New submission from Daniel Kang <[email protected]>: ffmpeg crashes on mkv files with invalid timestamps with the arguments "./ffmpeg -i ../fuzzed.mkv del.mkv". The error is "Floating point exception". This occurs because a division by zero when the timestamp is invalid. The file was generated with zzuf.
I have attached a fix which does a sanity check on the timestamp. I will send
the patch to the ffmpeg-devel mailing list for comments.
gdb run:
(gdb) r -i ../fuzzed.mkv del.mkv
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.mkv del.mkv
[Thread debugging using libthread_db enabled]
FFmpeg version git-5414216, Copyright (c) 2000-2011 the FFmpeg developers
built on Jan 1 2011 14:05:31 with gcc 4.4.5
configuration: --enable-gpl
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 0 / 0.16. 0
libavcodec 52.101. 0 / 52.101. 0
libavformat 52.91. 0 / 52.91. 0
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.72. 0 / 1.72. 0
libswscale 0.12. 0 / 0.12. 0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] header damaged
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] Error, header damaged or not MPEG4 header (f_code=0)
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] looks like this file was encoded with
(divx4/(old)xvid/opendivx) -> forcing low_delay flag
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
Marker bit missing before time_increment
Last message repeated 1 times
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 13 bits ;)
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 13 bits ;)
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 4 bits ;)
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 4 bits ;)
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fffffffd010] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] illegal chroma format
[mpeg4 @ 0x11fbe90] only rectangular vol supported
[mpeg4 @ 0x11fbe90] Gray shape not supported
[mpeg4 @ 0x11fbe90] reduced resolution VOP not supported
Marker bit missing before time_increment_resolution
Marker bit missing before fixed_vop_rate
[mpeg4 @ 0x11fbe90] scalability not supported
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[mpeg4 @ 0x11fbe90] Error, header damaged or not MPEG4 header (qscale=0)
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[m4v @ 0x11f9510] Estimating duration from bitrate, this may be inaccurate
Input #0, m4v, from '../fuzzed.mkv':
Duration: N/A, bitrate: N/A
Stream #0.0: Video: mpeg4, yuv420p, 4557x5885 [PAR 10:11 DAR 9114:12947],
53757 tbr, 1200k tbn, 53757 tbc
[buffer @ 0x12021c0] w:4557 h:5885 pixfmt:yuv420p
Output #0, matroska, to 'del.mkv':
Metadata:
encoder : Lavf52.91.0
Stream #0.0: Video: mpeg4, yuv420p, 4557x5885 [PAR 10:11 DAR 9114:12947],
q=2-31, 200 kb/s, 1k tbn, 53757 tbc
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop encoding
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] header damaged
Error while decoding stream #0.0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] looks like this file was encoded with
(divx4/(old)xvid/opendivx) -> forcing low_delay flag
[mpeg4 @ 0x11fbe90] warning: first frame is no keyframe
[mpeg4 @ 0x11fbe90] ac-tex damaged at 6 0
[mpeg4 @ 0x11fbe90] Error at MB: 6
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
Program received signal SIGFPE, Arithmetic exception.
0x0000000000433a22 in output_packet (ist=0x12020e0, ist_index=0,
ost_table=<value optimized out>, nb_ostreams=<value optimized out>,
pkt=0x7fffffffd650)
at ffmpeg.c:1559
1559 ist->next_pts += ((int64_t)AV_TIME_BASE *
(gdb) bt
#0 0x0000000000433a22 in output_packet (ist=0x12020e0, ist_index=0,
ost_table=<value optimized out>, nb_ostreams=<value optimized out>,
pkt=0x7fffffffd650)
at ffmpeg.c:1559
#1 0x0000000000435487 in transcode (nb_output_files=<value optimized out>,
nb_input_files=<value optimized out>, stream_maps=<value optimized out>,
nb_stream_maps=<value optimized out>, input_files=<value optimized out>,
output_files=<value optimized out>) at ffmpeg.c:2640
#2 0x00000000004363f3 in main (argc=4, argv=<value optimized out>) at
ffmpeg.c:4350
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x433a02 to 0x433a42:
0x0000000000433a02 <output_packet+6882>: sub $0x83,%al
0x0000000000433a04 <output_packet+6884>: movl $0x48d26348,(%rcx)
0x0000000000433a0a <output_packet+6890>: movslq %edi,%edi
0x0000000000433a0c <output_packet+6892>: imul $0xf4240,%rdx,%rdx
0x0000000000433a13 <output_packet+6899>: imul %rdi,%rdx
0x0000000000433a17 <output_packet+6903>: movslq 0x30(%rax),%rdi
0x0000000000433a1b <output_packet+6907>: mov %rdx,%rax
0x0000000000433a1e <output_packet+6910>: sar $0x3f,%rdx
0x0000000000433a22 <output_packet+6914>: idiv %rdi
0x0000000000433a25 <output_packet+6917>: add %rcx,%rax
0x0000000000433a28 <output_packet+6920>: mov %rax,0x28(%rbp)
0x0000000000433a2c <output_packet+6924>: mov $0x8000000000000000,%r11
0x0000000000433a36 <output_packet+6934>: movl $0x0,0x388(%rsp)
0x0000000000433a41 <output_packet+6945>: movq $0x0,0x90(%rsp)
End of assembler dump.
(gdb) info all-registers
rax 0xf4240 1000000
rbx 0x7fffffffd650 140737488344656
rcx 0x0 0
rdx 0x0 0
rsi 0x11fa5a0 18851232
rdi 0x0 0
rbp 0x12020e0 0x12020e0
rsp 0x7fffffffc480 0x7fffffffc480
r8 0x8 8
r9 0xffffffffffffdc20 -9184
r10 0x8f8 2296
r11 0xfffffffffffff708 -2296
r12 0x1 1
r13 0x7fffffffc670 140737488340592
r14 0x0 0
r15 0x7fffffffd650 140737488344656
rip 0x433a22 0x433a22 <output_packet+6914>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st2 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st3 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st4 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st5 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st6 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st7 -inf (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x80 <repeats 12 times>}, v8_int16 = {0x0, 0x0,
0x8080,
0x8080, 0x8080, 0x8080, 0x8080, 0x8080}, v4_int32 = {0x0, 0x80808080,
0x80808080, 0x80808080}, v2_int64 = {0x8080808000000000, 0x8080808080808080},
uint128 = 0x80808080808080808080808000000000}
---Type <return> to continue, or q <return> to quit---
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {0x8080, 0x8080, 0x8080,
0x8080, 0x8080,
0x8080, 0x8080, 0x8080}, v4_int32 = {0x80808080, 0x80808080, 0x80808080,
0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
uint128 = 0x80808080808080808080808080808080}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {0x8080, 0x8080, 0x8080,
0x8080, 0x8080,
0x8080, 0x8080, 0x8080}, v4_int32 = {0x80808080, 0x80808080, 0x80808080,
0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
uint128 = 0x80808080808080808080808080808080}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {0x8080, 0x8080, 0x8080,
0x8080, 0x8080,
0x8080, 0x8080, 0x8080}, v4_int32 = {0x80808080, 0x80808080, 0x80808080,
0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
uint128 = 0x80808080808080808080808080808080}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x2, 0x72, 0xc1, 0xf7, 0xc5, 0x8a, 0x4b, 0xbc, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x7202, 0xf7c1, 0x8ac5, 0xbc4b, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xf7c17202, 0xbc4b8ac5, 0x0, 0x0}, v2_int64 = {0xbc4b8ac5f7c17202,
0x0},
uint128 = 0x0000000000000000bc4b8ac5f7c17202}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x60, 0x3d, 0x17, 0xed, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x6000, 0x173d, 0x3fed, 0x0, 0x0, 0x0, 0x0}, v4_int32
= {0x60000000, 0x3fed173d, 0x0, 0x0}, v2_int64 = {0x3fed173d60000000, 0x0},
uint128 = 0x00000000000000003fed173d60000000}
xmm6 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x9d, 0x29, 0x49, 0xb5, 0x9e, 0x99, 0xf1, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x299d, 0xb549, 0x999e, 0x3ff1, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xb549299d, 0x3ff1999e, 0x0, 0x0}, v2_int64 = {0x3ff1999eb549299d,
0x0},
uint128 = 0x00000000000000003ff1999eb549299d}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {0x3bbcc86800000000, 0x0},
uint128 = 0x00000000000000003bbcc86800000000}
xmm8 {v4_float = {0xffffdb0a, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xd4, 0xdb, 0x13, 0xc6, 0x89, 0x66, 0xb8, 0xbf, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xdbd4, 0xc613, 0x6689, 0xbfb8, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0xc613dbd4, 0xbfb86689, 0x0, 0x0}, v2_int64 = {
0xbfb86689c613dbd4, 0x0}, uint128 = 0x0000000000000000bfb86689c613dbd4}
xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0x4000, 0x3ed1, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3ed14000, 0x0, 0x0}, v2_int64 = {0x3ed1400000000000, 0x0},
uint128 = 0x00000000000000003ed1400000000000}
xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xdd, 0xe0, 0x72, 0x1b, 0x9f, 0xf9, 0xd2, 0x3e, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0xe0dd, 0x1b72, 0xf99f, 0x3ed2, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x1b72e0dd, 0x3ed2f99f, 0x0, 0x0}, v2_int64 = {0x3ed2f99f1b72e0dd,
0x0},
uint128 = 0x00000000000000003ed2f99f1b72e0dd}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x6, 0x28, 0x81, 0x7, 0x42, 0x34, 0xe1, 0x3b, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x2806, 0x781, 0x3442, 0x3be1, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x7812806, 0x3be13442, 0x0, 0x0}, v2_int64 = {0x3be1344207812806,
0x0},
uint128 = 0x00000000000000003be1344207812806}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
Run with the patch:
./ffmpeg -i ../fuzzed.mkv del.mkv
FFmpeg version git-0448b23, Copyright (c) 2000-2011 the FFmpeg developers
built on Jan 1 2011 14:18:18 with gcc 4.4.5
configuration: --enable-gpl
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 0 / 0.16. 0
libavcodec 52.101. 0 / 52.101. 0
libavformat 52.91. 0 / 52.91. 0
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.72. 0 / 1.72. 0
libswscale 0.12. 0 / 0.12. 0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] header damaged
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] Error, header damaged or not MPEG4 header (f_code=0)
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] looks like this file was encoded with
(divx4/(old)xvid/opendivx) -> forcing low_delay flag
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
Marker bit missing before time_increment
Last message repeated 1 times
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 13 bits ;)
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 13 bits ;)
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 4 bits ;)
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 4 bits ;)
[mpeg4 @ 0x11fbe90] [IMGUTILS @ 0x7fff427e6c70] Picture size 0x0 is invalid
[mpeg4 @ 0x11fbe90] get_buffer() failed (-1 0 0 (nil))
[mpeg4 @ 0x11fbe90] illegal chroma format
[mpeg4 @ 0x11fbe90] only rectangular vol supported
[mpeg4 @ 0x11fbe90] Gray shape not supported
[mpeg4 @ 0x11fbe90] reduced resolution VOP not supported
Marker bit missing before time_increment_resolution
Marker bit missing before fixed_vop_rate
[mpeg4 @ 0x11fbe90] scalability not supported
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[mpeg4 @ 0x11fbe90] Error, header damaged or not MPEG4 header (qscale=0)
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[m4v @ 0x11f9510] Estimating duration from bitrate, this may be inaccurate
Input #0, m4v, from '../fuzzed.mkv':
Duration: N/A, bitrate: N/A
Stream #0.0: Video: mpeg4, yuv420p, 4557x5885 [PAR 10:11 DAR 9114:12947],
53757 tbr, 1200k tbn, 53757 tbc
[buffer @ 0x12021c0] w:4557 h:5885 pixfmt:yuv420p
Output #0, matroska, to 'del.mkv':
Metadata:
encoder : Lavf52.91.0
Stream #0.0: Video: mpeg4, yuv420p, 4557x5885 [PAR 10:11 DAR 9114:12947],
q=2-31, 200 kb/s, 1k tbn, 53757 tbc
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop encoding
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] header damaged
Error while decoding stream #0.0
Marker bit missing before time_increment_resolution
[mpeg4 @ 0x11fbe90] time_base.den==0
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 16 bits ;)
[mpeg4 @ 0x11fbe90] looks like this file was encoded with
(divx4/(old)xvid/opendivx) -> forcing low_delay flag
[mpeg4 @ 0x11fbe90] warning: first frame is no keyframe
[mpeg4 @ 0x11fbe90] ac-tex damaged at 6 0
[mpeg4 @ 0x11fbe90] Error at MB: 6
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] ac-tex damaged at 75 0
[mpeg4 @ 0x11fbe90] Error at MB: 75
[mpeg4 @ 0x11fbe90] marker does not match f_code
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 13 bits ;)
[mpeg4 @ 0x11fbe90] ac-tex damaged at 39 0
[mpeg4 @ 0x11fbe90] Error at MB: 39
[mpeg4 @ 0x11fbe90] marker does not match f_code
[mpeg4 @ 0x11fbe90] Error at MB: 1758
[mpeg4 @ 0x11fbe90] marker does not match f_code
Marker bit missing before time_increment in video packed header
[mpeg4 @ 0x11fbe90] Error, video packet header damaged (f_code=0)
[mpeg4 @ 0x11fbe90] ac-tex damaged at 217 143
[mpeg4 @ 0x11fbe90] Error at MB: 41115
[mpeg4 @ 0x11fbe90] ac-tex damaged at 67 6
[mpeg4 @ 0x11fbe90] Error at MB: 1783
[mpeg4 @ 0x11fbe90] marker does not match f_code
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
[mpeg4 @ 0x11fbe90] ac-tex damaged at 6 0
[mpeg4 @ 0x11fbe90] Error at MB: 6
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 1 times
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
[mpeg4 @ 0x11fbe90] Error at MB: 10
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 3 times
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
[mpeg4 @ 0x11fbe90] Error at MB: 15 257kB time=10000000000.00 bitrate=
0.0kbits/s dup=0 drop=4
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 1 times
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
[mpeg4 @ 0x11fbe90] hmm, seems the headers are not complete, trying to guess
time_increment_bits
[mpeg4 @ 0x11fbe90] my guess is 4 bits ;)
[mpeg4 @ 0x11fbe90] ac-tex damaged at 140 0
[mpeg4 @ 0x11fbe90] Error at MB: 140
[mpeg4 @ 0x11fbe90] marker does not match f_code
[mpeg4 @ 0x11fbe90] concealing 104864 DC, 104864 AC, 104864 MV errors
[mpeg4 @ 0x11fbe90] illegal chroma format
[mpeg4 @ 0x11fbe90] only rectangular vol supported
[mpeg4 @ 0x11fbe90] Gray shape not supported
[mpeg4 @ 0x11fbe90] reduced resolution VOP not supported
Marker bit missing before time_increment_resolution
Marker bit missing before fixed_vop_rate
[mpeg4 @ 0x11fbe90] scalability not supported
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[mpeg4 @ 0x11fbe90] 2. marker bit missing in 3. esc
[mpeg4 @ 0x11fbe90] Error at MB: 142
[mpeg4 @ 0x11fbe90] concealing 104863 DC, 104863 AC, 104863 MV errors
[mpeg4 @ 0x11fbe90] Error, header damaged or not MPEG4 header (qscale=0)
[mpeg4 @ 0x11fbe90] header damaged
Error while decoding stream #0.0
Marker bit missing before time_increment
[mpeg4 @ 0x11fbe90] load backward shape isn't supported
[mpeg4 @ 0x11fbe90] ac-tex damaged at 80 0
[mpeg4 @ 0x11fbe90] Error at MB: 80
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 3 times
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
[mpeg4 @ 0x11fbe90] 1. marker bit missing in 3. esc0000000.00 bitrate=
0.0kbits/s dup=0 drop=7
[mpeg4 @ 0x11fbe90] Error at MB: 3
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 7 times
Marker bit missing before vop_coding_type in video packed header
[mpeg4 @ 0x11fbe90] ac-tex damaged at 55 15
[mpeg4 @ 0x11fbe90] Error at MB: 4345
[mpeg4 @ 0x11fbe90] marker does not match f_code
Last message repeated 2 times
[mpeg4 @ 0x11fbe90] concealing 104880 DC, 104880 AC, 104880 MV errors
frame= 3 fps= 2 q=10.0 Lsize= 309kB time=10000000000.00 bitrate=
0.0kbits/s dup=0 drop=7
video:308kB audio:0kB global headers:0kB muxing overhead 0.185710%
----------
files: mkv_crash_fix.diff
messages: 13142
priority: normal
status: open
substatus: open
title: ffmpeg crashes on mkv files with invalid time stamps
type: bug
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2471>
________________________________________________
mkv_crash_fix.diff
Description: Binary data
