[FFmpeg-trac] #5412(undetermined:new): Invalid read in avcodec_string with fuzzed file

FFmpeg trac at avcodec.org
Thu Apr 7 00:47:50 CEST 2016


#5412: Invalid read in avcodec_string with fuzzed file
-------------------------------------+-------------------------------------
             Reporter:  qiubit       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  SIGSEGV      |               Blocked By:
  crash                              |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:

 FFmpeg segfaults when probing fuzzed file (actually 2 different files, but
 it seems the reason of crash is the same in both cases).


 How to reproduce:
 {{{
 $ ffmpeg -i fuzz1 -acodec copy -vcodec copy fuzzOut
 OR
 $ ffmpeg -i fuzz2 -acodec copy -vcodec copy fuzzOut
 }}}


 Backtrace (fuzz2):

 gdb
 {{{
 pgolinski at pgolinski-VirtualBox:~/Documents/fuzzes$ gdb -q
 ../git/ffmpeg/build/ffmpeg_g
 Reading symbols from ../git/ffmpeg/build/ffmpeg_g...done.
 (gdb) r -v 9 -loglevel 99 -i fuzz2 -acodec copy -vcodec copy fuzzOut
 Starting program: /home/pgolinski/Documents/git/ffmpeg/build/ffmpeg_g -v 9
 -loglevel 99 -i fuzz2 -acodec copy -vcodec copy fuzzOut
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 ffmpeg version N-79255-g6d7f566 Copyright (c) 2000-2016 the FFmpeg
 developers
   built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
   configuration: --enable-debug
   libavutil      55. 20.100 / 55. 20.100
   libavcodec     57. 34.100 / 57. 34.100
   libavformat    57. 30.100 / 57. 30.100
   libavdevice    57.  0.101 / 57.  0.101
   libavfilter     6. 40.102 /  6. 40.102
   libswscale      4.  1.100 /  4.  1.100
   libswresample   2.  0.101 /  2.  0.101
 Splitting the commandline.
 Reading option '-v' ... matched as option 'v' (set logging level) with
 argument '9'.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-i' ... matched as input file with argument 'fuzz2'.
 Reading option '-acodec' ... matched as option 'acodec' (force audio codec
 ('copy' to copy stream)) with argument 'copy'.
 Reading option '-vcodec' ... matched as option 'vcodec' (force video codec
 ('copy' to copy stream)) with argument 'copy'.
 Reading option 'fuzzOut' ... matched as output file.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option v (set logging level) with argument 9.
 Successfully parsed a group of options.
 Parsing a group of options: input file fuzz2.
 Successfully parsed a group of options.
 Opening an input file: fuzz2.
 [file @ 0x1f8ab80] Setting default whitelist 'file,crypto'
 Probing ffm score:101 size:1297
 Probing mp3 score:1 size:1297
 [ffm @ 0x1f8a3e0] Format ffm probed with size=2048 and score=101
 [ffm @ 0x1f8a3e0] Before avformat_find_stream_info() pos: 1297 bytes
 read:1297 seeks:0
 [NULL @ 0x1f8c320] [IMGUTILS @ 0x7fffffffd120] Picture size 0x0 is invalid
 [NULL @ 0x1f8c320] Ignoring invalid width/height values
 [NULL @ 0x1f8c320] [IMGUTILS @ 0x7fffffffd120] Picture size 0x0 is invalid
 [ffm @ 0x1f8a3e0] 0: start_time: -9223372036854.775 duration:
 -9223372036854.775
 [ffm @ 0x1f8a3e0] stream: start_time: -9223372036854.775 duration:
 -9223372036854.775 bitrate=8388 kb/s

 Program received signal SIGSEGV, Segmentation fault.
 avcodec_string (buf=buf at entry=0x7fffffffd540 "Video: prores, 6619250
 reference frames ([142]u[197][38] / 0x26C5758E), (null)",
     buf_size=buf_size at entry=256, enc=0x1f8c320, encode=encode at entry=0) at
 src/libavcodec/utils.c:2868
 2868                if (enc->bits_per_raw_sample && enc->pix_fmt !=
 AV_PIX_FMT_NONE &&
 (gdb) bt
 #0  avcodec_string (buf=buf at entry=0x7fffffffd540 "Video: prores, 6619250
 reference frames ([142]u[197][38] / 0x26C5758E), (null)",
     buf_size=buf_size at entry=256, enc=0x1f8c320, encode=encode at entry=0) at
 src/libavcodec/utils.c:2868
 #1  0x00000000006b9bd8 in avformat_find_stream_info (ic=0x1f8a3e0,
 options=<optimized out>) at src/libavformat/utils.c:3628
 #2  0x000000000047a464 in open_input_file (o=o at entry=0x7fffffffd880,
 filename=<optimized out>) at src/ffmpeg_opt.c:969
 #3  0x000000000047d351 in open_files (l=0x1f8a058, l=0x1f8a058,
 open_file=0x479f90 <open_input_file>, inout=0x1277f46 "input")
     at src/ffmpeg_opt.c:3003
 #4  ffmpeg_parse_options (argc=argc at entry=12,
 argv=argv at entry=0x7fffffffde38) at src/ffmpeg_opt.c:3040
 #5  0x000000000046fc62 in main (argc=12, argv=0x7fffffffde38) at
 src/ffmpeg.c:4312
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0xc4d2fc to 0xc4d33c:
    0x0000000000c4d2fc <avcodec_string+2348>:    incl   -0x75(%rcx)
    0x0000000000c4d2ff <avcodec_string+2351>:    mov    $0xb0,%edi
    0x0000000000c4d304 <avcodec_string+2356>:    lea    0x40(%rsp),%rax
    0x0000000000c4d309 <avcodec_string+2361>:    mov    %rax,0x18(%rsp)
    0x0000000000c4d30e <avcodec_string+2366>:    cmp    $0xffffffff,%edi
    0x0000000000c4d311 <avcodec_string+2369>:    je     0xc4cc97
 <avcodec_string+711>
    0x0000000000c4d317 <avcodec_string+2375>:    callq  0x11c8fa0
 <av_pix_fmt_desc_get>
 => 0x0000000000c4d31c <avcodec_string+2380>:    cmp    0x28(%rax),%r12d
    0x0000000000c4d320 <avcodec_string+2384>:    jge    0xc4cc97
 <avcodec_string+711>
    0x0000000000c4d326 <avcodec_string+2390>:    mov    0x36c(%r15),%ecx
    0x0000000000c4d32d <avcodec_string+2397>:    mov    0x18(%rsp),%rdi
    0x0000000000c4d332 <avcodec_string+2402>:    mov    $0x143b9ad,%edx
    0x0000000000c4d337 <avcodec_string+2407>:    mov    $0x100,%esi
 End of assembler dump.
 (gdb) info all-registers
 rax            0x0      0
 rbx            0x7fffffffd540   140737488344384
 rcx            0x7ffffff9       2147483641
 rdx            0x7fffffffd58e   140737488344462
 rsi            0x11e738c        18772876
 rdi            0x14c0ff20       348192544
 rbp            0x1275ad8        0x1275ad8
 rsp            0x7fffffffd230   0x7fffffffd230
 r8             0x7ffff76754a2   140737344132258
 r9             0x6      6
 r10            0x883    2179
 r11            0x7ffff753dc50   140737342856272
 r12            0xa      10
 r13            0x11     17
 r14            0x0      0
 r15            0x1f8c320        33080096
 rip            0xc4d31c 0xc4d31c <avcodec_string+2380>
 eflags         0x10246  [ PF ZF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 st0            0        (raw 0x00000000000000000000)
 st1            0        (raw 0x00000000000000000000)
 st2            0        (raw 0x00000000000000000000)
 st3            0        (raw 0x00000000000000000000)
 st4            0        (raw 0x00000000000000000000)
 st5            0        (raw 0x00000000000000000000)
 st6            0        (raw 0x00000000000000000000)
 st7            0        (raw 0x00000000000000000000)
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 mxcsr          0x1fba   [ DE OE UE PE IM DM ZM OM UM PM ]
 ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0x0, 0x0, 0x0, 0x0,
 0x0,
     0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0 <repeats 18 times>},
 v16_int16 = {0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0,
 0x0,
     0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff, 0x0, 0xff, 0xff00, 0x0, 0x0,
 0x0, 0x0}, v4_int64 = {0xff, 0xff00000000ff, 0x0, 0x0}, v2_int128 = {
     0x0000ff00000000ff00000000000000ff,
 0x00000000000000000000000000000000}}
 ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x25 <repeats 16 times>,
     0x0 <repeats 16 times>}, v16_int16 = {0x2525, 0x2525, 0x2525, 0x2525,
 0x2525, 0x2525, 0x2525, 0x2525, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v8_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525, 0x0, 0x0,
 0x0, 0x0}, v4_int64 = {0x2525252525252525, 0x2525252525252525, 0x0, 0x0},
   v2_int128 = {0x25252525252525252525252525252525,
 0x00000000000000000000000000000000}}
 ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
 {
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0x0, 0xff,
 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xffff,
     0xffff, 0xffff, 0xffff, 0xff00, 0xff00, 0xffff, 0xffff, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xff00ff00,
     0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffffffffff,
 0xffffffffff00ff00, 0x0, 0x0}, v2_int128 =
 {0xffffffffff00ff00ffffffffffffffff,
     0x00000000000000000000000000000000}}
 ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0x0 <repeats 31
 times>},
   v16_int16 = {0xff, 0x0 <repeats 15 times>}, v8_int32 = {0xff, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff, 0x0, 0x0, 0x0}, v2_int128 = {
     0x000000000000000000000000000000ff,
 0x00000000000000000000000000000000}}
 ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x74, 0x69, 0x6d, 0x65,
 0x3a,
     0x20, 0x2d, 0x39, 0x32, 0x32, 0x33, 0x33, 0x37, 0x32, 0x30, 0x33, 0x0
 <repeats 16 times>}, v16_int16 = {0x6974, 0x656d, 0x203a, 0x392d, 0x3232,
     0x3333, 0x3237, 0x3330, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v8_int32 = {0x656d6974, 0x392d203a, 0x33333232, 0x33303237, 0x0, 0x0, 0x0,
 0x0},
   v4_int64 = {0x392d203a656d6974, 0x3330323733333232, 0x0, 0x0}, v2_int128
 = {0x3330323733333232392d203a656d6974,
 0x00000000000000000000000000000000}}
 ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
 {
     0x5d, 0x20, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x3a, 0x20, 0x73,
 0x74, 0x61, 0x72, 0x74, 0x5f, 0x0 <repeats 16 times>}, v16_int16 =
 {0x205d,
     0x7473, 0x6572, 0x6d61, 0x203a, 0x7473, 0x7261, 0x5f74, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x7473205d, 0x6d616572, 0x7473203a,
     0x5f747261, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6d6165727473205d,
 0x5f7472617473203a, 0x0, 0x0}, v2_int128 =
 {0x5f7472617473203a6d6165727473205d,
     0x00000000000000000000000000000000}}
 ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0,
 0x0, 0x0,
     0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0
 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0,
 0xffff,
     0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xff,
 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0xffff0000000000ff, 0x0,
     0x0}, v2_int128 = {0xffff0000000000ff0000000000000000,
 0x00000000000000000000000000000000}}
 ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
 {0x0,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0xff,
 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff,
     0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0x0, 0xffffffff, 0x0,
 0x0,
     0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffff00000000, 0x0,
 0x0}, v2_int128 = {0xffffffff00000000ffffffffffffff00,
     0x00000000000000000000000000000000}}
 ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
 {0x0,
     0x0, 0x0, 0x0, 0xff <repeats 12 times>, 0x0 <repeats 16 times>},
 v16_int16 = {0x0, 0x0, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 0x0, 0x0,
     0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xffffffff,
 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0xffffffff00000000,
     0xffffffffffffffff, 0x0, 0x0}, v2_int128 =
 {0xffffffffffffffffffffffff00000000, 0x00000000000000000000000000000000}}
 ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
 {0x0,
     0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0xffff,
 0x0,
     0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
 {0x0, 0xffff0000, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0xffff000000000000, 0xffff000000000000, 0x0, 0x0}, v2_int128 =
 {0xffff000000000000ffff000000000000, 0x00000000000000000000000000000000}}
 ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
   v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 }}}

 valgrind
 {{{
 pgolinski at pgolinski-VirtualBox:~/Documents/fuzzes$ valgrind
 ../git/ffmpeg/build/ffmpeg_g -v 9 -loglevel 99 -i fuzz2 -acodec copy
 -vcodec copy fuzzOut
 ==4956== Memcheck, a memory error detector
 ==4956== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
 ==4956== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
 info
 ==4956== Command: ../git/ffmpeg/build/ffmpeg_g -v 9 -loglevel 99 -i fuzz2
 -acodec copy -vcodec copy fuzzOut
 ==4956==
 ffmpeg version N-79255-g6d7f566 Copyright (c) 2000-2016 the FFmpeg
 developers
   built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
   configuration: --enable-debug
   libavutil      55. 20.100 / 55. 20.100
   libavcodec     57. 34.100 / 57. 34.100
   libavformat    57. 30.100 / 57. 30.100
   libavdevice    57.  0.101 / 57.  0.101
   libavfilter     6. 40.102 /  6. 40.102
   libswscale      4.  1.100 /  4.  1.100
   libswresample   2.  0.101 /  2.  0.101
 Splitting the commandline.
 Reading option '-v' ... matched as option 'v' (set logging level) with
 argument '9'.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-i' ... matched as input file with argument 'fuzz2'.
 Reading option '-acodec' ... matched as option 'acodec' (force audio codec
 ('copy' to copy stream)) with argument 'copy'.
 Reading option '-vcodec' ... matched as option 'vcodec' (force video codec
 ('copy' to copy stream)) with argument 'copy'.
 Reading option 'fuzzOut' ... matched as output file.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option v (set logging level) with argument 9.
 Successfully parsed a group of options.
 Parsing a group of options: input file fuzz2.
 Successfully parsed a group of options.
 Opening an input file: fuzz2.
 [file @ 0x5729680] Setting default whitelist 'file,crypto'
 Probing ffm score:101 size:1297
 Probing mp3 score:1 size:1297
 [ffm @ 0x57288a0] Format ffm probed with size=2048 and score=101
 [ffm @ 0x57288a0] Before avformat_find_stream_info() pos: 1297 bytes
 read:1297 seeks:0
 [NULL @ 0x573c360] [IMGUTILS @ 0xffefff070] Picture size 0x0 is invalid
 [NULL @ 0x573c360] Ignoring invalid width/height values
 [NULL @ 0x573c360] [IMGUTILS @ 0xffefff070] Picture size 0x0 is invalid
 [ffm @ 0x57288a0] 0: start_time: -9223372036854.775 duration:
 -9223372036854.775
 [ffm @ 0x57288a0] stream: start_time: -9223372036854.775 duration:
 -9223372036854.775 bitrate=8388 kb/s
 ==4956== Invalid read of size 4
 ==4956==    at 0xC4D31C: avcodec_string (utils.c:2868)
 ==4956==    by 0x6B9BD7: avformat_find_stream_info (utils.c:3628)
 ==4956==    by 0x47A463: open_input_file (ffmpeg_opt.c:969)
 ==4956==    by 0x47D350: open_files (ffmpeg_opt.c:3003)
 ==4956==    by 0x47D350: ffmpeg_parse_options (ffmpeg_opt.c:3040)
 ==4956==    by 0x46FC61: main (ffmpeg.c:4312)
 ==4956==  Address 0x28 is not stack'd, malloc'd or (recently) free'd
 ==4956==
 ==4956==
 ==4956== Process terminating with default action of signal 11 (SIGSEGV)
 ==4956==  Access not within mapped region at address 0x28
 ==4956==    at 0xC4D31C: avcodec_string (utils.c:2868)
 ==4956==    by 0x6B9BD7: avformat_find_stream_info (utils.c:3628)
 ==4956==    by 0x47A463: open_input_file (ffmpeg_opt.c:969)
 ==4956==    by 0x47D350: open_files (ffmpeg_opt.c:3003)
 ==4956==    by 0x47D350: ffmpeg_parse_options (ffmpeg_opt.c:3040)
 ==4956==    by 0x46FC61: main (ffmpeg.c:4312)
 ==4956==  If you believe this happened as a result of a stack
 ==4956==  overflow in your program's main thread (unlikely but
 ==4956==  possible), you can try to increase the size of the
 ==4956==  main thread stack using the --main-stacksize= flag.
 ==4956==  The main thread stack size used in this run was 8388608.
 ==4956==
 ==4956== HEAP SUMMARY:
 ==4956==     in use at exit: 41,463 bytes in 36 blocks
 ==4956==   total heap usage: 92 allocs, 56 frees, 78,475 bytes allocated
 ==4956==
 ==4956== LEAK SUMMARY:
 ==4956==    definitely lost: 0 bytes in 0 blocks
 ==4956==    indirectly lost: 0 bytes in 0 blocks
 ==4956==      possibly lost: 0 bytes in 0 blocks
 ==4956==    still reachable: 41,463 bytes in 36 blocks
 ==4956==         suppressed: 0 bytes in 0 blocks
 ==4956== Rerun with --leak-check=full to see details of leaked memory
 ==4956==
 ==4956== For counts of detected and suppressed errors, rerun with: -v
 ==4956== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
 Segmentation fault (core dumped)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5412>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list