[FFmpeg-trac] #11483(ffmpeg:new): Segmentation fault on function mov_read_trak

FFmpeg trac at avcodec.org
Wed Feb 26 02:38:22 EET 2025 

#11483: Segmentation fault on function mov_read_trak
--------------------------------+--------------------------------------
             Reporter:  fizz    |                     Type:  defect
               Status:  new     |                 Priority:  normal
            Component:  ffmpeg  |                  Version:  git-master
             Keywords:          |               Blocked By:
             Blocking:          |  Reproduced by developer:  0
Analyzed by developer:  0       |
--------------------------------+--------------------------------------
 Summary of the bug: Segmentation fault on function mov_read_trak
 How to reproduce:
 {{{
 system: ubuntu20.04

 git last commit:
 commit 66e9888bf418984a274beddbc3e87e9f1b8f5077 (HEAD -> master,
 origin/master, origin/HEAD)
 Author: Michael Niedermayer <michael at niedermayer.cc>
 Date:   Wed Jan 8 03:11:02 2025 +0100

 use this command to compile:
 ./configure --enable-debug=2 --disable-optimizations --disable-stripping
 make -j4

 use this command to reproduce:valgrind ./ffmpeg -i POC_FILE /dev/null
 }}}
 information from valgrind:
 {{{
 ==30383== Memcheck, a memory error detector
 ==30383== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
 ==30383== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
 info
 ==30383== Command: ./ffmpeg -i ./bugs/ffmpeg_mov_read_trak /dev/null
 ==30383==
 ffmpeg version N-118312-g66e9888bf4 Copyright (c) 2000-2025 the FFmpeg
 developers
   built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
   configuration: --enable-debug=2 --disable-optimizations --disable-
 stripping
   libavutil      59. 55.100 / 59. 55.100
   libavcodec     61. 31.100 / 61. 31.100
   libavformat    61.  9.106 / 61.  9.106
   libavdevice    61.  4.100 / 61.  4.100
   libavfilter    10.  6.101 / 10.  6.101
   libswscale      8. 13.100 /  8. 13.100
   libswresample   5.  4.100 /  5.  4.100
 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x64cb8c0] Detected creation time before 1970,
 parsing as unix timestamp.
 ==30383== Invalid read of size 4
 ==30383==    at 0x11CC28F: mov_read_trak (mov.c:5208)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x1173128: mov_read_moov (mov.c:1565)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x1173128: mov_read_moov (mov.c:1565)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x11CC6AE: mov_read_header (mov.c:10458)
 ==30383==    by 0xFABB15: avformat_open_input (demux.c:308)
 ==30383==    by 0x42BAE0: ifile_open (ffmpeg_demux.c:1727)
 ==30383==    by 0x48384C: open_files.isra.0 (ffmpeg_opt.c:1363)
 ==30383==    by 0x48A3AD: ffmpeg_parse_options (ffmpeg_opt.c:1412)
 ==30383==    by 0x410A38: main (ffmpeg.c:974)
 ==30383==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
 ==30383==
 ==30383==
 ==30383== Process terminating with default action of signal 11 (SIGSEGV):
 dumping core
 ==30383==  Access not within mapped region at address 0x4
 ==30383==    at 0x11CC28F: mov_read_trak (mov.c:5208)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x1173128: mov_read_moov (mov.c:1565)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x1173128: mov_read_moov (mov.c:1565)
 ==30383==    by 0x1171E25: mov_read_default (mov.c:9414)
 ==30383==    by 0x11CC6AE: mov_read_header (mov.c:10458)
 ==30383==    by 0xFABB15: avformat_open_input (demux.c:308)
 ==30383==    by 0x42BAE0: ifile_open (ffmpeg_demux.c:1727)
 ==30383==    by 0x48384C: open_files.isra.0 (ffmpeg_opt.c:1363)
 ==30383==    by 0x48A3AD: ffmpeg_parse_options (ffmpeg_opt.c:1412)
 ==30383==    by 0x410A38: main (ffmpeg.c:974)
 ==30383==  If you believe this happened as a result of a stack
 ==30383==  overflow in your program's main thread (unlikely but
 ==30383==  possible), you can try to increase the size of the
 ==30383==  main thread stack using the --main-stacksize= flag.
 ==30383==  The main thread stack size used in this run was 8388608.
 ==30383==
 ==30383== HEAP SUMMARY:
 ==30383==     in use at exit: 40,430 bytes in 65 blocks
 ==30383==   total heap usage: 111 allocs, 46 frees, 80,868 bytes allocated
 ==30383==
 ==30383== LEAK SUMMARY:
 ==30383==    definitely lost: 0 bytes in 0 blocks
 ==30383==    indirectly lost: 0 bytes in 0 blocks
 ==30383==      possibly lost: 0 bytes in 0 blocks
 ==30383==    still reachable: 40,430 bytes in 65 blocks
 ==30383==         suppressed: 0 bytes in 0 blocks
 ==30383== Rerun with --leak-check=full to see details of leaked memory
 ==30383==
 ==30383== For lists of detected and suppressed errors, rerun with: -s
 ==30383== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
 Segmentation fault
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11483>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list