Opened 10 years ago
Closed 10 years ago
#3864 closed defect (fixed)
caf: deadlock (fuzzed file)
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | caf deadlock |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://www.datafilehost.com/d/c026a39d
(gdb) r -i deadf.caf
Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i deadf.caf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
built on Aug 14 2014 23:56:56 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --enable-gpl --disable-ffserver --disable-ffprobe
libavutil 54. 3.100 / 54. 3.100
libavcodec 56. 0.101 / 56. 0.101
libavformat 56. 1.100 / 56. 1.100
libavdevice 56. 0.100 / 56. 0.100
libavfilter 5. 0.100 / 5. 0.100
libswscale 3. 0.100 / 3. 0.100
libswresample 1. 0.100 / 1. 0.100
libpostproc 53. 0.100 / 53. 0.100
[caf @ 0x93af340] skipping CAF chunk: 6368716E (chqn), size 12
Program received signal SIGINT, Interrupt.
0x089e64eb in av_dict_get (m=0x93a8420,
key=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I", prev=0x0, flags=0)
at libavutil/dict.c:57
57 for (j = 0; av_toupper(s[j]) == av_toupper(key[j]) && key[j]; j++)
(gdb) bt
#0 0x089e64eb in av_dict_get (m=0x93a8420,
key=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I", prev=0x0, flags=0)
at libavutil/dict.c:57
#1 0x089e65a9 in av_dict_set (pm=pm@entry=0x93af7b4,
key=key@entry=0xbfffee60 "d\355\303\373~\362\253\353\333\365e\356\213\367\206\374.\003\r\371\264\002J\366\001\356\372\374C\347I",
value=value@entry=0xbfffee80 "\367\324\342\062\365n\340", <incomplete sequence \344\232>, flags=flags@entry=0) at libavutil/dict.c:72
#2 0x08195e37 in read_info_chunk (s=s@entry=0x93af340,
size=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at libavformat/cafdec.c:213
#3 0x08196464 in read_header (s=0x93af340) at libavformat/cafdec.c:285
#4 0x08294543 in avformat_open_input (ps=ps@entry=0xbffff43c,
filename=filename@entry=0xbffffb77 "deadf.caf", fmt=fmt@entry=0x0,
options=0x93a884c) at libavformat/utils.c:437
#5 0x080be28d in open_input_file (o=o@entry=0xbffff53c,
filename=<optimized out>) at ffmpeg_opt.c:870
#6 0x080b7d17 in open_files (inout=inout@entry=0x8a76cbb "input",
open_file=open_file@entry=0x80bdf90 <open_input_file>,
l=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at ffmpeg_opt.c:2670
---Type <return> to continue, or q <return> to quit---
#7 0x080bff09 in ffmpeg_parse_options (argc=argc@entry=3,
argv=argv@entry=0xbffff9e4) at ffmpeg_opt.c:2707
#8 0x080af43a in main (argc=3, argv=0xbffff9e4) at ffmpeg.c:3824
(gdb)
Attachments (1)
Change History (3)
comment:1 by , 10 years ago
| Component: | undetermined → avformat |
|---|---|
| Keywords: | caf deadlock added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
by , 10 years ago
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in 90b2f3136778311fb5e097b8ee1f527518231c23.