[FFmpeg-trac] #4510(undetermined:new): hq_hqa: crash withfuzzed file 3

FFmpeg trac at avcodec.org
Fri Apr 24 23:52:53 CEST 2015


#4510: hq_hqa: crash withfuzzed file 3
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www.datafilehost.com/d/af64df1c

 {{{
 knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full
 ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
 ==12470== Memcheck, a memory error detector
 ==12470== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==12470== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==12470== Command: ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
 ==12470==
 ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.7 (Debian 4.7.2-4)
   configuration: --disable-ffserver --disable-ffprobe --disable-ffplay
 --enable-gpl
   libavutil      54. 23.101 / 54. 23.101
   libavcodec     56. 35.101 / 56. 35.101
   libavformat    56. 31.100 / 56. 31.100
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 14.100 /  5. 14.100
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 [avi @ 0x4c2d0e0] Something went wrong during header parsing, I will
 ignore it and try to continue anyway.
 [hq_hqa @ 0x4c3f040] Invalid slice size 25116.
 Input #0, avi, from 'fuzz9.avi':
   Duration: 00:00:24.80, start: 0.000000, bitrate: 1146 kb/s
     Stream #0:0: Video: hq_hqa (CUVC / 0x43565543), yuv422p, 720x480 [SAR
 9:10 DAR 27:20], 5 fps, 5 tbr, 5 tbn, 5 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf56.31.100
     Stream #0:0: Video: rawvideo (Y42B / 0x42323459), yuv422p, 720x480
 [SAR 9:10 DAR 27:20], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
     Metadata:
       encoder         : Lavc56.35.101 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (hq_hqa (native) -> rawvideo (native))
 Press [q] to stop, [?] for help
 [hq_hqa @ 0x4d01c20] Invalid slice size 25116.
 [null @ 0x4d02940] Encoder did not produce proper pts, making some up.
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 24696.
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 28844.
 [hq_hqa @ 0x4d01c20] HQ Profile 33 is not implemented. Update your FFmpeg
 version to the newest one from Git. If the problem still occurs, it means
 that your file has a feature which has not been implemented.
 [hq_hqa @ 0x4d01c20] If you want to help, upload a sample of this file to
 ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing
 list. (ffmpeg-devel at ffmpeg.org)
 [hq_hqa @ 0x4d01c20] Invalid slice size 29958.
 Input stream #0:0 frame changed from size:720x480 fmt:yuv422p to
 size:160x120 fmt:yuv422p
 [hq_hqa @ 0x4d01c20] Invalid INFO size (268435480).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 1077982.
 Input stream #0:0 frame changed from size:160x120 fmt:yuv422p to
 size:720x480 fmt:yuv422p
 [hq_hqa @ 0x4d01c20] Invalid INFO size (524304).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid INFO size (536870936). bitrate=N/A
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid INFO size (671089688).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 28612.
 [hq_hqa @ 0x4d01c20] Error decoding macroblock 0 at slice 5.
 [hq_hqa @ 0x4d01c20] Error decoding frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 29198.
 [hq_hqa @ 0x4d01c20] Invalid slice size 29732.
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 26448.
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 26390.
 [hq_hqa @ 0x4d01c20] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x4d01c20] Invalid slice size 30368.
 [hq_hqa @ 0x4d01c20] Invalid slice size 30150.
 ==12470== Invalid write of size 4
 ==12470==    at 0x85A3FD7: hq_hqa_decode_frame (hq_hqa.c:344)
 ==12470==    by 0xD0C9B6: ???
 ==12470==  Address 0x49c3f is not stack'd, malloc'd or (recently) free'd
 ==12470==
 ==12470==
 ==12470== Process terminating with default action of signal 11 (SIGSEGV)
 ==12470==  Access not within mapped region at address 0x49C3F
 ==12470==    at 0x85A3FD7: hq_hqa_decode_frame (hq_hqa.c:344)
 ==12470==    by 0xD0C9B6: ???
 ==12470==  If you believe this happened as a result of a stack
 ==12470==  overflow in your program's main thread (unlikely but
 ==12470==  possible), you can try to increase the size of the
 ==12470==  main thread stack using the --main-stacksize= flag.
 ==12470==  The main thread stack size used in this run was 8388608.
 ==12470==
 ==12470== HEAP SUMMARY:
 ==12470==     in use at exit: 1,571,873 bytes in 160 blocks
 ==12470==   total heap usage: 4,138 allocs, 3,978 frees, 8,001,376 bytes
 allocated
 ==12470==
 ==12470== LEAK SUMMARY:
 ==12470==    definitely lost: 0 bytes in 0 blocks
 ==12470==    indirectly lost: 0 bytes in 0 blocks
 ==12470==      possibly lost: 0 bytes in 0 blocks
 ==12470==    still reachable: 1,571,873 bytes in 160 blocks
 ==12470==         suppressed: 0 bytes in 0 blocks
 ==12470== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==12470== To see them, rerun with: --leak-check=full --show-reachable=yes
 ==12470==
 ==12470== For counts of detected and suppressed errors, rerun with: -v
 ==12470== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 95 from 6)
 Segmentation fault
 }}}

 {{{
 (gdb) r -i fuzz9.avi -f null -
 Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i fuzz9.avi -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.7 (Debian 4.7.2-4)
   configuration: --disable-ffserver --disable-ffprobe --disable-ffplay
 --enable-gpl
   libavutil      54. 23.101 / 54. 23.101
   libavcodec     56. 35.101 / 56. 35.101
   libavformat    56. 31.100 / 56. 31.100
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 14.100 /  5. 14.100
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 [avi @ 0x9557a40] Something went wrong during header parsing, I will
 ignore it and try to continue anyway.
 [hq_hqa @ 0x9558260] Invalid slice size 25116.
 Input #0, avi, from 'fuzz9.avi':
   Duration: 00:00:24.80, start: 0.000000, bitrate: 1146 kb/s
     Stream #0:0: Video: hq_hqa (CUVC / 0x43565543), yuv422p, 720x480 [SAR
 9:10 DAR 27:20], 5 fps, 5 tbr, 5 tbn, 5 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf56.31.100
     Stream #0:0: Video: rawvideo (Y42B / 0x42323459), yuv422p, 720x480
 [SAR 9:10 DAR 27:20], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
     Metadata:
       encoder         : Lavc56.35.101 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (hq_hqa (native) -> rawvideo (native))
 Press [q] to stop, [?] for help
 [hq_hqa @ 0x9558c80] Invalid slice size 25116.
 [null @ 0x9559bc0] Encoder did not produce proper pts, making some up.
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 24696.
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 28844.
 [hq_hqa @ 0x9558c80] HQ Profile 33 is not implemented. Update your FFmpeg
 version to the newest one from Git. If the problem still occurs, it means
 that your file has a feature which has not been implemented.
 [hq_hqa @ 0x9558c80] If you want to help, upload a sample of this file to
 ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing
 list. (ffmpeg-devel at ffmpeg.org)
 [hq_hqa @ 0x9558c80] Invalid slice size 29958.
 Input stream #0:0 frame changed from size:720x480 fmt:yuv422p to
 size:160x120 fmt:yuv422p
 [hq_hqa @ 0x9558c80] Invalid INFO size (268435480).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 1077982.
 Input stream #0:0 frame changed from size:160x120 fmt:yuv422p to
 size:720x480 fmt:yuv422p
 [hq_hqa @ 0x9558c80] Invalid INFO size (524304).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid INFO size (536870936).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid INFO size (671089688).
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 28612.
 [hq_hqa @ 0x9558c80] Error decoding macroblock 0 at slice 5.
 [hq_hqa @ 0x9558c80] Error decoding frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 29198.
 [hq_hqa @ 0x9558c80] Invalid slice size 29732.
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 26448.
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 26390.
 [hq_hqa @ 0x9558c80] Not a HQ/HQA frame.
 Error while decoding stream #0:0: Invalid data found when processing input
 [hq_hqa @ 0x9558c80] Invalid slice size 30368.
 [hq_hqa @ 0x9558c80] Invalid slice size 30150.

 Program received signal SIGSEGV, Segmentation fault.
 hq_hqa_decode_frame (avctx=0x610a8, data=0x49beb, got_frame=0xb7d267,
     avpkt=0x762875) at libavcodec/hq_hqa.c:344
 warning: Source file is more recent than executable.
 344         pic->key_frame = 1;
 (gdb) bt
 #0  hq_hqa_decode_frame (avctx=0x610a8, data=0x49beb, got_frame=0xb7d267,
     avpkt=0x762875) at libavcodec/hq_hqa.c:344
 #1  0x00d0c9b7 in ?? ()
 #2  0x000610a8 in ?? ()
 #3  0x00049beb in ?? ()
 #4  0x00b7d267 in ?? ()
 #5  0x00762875 in ?? ()
 #6  0x00a8dd46 in ?? ()
 #7  0xbffff31c in ?? ()
 Backtrace stopped: previous frame inner to this frame (corrupt stack?)
 (gdb)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4510>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list