Opened 11 years ago

Closed 11 years ago

#3500 closed defect (fixed)

vp7: crash with fuzzed file

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vp7 crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description 

(gdb) r -i vp7_f.avi -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-8f20e3d/ffmpeg_g -i vp7_f.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.2.git-8f20e3d Copyright (c) 2000-2014 the FFmpeg developers
  built on Mar 25 2014 20:28:17 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl --disable-yasm
  libavutil      52. 69.100 / 52. 69.100
  libavcodec     55. 54.100 / 55. 54.100
  libavformat    55. 35.101 / 55. 35.101
  libavdevice    55. 11.100 / 55. 11.100
  libavfilter     4.  3.100 /  4.  3.100
  libswscale      2.  5.102 /  2.  5.102
  libswresample   0. 18.100 /  0. 18.100
  libpostproc    52.  3.100 / 52.  3.100
[avi @ 0x92e8d80] Something went wrong during header parsing, I will ignore it and try to continue anyway.
Input #0, avi, from 'vp7_f.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 254 kb/s
    Stream #0:0: Video: vp7 (VP70 / 0x30375056), yuv420p, 320x240, 23.97 tbr, 23.97 tbn, 23.97 tbc
[New Thread 0xb7df8b70 (LWP 5196)]
[New Thread 0xb75f8b70 (LWP 5197)]
[New Thread 0xb6df8b70 (LWP 5198)]
[New Thread 0xb65f8b70 (LWP 5199)]
[New Thread 0xb5df8b70 (LWP 5200)]
[New Thread 0xb55f8b70 (LWP 5201)]
[New Thread 0xb4df8b70 (LWP 5202)]
[New Thread 0xb45f8b70 (LWP 5203)]
[New Thread 0xb3df8b70 (LWP 5204)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.35.101
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (vp7 -> rawvideo)
Press [q] to stop, [?] for help
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Unknown profile 2 is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[vp7 @ 0x92e97a0] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input
[vp7 @ 0x92e97a0] Discarding interframe without a prior keyframe!
Error while decoding stream #0:0: Invalid data found when processing input

Program received signal SIGSEGV, Segmentation fault.
vp7_decode_frame_header (s=0x92ee240, 
    buf=0x92ed7c3 "\355\252{\214JȚ\320 \240\065\351\031Ƨ{\210\343\t\316Q\363ò\237\334\025[\022\370\246d\311\n\241\251", buf_size=447)
    at libavcodec/vp8.c:526
526	                AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;
(gdb) bt
#0  vp7_decode_frame_header (s=0x92ee240, 
    buf=0x92ed7c3 "\355\252{\214JȚ\320 \240\065\351\031Ƨ{\210\343\t\316Q\363ò\237\334\025[\022\370\246d\311\n\241\251", buf_size=447)
    at libavcodec/vp8.c:526
#1  0x0875dba9 in ff_vp8_decode_frame (avctx=0x92e97a0, data=0x92f0160, 
    got_frame=0xbffff51c, avpkt=0xbffff2a8) at libavcodec/vp8.c:2350
#2  0x086d5c5f in avcodec_decode_video2 (avctx=0x92e97a0, 
    picture=picture@entry=0x92f0160, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff51c, 
    avpkt=avpkt@entry=0xbffff788) at libavcodec/utils.c:2182
#3  0x080c415d in decode_video (ist=ist@entry=0x92ed9c0, 
    pkt=pkt@entry=0xbffff788, got_output=got_output@entry=0xbffff51c)
    at ffmpeg.c:1844
#4  0x080c88e7 in output_packet (pkt=0xbffff720, ist=0x92ed9c0)
    at ffmpeg.c:2064
#5  process_input (file_index=154047584) at ffmpeg.c:3413
#6  0x080ac0db in transcode_step () at ffmpeg.c:3507
#7  transcode () at ffmpeg.c:3559
#8  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3739
(gdb)

Attachments (1)

vp7_f.avi (392.7 KB ) - added by ami_stuff 11 years ago.

Download all attachments as: .zip

Change History (3)

by ami_stuff, 11 years ago

Attachment: vp7_f.avi added

comment:1 by Carl Eugen Hoyos, 11 years ago

Component: undeterminedavcodec
Keywords: vp7 crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

comment:2 by Carl Eugen Hoyos, 11 years ago

Resolution: fixed
Status: openclosed

Fixed by the same commit 46f72ea5 that fixed ticket #3501.

Note: See TracTickets for help on using tickets.