A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://ffmpeg.org/pipermail/ffmpeg-devel/2007-January/027863.html below:

[Ffmpeg-devel] seg fault in mov_read_header

[Ffmpeg-devel] seg fault in mov_read_headerBenoit Fouet benoit.fouet
Wed Jan 24 08:51:43 CET 2007 
Hi,

as it seems to be welcome to play with fuzzer, i did, and found out a
crash in ffmpeg.
in mov.c, line 1513, the asser tries to access something in
stts_data[stts_index] which is NULL.

traces in gdb:

(gdb) r -y -i test.3gp out_test.mp4
Starting program: /home/bfouet/env/open_sources/ffmpeg/ffmpeg_g -y -i
http://darkkben.free.fr/ffmpeg/crash_mov_c_l_1513.3gp out_test.mp4
[Thread debugging using libthread_db enabled]
[New Thread -1214933328 (LWP 512)]
FFmpeg version SVN-r7677, Copyright (c) 2000-2006 Fabrice Bellard, et al.
  configuration:  --enable-gpl --enable-mp3lame --enable-a52
--enable-xvid --enable-libogg --enable-vorbis --enable-x264
--enable-faad --enable-faac --enable-amr_nb --enable-amr_wb --enable-pp
--disable-strip --prefix=/usr --mandir=/usr/share/man --arch=amd64
  libavutil version: 49.2.0
  libavcodec version: 51.29.0
  libavformat version: 51.8.0
  built on Jan 24 2007 08:26:07, gcc: 3.4.6 (Gentoo 3.4.6-r1,
ssp-3.4.5-1.0, pie-8.7.9)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214933328 (LWP 512)]
mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
1513                    assert(sc->stts_data[stts_index].duration %
sc->time_rate == 0);
(gdb) bt
#0  mov_read_header (s=0x843ff90, ap=0xbfafe660) at mov.c:1513
#1  0x0806496b in av_open_input_stream (ic_ptr=0xbfafe654,
pb=0xbfafe580, filename=0x535 <Address 0x535 out of bounds>, fmt=0x83c6ca0,
    ap=0xbfafe660) at utils.c:404
#2  0x0806ae33 in av_open_input_file (ic_ptr=0xbfafe654,
filename=0xbfb00e16 "test.3gp", fmt=0xbfafe654, buf_size=0, ap=0x535)
    at utils.c:517
#3  0x0805de5c in opt_input_file (filename=0xbfb00e16 "test.3gp") at
ffmpeg.c:2586
#4  0x080641df in parse_options (argc=5, argv=0xbfafee54,
options=0x83078a0) at cmdutils.c:105
#5  0x08062115 in main (argc=5, argv=0x535) at ffmpeg.c:3922
(gdb) p sc
$1 = (MOVStreamContext *) 0x84498c0
(gdb) p sc->stts_data
$2 = (Time2Sample *) 0x0


Ben
More information about the ffmpeg-devel mailing list

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4