[Ffmpeg-devel] "infinite" loop in mov_build_index

Benoit Fouet benoit.fouet
Wed Jan 24 15:45:05 CET 2007


Hi,

i found an "infinite" loop when trying to convert from a fuzzed input file.
i investigated a bit, and here is the deepest i could find...

(gdb) r -i
http://darkkben.free.fr/ffmpeg/infinite_loop_mov_build_index.3gp out.mp4
Starting program: /home/bfouet/env/open_sources/ffmpeg/ffmpeg_g -i
http://darkkben.free.fr/ffmpeg/infinite_loop_mov_build_index.3gp out.mp4
[Thread debugging using libthread_db enabled]
[New Thread -1214441808 (LWP 9741)]
FFmpeg version SVN-r7686, Copyright (c) 2000-2006 Fabrice Bellard, et al.
  configuration:  --enable-gpl --enable-mp3lame --enable-a52
--enable-xvid --enable-libogg --enable-vorbis --enable-x264
--enable-faad --enable-faac --enable-amr_nb --enable-amr_wb --enable-pp
--disable-strip --prefix=/usr --mandir=/usr/share/man --arch=amd64
  libavutil version: 49.2.0
  libavcodec version: 51.29.0
  libavformat version: 51.8.0
  built on Jan 24 2007 15:42:00, gcc: 3.4.6 (Gentoo 3.4.6-r1,
ssp-3.4.5-1.0, pie-8.7.9)
mov_build_index line:1497 i=0 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=4
mov_build_index line:1497 i=1 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=4
mov_build_index line:1497 i=2 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=4
mov_build_index line:1497 i=3 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=4
mov_build_index line:1497 i=4 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=4
mov_build_index line:1497 i=5 sc->chunk_count=22
sc->sample_to_chunk[stsc_index].count=1073741825

Program received signal SIGINT, Interrupt.
[Switching to Thread -1214441808 (LWP 9741)]
av_add_index_entry (st=0x844ad60, pos=5576748877, timestamp=5286051,
size=5286051, distance=5285979, flags=0) at utils.c:1035
1035            return -1;
(gdb) q
The program is running.  Exit anyway? (y or n) y

to have such traces, my diffs against svn revision is:
Index: libavformat/mov.c
===================================================================
--- libavformat/mov.c   (revision 7686)
+++ libavformat/mov.c   (working copy)
@@ -1493,6 +1493,8 @@
             current_offset = sc->chunk_offsets[i];
             if (stsc_index + 1 < sc->sample_to_chunk_sz && i + 1 ==
sc->sample_to_chunk[stsc_index + 1].first)
                 stsc_index++;
+#undef printf
+        printf("%s line:%d i=%d sc->chunk_count=%d
sc->sample_to_chunk[stsc_index].count=%ld\n",__func__,__LINE__,i,sc->chunk_count,sc->sample_to_chunk[stsc_index].count);
             for (j = 0; j < sc->sample_to_chunk[stsc_index].count; j++) {
                 keyframe = !sc->keyframe_count || current_sample + 1 ==
sc->keyframes[stss_index];
                 if (keyframe) {


if you need anything else, just ask :)

Ben





More information about the ffmpeg-devel mailing list