[FFmpeg-trac] #5098(undetermined:new): dxv: crash with fuzzed file
FFmpeg
trac at avcodec.org
Mon Dec 21 18:42:13 CET 2015
#5098: dxv: crash with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
http://www.datafilehost.com/d/610485bc
{{{
(gdb) r -i 1_fuzz.mov -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 1_fuzz.mov -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --enable-gpl --disable-ffprobe --disable-ffplay
libavutil 55. 7.100 / 55. 7.100
libavcodec 57. 15.100 / 57. 15.100
libavformat 57. 17.100 / 57. 17.100
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 15.100 / 6. 15.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '1_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2015-12-21 17:16:20
Duration: 00:00:12.64, start: 0.000000, bitrate: 6235 kb/s
Stream #0:0(eng): Video: dxv (DXD3 / 0x33445844), rgba, 320x240, 6233
kb/s, 23.97 fps, 23.97 tbr, 1000k tbn, 1000k tbc (default)
Metadata:
creation_time : 2015-12-21 17:16:20
handler_name : Procedura obs�ugi skr�t�w danych Apple
encoder : DXV 3
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf57.17.100
Stream #0:0(eng): Video: wrapped_avframe, rgba, 320x240, q=2-31, 200
kb/s, 23.97 fps, 23.97 tbn, 23.97 tbc (default)
Metadata:
creation_time : 2015-12-21 17:16:20
handler_name : Procedura obs�ugi skr�t�w danych Apple
encoder : Lavc57.15.100 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (dxv (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x083d0c01 in dxv_decompress_dxt1 (avctx=avctx at entry=0x972ec80)
at libavcodec/dxv.c:153
153 prev = AV_RL32(ctx->tex_data + 4 * (pos - idx));
(gdb) bt
#0 0x083d0c01 in dxv_decompress_dxt1 (avctx=avctx at entry=0x972ec80)
at libavcodec/dxv.c:153
#1 0x083d17c8 in dxv_decode (avctx=0x972ec80, data=0x97309c0,
got_frame=0xbffff468, avpkt=0xbffff24c) at libavcodec/dxv.c:427
#2 0x0880c916 in avcodec_decode_video2 (avctx=0x972ec80,
picture=picture at entry=0x97309c0,
got_picture_ptr=got_picture_ptr at entry=0xbffff468,
avpkt=avpkt at entry=0xbffff4ac) at libavcodec/utils.c:2103
#3 0x080e3a74 in decode_video (ist=ist at entry=0x972ace0,
pkt=pkt at entry=0xbffff4ac, got_output=got_output at entry=0xbffff468)
at ffmpeg.c:2090
#4 0x080e6315 in process_input_packet (ist=0x972ace0, pkt=0xbffff840,
no_eof=0) at ffmpeg.c:2339
#5 0x080e85d6 in process_input (file_index=158510304) at ffmpeg.c:3960
#6 transcode_step () at ffmpeg.c:4048
#7 transcode () at ffmpeg.c:4102
#8 0x080c6c16 in main (argc=<optimized out>, argv=<optimized out>)
at ffmpeg.c:4295
(gdb)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5098>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list