mxf: deadlock with fuzzed file
(gdb) r -threads 1 -i deadlock2.mxf
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /media/sdb1/ffmpeg-HEAD-8a0d446/ffmpeg_g -threads 1 -i deadlock2.mxf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.1.git-8a0d446 Copyright (c) 2000-2013 the FFmpeg developers
built on Dec 29 2013 20:43:02 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-ffserver
libavutil 52. 59.100 / 52. 59.100
libavcodec 55. 47.100 / 55. 47.100
libavformat 55. 22.100 / 55. 22.100
libavdevice 55. 5.102 / 55. 5.102
libavfilter 4. 0.103 / 4. 0.103
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
libpostproc 52. 3.100 / 52. 3.100
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 6 times
[mxf @ 0x9298ee0] local tag 0x8000 with 0 size
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 10 times
[mxf @ 0x9298ee0] local tag 0x08 with 0 size
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 1 times
[mxf @ 0x9298ee0] local tag 0x04 with 0 size
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 3 times
[mxf @ 0x9298ee0] local tag 0x4000 with 0 size
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 22 times
[mxf @ 0x9298ee0] local tag 0x20 with 0 size
[mxf @ 0x9298ee0] local tag 0000 with 0 size
Last message repeated 50 times
[mxf @ 0x9298ee0] local tag 0x02 with 0 size
Last message repeated 1 times
[mxf @ 0x9298ee0] local tag 0000 with 0 size
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[...]
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
[mxf @ 0x9298ee0] invalid KAGSize 0 - guessing 512
Program received signal SIGINT, Interrupt.
0x0815f94d in avio_r8 (s=s@entry=0x92a1520) at libavformat/aviobuf.c:485
485 }
(gdb) bt
#0 0x0815f94d in avio_r8 (s=s@entry=0x92a1520) at libavformat/aviobuf.c:485
#1 0x081df414 in mxf_read_sync (size=4,
key=0x89819d4 "\006\016+4\006\016+4\002\005\001\001\r\001\002\001\001\002\006\016+4\002\005\001\001\r\001\003\001\004", pb=0x92a1520)
at libavformat/mxfdec.c:285
#2 klv_read_packet (pb=0x92a1520, klv=0xbffff300) at libavformat/mxfdec.c:296
#3 mxf_read_header (s=0x9298ee0) at libavformat/mxfdec.c:2032
#4 0x08250b75 in avformat_open_input (ps=ps@entry=0xbffff430,
filename=filename@entry=0xbffffb6f "deadlock2.mxf", fmt=fmt@entry=0x0,
options=0x9292fdc) at libavformat/utils.c:551
#5 0x080b45fd in open_input_file (o=o@entry=0xbffff52c,
filename=<optimized out>) at ffmpeg_opt.c:844
#6 0x080b2387 in open_files (inout=inout@entry=0x898dc9b "input",
open_file=open_file@entry=0x80b4300 <open_input_file>,
l=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at ffmpeg_opt.c:2582
#7 0x080bad09 in ffmpeg_parse_options (argc=argc@entry=5,
argv=argv@entry=0xbffff9c4) at ffmpeg_opt.c:2619
#8 0x080a9dba in main (argc=5, argv=0xbffff9c4) at ffmpeg.c:3522
(gdb)
Change History
(4)
| Component: |
undetermined → avformat
|
| Description: |
modified (diff)
|
| Keywords: |
mxf deadlock added
|
| Priority: |
normal → important
|
| Reproduced by developer: |
set
|
| Status: |
new → open
|
| Version: |
unspecified → git-master
|
| Keywords: |
regression added
|
| Resolution: |
→ fixed
|
| Status: |
open → closed
|
Regression since dcd30b83