[FFmpeg-trac] #6196(undetermined:new): scpr: SIGFPE with fuzzed file

FFmpeg trac at avcodec.org
Mon Feb 27 14:27:06 EET 2017 

#6196: scpr: SIGFPE with fuzzed file
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 (gdb) r -i browsing_fuzz.avi -f null -
 Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i browsing_fuzz.avi -f null
 -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 3.2.git Copyright (c) 2000-2017 the FFmpeg developers
   built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
   configuration: --disable-ffprobe --disable-ffplay --disable-ffserver
 --enable-gpl
   libavutil      55. 47.100 / 55. 47.100
   libavcodec     57. 81.100 / 57. 81.100
   libavformat    57. 66.102 / 57. 66.102
   libavdevice    57.  2.100 / 57.  2.100
   libavfilter     6. 74.100 /  6. 74.100
   libswscale      4.  3.101 /  4.  3.101
   libswresample   2.  4.100 /  2.  4.100
   libpostproc    54.  2.100 / 54.  2.100
 [avi @ 0x9a28200] Something went wrong during header parsing, tag
 Y[220][216]f has size 2968288127, I will ignore it and try to continue
 anyway.
 Input #0, avi, from 'browsing_fuzz.avi':
   Duration: 00:00:54.67, start: 0.000000, bitrate: 315 kb/s
     Stream #0:0: Video: scpr (SCPR / 0x52504353), bgr0, 932x720, 15 fps,
 15 tbr, 15 tbn, 15 tbc
 [New Thread 0xb68c6b40 (LWP 2913)]
 [New Thread 0xb60c5b40 (LWP 2914)]
 [New Thread 0xb58c4b40 (LWP 2915)]
 [New Thread 0xb50c3b40 (LWP 2916)]
 [New Thread 0xb48c2b40 (LWP 2917)]
 [New Thread 0xb40c1b40 (LWP 2918)]
 [New Thread 0xb38c0b40 (LWP 2919)]
 [New Thread 0xb30bfb40 (LWP 2920)]
 [New Thread 0xb28beb40 (LWP 2921)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.66.102
     Stream #0:0: Video: wrapped_avframe, bgr0, 932x720, q=2-31, 200 kb/s,
 15 fps, 15 tbn, 15 tbc
     Metadata:
       encoder         : Lavc57.81.100 wrapped_avframe
 Stream mapping:
   Stream #0:0 -> #0:0 (scpr (native) -> wrapped_avframe (native))
 Press [q] to stop, [?] for help
 Error while decoding stream #0:0: Invalid argument
     Last message repeated 11 times
 Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches
 welcome
 Error while decoding stream #0:0: Invalid argument
     Last message repeated 3 times
 Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches
 welcome
 Error while decoding stream #0:0: Invalid argument
     Last message repeated 53 times
 Program received signal SIGFPE, Arithmetic exception.
 0x08c5d888 in __udivdi3 ()
 (gdb) bt
 #0  0x08c5d888 in __udivdi3 ()
 #1  0x086ad541 in decode0 (gb=0xb68c7028, rc=0xb68c7034, cumFreq=0,
 freq=0,
     total_freq=0) at libavcodec/scpr.c:164
 #2  0x086adc27 in decode_value (s=s at entry=0xb68c7020,
     cnt=cnt at entry=0xb7594900, step=step at entry=1, rval=0xbfffe724,
 maxc=256)
     at libavcodec/scpr.c:205
 #3  0x086aea7f in decompress_p (plinesize=<optimized out>,
     prev=<optimized out>, linesize=<optimized out>, dst=<optimized out>,
     avctx=0x9a29f00) at libavcodec/scpr.c:482
 #4  decode_frame (avctx=0x9a29f00, data=0x9a2c240, got_frame=0xbfffe83c,
     avpkt=0xbfffe7ac) at libavcodec/scpr.c:770
 #5  0x0872a939 in avcodec_decode_video2 (avctx=0x9a29f00,
 picture=0x9a2c240,
     got_picture_ptr=0xbfffe83c, avpkt=0xbfffe938) at
 libavcodec/utils.c:2263
 #6  0x0872b8bd in do_decode (avctx=avctx at entry=0x9a29f00,
     pkt=pkt at entry=0xbfffe938) at libavcodec/utils.c:2796
 #7  0x0872c690 in avcodec_send_packet (avctx=0x9a29f00, avpkt=<optimized
 out>)
     at libavcodec/utils.c:2885
 #8  0x080e85b7 in decode (pkt=0xbfffe938, got_frame=0xbfffead4,
     frame=<optimized out>, avctx=0x9a29f00) at ffmpeg.c:2052
 #9  decode_video (ist=ist at entry=0x9a29da0, pkt=pkt at entry=0xbfffeb14,
     got_output=got_output at entry=0xbfffead4, eof=0) at ffmpeg.c:2248
 #10 0x080e9976 in process_input_packet (ist=0x9a29da0, pkt=0xbfffed44,
     no_eof=0) at ffmpeg.c:2491
 ---Type <return> to continue, or q <return> to quit---
 #11 0x080c7a46 in process_input (file_index=<optimized out>) at
 ffmpeg.c:4251
 #12 transcode_step () at ffmpeg.c:4339
 #13 transcode () at ffmpeg.c:4393
 #14 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4598
 (gdb)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6196>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list