[FFmpeg-trac] #2728(avcodec:open): smk crash with low mem

FFmpeg trac at avcodec.org
Sat Jun 29 14:24:22 CEST 2013 

#2728: smk crash with low mem
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV smacker                    |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avcodec
 * priority:  normal => important
 * version:  unspecified => git-master
 * keywords:   => crash SIGSEGV smacker


Comment:

 Patch sent.
 {{{
 (gdb) r -max_alloc 80000 -i test.smk
 Starting program: ffmpeg_g -max_alloc 80000 -i test.smk
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-54249-gfc736a9 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Jun 29 2013 12:22:00 with gcc 4.7 (SUSE Linux)
   configuration:
   libavutil      52. 37.101 / 52. 37.101
   libavcodec     55. 17.100 / 55. 17.100
   libavformat    55. 10.100 / 55. 10.100
   libavdevice    55.  2.100 / 55.  2.100
   libavfilter     3. 77.101 /  3. 77.101
   libswscale      2.  3.100 /  2.  3.100
   libswresample   0. 17.102 /  0. 17.102

 Program received signal SIGSEGV, Segmentation fault.
 0x0000000000941a6d in smacker_decode_bigtree (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:158
 158             hc->values[hc->current++] = val;
 (gdb) bt
 #0  0x0000000000941a6d in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:158
 #1  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #2  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #3  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #4  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #5  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #6  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #7  0x0000000000941ab3 in smacker_decode_bigtree
 (gb=gb at entry=0x7fffffffcec0,
     hc=hc at entry=0x7fffffffcd80, ctx=ctx at entry=0x7fffffffce40) at
 libavcodec/smacker.c:164
 #8  0x00000000004357fd in smacker_decode_header_tree
 (gb=gb at entry=0x7fffffffcec0,
     recodes=recodes at entry=0x164b090, last=last at entry=0x164b0b0,
 size=<optimized out>,
     smk=0x164ae20) at libavcodec/smacker.c:265
 #9  0x0000000000435a46 in decode_header_trees (smk=0x164ae20) at
 libavcodec/smacker.c:310
 #10 decode_init (avctx=<optimized out>) at libavcodec/smacker.c:543
 #11 0x000000000099cb12 in avcodec_open2 (avctx=0x16245a0, codec=<optimized
 out>,
     codec at entry=0x10251a0 <ff_smacker_decoder>,
 options=options at entry=0x1623640)
     at libavcodec/utils.c:1309
 #12 0x000000000058f1d8 in try_decode_frame (st=st at entry=0x1624240,
     avpkt=avpkt at entry=0x162b4e0, options=0x1623640) at
 libavformat/utils.c:2422
 #13 0x0000000000596c90 in avformat_find_stream_info (ic=0x1623060,
 options=0x1623640)
     at libavformat/utils.c:2880
 #14 0x0000000000462289 in open_input_file (o=o at entry=0x7fffffffd750,
 filename=<optimized out>)
     at ffmpeg_opt.c:814
 #15 0x000000000045cd82 in open_files (inout=<optimized out>,
 inout at entry=0xc08adf "input",
     open_file=open_file at entry=0x461ee0 <open_input_file>, l=<optimized
 out>,
     l=<optimized out>) at ffmpeg_opt.c:2483
 #16 0x0000000000463619 in ffmpeg_parse_options (argc=argc at entry=5,
     argv=argv at entry=0x7fffffffdde8) at ffmpeg_opt.c:2520
 #17 0x000000000045a8c8 in main (argc=5, argv=0x7fffffffdde8) at
 ffmpeg.c:3368
 (gdb) print hc->values
 $1 = (int *) 0x0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2728#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list