[FFmpeg-trac] #6618(avcodec:new): flac: infinite loop with fuzzed file
FFmpeg
trac at avcodec.org
Sat Aug 26 01:54:51 EEST 2017
#6618: flac: infinite loop with fuzzed file
----------------------------------+--------------------------------------
Reporter: jrummell | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
Summary of the bug:
The attached file (generated by Chrome's fuzzers) causes an infinite loop.
Original bug https://crbug.com/714370
How to reproduce:
{{{
ffmpeg -i testcase.flac dummy.mp4
ffmpeg version N-87069-g1e34019d62 Copyright (c) 2000-2017 the FFmpeg
developers
built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
configuration: ...
libavutil 55. 74.100 / 55. 74.100
libavcodec 57.103.100 / 57.103.100
libavformat 57. 77.100 / 57. 77.100
libavdevice 57. 7.101 / 57. 7.101
libavfilter 6.100.100 / 6.100.100
libswscale 4. 7.103 / 4. 7.103
libswresample 2. 8.100 / 2. 8.100
libpostproc 54. 6.100 / 54. 6.100
[flac @ 0x3397360] Format flac detected only with low score of 13,
misdetection possible!
...
[NULL @ 0x2d998a0] crc check failed from offset 0 (frame 1) to 6 (frame 1)
[NULL @ 0x2d998a0] sample/frame number mismatch in adjacent frames
}}}
In tracing through the code flac_parse() gets a buffer of 2 bytes, and
ends up in handle_error:, returning 0. Code in parse_packet() detects that
nothing is returned, and tries to parse the same 2 bytes again.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6618>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list