[FFmpeg-trac] #10171(undetermined:new): wavarc: crash with valid 8 bit mono file (comp. level 3)
FFmpeg
trac at avcodec.org
Mon Feb 6 15:35:28 EET 2023
#10171: wavarc: crash with valid 8 bit mono file (comp. level 3)
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Type: defect
Status: new | Priority: normal
Component: | Version:
undetermined | unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
{{{
(gdb) r -i 8_33_M_C3.WA -y out.wav
Starting program: fmpeg_g -i 8_33_M_C3.WA -y out.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-109758-gbdc76f467f Copyright (c) 2000-2023 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration:
libavutil 57. 44.100 / 57. 44.100
libavcodec 59. 63.100 / 59. 63.100
libavformat 59. 38.100 / 59. 38.100
libavdevice 59. 8.101 / 59. 8.101
libavfilter 8. 56.100 / 8. 56.100
libswscale 6. 8.112 / 6. 8.112
libswresample 4. 9.100 / 4. 9.100
Input #0, wavarc, from '8_33_M_C3.WA':
Duration: N/A, start: 0.000000, bitrate: N/A
Stream #0:0: Audio: wavarc (3NLP / 0x504C4E33), 33333 Hz, mono, s16p
Stream mapping:
Stream #0:0 -> #0:0 (wavarc (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[New Thread 0x7ffff6b9c700 (LWP 21435)]
[New Thread 0x7ffff639b700 (LWP 21436)]
[New Thread 0x7ffff5b9a700 (LWP 21437)]
[New Thread 0x7ffff5399700 (LWP 21438)]
[New Thread 0x7ffff4b98700 (LWP 21439)]
[New Thread 0x7fffeffff700 (LWP 21440)]
[New Thread 0x7fffef7fe700 (LWP 21441)]
[New Thread 0x7fffeeffd700 (LWP 21442)]
[New Thread 0x7fffee7fc700 (LWP 21443)]
Output #0, wav, to 'out.wav':
Metadata:
ISFT : Lavf59.38.100
Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 33333 Hz, mono,
s16, 533 kb/s
Metadata:
encoder : Lavc59.63.100 pcm_s16le
[New Thread 0x7fffedffb700 (LWP 21444)]
[wavarc @ 0x55555715b380] get_buffer() failedspeed= 0x
Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
av_buffer_unref (buf=buf at entry=0x55555715d2e0) at libavutil/buffer.c:144
144 buffer_replace(buf, NULL);
(gdb) bt
#0 av_buffer_unref (buf=buf at entry=0x55555715d2e0) at
libavutil/buffer.c:144
#1 0x00005555564c0d4c in av_frame_unref (frame=<optimized out>)
at libavutil/frame.c:501
#2 av_frame_unref (frame=frame at entry=0x55555715d200) at
libavutil/frame.c:491
#3 0x0000555555bc9e16 in ff_get_buffer (avctx=avctx at entry=0x55555715b380,
frame=frame at entry=0x55555715d200, flags=flags at entry=0)
at libavcodec/decode.c:1548
#4 0x0000555556089f56 in wavarc_decode (avctx=0x55555715b380,
frame=0x55555715d200, got_frame_ptr=0x7fffffffdb5c, pkt=<optimized
out>)
at libavcodec/wavarc.c:400
#5 0x0000555555bc7b0a in decode_simple_internal (
discarded_samples=<synthetic pointer>, frame=0x55555715d200,
avctx=0x55555715b380) at libavcodec/decode.c:285
#6 decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized
out>)
at libavcodec/decode.c:541
#7 decode_receive_frame_internal (avctx=avctx at entry=0x55555715b380,
frame=frame at entry=0x55555715d200) at libavcodec/decode.c:560
#8 0x0000555555bc89a3 in ff_decode_receive_frame (avctx=0x55555715b380,
frame=0x55555715d200) at libavcodec/decode.c:708
#9 0x0000555555710f63 in decode (avctx=0x55555715b380,
frame=0x55555715d200,
got_frame=0x7fffffffdcb0, pkt=<optimized out>, ist=<optimized out>)
at fftools/ffmpeg.c:2093
#10 0x0000555555719260 in decode_audio (ist=0x55555715b1c0, pkt=0x0,
--Type <RET> for more, q to quit, c to continue without paging--
got_output=0x7fffffffdcb0, decode_failed=0x7fffffffdcb4)
at fftools/ffmpeg.c:2145
#11 0x000055555571b3bd in process_input_packet (no_eof=0, pkt=<optimized
out>,
ist=0x55555715b1c0) at fftools/ffmpeg.c:2594
#12 process_input (file_index=<optimized out>) at fftools/ffmpeg.c:3853
#13 transcode_step () at fftools/ffmpeg.c:3988
#14 transcode () at fftools/ffmpeg.c:4035
#15 0x00005555556f098b in main (argc=5, argv=0x7fffffffdf88)
at fftools/ffmpeg.c:4173
}}}
{{{
==21379== Invalid write of size 4bitrate=N/A speed= 0x
==21379== at 0xC3DBE6: decode_2slp (wavarc.c:279)
==21379== by 0xC3DBE6: wavarc_decode (wavarc.c:380)
==21379== by 0x77BB09: decode_simple_internal (decode.c:285)
==21379== by 0x77BB09: decode_simple_receive_frame (decode.c:541)
==21379== by 0x77BB09: decode_receive_frame_internal (decode.c:560)
==21379== by 0x77C6CF: avcodec_send_packet (decode.c:635)
==21379== by 0x2C4F3B: decode.isra.0 (ffmpeg.c:2086)
==21379== by 0x2CD25F: decode_audio (ffmpeg.c:2145)
==21379== by 0x2CF3BC: process_input_packet (ffmpeg.c:2594)
==21379== by 0x2CF3BC: process_input (ffmpeg.c:3853)
==21379== by 0x2CF3BC: transcode_step (ffmpeg.c:3988)
==21379== by 0x2CF3BC: transcode (ffmpeg.c:4035)
==21379== by 0x2A498A: main (ffmpeg.c:4173)
==21379== Address 0x5c4a8b0 is 0 bytes after a block of size 6,320
alloc'd
==21379== at 0x483E0F0: memalign (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x483E212: posix_memalign (in /usr/lib/x86_64-linux-
gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x107D374: av_malloc (mem.c:105)
==21379== by 0x107D53D: av_mallocz (mem.c:266)
==21379== by 0x9C670C: init_context_defaults (options.c:133)
==21379== by 0x9C670C: avcodec_alloc_context3 (options.c:160)
==21379== by 0x2A55D3: add_input_streams (ffmpeg_demux.c:734)
==21379== by 0x2A9050: ifile_open (ffmpeg_demux.c:1077)
==21379== by 0x2BAB91: open_files.isra.0 (ffmpeg_opt.c:1244)
==21379== by 0x2BC02E: ffmpeg_parse_options (ffmpeg_opt.c:1283)
==21379== by 0x2A4949: main (ffmpeg.c:4156)
==21379==
==21379== Invalid write of size 4
==21379== at 0xC3DBD0: decode_2slp (wavarc.c:280)
==21379== by 0xC3DBD0: wavarc_decode (wavarc.c:380)
==21379== by 0x77BB09: decode_simple_internal (decode.c:285)
==21379== by 0x77BB09: decode_simple_receive_frame (decode.c:541)
==21379== by 0x77BB09: decode_receive_frame_internal (decode.c:560)
==21379== by 0x77C6CF: avcodec_send_packet (decode.c:635)
==21379== by 0x2C4F3B: decode.isra.0 (ffmpeg.c:2086)
==21379== by 0x2CD25F: decode_audio (ffmpeg.c:2145)
==21379== by 0x2CF3BC: process_input_packet (ffmpeg.c:2594)
==21379== by 0x2CF3BC: process_input (ffmpeg.c:3853)
==21379== by 0x2CF3BC: transcode_step (ffmpeg.c:3988)
==21379== by 0x2CF3BC: transcode (ffmpeg.c:4035)
==21379== by 0x2A498A: main (ffmpeg.c:4173)
==21379== Address 0x5c4a8b4 is 4 bytes after a block of size 6,320
alloc'd
==21379== at 0x483E0F0: memalign (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x483E212: posix_memalign (in /usr/lib/x86_64-linux-
gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x107D374: av_malloc (mem.c:105)
==21379== by 0x107D53D: av_mallocz (mem.c:266)
==21379== by 0x9C670C: init_context_defaults (options.c:133)
==21379== by 0x9C670C: avcodec_alloc_context3 (options.c:160)
==21379== by 0x2A55D3: add_input_streams (ffmpeg_demux.c:734)
==21379== by 0x2A9050: ifile_open (ffmpeg_demux.c:1077)
==21379== by 0x2BAB91: open_files.isra.0 (ffmpeg_opt.c:1244)
==21379== by 0x2BC02E: ffmpeg_parse_options (ffmpeg_opt.c:1283)
==21379== by 0x2A4949: main (ffmpeg.c:4156)
==21379==
==21379== Invalid read of size 4
==21379== at 0xC3DBAF: decode_2slp (wavarc.c:332)
==21379== by 0xC3DBAF: wavarc_decode (wavarc.c:380)
==21379== by 0x77BB09: decode_simple_internal (decode.c:285)
==21379== by 0x77BB09: decode_simple_receive_frame (decode.c:541)
==21379== by 0x77BB09: decode_receive_frame_internal (decode.c:560)
==21379== by 0x77C6CF: avcodec_send_packet (decode.c:635)
==21379== by 0x2C4F3B: decode.isra.0 (ffmpeg.c:2086)
==21379== by 0x2CD25F: decode_audio (ffmpeg.c:2145)
==21379== by 0x2CF3BC: process_input_packet (ffmpeg.c:2594)
==21379== by 0x2CF3BC: process_input (ffmpeg.c:3853)
==21379== by 0x2CF3BC: transcode_step (ffmpeg.c:3988)
==21379== by 0x2CF3BC: transcode (ffmpeg.c:4035)
==21379== by 0x2A498A: main (ffmpeg.c:4173)
==21379== Address 0x5c4a9f4 is 0 bytes after a block of size 116 alloc'd
==21379== at 0x483E0F0: memalign (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x483E212: posix_memalign (in /usr/lib/x86_64-linux-
gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==21379== by 0x107D374: av_malloc (mem.c:105)
==21379== by 0x107D53D: av_mallocz (mem.c:266)
==21379== by 0x76D077: avcodec_parameters_to_context (codec_par.c:255)
==21379== by 0x2A55ED: add_input_streams (ffmpeg_demux.c:738)
==21379== by 0x2A9050: ifile_open (ffmpeg_demux.c:1077)
==21379== by 0x2BAB91: open_files.isra.0 (ffmpeg_opt.c:1244)
==21379== by 0x2BC02E: ffmpeg_parse_options (ffmpeg_opt.c:1283)
==21379== by 0x2A4949: main (ffmpeg.c:4156)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10171>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list