On Fri, Apr 02, 2021 at 12:49:26AM +0200, Michael Niedermayer wrote: > On Fri, Apr 02, 2021 at 12:25:53AM +0200, Michael Niedermayer wrote: > > On Thu, Apr 01, 2021 at 09:22:23PM +0200, Paul B Mahol wrote: > > > Try this attached patch. I have not looked at all samples, as some > > > allocate > > > too much memory for my system. > > > > > But this patch points where real bugs are, unlike yours patch which hides > > > real bugs even more. > > > > I would appreciate if cfhd wouldnt have so many real bugs. > > Your approach seems to be to fix what the fuzzer finds. What my patch was > > moving toward is to make the code more secure and robust not to fix > > individual > > bugs. My patch was never intended to be the end of such improvment, but with > > the first stage being rejected iam of course not putting time in the next > > ... > > > > but thats not so importrant now, whats important is the bugs here > > and your patch eliminates all of the current group but one. Thats good! > > Heres what remains: > > ffmpeg -threads 1 -i dec_fuzzer-30739.nut -f null - > > correction, the fuzzer found an alternative sample for 29754 which still > crashes > this seems to also use less memory than the other remaining sample > will send the sample privatly > > [cfhd @ 0x16d92180] Invalid lowpass height > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) > ==24087== by 0x860064: decode_simple_internal (decode.c:327) > ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) > ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) > ==24087== by 0x861019: avcodec_send_packet (decode.c:608) > ==24087== by 0x2525A7: decode (ffmpeg.c:2285) > ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) > ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > Error while decoding stream #0:0: Invalid argument > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > [cfhd @ 0x16d92180] Invalid lowpass height > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) > ==24087== by 0x860064: decode_simple_internal (decode.c:327) > ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) > ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) > ==24087== by 0x861019: avcodec_send_packet (decode.c:608) > ==24087== by 0x2525A7: decode (ffmpeg.c:2285) > ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) > ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > Error while decoding stream #0:0: Invalid argument > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > [cfhd @ 0x16d92180] Sample format of 1039 is not implemented. Update your > FFmpeg version to the newest one from Git. If the problem still occurs, it > means that your file has a feature which has not been implemented. > Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches > welcome > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > [cfhd @ 0x16d92180] Invalid lowpass height > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x82FCFB: cfhd_decode (cfhd.c:721) > ==24087== by 0x860064: decode_simple_internal (decode.c:327) > ==24087== by 0x860C9B: decode_simple_receive_frame (decode.c:526) > ==24087== by 0x860D95: decode_receive_frame_internal (decode.c:546) > ==24087== by 0x861019: avcodec_send_packet (decode.c:608) > ==24087== by 0x2525A7: decode (ffmpeg.c:2285) > ==24087== by 0x252DC7: decode_video (ffmpeg.c:2425) > ==24087== by 0x253EF3: process_input_packet (ffmpeg.c:2672) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005) > Error while decoding stream #0:0: Invalid argument > ==24087== at 0x123322D: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303) > ==24087== by 0x1233DEB: av_log_default_callback (log.c:397) > ==24087== by 0x1234092: av_vlog (log.c:432) > ==24087== by 0x1233EF1: av_log (log.c:411) > ==24087== by 0x254285: process_input_packet (ffmpeg.c:2718) > ==24087== by 0x25BB79: process_input (ffmpeg.c:4606) > ==24087== by 0x25C06D: transcode_step (ffmpeg.c:4746) > ==24087== by 0x25C1D5: transcode (ffmpeg.c:4800) > ==24087== by 0x25CB3F: main (ffmpeg.c:5005)
> ==24087== Invalid read of size 16 > ==24087== at 0x10A1385: ??? (libavcodec/x86/cfhddsp.asm:384) > ==24087== by 0x1FFEFFF74F: ??? > ==24087== Address 0x0 is not stack'd, malloc'd or (recently) free'd without asm: ==24138== Invalid read of size 2 ==24138== at 0x835536: filter (cfhddsp.c:36) ==24138== by 0x835A68: vert_filter (cfhddsp.c:74) ==24138== by 0x8333AE: cfhd_decode (cfhd.c:1172) ==24138== by 0x860064: decode_simple_internal (decode.c:327) ==24138== by 0x860C9B: decode_simple_receive_frame (decode.c:526) ==24138== by 0x860D95: decode_receive_frame_internal (decode.c:546) ==24138== by 0x861019: avcodec_send_packet (decode.c:608) ==24138== by 0x2525A7: decode (ffmpeg.c:2285) ==24138== by 0x252DC7: decode_video (ffmpeg.c:2425) ==24138== by 0x253EF3: process_input_packet (ffmpeg.c:2672) ==24138== by 0x25BB79: process_input (ffmpeg.c:4606) ==24138== by 0x25C06D: transcode_step (ffmpeg.c:4746) ==24138== by 0x25C1D5: transcode (ffmpeg.c:4800) ==24138== by 0x25CB3F: main (ffmpeg.c:5005) ==24138== Address 0x0 is not stack'd, malloc'd or (recently) free'd [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
