New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes with the error Stream #0.0Floating point exception for y4m
files with invalid frame rates that aren't both 0, with the arguments ffmpeg -i
../y4m_invalid_header_crash_small.y4m test.mkv. The file was generated with
zzuf
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on mkv files with invalid timestamps with the arguments ./ffmpeg
-i ../fuzzed.mkv del.mkv. The error is Floating point exception. This occurs
because a division by zero when the timestamp is invalid. The file was generated
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg fails assertion ffmpeg: libavutil/mathematics.c:79: av_rescale_rnd:
Assertion `c 0' failed. for wav files with invalid sampling rates (e.g.
-2147461598 Hz). Adding a sanity check on the sample rate fixes the failed
assertion
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/roundup_2475_wav_crash. I
accidentally also uploaded it to /MPlayer/incoming/. Can someone delete that
file?
FFmpeg issue tracker iss
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/roundup_2470_y4m_crash.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2470
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have reuploaded the sample and attached a different fix. I'm not sure if this
a correct fix.
The output with the patch is:
./ffmpeg_g -i ../fuzzed/mkv_invalid_timestamp_crash.mkv del.mkv
FFmpeg version git-0a30723, Copyright (c) 2000-2011
Daniel Kang daniel.d.k...@gmail.com added the comment:
Here is the backtrace with a breakpoint on libavformat/utils.c:955:
(gdb) break libavformat/utils.c:955
Breakpoint 1 at 0x4d36b0: file libavformat/utils.c, line 955.
(gdb) r -i ../fuzzed/wav_invalid_sample_rate_small.wav del.wav
Starting
Daniel Kang daniel.d.k...@gmail.com added the comment:
ffmpeg also fails the assertion with an aiff file with invalid sample rates. The
patch fixes it.
I have uploaded the file to
/MPlayer/incoming/roundup_2475_aiff_invalid_sample_rate and changed the title to
audio files in general
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have examined this issue. It occurs because when init_get_bits is called,
s-avctx-extradata_size4 is checked, but s-avctx-extradata_size*8 is not
checked for overflow. I have attached a patch that fixes this issue.
The run with the patch
Daniel Kang daniel.d.k...@gmail.com added the comment:
The first patch is incorrect. s-avctx-extradata_size*8 should be checked if it
is = 32, not 4, since it is multiplied times 8. I have uploaded a new patch and
deleted the first patch.
FFmpeg
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to: /MPlayer/incoming/mp4_crash_roundup_2479
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2479
New submission from Daniel Kang daniel.d.k...@gmail.com:
I believe the issue is related to issue2479. Once again, I am not sure if this
bug is unique to my box.
ffmpeg crashes for ape files with invalid headers (i.e. the header has a value
of totalframes greater than there are frames). ffmpeg
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded the sample to /MPlayer/incoming/ape_invalid_malloc_issue2480
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2480
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a third sample to /MPlayer/incoming/wav_assertion_fail2. The
patch fixes it.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2475
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on mov files with invalid time creation. gmtime will return NULL
for times it cannot convert
(http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf p. 335). strftime
crash when NULL is passed to it. I have attached
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to
/MPlayer/incoming/invalid_mov_creation_time_issue2490
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2490
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded the file to /MPlayer/incoming/mm_crash_ffmpeg_roundup_issue2495.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2495
Daniel Kang daniel.d.k...@gmail.com added the comment:
In compute_frame_duration (libavformat/utils.c:788), *pden is set to
st-codec-sample_rate. Later in the code, the duration is computed
(libavformat/utils.c:955) in compute_pkt_fields using av_rescale_rnd. The
arguments passed include den
New submission from Daniel Kang daniel.d.k...@gmail.com:
This is related to roundup issue 2495.
In mm_decode_inter, there is no sanity check on AV_RL16(buf[0]). This could
potentially cause reads into unallocated memory. This is especially complicated
because of the different conditions
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on bfi files with invalid frame sizes. When decoding a frame, it
will over read the buffer if the frame size (calculated by the resolution) is
larger than the actual frame.
The patch attached fixes this issue.
gdb run
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/bfi_invalid_resolution_issue_2497
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2497
Daniel Kang daniel.d.k...@gmail.com added the comment:
I forgot to mention this in the first post, but ffmpeg still fails on this video
file with the patch. However the video data is invalid, so it fails an
assertion.
FFmpeg issue tracker iss
New submission from Daniel Kang daniel.d.k...@gmail.com:
For tif files with strip sizes larger than the buffer, ffmpeg crashes. The patch
attached adds a sanity check to this.
gdb run:
(gdb) r -i ../fuzzed.tif del.jpg
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.tif del.jpg
[Thread debugging
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on tif files with invalid headers. When reading in bpp data, the
check for count occurs after data is read. For invalid count, the tif decoder
crashes. I have attached a patch that moves the check before reading in data
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on avi files with invalid headers. When the resolution is larger
than the allocated size, ffmpeg crashes. The patch attached fixes the issue.
This only happens with the arguments -i fuzzed.avi -f null /dev/null, but
works
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded the sample to /MPlayer/incoming/cljr_buffer_bug_issue2501.
And I have updated the patch for a smarter sanity check.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes with a sample_size of 0. n is then calculated by: n =
avctx-channels * sample_size. When buf_size % n is taken, a SIGPE is raised.
The patch attached fixes this by adding a check for n=0.
The pcm audio is contained in a c93
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/pcm_mod_by_zero_issue2502.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2502
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on some dpx files with invalid headers.
target_packet_size*avctx-width is not checked to see if the buffer will be
overread. The patch fixes this.
gdb run:
(gdb) r -i ../fuzzed.dpx del.mkv
Starting program: ffmpeg/ffmpeg_g
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/dpx_invalid_header_issue2503.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2503
New submission from Daniel Kang daniel.d.k...@gmail.com:
For ts files with invalid headers (i.e. channels greater than
DCA_PRIM_CHANNELS_MAX), ffmpeg crashes with a buffer overread. The patch
attached adds a check for this.
FTP does not work in my current location, so I have uploaded the sample
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on truemotion1 videos with invalid vector table IDs. ffmpeg
checks if the vector table ID is too large, but not if it will be negative. The
patch attached adds this check.
gdb run:
(gdb) r -i ../fuzzed.duk del.mkv
Starting
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/duk_invalid_vectable_id_issue2508.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2508
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on truemotion2 videos with invalid headers. The patch attached
adds sanity checks in several places.
gdb run:
(gdb) r -i ../fuzzed.avi del.mkv
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.avi del.mkv
[Thread debugging
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/truemotion2_ffmpeg_crash_issue2512
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2512
New submission from Daniel Kang daniel.d.k...@gmail.com:
When cmv_decode_inter uses the second-last frame as reference when it should
not, ffmpeg crashes. The patch attached adds a sanity check on that.
gdb run:
(gdb) r -i ../fuzzed.cmv del.mkv
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.cmv
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/eacmv_invalid_decode_issue2513
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2513
Daniel Kang daniel.d.k...@gmail.com added the comment:
The issue is in the encoder, so I am not sure how to trigger an invalid time
that will be written.
--
substatus: needs_more_info - open
FFmpeg issue tracker iss...@roundup.ffmpeg.org
Daniel Kang daniel.d.k...@gmail.com added the comment:
Accidentally changed status -- revert back.
--
substatus: open - needs_more_info
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2494
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes for dct (electronicarts) files with an invalid number of channels
(i.e. 0). The error is a division by zero. The patch attached adds checks for 0
channels.
gdb run:
(gdb) r -i ../fuzzed.dct del.mkv
Starting program
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/dct_zero_channels_issue2514
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2514
New submission from Daniel Kang daniel.d.k...@gmail.com:
For invalid stripoff sizes (e.g. negative), ffmpeg crashes with a buffer
underflow. The patch attached checks for negative stripoff sizes.
gdb run:
(gdb) r -i ../fuzzed.tif del.jpg
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.tif
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/tif_invalid_soff_size_issue2515
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2515
New submission from Daniel Kang daniel.d.k...@gmail.com:
For maxval = 0, ffmpeg crashes with SIGPE on pgm files. There is a check for
maxval = 0, but it is not checked again after maxval is potentially set again.
The patch attached adds a check for that.
gdb run:
(gdb) r -i ../fuzzed.pgm
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/pgm_invalid_maxval_issue2518.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2518
New submission from Daniel Kang daniel.d.k...@gmail.com:
For fli files with invalid frame sizes, ffmpeg crashes with a buffer overread.
This is because ffmpeg does not check if the stream_ptr is larger than the
buffer size. The patch attached adds a check for this.
gdb run:
(gdb) r -i
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/fli_buffer_overread_issue2520
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2520
New submission from Daniel Kang daniel.d.k...@gmail.com:
When ffmpeg tries to apply an incorrect decoding type on roq videos, ffmpeg
crashes. This occurs when the last_frame data is null. The patch attached adds a
check for this.
gdb run:
(gdb) r -i ../fuzzed.roq del.mkv
Starting program: /afs
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/roq_invalid_decode_issue2521.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2521
New submission from Daniel Kang daniel.d.k...@gmail.com:
When ffmpeg encounters an interplay video with an invalid decode opcode, it
attempts to decode it using that opcode. When the opcode is invalid, ffmpeg
attempts to access a null pointer. The patch attached adds a check for this.
gdb run
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/mve_invalid_decode_issue2522.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2522
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg does not check for invalid sym values in the indeo decoder. When one is
encountered (e.g. negative or greater than 256), ffmpeg will crash with a buffer
overread. The patch attached adds a check for this.
gdb run:
(gdb) r -i
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/indeo_invalid_sym_issue2523.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2523
New submission from Daniel Kang daniel.d.k...@gmail.com:
When ffmpeg decodes nuv files, in decode_init, c-decomp_buf is set to NULL.
This is fine in most cases, but when the buffer is not set later (e.g. for a
video with a corrupted header), ffmpeg crashes when trying to access it. The
patch
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to /MPlayer/incoming/nuv_null_pointer_2524.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2524
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes on electronic arts files with invalid sample rates. This occurs
because of a SIGPE when sample_rate = 0. I have added several checks for this.
gdb run:
(gdb) r -i ../fuzzed.dct del.mkv
Starting program: ffmpeg/ffmpeg_g -i
Daniel Kang daniel.d.k...@gmail.com added the comment:
I have uploaded a sample to
/MPlayer/incoming/electronic_arts_invalid_sample_rate_issue2525.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2525
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg crashes for 4xm files that initialize the wrong number of tracks. When
this happens, ffmpeg will read in the data to one track, but will not use the
correct track information while decoding. The patch attached adds a check to see
New submission from Daniel Kang daniel.d.k...@gmail.com:
ffmpeg checks if time_scale is zero for mov files, but does not check if it is
negative. If the time_scale is negative (invalid), ffmpeg will fail an
assertion. The patch attached changes the check for time_scale.
gdb run:
(gdb) r -i
Daniel Kang daniel.d.k...@gmail.com added the comment:
FTP is not working in my current location, so I have attached a sample file.
File '4xm_crash.4xm' not attached - you can download it from
https://roundup.ffmpeg.org/file1300.
FFmpeg issue
Daniel Kang daniel.d.k...@gmail.com added the comment:
FTP does not work in my current location, so I have uploaded a sample.
FFmpeg issue tracker iss...@roundup.ffmpeg.org
https://roundup.ffmpeg.org/issue2528
61 matches
Mail list logo
