa @ 0x9558c80] Invalid slice size 29732.
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 26448.
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 26390.
[hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
Error while decoding stream #0:0: Invalid data found when processing input
[hq_hqa @ 0x9558c80] Invalid slice size 30368.
[hq_hqa @ 0x9558c80] Invalid slice size 30150.
Program received signal SIGSEGV, Segmentation fault.
hq_hqa_decode_frame (avctx=0x610a8, data=0x49beb, got_frame=0xb7d267,
avpkt=0x762875) at libavcodec/hq_hqa.c:344
warning: Source file is more recent than executable.
344 pic->key_frame = 1;
(gdb) bt
#0 hq_hqa_decode_frame (avctx=0x610a8, data=0x49beb, got_frame=0xb7d267,
avpkt=0x762875) at libavcodec/hq_hqa.c:344
#1 0x00d0c9b7 in ?? ()
#2 0x000610a8 in ?? ()
#3 0x00049beb in ?? ()
#4 0x00b7d267 in ?? ()
#5 0x00762875 in ?? ()
#6 0x00a8dd46 in ?? ()
#7 0xbffff31c in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4510>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list