[libav-bugs] [Bug 1125] New: avconv -- Floating Point Exception - WAV input

bugzilla at libav.org bugzilla at libav.org
Mon Apr 23 15:56:46 CEST 2018


https://bugzilla.libav.org/show_bug.cgi?id=1125

            Bug ID: 1125
           Summary: avconv -- Floating Point Exception - WAV input
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: general
          Assignee: bugzilla at libav.org
          Reporter: thuanpv at comp.nus.edu.sg

Created attachment 715
  --> https://bugzilla.libav.org/attachment.cgi?id=715&action=edit
Bug-revealing sample input

Dear all,

This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel
Böhme, Andrew Santosa and Alexandru Razvan Caciulescu. 

This bug was found on Ubuntu 16.04 64-bit & libav revision 39f3b6 (HEAD)

To reproduce:
Download the attached file - libav_crash3.wav
avconv -i libav_crash3.wav -f null -

Press Ctrl-C or sent SIGINT to the running process

Valgrind says:

[mtv @ 0x596e120] Format detected only with low score of 25, misdetection
possible!
[mtv @ 0x596e120] max_analyze_duration 5000000 reached
[mtv @ 0x596e120] Estimating duration from bitrate, this may be inaccurate
Input #0, mtv, from
'/home/thuan/subjects/libav/out2//fuzzer_3/hangs/id:000159,src:039402+020530,op:splice,rep:64':
  Duration: 00:00:00.07, bitrate: 57 kb/s
    Stream #0:0: Video: rawvideo
      rgb565be, 128x32767
      1 fps, 1 tbn
    Stream #0:1: Audio: mp3
      0 channels, s16p, 57 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press ctrl-c to stop encoding
^C==42893== fps=  0 q=0.0 size=       0kB time=10000000000.00 bitrate=  
0.0kbits/s    
==42893== Process terminating with default action of signal 8 (SIGFPE)
==42893==  Integer divide by zero at address 0x8056E333E
==42893==    at 0x55F21F: process_input_packet.constprop.13 (avconv.c:1586)
==42893==    by 0x4FA055: transcode (avconv.c:2823)
==42893==    by 0x4FA055: main (avconv.c:2972)

ASAN says:

[mtv @ 0x61a00001f280] Format detected only with low score of 25, misdetection
possible!
[mtv @ 0x61a00001f280] max_analyze_duration 5000000 reached
[mtv @ 0x61a00001f280] Estimating duration from bitrate, this may be inaccurate
Input #0, mtv, from
'/home/thuan/subjects/libav/out2//fuzzer_3/hangs/id:000159,src:039402+020530,op:splice,rep:64':
  Duration: 00:00:00.07, bitrate: 57 kb/s
    Stream #0:0: Video: rawvideo
      rgb565be, 128x32767
      1 fps, 1 tbn
    Stream #0:1: Audio: mp3
      0 channels, s16p, 57 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press ctrl-c to stop encoding
^CASAN:DEADLYSIGNAL q=0.0 size=       0kB time=10000000000.00 bitrate=  
0.0kbits/s    
=================================================================
==9865==ERROR: AddressSanitizer: FPE on unknown address 0x000000514c33 (pc
0x000000514c33 bp 0x7fff4a4d9d60 sp 0x7fff4a4d9b80 T0)
    #0 0x514c32  (/home/thuan/subjects/libav-asan/avconv+0x514c32)
    #1 0x4cf992  (/home/thuan/subjects/libav-asan/avconv+0x4cf992)
    #2 0x7f6f78da482f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #3 0x4e22c8  (/home/thuan/subjects/libav-asan/avconv+0x4e22c8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE
(/home/thuan/subjects/libav-asan/avconv+0x514c32) 
==9865==ABORTING

Regards,

Thuan

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20180423/0aa0c00b/attachment.html>


More information about the libav-bugs mailing list