On Fri, Apr 02, 2021 at 12:25:53AM +0200, Michael Niedermayer wrote: > On Thu, Apr 01, 2021 at 09:22:23PM +0200, Paul B Mahol wrote: > > Try this attached patch. I have not looked at all samples, as some allocate > > too much memory for my system. > > > But this patch points where real bugs are, unlike yours patch which hides > > real bugs even more. > > I would appreciate if cfhd wouldnt have so many real bugs. > Your approach seems to be to fix what the fuzzer finds. What my patch was > moving toward is to make the code more secure and robust not to fix individual > bugs. My patch was never intended to be the end of such improvment, but with > the first stage being rejected iam of course not putting time in the next ... > > but thats not so importrant now, whats important is the bugs here > and your patch eliminates all of the current group but one. Thats good! > Heres what remains: > ffmpeg -threads 1 -i dec_fuzzer-30739.nut -f null -
correction, the fuzzer found an alternative sample for 29754 which still crashes this seems to also use less memory than the other remaining sample will send the sample privatly [cfhd @ 0x16d92180] Invalid lowpass height ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) ==24087== by 0x860064: decode_simple_internal (decode.c:327) ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==24087== by 0x861019: avcodec_send_packet (decode.c:608) ==24087== by 0x2525A7: decode (ffmpeg.c:2285) ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) Error while decoding stream #0:0: Invalid argument ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) [cfhd @ 0x16d92180] Invalid lowpass height ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) ==24087== by 0x860064: decode_simple_internal (decode.c:327) ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==24087== by 0x861019: avcodec_send_packet (decode.c:608) ==24087== by 0x2525A7: decode (ffmpeg.c:2285) ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) Error while decoding stream #0:0: Invalid argument ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) [cfhd @ 0x16d92180] Sample format of 1039 is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented. Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) [cfhd @ 0x16d92180] Invalid lowpass height ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) ==24087== by 0x860064: decode_simple_internal (decode.c:327) ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==24087== by 0x861019: avcodec_send_packet (decode.c:608) ==24087== by 0x2525A7: decode (ffmpeg.c:2285) ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) Error while decoding stream #0:0: Invalid argument ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) ==24087== by 0x1234092: av_vlog (log.c:432) ==24087== by 0x1233EF1: av_log (log.c:411) ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) ==24087== Invalid read of size 16 ==24087== at 0x10A1385: ??? (libavcodec/x86/cfhddsp.asm:384) ==24087== by 0x1FFEFFF74F: ??? ==24087== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==24087== ==24087== ==24087== Process terminating with default action of signal 11 (SIGSEGV) ==24087== Access not within mapped region at address 0x0 ==24087== at 0x10A1385: ??? (libavcodec/x86/cfhddsp.asm:384) ==24087== by 0x1FFEFFF74F: ??? ==24087== If you believe this happened as a result of a stack ==24087== overflow in your program's main thread (unlikely but ==24087== possible), you can try to increase the size of the ==24087== main thread stack using the --main-stacksize= flag. ==24087== The main thread stack size used in this run was 8388608. ==24087== ==24087== HEAP SUMMARY: ==24087== in use at exit: 4,909,751 bytes in 242 blocks ==24087== total heap usage: 1,961 allocs, 1,719 frees, 23,859,585 bytes allocated ==24087== ==24087== 11,776 bytes in 32 blocks are possibly lost in loss record 174 of 181 ==24087== at 0x4C33B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24087== by 0x4013646: allocate_dtv (dl-tls.c:286) ==24087== by 0x4013646: _dl_allocate_tls (dl-tls.c:530) ==24087== by 0xCB4F227: allocate_stack (allocatestack.c:627) ==24087== by 0xCB4F227: pthread_create@@GLIBC_2.2.5 (pthread_create.c:644) ==24087== by 0x12669C2: avpriv_slicethread_create (slicethread.c:147) ==24087== by 0x2BC153: thread_init_internal (pthread.c:78) ==24087== by 0x2BC1F1: ff_graph_thread_init (pthread.c:97) ==24087== by 0x29FE2E: avfilter_graph_alloc_filter (avfiltergraph.c:180) ==24087== by 0x2BA603: create_filter (graphparser.c:132) ==24087== by 0x2BA896: parse_filter (graphparser.c:201) ==24087== by 0x2BB171: avfilter_graph_parse2 (graphparser.c:438) ==24087== by 0x240FD9: configure_filtergraph (ffmpeg_filter.c:1034) ==24087== by 0x2523A2: ifilter_send_frame (ffmpeg.c:2234) ==24087== by 0x2526DA: send_frame_to_filters (ffmpeg.c:2315) ==24087== by 0x25348B: decode_video (ffmpeg.c:2512) ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24087== by 0x25CB3F: main (ffmpeg.c:5005) ==24087== ==24087== LEAK SUMMARY: ==24087== definitely lost: 0 bytes in 0 blocks ==24087== indirectly lost: 0 bytes in 0 blocks ==24087== possibly lost: 11,776 bytes in 32 blocks ==24087== still reachable: 4,897,975 bytes in 210 blocks ==24087== suppressed: 0 bytes in 0 blocks ==24087== Reachable blocks (those to which a pointer was found) are not shown. ==24087== To see them, rerun with: --leak-check=full --show-leak-kinds=all [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Does the universe only have a finite lifespan? No, its going to go on forever, its just that you wont like living in it. -- Hiranya Peiri
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
