Opened 7 years ago
Closed 7 years ago
#6804 closed defect (fixed)
Corrupt file crashes ffmpeg with assertion failure.
| Reported by: | Dale Curtis | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | crash abort codecpar regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Using master branch, run ffmpeg -i on the attached file and observe the following:
[ogg @ 0x125f380] Codec not found
[ogg @ 0x125f380] Invalid timing values.
Last message repeated 1 times
[ogg @ 0x125f380] Header parsing failed for stream 1
[ogg @ 0x125f380] Header parsing failed for stream 2
[ogg @ 0x125f380] Headers mismatch for stream 3: expected 2 received 0.
[ogg @ 0x125f380] New streams are not supposed to be added in between Ogg context save/restore operations.
[ogg @ 0x125f380] failed to create or replace stream
[ogg @ 0x125f380] Codec not found
[ogg @ 0x125f380] Invalid timing values.
Assertion 0 failed at libavcodec/gsm_parser.c:59
Aborted (core dumped)
Seems this should return an error instead of crashing, but the parse() api doesn't seem to provide a way for error codes to be returned.
Attachments (1)
Change History (5)
by , 7 years ago
| Attachment: | clusterfuzz-testcase-minimized-4580570865860608 added |
|---|
comment:1 by , 7 years ago
comment:2 by , 7 years ago
| Keywords: | crash abort codecpar regression added |
|---|---|
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
Regression since 6f69f7a8bf6a0d013985578df2ef42ee6b1c7994
comment:3 by , 7 years ago
Ah, I think the issue is that AVERROR codes from oggdec->header() aren't handled at all. Will submit a patch shortly.
comment:4 by , 7 years ago
| Component: | undetermined → avformat |
|---|---|
| Resolution: | → fixed |
| Status: | open → closed |
Fixed by you in 09494d098405738a5972e0052110af65b3ff7e72
The assert is fine, the execution should not arrive there in the first place.
You should run your fuzzing tests with the highest assert level, it would have triggered an assert failure earlier.
I do not know the Ogg and parser infrastructure well enough to investigate further.