#6829: tivo: crash with fuzzed file
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
https://files.fm/u/wzee5nkr
{{{
(gdb) r -i f/ty/live_fuzz.ty+ -f null -
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i f/ty/live_fuzz.ty+ -f
null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.4.git Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
configuration: --enable-gpl --disable-ffprobe --disable-ffplay
--disable-ffserver
libavutil 56. 0.100 / 56. 0.100
libavcodec 58. 2.100 / 58. 2.100
libavformat 58. 2.100 / 58. 2.100
libavdevice 58. 0.100 / 58. 0.100
libavfilter 7. 0.101 / 7. 0.101
libswscale 5. 0.101 / 5. 0.101
libswresample 3. 0.101 / 3. 0.101
libpostproc 55. 0.100 / 55. 0.100
[ty @ 0x9aa9200] DTS discontinuity in stream 1: packet 14 with DTS
26958472, packet 15 with DTS 1100702456
Input #0, ty, from 'f/ty/live_fuzz.ty+':
Duration: N/A, start: 299.154578, bitrate: N/A
Stream #0:0: Video: mpeg2video (Main), yuv420p(tv, top first), 480x480
[SAR 4:3 DAR 4:3], 27.75 fps, 59.94 tbr, 90k tbn, 59.94 tbc
Stream #0:1: Audio: mp2, 48000 Hz, stereo, s16p, 160 kb/s
[New Thread 0xb7575b40 (LWP 2450)]
[New Thread 0xb6d74b40 (LWP 2451)]
[New Thread 0xb6573b40 (LWP 2452)]
[New Thread 0xb5d72b40 (LWP 2453)]
[New Thread 0xb5571b40 (LWP 2454)]
[New Thread 0xb4d70b40 (LWP 2455)]
[New Thread 0xb456fb40 (LWP 2456)]
[New Thread 0xb3d6eb40 (LWP 2457)]
Stream mapping:
Stream #0:0 -> #0:0 (mpeg2video (native) -> wrapped_avframe (native))
Stream #0:1 -> #0:1 (mp2 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[New Thread 0xb356db40 (LWP 2458)]
[New Thread 0xb2d6cb40 (LWP 2459)]
[New Thread 0xb256bb40 (LWP 2460)]
[New Thread 0xb1d6ab40 (LWP 2461)]
[New Thread 0xb1569b40 (LWP 2462)]
[New Thread 0xb0d68b40 (LWP 2463)]
[New Thread 0xb0567b40 (LWP 2464)]
[New Thread 0xafd66b40 (LWP 2465)]
[mp2 @ 0x9ac4dc0] Header missing
Error while decoding stream #0:1: Invalid data found when processing input
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 0
[mpeg2video @ 0x9aae8a0] Invalid mb type in I-frame at 4 3
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 10
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 13 13
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 9 4
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 2 5
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 6
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 13 17
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 11
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 13 18
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 3 19
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 19 12
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 19 14
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 5 15
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 5 16
[mpeg2video @ 0x9aae8a0] skipped MB in I-frame at 27 1
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 17 2
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 5 20
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 5 21
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 12 22
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 7
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 27
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 7 28
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 8
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 3 9
[mpeg2video @ 0x9aae8a0] skipped MB in I-frame at 20 29
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 2 23
[mpeg2video @ 0x9aae8a0] skipped MB in I-frame at 1 24
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 26
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 900 DC, 900 AC, 900 MV errors in I
frame
[mpeg2video @ 0x9aae8a0] ignoring extra picture following a frame-picture
[mpeg2video @ 0x9aae8a0] Missing picture start code
Last message repeated 19 times
[mpeg2video @ 0x9aae8a0] mb incr damaged
Last message repeated 1 times
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 9
[mpeg2video @ 0x9aae8a0] Invalid mb type in P-frame at 4 10
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 17 7
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 17 15
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 8 19
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 23
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 23 24
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 571 DC, 571 AC, 571 MV errors in P
frame
[...]
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 541 DC, 541 AC, 541 MV errors in B
frame
[mpeg2video @ 0x9aae8a0] ignoring pic cod ext after 0
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 27 0
[mpeg2video @ 0x9aae8a0] invalid cbp -1 at 13 7
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 6 11
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 28 9
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 14 3
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 9 14
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 18 14
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 13 4
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 6 18
[mpeg2video @ 0x9aae8a0] invalid cbp 0 at 18 21
[mpeg2video @ 0x9aae8a0] mb incr damaged
Last message repeated 1 times
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 480 DC, 480 AC, 480 MV errors in B
frame
[mpeg2video @ 0x9aae8a0] slice below image (129 >= 30)
Error while decoding stream #0:0: Invalid data found when processing input
[mpeg2video @ 0x9aae8a0] slice below image (35 >= 30)
Error while decoding stream #0:0: Invalid data found when processing input
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 26 0
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 7 5
[mpeg2video @ 0x9aae8a0] invalid cbp -1 at 23 12
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 8 13
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 11 21
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 16 8
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 16 15
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 10 6
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 0 25
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 14 26
[mpeg2video @ 0x9aae8a0] end mismatch left=391 600000 at 0 30
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 570 DC, 570 AC, 570 MV errors in B
frame
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 6 1
[mpeg2video @ 0x9aae8a0] invalid cbp 0 at 20 10
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 28 9
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 8 11
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 9 3
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 15 22
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 12 25
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 27 13
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 16 15
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 21 16
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 412 DC, 412 AC, 412 MV errors in B
frame
[mpeg2video @ 0x9aae8a0] Invalid mb type in P-frame at 17 1
[mpeg2video @ 0x9aae8a0] Invalid mb type in P-frame at 22 3
[mpeg2video @ 0x9aae8a0] Invalid mb type in P-frame at 2 10
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 12 12
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] invalid cbp -1 at 3 17
[mpeg2video @ 0x9aae8a0] slice mismatch
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 9 16
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 14 28
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 15 23
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 26 26
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 571 DC, 571 AC, 571 MV errors in P
frame
[mpeg2video @ 0x9aae8a0] slice below image (156 >= 30)
Error while decoding stream #0:0: Invalid data found when processing input
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 24 8
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 4 11
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 15 13
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 22 17
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 5 18
[mpeg2video @ 0x9aae8a0] skip with previntra
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 10 14
[mpeg2video @ 0x9aae8a0] mb incr damaged
[mpeg2video @ 0x9aae8a0] slice mismatch
[mpeg2video @ 0x9aae8a0] invalid cbp 0 at 24 1
[mpeg2video @ 0x9aae8a0] invalid cbp -1 at 20 12
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 8 22
[mpeg2video @ 0x9aae8a0] Invalid mb type in B-frame at 7 19
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 510 DC, 510 AC, 510 MV errors in B
frame
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 3 1
[mpeg2video @ 0x9aae8a0] slice mismatch
Last message repeated 2 times
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 6 7
[mpeg2video @ 0x9aae8a0] ac-tex damaged at 9 8
[mpeg2video @ 0x9aae8a0] Warning MVs not available
[mpeg2video @ 0x9aae8a0] concealing 814 DC, 814 AC, 814 MV errors in P
frame
Program received signal SIGSEGV, Segmentation fault.
ty_read_packet (s=0x9aa9200, pkt=0xbfffe668) at libavformat/ty.c:732
732 rec_size = rec->rec_size;
(gdb) bt
#0 ty_read_packet (s=0x9aa9200, pkt=0xbfffe668) at libavformat/ty.c:732
#1 0x0838f482 in ff_read_packet (s=0x9aa9200, pkt=0xbfffe668)
at libavformat/utils.c:823
#2 0x0839301c in read_frame_internal (s=s@entry=0x9aa9200,
pkt=pkt@entry=0xbfffe928) at libavformat/utils.c:1526
#3 0x08394420 in av_read_frame (s=0x9aa9200, pkt=0xbfffe928)
at libavformat/utils.c:1723
#4 0x080dbacf in get_input_packet (f=f@entry=0x9aab2e0,
pkt=pkt@entry=0xbfffe928) at fftools/ffmpeg.c:4072
#5 0x080eb02f in process_input (file_index=0) at fftools/ffmpeg.c:4195
#6 transcode_step () at fftools/ffmpeg.c:4542
#7 transcode () at fftools/ffmpeg.c:4596
#8 0x080c6af9 in main (argc=<optimized out>, argv=<optimized out>)
at fftools/ffmpeg.c:4802
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6829>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-trac
