[FFmpeg-trac] #5373(avcodec:new): Crashes found using ZZuf in fffuzz
FFmpeg
trac at avcodec.org
Thu Mar 24 18:14:39 CET 2016
#5373: Crashes found using ZZuf in fffuzz
-------------------------------------+-------------------------------------
Reporter: | Type:
neerajsinghi | sponsoring request
Status: new | Priority: normal
Component: avcodec | Version:
Keywords: | unspecified
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Summary of the bug: fffuzz crashed while converting these video files with
seed .
seed File Name
30105 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
14013 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
[[Image(http://i64.tinypic.com/s41c29.png)]]
How to reproduce:
create a file using command
zzuf -M -1 -q -U 60 -s 30105 < Ikari_and_Rei_in_the_hospital-Shadowcry.avi
> fuzz4.avi
Run this file using fffuzz
./fffuzz fuzz4.avi /dev/null
built on Ubuntu 14.04
Trying for backtrace Run on gdb
I am getting
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 2 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 3 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 0 qscale: 9//
[msmpeg4 @ 0x615e20] dc overflow- block: 1 qscale: 9//
Program terminated with signal SIGKILL, Killed.
The program no longer exists.
'''(gdb) bt'''
'''No stack.
'''
'''Then i tried on valgrind i got'''
'''''valgrind ./fffuzz fuzz4.avi /dev/null
'''==109102== Memcheck, a memory error detector
==109102== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==109102== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
info
==109102== Command: ./fffuzz fuzz4.avi /dev/null
==109102==
[file @ 0x760cc20] Setting default whitelist 'file'
[avi @ 0x760c2e0] Format avi probed with size=2048 and score=100
[avi @ 0x761de80] use odml:1
[avi @ 0x760c2e0] File is truncated adjusting duration
[avi @ 0x760c2e0] sample size (1048577) != block align (1)
[avi @ 0x760c2e0] Before avformat_find_stream_info() pos: 10252 bytes
read:32768 seeks:2
[avi @ 0x760c2e0] parser not found for codec msmpeg4v3, packets or times
may be invalid.
[avi @ 0x760c2e0] parser not found for codec msmpeg4v3, packets or times
may be invalid.
[avi @ 0x760c2e0] All info found
[avi @ 0x760c2e0] After avformat_find_stream_info() pos: 20250 bytes
read:65536 seeks:2 frames:18
Input #0, avi, from 'fuzz4.avi':
Duration: 00:00:21.12, start: 0.000000, bitrate: 794 kb/s
Stream #0:0, 1, 1/25: Video: msmpeg4v3 (msmpeg4), 1 reference frame
(DIV3 / 0x33564944), yuv420p, 524638x240, 1/25, 25 fps, 25 tbr, 25 tbn, 25
tbc
Stream #0:1, 17, 1/19983: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz,
stereo, s16p, 159 kb/s
Demuxing from file 'fuzz4.avi' into '/dev/null'
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] ignoring overflow at 4 0
[msmpeg4 @ 0x761e440] ignoring overflow at 4 0
[msmpeg4 @ 0x761e440] ignoring overflow at 5 0
[msmpeg4 @ 0x761e440] ignoring overflow at 5 0
[msmpeg4 @ 0x761e440] ignoring overflow at 5 0
[msmpeg4 @ 0x761e440] ignoring overflow at 11 0
[msmpeg4 @ 0x761e440] ignoring overflow at 11 0
[msmpeg4 @ 0x761e440] ignoring overflow at 12 0
[msmpeg4 @ 0x761e440] ignoring overflow at 12 0
[msmpeg4 @ 0x761e440] dc overflow+ L qscale: 4//
[msmpeg4 @ 0x761e440]
error while decoding block: 139 x 0 (1)
[msmpeg4 @ 0x761e440] Error at MB: 139
[msmpeg4 @ 0x761e440] ext header missing, -8 left
[msmpeg4 @ 0x761e440] concealing 491760 DC, 491760 AC, 491760 MV errors in
I frame
video_frame n:0 coded_n:0 pts:NOPTS
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] ignoring overflow at 37 0
[msmpeg4 @ 0x761e440] ignoring overflow at 38 0
[msmpeg4 @ 0x761e440] ignoring overflow at 80 0
[msmpeg4 @ 0x761e440] ignoring overflow at 87 0
[msmpeg4 @ 0x761e440] ignoring overflow at 120 0
[msmpeg4 @ 0x761e440] ac-tex damaged at 136 0
[msmpeg4 @ 0x761e440]
error while decoding block: 136 x 0 (2)
[msmpeg4 @ 0x761e440] Error at MB: 136
[msmpeg4 @ 0x761e440] concealing 491763 DC, 491763 AC, 491763 MV errors in
P frame
video_frame n:1 coded_n:1 pts:NOPTS
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] overreading 8 bits
[msmpeg4 @ 0x761e440] concealing 491850 DC, 491850 AC, 491850 MV errors in
P frame
video_frame n:2 coded_n:2 pts:NOPTS
[msmpeg4 @ 0x761e440] invalid qscale
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] invalid picture type
[msmpeg4 @ 0x761e440] header damaged
Error decoding video frame (Operation not permitted)
[msmpeg4 @ 0x761e440] ac-tex damaged at 574 0
[msmpeg4 @ 0x761e440]
error while decoding block: 574 x 0 (5)
[msmpeg4 @ 0x761e440] Error at MB: 574
[msmpeg4 @ 0x761e440] concealing 491462 DC, 491462 AC, 491462 MV errors in
P frame
'''Killed'''
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5373>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list