Opened 14 years ago
Closed 14 years ago
#74 closed defect (fixed)
Fuzzed sample crashes avfilter
Reported by: | Carl Eugen Hoyos | Owned by: | Michael Niedermayer |
---|---|---|---|
Priority: | important | Component: | avfilter |
Version: | git | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
The sample from issue 2441 now crashes avfilter.
(gdb) r -i crash_pirateszz_2_s25_r003.fuzz.sample -f null - FFmpeg version git-N-29196-ge61b83d, Copyright (c) 2000-2011 the FFmpeg developers built on Apr 19 2011 19:44:16 with gcc 4.4.5 configuration: --cc='/usr/local/gcc-4.4.5/bin/gcc -m32' --disable-asm libavutil 50. 40. 1 / 50. 40. 1 libavcodec 52.120. 0 / 52.120. 0 libavformat 52.108. 0 / 52.108. 0 libavdevice 52. 4. 0 / 52. 4. 0 libavfilter 1. 79. 1 / 1. 79. 1 libswscale 0. 13. 0 / 0. 13. 0 [mpeg1video @ 0x8c696d0] matrix damaged [mpeg1video @ 0x8c696d0] sequence header damaged [mpeg1video @ 0x8c696d0] matrix damaged [mpeg1video @ 0x8c696d0] sequence header damaged [mpeg1video @ 0x8c696d0] matrix damaged [mpeg1video @ 0x8c696d0] sequence header damaged [mpeg1video @ 0x8c696d0] Missing picture start code Last message repeated 15 times [mpegvideo @ 0x8c66de0] max_analyze_duration reached [mpegvideo @ 0x8c66de0] Estimating duration from bitrate, this may be inaccurate Seems stream 0 codec frame rate differs from container frame rate: 6.66 (60000/9009) -> 3.33 (60000/18018) Input #0, mpegvideo, from 'crash_pirateszz_2_s25_r003.fuzz.sample': Duration: 00:00:08.35, bitrate: 9800 kb/s Stream #0.0: Video: mpeg2video (4:2:2), yuv420p, 720x4576 [PAR 4576:405 DAR 16:9], 9800 kb/s, 17.53 fps, 3.33 tbr, 1200k tbn, 6.66 tbc [buffer @ 0x8d865e0] w:720 h:4576 pixfmt:yuv420p Output #0, null, to 'pipe:': Metadata: encoder : Lavf52.108.0 Stream #0.0: Video: rawvideo, yuv420p, 720x4576 [PAR 4576:405 DAR 16:9], q=2-31, 200 kb/s, 90k tbn, 3.33 tbc Stream mapping: Stream #0.0 -> #0.0 Press [q] to stop encoding mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] Missing picture start code Last message repeated 15 times [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] ignoring pic cod ext after 0 [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] matrix damaged [mpeg2video @ 0x8c696d0] sequence header damaged [mpeg2video @ 0x8c696d0] warning: first frame is no keyframe [mpeg2video @ 0x8c696d0] invalid mb type in P Frame at 4 131 [mpeg2video @ 0x8c696d0] invalid mb type in P Frame at 27 3 ... Program received signal SIGSEGV, Segmentation fault. 0x0806d489 in av_vsrc_buffer_add_frame2 (buffer_filter=0x8d865e0, frame=0xffffbe68, pts=1101100, pixel_aspect=..., width=721, height=480, pix_fmt=PIX_FMT_YUV420P, sws_param=0x85c6d2e "0:0") at libavfilter/vsrc_buffer.c:60 60 av_log(buffer_filter, AV_LOG_INFO, "Changing filter graph input to accept %dx%d %d (%d %d)\n", (gdb) bt #0 0x0806d489 in av_vsrc_buffer_add_frame2 (buffer_filter=0x8d865e0, frame=0xffffbe68, pts=1101100, pixel_aspect=..., width=721, height=480, pix_fmt=PIX_FMT_YUV420P, sws_param=0x85c6d2e "0:0") at libavfilter/vsrc_buffer.c:60 #1 0x08052295 in output_packet (ist=<value optimized out>, ist_index=<value optimized out>, ost_table=0x8d86570, nb_ostreams=1, pkt=0xffffcdac) at ffmpeg.c:1644 #2 0x08054743 in transcode (nb_output_files=<value optimized out>, nb_input_files=<value optimized out>, stream_maps=<value optimized out>, nb_stream_maps=0, input_files=<value optimized out>, output_files=<value optimized out>) at ffmpeg.c:2719 #3 0x08055cab in main (argc=6, argv=0xffffcfe4) at ffmpeg.c:4463 (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x806d469 to 0x806d4a9: 0x0806d469 <av_vsrc_buffer_add_frame2+89>: mov 0x100(%ebx),%ecx 0x0806d46f <av_vsrc_buffer_add_frame2+95>: mov 0x70(%esp),%edx 0x0806d473 <av_vsrc_buffer_add_frame2+99>: mov 0x20(%edx),%eax 0x0806d476 <av_vsrc_buffer_add_frame2+102>: mov 0x88(%esp),%edx 0x0806d47d <av_vsrc_buffer_add_frame2+109>: mov (%eax),%eax 0x0806d47f <av_vsrc_buffer_add_frame2+111>: mov 0x8(%eax),%eax 0x0806d482 <av_vsrc_buffer_add_frame2+114>: mov %eax,0x4c(%esp) 0x0806d486 <av_vsrc_buffer_add_frame2+118>: mov 0x20(%eax),%eax 0x0806d489 <av_vsrc_buffer_add_frame2+121>: mov (%eax),%eax 0x0806d48b <av_vsrc_buffer_add_frame2+123>: mov 0x38(%eax),%eax 0x0806d48e <av_vsrc_buffer_add_frame2+126>: mov %ecx,0x18(%esp) 0x0806d492 <av_vsrc_buffer_add_frame2+130>: mov 0x90(%esp),%ecx 0x0806d499 <av_vsrc_buffer_add_frame2+137>: mov %edx,0xc(%esp) 0x0806d49d <av_vsrc_buffer_add_frame2+141>: movl $0x85cb56c,0x8(%esp) 0x0806d4a5 <av_vsrc_buffer_add_frame2+149>: mov %eax,0x1c(%esp) End of assembler dump. (gdb) info register eax 0x0 0 ecx 0x0 0 edx 0x2d1 721 ebx 0x8d86670 148399728 esp 0xffffbc20 0xffffbc20 ebp 0xffffbe68 0xffffbe68 esi 0x8d86570 148399472 edi 0x10cd2c 1101100 eip 0x806d489 0x806d489 <av_vsrc_buffer_add_frame2+121> eflags 0x10297 [ CF PF AF SF IF RF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99
Attachments (1)
Change History (2)
by , 14 years ago
Attachment: | crash_pirateszz_2_s25_r003.fuzz.sample added |
---|
comment:1 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.