Opened 5 years ago
Closed 5 years ago
#8594 closed defect (fixed)
Infinite loop in ogg_read_header
| Reported by: | andreafioraldi | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | ogg deadlock regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
Hi, I found an input taht causes an infinite loop.
In the details, the code that loops is in libavformat/oggdec.c:ogg_read_header().
static int ogg_read_header(AVFormatContext *s)
{
struct ogg *ogg = s->priv_data;
int ret, i;
ogg->curidx = -1;
//linear headers seek from start
do {
ret = ogg_packet(s, NULL, NULL, NULL, NULL);
if (ret < 0) {
ogg_read_close(s);
return ret;
}
} while (!ogg->headers);
av_log(s, AV_LOG_TRACE, "found headers\n");
// ...
The do while seems infinite. A attach a repro testcase.
How to reproduce:
% ffmpeg -i id\:000000\,src\:004026\,time\:40571915+001319\,op\:MOpt_core_splice\,rep\:64 a.mp3
ffmpeg version N-97118-gfa164bc50e Copyright (c) 2000-2020 the FFmpeg developers
built with clang version 10.0.0 (git@github.com:andreafioraldi/ConstrainedMemorySanitizer.git 5b365c37a959d429121850f6d91ed160d4cdf76f)
configuration: --cc=clang-10 --cxx=clang++-10
libavutil 56. 42.102 / 56. 42.102
libavcodec 58. 77.101 / 58. 77.101
libavformat 58. 42.100 / 58. 42.100
libavdevice 58. 9.103 / 58. 9.103
libavfilter 7. 77.101 / 7. 77.101
libswscale 5. 6.101 / 5. 6.101
libswresample 3. 6.100 / 3. 6.100
[ogg @ 0x61b000000080] Codec not found
Last message repeated 1 times
Attachments (1)
Change History (3)
by , 5 years ago
| Attachment: | id:000000,src:004026,time:40571915+001319,op:MOpt_core_splice,rep:64 added |
|---|
comment:1 by , 5 years ago
| Keywords: | ogg deadlock regression added; hang removed |
|---|---|
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
comment:2 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Fixed by Michael in f1589be9fda00c417f9bcccb55dbbea998ee08ac
Note:
See TracTickets
for help on using tickets.
Regression since c5cf58d4b9b04cee1487a3095b83300791c21f15
(A little hard to believe that the given command line allows to reproduce though.)