[FFmpeg-trac] #5209(avcodec:reopened): cfhd: crash with fuzzed file 2

FFmpeg trac at avcodec.org
Fri Feb 5 09:05:15 CET 2016 

#5209: cfhd: crash with fuzzed file 2
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  reopened
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  cfhd crash   |               Blocked By:
  SIGSEGV                            |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 The sample still crashes occasionally:
 {{{
 (gdb) r -threads 3 -i 3_fuzz.avi -f null -
 Starting program: ffmpeg_g -threads 3 -i 3_fuzz.avi -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-78313-g6632802 Copyright (c) 2000-2016 the FFmpeg
 developers
   built with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --enable-libmp3lame
   libavutil      55. 17.100 / 55. 17.100
   libavcodec     57. 24.101 / 57. 24.101
   libavformat    57. 24.100 / 57. 24.100
   libavdevice    57.  0.101 / 57.  0.101
   libavfilter     6. 28.100 /  6. 28.100
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.101 /  2.  0.101
   libpostproc    54.  0.100 / 54.  0.100
 [cfhd @ 0x1d7c500] Too many lowpass coefficients
 Input #0, avi, from '3_fuzz.avi':
   Metadata:
     date            : 2016-01-23T13:45:31+01:00
     encoder         : Adobe Premiere Pro CC 2015 (Windows)
   Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
     Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc),
 720x480, SAR 1:1 DAR 3:2, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn,
 2145368.28 tbc

 ...

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0x7fffeba71700 (LWP 7493)]
 0x00007ffff6270ce4 in pthread_mutex_lock () from /lib64/libpthread.so.0
 (gdb) bt
 #0  0x00007ffff6270ce4 in pthread_mutex_lock () from
 /lib64/libpthread.so.0
 #1  0x0000000001033f95 in pool_release_buffer (opaque=0x7fffe4487860,
     data=<optimized out>) at libavutil/buffer.c:312
 #2  0x000000000103424f in buffer_replace (src=0x0, dst=0x1dc0540)
     at libavutil/buffer.c:119
 #3  av_buffer_unref (buf=buf at entry=0x1dc0540) at libavutil/buffer.c:129
 #4  0x000000000103b986 in av_frame_unref (frame=0x1dc0420) at
 libavutil/frame.c:483
 #5  0x0000000000a85da4 in frame_worker_thread (arg=0x1dbf3e0)
     at libavcodec/pthread_frame.c:153
 #6  0x00007ffff626ee0e in start_thread () from /lib64/libpthread.so.0
 #7  0x00007ffff4fe22cd in clone () from /lib64/libc.so.6
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5209#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list