Opened 9 years ago

Closed 9 years ago

#5099 closed defect (fixed)

dxv: crash with fuzzed file 2

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: dxv crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/d/20ff4a86

(gdb) r -i 2_fuzz.mov -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 2_fuzz.mov -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (Debian 4.7.2-4)
  configuration: --enable-gpl --disable-ffprobe --disable-ffplay
  libavutil      55.  7.100 / 55.  7.100
  libavcodec     57. 15.100 / 57. 15.100
  libavformat    57. 17.100 / 57. 17.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 15.100 /  6. 15.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x9729200] overread end of atom 'stsd' by 256 bytes
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '2_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2015-12-21 17:17:04
  Duration: 00:00:12.64, start: 0.000000, bitrate: 6237 kb/s
    Stream #0:0(eng): Video: dxv (DXD3 / 0x33445844), rgba, 320x240, 1407876 kb/s, 23.97 fps, 23.97 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2015-12-21 17:17:04
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
      encoder         : DXV 3
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf57.17.100
    Stream #0:0(eng): Video: wrapped_avframe, rgba, 320x240, q=2-31, 200 kb/s, 23.97 fps, 23.97 tbn, 23.97 tbc (default)
    Metadata:
      creation_time   : 2015-12-21 17:17:04
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
      encoder         : Lavc57.15.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (dxv (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x083d12d9 in dxv_decompress_dxt5 (avctx=avctx@entry=0x972eca0)
    at libavcodec/dxv.c:300
300	                prev = AV_RL32(ctx->tex_data + 4 * (pos - idx));
(gdb)

Attachments (1)

2_fuzz_cut.mov (2.4 MB ) - added by Carl Eugen Hoyos 9 years ago.

Change History (3)

by Carl Eugen Hoyos, 9 years ago

Attachment: 2_fuzz_cut.mov added

comment:1 by Carl Eugen Hoyos, 9 years ago

Component: undeterminedavcodec
Keywords: dxv crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

comment:2 by Michael Niedermayer, 9 years ago

Resolution: fixed
Status: openclosed

Fixed in eb8a67de75ef6fd043f5749f6448c1874f149783

Note: See TracTickets for help on using tickets.