Ticket #1374 (closed defect: fixed)

Opened 13 months ago

Last modified 13 months ago

bink: invalid reads

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: bink
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

 http://samples.mplayerhq.hu/V-codecs/SVQ3/shrek2_tsr_qt_240.mov

(gdb) r -vcodec binkvideo -i shrek2_tsr_qt_240.mov -an -vcodec msmpeg4v2 out.>
Starting program: d:\mingw\msys\1.0\ffmpeg-head-ab7d6cb\ffmpeg_g.exe -vcodec bin
kvideo -i shrek2_tsr_qt_240.mov -an -vcodec msmpeg4v2 out.avi
[New Thread 2756.0xabc]
ffmpeg version 0.10.2.git-ab7d6cb Copyright (c) 2000-2012 the FFmpeg developers
  built on May 27 2012 11:57:57 with gcc 4.6.1
  configuration: --disable-ffprobe --enable-gpl
  libavutil      51. 55.100 / 51. 55.100
  libavcodec     54. 23.100 / 54. 23.100
  libavformat    54.  6.101 / 54.  6.101
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     2. 77.100 /  2. 77.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'shrek2_tsr_qt_240.mov':
  Metadata:
    creation_time   : 2003-10-17 01:39:03
    copyright       : TM & Tę 2003 DreamWorks LLC.
    copyright-eng   : TM & Tę 2003 DreamWorks LLC.
    title           : Shrek 2
    title-eng       : Shrek 2
    artist-eng      : www.DreamWorks.com
    comment         : Not So Far Far Away
    artist          : www.DreamWorks.com
    comment-eng     : Not So Far Far Away
  Duration: 00:02:01.00, start: 0.000000, bitrate: 237 kb/s
    Stream #0:0(eng): Video: binkvideo (SVQ3 / 0x33515653), yuva420p, 240x128, 2
04 kb/s, 12 fps, 12 tbr, 600 tbn, 600 tbc
    Metadata:
      creation_time   : 2003-10-17 01:39:03
      handler_name    : Apple Alias Data Handler
    Stream #0:1(eng): Audio: mp3 (ms[0]U / 0x5500736D), 22050 Hz, mono, s16, 32
kb/s
    Metadata:
      creation_time   : 2003-10-17 01:39:03
      handler_name    : Apple Alias Data Handler
File 'out.avi' already exists. Overwrite ? [y/N] y
w:240 h:128 pixfmt:yuva420p tb:1/600 sar:0/1 sws_param:flags=2
[buffersink @ 03bd83c0] No opaque field provided
[format @ 03bd8640] auto-inserting filter 'auto-inserted scaler 0' between the f
ilter 'src' and the filter 'format'
[scale @ 03bd8580] w:240 h:128 fmt:yuva420p sar:0/1 -> w:240 h:128 fmt:yuv420p s
ar:0/1 flags:0x4
Output #0, avi, to 'out.avi':
  Metadata:
    creation_time   : 2003-10-17 01:39:03
    ICOP            : TM & Tę 2003 DreamWorks LLC.
    copyright-eng   : TM & Tę 2003 DreamWorks LLC.
    INAM            : Shrek 2
    title-eng       : Shrek 2
    artist-eng      : www.DreamWorks.com
    ICMT            : Not So Far Far Away
    IART            : www.DreamWorks.com
    comment-eng     : Not So Far Far Away
    ISFT            : Lavf54.6.101
    Stream #0:0(eng): Video: msmpeg4v2 (MP42 / 0x3234504D), yuv420p, 240x128, q=
2-31, 200 kb/s, 12 tbn, 12 tbc
    Metadata:
      creation_time   : 2003-10-17 01:39:03
      handler_name    : Apple Alias Data Handler
Stream mapping:
  Stream #0:0 -> #0:0 (binkvideo -> msmpeg4v2)
Press [q] to stop, [?] for help
[binkvideo @ 03bcc7c0] Unknown block type 11
Error while decoding stream #0:0
    Last message repeated 1 times
[binkvideo @ 03bcc7c0] Unknown block type 14
Error while decoding stream #0:0
[binkvideo @ 03bcc7c0] Run went out of bounds
Error while decoding stream #0:0
    Last message repeated 1 times
[binkvideo @ 03bcc7c0] Unknown block type 9
Error while decoding stream #0:0
    Last message repeated 2 times
Program received signal SIGSEGV, Segmentation fault.
0x008ea400 in put_pixels8_mmx (
    block=0x42209a0 '7' <repeats 192 times>, "\200\200\200\200\200\200\200\200".
.., pixels=0x421f8bd <Address 0x421f8bd out of bounds>, line_size=288, h=8)
    at libavcodec/x86/dsputil_mmx.c:402
402         __asm__ volatile (
(gdb) bt
#0  0x008ea400 in put_pixels8_mmx (
    block=0x42209a0 '7' <repeats 192 times>, "\200\200\200\200\200\200\200\200".
.., pixels=0x421f8bd <Address 0x421f8bd out of bounds>, line_size=288, h=8)
    at libavcodec/x86/dsputil_mmx.c:402
#1  0x0082fa80 in bink_decode_plane (c=0xfffff9b4, gb=<optimized out>,
    plane_idx=3, is_chroma=0) at libavcodec/bink.c:1131
#2  0x00830b82 in decode_frame (avctx=0x3bcc7c0, data=0x3bda600,
    data_size=0x22e8bc, pkt=0x22e5b8) at libavcodec/bink.c:1189
#3  0x00542637 in avcodec_decode_video2 (avctx=0x3bcc7c0, picture=0x3bda600,
    got_picture_ptr=0x22e8bc, avpkt=0x22e7f0) at libavcodec/utils.c:1464
#4  0x0040c507 in decode_video (got_output=<optimized out>,
    pkt=<optimized out>, ist=<optimized out>) at ffmpeg.c:2645
#5  output_packet (ist=0x3bd6c80, pkt=0x22fbb0) at ffmpeg.c:2816
#6  0x0040e723 in transcode () at ffmpeg.c:3662
#7  0x00b14ee2 in main (argc=9, argv=0x3bd0e00) at ffmpeg.c:5926
(gdb)

Change History

comment:1 Changed 13 months ago by cehoyos

  • Status changed from new to open
  • Reproduced by developer set
  • Component changed from undetermined to avcodec
  • Summary changed from bink crash to bink: invalid reads
  • Priority changed from normal to important
  • Version changed from unspecified to git-master
  • Keywords bink added

comment:2 Changed 13 months ago by michael

  • Status changed from open to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.