[Ffmpeg-devel] seg fault in mov_read_header

Limin Wang lance.lmwang
Wed Jan 24 09:43:16 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The test.3gp didn't have stts box which should be mandatory by specs.
That's cause stts_data pointer not initialized. Maybe it's better to
check stts_data pointer before using it.

Thanks,
Limin
* Benoit Fouet <benoit.fouet at purplelabs.com> [2007-01-24 08:51:43 +0100]:

> Hi,
> 
> as it seems to be welcome to play with fuzzer, i did, and found out a
> crash in ffmpeg.
> in mov.c, line 1513, the asser tries to access something in
> stts_data[stts_index] which is NULL.
> 
> traces in gdb:
> 
> (gdb) r -y -i test.3gp out_test.mp4
> Starting program: /home/bfouet/env/open_sources/ffmpeg/ffmpeg_g -y -i
> http://darkkben.free.fr/ffmpeg/crash_mov_c_l_1513.3gp out_test.mp4
> [Thread debugging using libthread_db enabled]
> [New Thread -1214933328 (LWP 512)]
> FFmpeg version SVN-r7677, Copyright (c) 2000-2006 Fabrice Bellard, et al.
>   configuration:  --enable-gpl --enable-mp3lame --enable-a52
> --enable-xvid --enable-libogg --enable-vorbis --enable-x264
> --enable-faad --enable-faac --enable-amr_nb --enable-amr_wb --enable-pp
> --disable-strip --prefix=/usr --mandir=/usr/share/man --arch=amd64
>   libavutil version: 49.2.0
>   libavcodec version: 51.29.0
>   libavformat version: 51.8.0
>   built on Jan 24 2007 08:26:07, gcc: 3.4.6 (Gentoo 3.4.6-r1,
> ssp-3.4.5-1.0, pie-8.7.9)
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1214933328 (LWP 512)]
> mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
> 1513                    assert(sc->stts_data[stts_index].duration %
> sc->time_rate == 0);
> (gdb) bt
> #0  mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
> #1  0x0806496b in av_open_input_stream (ic_ptr=0xbfafe654,
> pb=0xbfafe580, filename=0x535 <Address 0x535 out of bounds>, fmt=0x83c6ca0,
>     ap=0xbfafe660) at utils.c:404
> #2  0x0806ae33 in av_open_input_file (ic_ptr=0xbfafe654,
> filename=0xbfb00e16 "test.3gp", fmt=0xbfafe654, buf_size=0, ap=0x535)
>     at utils.c:517
> #3  0x0805de5c in opt_input_file (filename=0xbfb00e16 "test.3gp") at
> ffmpeg.c:2586
> #4  0x080641df in parse_options (argc=5, argv=0xbfafee54,
> options=0x83078a0) at cmdutils.c:105
> #5  0x08062115 in main (argc=5, argv=0x535) at ffmpeg.c:3922
> (gdb) p sc
> $1 = (MOVStreamContext *) 0x84498c0
> (gdb) p sc->stts_data
> $2 = (Time2Sample *) 0x0
> 
> 
> Ben
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at mplayerhq.hu
> http://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRbccJEztbf7dKiuoAQJC8Qf/RmlHj1kb0k3wu8xfuANJ4RhR8mMy0hNT
5VYvWSfgsDiiYgP9e7xWe8EUW2NkwvWSjgFdld1CVuQ64iLhveSWpSQkuzw74z2w
r5SRysBMHFPXM5iTBpra9JCs1f/wXVIqhbC5EfJQthxbeGVRDAXyfNTG9i5g4SiA
SwrVbI21xzayl26WjgBpqXZj3UcXuCxtj6JsyhroiLGCykDSJTsi6n/rtb0NPMcA
VADUAzpUhJ8FMtwdQ3/mVhdAKQr3b6sreLceRG2GeJQ/lbMDkbs84/7CyKfs6hD4
UXx3vtbEeR3KMKhL5IfbR+M4krsIZdQzx0l6t8Fgr102YE+feECPRg==
=lRN4
-----END PGP SIGNATURE-----




More information about the ffmpeg-devel mailing list