[FFmpeg-trac] #10198(undetermined:new): rka: crash with fuzzed file
FFmpeg
trac at avcodec.org
Wed Feb 15 14:31:34 EET 2023
#10198: rka: crash with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Type: defect
Status: new | Priority: normal
Component: | Version:
undetermined | unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
also unrelated minor issue, there is an unclosed parenthesis in
CODEC_LONG_NAME:
libavcodec/rka.c:
{{{
CODEC_LONG_NAME("RKA (RK Audio"),
}}}
{{{
(gdb) r -i crash.rka -f null -
Starting program: ffmpeg_g -i crash.rka -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-109863-g4113445e9d Copyright (c) 2000-2023 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration:
libavutil 58. 1.100 / 58. 1.100
libavcodec 60. 2.100 / 60. 2.100
libavformat 60. 2.100 / 60. 2.100
libavdevice 60. 0.100 / 60. 0.100
libavfilter 9. 1.100 / 9. 1.100
libswscale 7. 0.100 / 7. 0.100
libswresample 4. 9.100 / 4. 9.100
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, rka, from 'crash.rka':
Duration: 00:00:10.00, start: 0.000000, bitrate: 103 kb/s
Stream #0:0: Audio: rka, 33333 Hz, 1 channels, u8p
Stream mapping:
Stream #0:0 -> #0:0 (rka (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[New Thread 0x7ffff6bdd700 (LWP 17994)]
Error while decoding stream #0:0: Invalid data found when processing input
[Thread 0x7ffff6bdd700 (LWP 17994) exited]
[New Thread 0x7ffff63dc700 (LWP 17995)]
[New Thread 0x7ffff5bdb700 (LWP 17996)]
[New Thread 0x7ffff53da700 (LWP 17997)]
[New Thread 0x7ffff4bd9700 (LWP 17998)]
[New Thread 0x7fffeffff700 (LWP 17999)]
[New Thread 0x7fffef7fe700 (LWP 18000)]
[New Thread 0x7fffeeffd700 (LWP 18001)]
[New Thread 0x7fffee7fc700 (LWP 18002)]
Last message repeated 2 times
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf60.2.100
Stream #0:0: Audio: pcm_s16le, 33333 Hz, mono, s16, 533 kb/s
Metadata:
encoder : Lavc60.2.100 pcm_s16le
[New Thread 0x7fffedffb700 (LWP 18003)]
size=N/A time=-577014:32:22.77 bitrate=N/A speed=N/A s/s speed=N/A
video:0kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: unknown
[Thread 0x7fffedffb700 (LWP 18003) exited]
Output file is empty, nothing was encoded (check -ss / -t / -frames
parameters if used)
[Thread 0x7fffeffff700 (LWP 17999) exited]
[Thread 0x7fffee7fc700 (LWP 18002) exited]
[Thread 0x7fffeeffd700 (LWP 18001) exited]
[Thread 0x7fffef7fe700 (LWP 18000) exited]
[Thread 0x7ffff4bd9700 (LWP 17998) exited]
[Thread 0x7ffff53da700 (LWP 17997) exited]
[Thread 0x7ffff5bdb700 (LWP 17996) exited]
[Thread 0x7ffff63dc700 (LWP 17995) exited]
--Type <RET> for more, q to quit, c to continue without paging--
Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
__GI___libc_free (mem=0x16dd2feffe5527e) at malloc.c:3102
3102 malloc.c
(gdb) bt
#0 __GI___libc_free (mem=0x16dd2feffe5527e) at malloc.c:3102
#1 0x00005555556aaffd in adaptive_model_free (am=<optimized out>)
at libavcodec/rka.c:956
#2 rka_decode_close (avctx=<optimized out>) at libavcodec/rka.c:956
#3 0x0000555555686bc0 in avcodec_close (avctx=avctx at entry=0x5555571616c0)
at libavcodec/codec_internal.h:327
#4 0x0000555555e12d1d in avcodec_free_context (
pavctx=pavctx at entry=0x555557161530) at libavcodec/options.c:175
#5 0x00005555556f4977 in ist_free (pist=0x55555715d9e0)
at fftools/ffmpeg_demux.c:473
#6 ifile_close (pf=0x55555715c900) at fftools/ffmpeg_demux.c:490
#7 0x0000555555713de1 in ffmpeg_cleanup (ret=69) at fftools/ffmpeg.c:556
#8 0x000055555570a945 in exit_program (ret=69) at fftools/cmdutils.c:102
#9 0x00005555556f0bb3 in main (argc=6, argv=0x7fffffffdf78)
at fftools/ffmpeg.c:4192
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10198>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list