[Ffmpeg-devel] seg fault in mov_read_header
Benoit Fouet
benoit.fouet
Wed Jan 24 08:51:43 CET 2007
Hi,
as it seems to be welcome to play with fuzzer, i did, and found out a
crash in ffmpeg.
in mov.c, line 1513, the asser tries to access something in
stts_data[stts_index] which is NULL.
traces in gdb:
(gdb) r -y -i test.3gp out_test.mp4
Starting program: /home/bfouet/env/open_sources/ffmpeg/ffmpeg_g -y -i
http://darkkben.free.fr/ffmpeg/crash_mov_c_l_1513.3gp out_test.mp4
[Thread debugging using libthread_db enabled]
[New Thread -1214933328 (LWP 512)]
FFmpeg version SVN-r7677, Copyright (c) 2000-2006 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-mp3lame --enable-a52
--enable-xvid --enable-libogg --enable-vorbis --enable-x264
--enable-faad --enable-faac --enable-amr_nb --enable-amr_wb --enable-pp
--disable-strip --prefix=/usr --mandir=/usr/share/man --arch=amd64
libavutil version: 49.2.0
libavcodec version: 51.29.0
libavformat version: 51.8.0
built on Jan 24 2007 08:26:07, gcc: 3.4.6 (Gentoo 3.4.6-r1,
ssp-3.4.5-1.0, pie-8.7.9)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214933328 (LWP 512)]
mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
1513 assert(sc->stts_data[stts_index].duration %
sc->time_rate == 0);
(gdb) bt
#0 mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
#1 0x0806496b in av_open_input_stream (ic_ptr=0xbfafe654,
pb=0xbfafe580, filename=0x535 <Address 0x535 out of bounds>, fmt=0x83c6ca0,
ap=0xbfafe660) at utils.c:404
#2 0x0806ae33 in av_open_input_file (ic_ptr=0xbfafe654,
filename=0xbfb00e16 "test.3gp", fmt=0xbfafe654, buf_size=0, ap=0x535)
at utils.c:517
#3 0x0805de5c in opt_input_file (filename=0xbfb00e16 "test.3gp") at
ffmpeg.c:2586
#4 0x080641df in parse_options (argc=5, argv=0xbfafee54,
options=0x83078a0) at cmdutils.c:105
#5 0x08062115 in main (argc=5, argv=0x535) at ffmpeg.c:3922
(gdb) p sc
$1 = (MOVStreamContext *) 0x84498c0
(gdb) p sc->stts_data
$2 = (Time2Sample *) 0x0
Ben
More information about the ffmpeg-devel
mailing list