On Thu, Apr 01, 2021 at 09:22:23PM +0200, Paul B Mahol wrote: > Try this attached patch. I have not looked at all samples, as some allocate > too much memory for my system.
> But this patch points where real bugs are, unlike yours patch which hides > real bugs even more. I would appreciate if cfhd wouldnt have so many real bugs. Your approach seems to be to fix what the fuzzer finds. What my patch was moving toward is to make the code more secure and robust not to fix individual bugs. My patch was never intended to be the end of such improvment, but with the first stage being rejected iam of course not putting time in the next ... but thats not so importrant now, whats important is the bugs here and your patch eliminates all of the current group but one. Thats good! Heres what remains: ffmpeg -threads 1 -i dec_fuzzer-30739.nut -f null - [cfhd @ 0x16b0c6c0] Sample format of 1039 is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented. Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x254285: process_input_packet (ffmpeg.c:2718) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== Conditional jump or move depends on uninitialised value(s) ==17282== at 0x82BBF4: av_clip_uintp2_c (common.h:304) ==17282== by 0x82C915: interlaced_vertical_filter (cfhd.c:205) ==17282== by 0x83424E: cfhd_decode (cfhd.c:1278) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== Uninitialised value was created by a heap allocation ==17282== at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x1236BA6: av_malloc (mem.c:86) ==17282== by 0x1236DB8: av_malloc_array (mem.c:187) ==17282== by 0x82D072: alloc_buffers (cfhd.c:296) ==17282== by 0x82F8DD: cfhd_decode (cfhd.c:664) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== ==17282== Conditional jump or move depends on uninitialised value(s) ==17282== at 0x82BBF4: av_clip_uintp2_c (common.h:304) ==17282== by 0x82C93C: interlaced_vertical_filter (cfhd.c:206) ==17282== by 0x83424E: cfhd_decode (cfhd.c:1278) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== Uninitialised value was created by a heap allocation ==17282== at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x1236BA6: av_malloc (mem.c:86) ==17282== by 0x1236DB8: av_malloc_array (mem.c:187) ==17282== by 0x82D072: alloc_buffers (cfhd.c:296) ==17282== by 0x82F8DD: cfhd_decode (cfhd.c:664) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== ==17282== Invalid write of size 2 ==17282== at 0x82C956: interlaced_vertical_filter (cfhd.c:206) ==17282== by 0x83424E: cfhd_decode (cfhd.c:1278) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) ==17282== Address 0x2a0cd24e is 2,621,518 bytes inside a block of size 2,621,519 alloc'd ==17282== at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17282== by 0x1236BA6: av_malloc (mem.c:86) ==17282== by 0x121C724: av_buffer_alloc (buffer.c:72) ==17282== by 0x121C79F: av_buffer_allocz (buffer.c:85) ==17282== by 0x121D15C: pool_alloc_buffer (buffer.c:351) ==17282== by 0x121D2A3: av_buffer_pool_get (buffer.c:388) ==17282== by 0x863DAC: video_get_buffer (decode.c:1663) ==17282== by 0x863F9B: avcodec_default_get_buffer2 (decode.c:1702) ==17282== by 0x254E5A: get_buffer (ffmpeg.c:2943) ==17282== by 0x864A5A: ff_get_buffer (decode.c:1937) ==17282== by 0xB219CE: thread_get_buffer_internal (pthread_frame.c:1006) ==17282== by 0xB21E2B: ff_thread_get_buffer (pthread_frame.c:1098) ==17282== by 0x82F9FA: cfhd_decode (cfhd.c:682) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== [cfhd @ 0x16b0c6c0] Invalid plane dimensions ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x832813: cfhd_decode (cfhd.c:1096) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) Error while decoding stream #0:0: Invalid argument ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x254285: process_input_packet (ffmpeg.c:2718) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) [cfhd @ 0x16b0c6c0] Invalid dimensions ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x830E9D: cfhd_decode (cfhd.c:897) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) ==17282== by 0x252DC7: decode_video (ffmpeg.c:2425) ==17282== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) Error while decoding stream #0:0: Invalid argument ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x254285: process_input_packet (ffmpeg.c:2718) ==17282== by 0x25BB79: process_input (ffmpeg.c:4606) ==17282== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==17282== by 0x25C1D5: transcode (ffmpeg.c:4800) ==17282== by 0x25CB3F: main (ffmpeg.c:5005) [cfhd @ 0x16b0c6c0] Invalid dimensionsme=00:00:00.00 bitrate=N/A speed=5.23e-06x ==17282== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==17282== by 0x1233DEB: av_log_default_callback (log.c:397) ==17282== by 0x1234092: av_vlog (log.c:432) ==17282== by 0x1233EF1: av_log (log.c:411) ==17282== by 0x830E9D: cfhd_decode (cfhd.c:897) ==17282== by 0x860064: decode_simple_internal (decode.c:327) ==17282== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==17282== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==17282== by 0x861019: avcodec_send_packet (decode.c:608) ==17282== by 0x2525A7: decode (ffmpeg.c:2285) [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The greatest way to live with honor in this world is to be what we pretend to be. -- Socrates
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
