flac: fix endless bytes skip
This fixes an endless hang on certain flacs (see one attached). A hang was caused when the stream head is invalid and a header should be skipped, but not enough data is available. In this case, block_SkipBytes
returns VLC_EGENERIC
and does not seek anything. So, the same invalid block is processed again and again.
For context: We analyzed vlc as part of a seminar on open-source fuzzing, and this is our first contribution to vlc. We are happy to open issues about further findings.
Click to expand and see logs
[000064b21f83f550] main libvlc debug: VLC media player - 3.0.20 Vetinari
[000064b21f83f550] main libvlc debug: Copyright © 1996-2023 the VideoLAN team
[000064b21f83f550] main libvlc debug: revision 3.0.20-0-g 6f0d0ab1
[000064b21f83f550] main libvlc debug: configured with ./configure '--prefix=/usr' '--sysconfdir=/etc' '--with-kde-solid=/usr/share/solid/actions/' '--disable-rpath' '--enable-nls' '--enable-archive' '--enable-live555' '--enable-dc1394' '--enable-dv1394' '--enable-dvdread' '--enable-dvdnav' '--enable-bluray' '--disable-opencv' '--enable-smbclient' '--enable-sftp' '--enable-nfs' '--enable-realrtsp' '--enable-dvbpsi' '--enable-gme' '--enable-ogg' '--enable-shout' '--enable-matroska' '--enable-mod' '--enable-mpc' '--enable-mad' '--enable-mpg123' '--enable-gst-decode' '--enable-avcodec' '--enable-libva' '--enable-avformat' '--enable-postproc' '--enable-faad' '--enable-vpx' '--enable-twolame' '--disable-fdkaac' '--enable-a52' '--enable-dca' '--enable-flac' '--enable-libmpeg2' '--enable-vorbis' '--enable-speex' '--enable-opus' '--enable-oggspots' '--disable-schroedinger' '--enable-png' '--enable-jpeg' '--enable-x264' '--enable-x265' '--enable-zvbi' '--enable-libass' '--enable-kate' '--enable-tiger' '--enable-vdpau' '--enable-wayland' '--enable-sdl-image' '--enable-freetype' '--enable-fribidi' '--enable-harfbuzz' '--enable-fontconfig' '--enable-svg' '--enable-svgdec' '--enable-aa' '--enable-caca' '--enable-pulse' '--enable-alsa' '--enable-jack' '--enable-samplerate' '--enable-soxr' '--disable-chromaprint' '--enable-chromecast' '--enable-qt' '--enable-skins2' '--enable-libtar' '--enable-ncurses' '--enable-lirc' '--enable-goom' '--enable-projectm' '--enable-avahi' '--enable-mtp' '--enable-upnp' '--enable-microdns' '--enable-libxml2' '--disable-libgcrypt' '--enable-gnutls' '--enable-taglib' '--enable-secret' '--enable-kwallet' '--disable-update-check' '--enable-notify' '--disable-libplacebo' '--enable-vlc' '--enable-aribsub' '--enable-aribcam' '--enable-aom' '--enable-srt' '--enable-dav1d' 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -g -ffile-prefix-map=/build/vlc/src=/usr/src/debug/vlc -flto=auto -I/usr/include/samba-4.0 -ffat-lto-objects' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto' 'CPPFLAGS= -I/usr/include/samba-4.0' 'CXXFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -Wp,-D_GLIBCXX_ASSERTIONS -g -ffile-prefix-map=/build/vlc/src=/usr/src/debug/vlc -flto=auto -std=c++17' 'PKG_CONFIG_PATH=/usr/lib/ffmpeg4.4/pkgconfig/:/usr/lib/ffmpeg4.4/pkgconfig' 'LUA_LIBS=-llua -lm' 'LUAC=/usr/bin/luac'
[000064b21f83f550] main libvlc debug: searching plug-in modules
[000064b21f83f550] main libvlc debug: loading plugins cache file /usr/lib/vlc/plugins/plugins.dat
[000064b21f83f550] main libvlc debug: recursively browsing `/usr/lib/vlc/plugins'
[000064b21f83f550] main libvlc debug: plug-ins loaded: 531 modules
[000064b21f83f550] main libvlc debug: opening config file (~/.config/vlc/vlcrc)
[000064b21f83f8a0] main logger debug: looking for logger module matching "any": 4 candidates
[000064b21f83f8a0] main logger debug: using logger module "console"
[000064b21f83f550] main libvlc debug: translation test: code is "C"
[000064b21f8d4320] main keystore debug: looking for keystore module matching "memory": 4 candidates
[000064b21f8d4320] main keystore debug: using keystore module "memory"
[000064b21f83f550] main libvlc debug: CPU has capabilities MMX MMXEXT SSE SSE2 SSE3 SSSE3 SSE4.1 SSE4.2 AVX AVX2 FPU
[000064b21f8daa30] main input debug: Creating an input for 'Media Library'
[000064b21f8daa30] main input debug: Input is a meta file: disabling unneeded options
[000064b21f8daa30] main input debug: using timeshift granularity of 50 MiB
[000064b21f8daa30] main input debug: using default timeshift path
[000064b21f8daa30] main input debug:
file/directory:///~/.local/share/vlc/ml.xspf' gives access
file' demuxdirectory' path
~/.local/share/vlc/ml.xspf'[000064b21f8e4400] main input source debug: creating demux: access='file' demux='directory' location='
/.local/share/vlc/ml.xspf' file='/.local/share/vlc/ml.xspf'[000064b21f8e4580] main demux debug: looking for access_demux module matching "file": 19 candidates
[000064b21f8e4580] main demux debug: no access_demux modules matched
[000064b21f8f31b0] main stream debug: creating access: file:///~/.local/share/vlc/ml.xspf
[000064b21f8f31b0] main stream debug: (path: ~/.local/share/vlc/ml.xspf)
[000064b21f8f31b0] main stream debug: looking for access module matching "file": 30 candidates
[000064b21f8f31b0] main stream debug: using access module "filesystem"
[000064b21f8f4380] main stream debug: looking for stream_filter module matching "prefetch,cache_read": 27 candidates
[000064b21f8f4380] cache_read stream debug: Using stream method for AStream*
[000064b21f8f4380] cache_read stream debug: starting pre-buffering
[000064b21f8f4380] cache_read stream debug: received first data after 0 ms
[000064b21f8f4380] cache_read stream debug: pre-buffering done 296 bytes in 0s - 11117 KiB/s
[000064b21f8f4380] main stream debug: using stream_filter module "cache_read"
[000064b21f8f5410] main stream debug: looking for stream_filter module matching "any": 27 candidates
[000064b21f8f5410] playlist stream debug: using XSPF playlist reader
[000064b21f8f5410] main stream debug: using stream_filter module "playlist"
[000064b21f8f5410] main stream debug: stream filter added to 0x64b21f8f4380
[000064b21f8f8af0] main stream debug: looking for stream_filter module matching "any": 27 candidates
[000064b21f8f8af0] main stream debug: no stream_filter modules matched
[000064b21f8f9c50] main stream_directory debug: looking for stream_directory module matching "any": 1 candidates
[000064b21f8f9c50] main stream_directory debug: no stream_directory modules matched
[000064b21f8e4400] main input source debug: attachment of directory-extractor failed for file:///~/.local/share/vlc/ml.xspf
[000064b21f8f8af0] main stream debug: looking for stream_filter module matching "record": 27 candidates
[000064b21f8f8af0] main stream debug: using stream_filter module "record"
[000064b21f8e4400] main input source debug: creating demux: access='file' demux='directory' location='~/.local/share/vlc/ml.xspf' file='~/.local/share/vlc/ml.xspf'
[000064b21f8e4580] main demux debug: looking for demux module matching "directory": 55 candidates
[000064b21f8e4580] main demux debug: using demux module "directory"
[000064b21f8fc730] main demux meta debug: looking for meta reader module matching "any": 2 candidates
[000064b21f8fc730] lua demux meta debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/reader
[000064b21f8fc730] lua demux meta debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/reader
[000064b21f8fc730] lua demux meta debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/reader/filename.luac
[000064b21f8fc730] lua demux meta debug: Trying Lua scripts in /usr/share/vlc/lua/meta/reader
[000064b21f8fc730] main demux meta debug: no meta reader modules matched
[000064b21f8daa30] main input debug: `file/directory:///~/.local/share/vlc/ml.xspf' successfully opened
[000064b21f912bf0] main xml reader debug: looking for xml reader module matching "any": 1 candidates
[000064b21f912bf0] main xml reader debug: using xml reader module "xml"
[000064b21f8daa30] main input debug: EOF reached
[000064b21f8e4580] main demux debug: removing module "directory"
[000064b21f8f8af0] main stream debug: removing module "record"
[000064b21f8f5410] main stream debug: removing module "playlist"
[000064b21f8f4380] main stream debug: removing module "cache_read"
[000064b21f8f31b0] main stream debug: removing module "filesystem"
[000064b21f8d82e0] main playlist debug: creating audio output
[000064b21f912d20] main audio output debug: looking for audio output module matching "any": 6 candidates
[000064b21f912d20] vlcpulse audio output debug: using library version 17.0.0
[000064b21f912d20] vlcpulse audio output debug: (compiled with version 16.1.0, protocol 35)
[000064b21f912d20] vlcpulse audio output debug: connected locally to /run/user/1000/pulse/native as client #133 (closed)
[000064b21f912d20] vlcpulse audio output debug: using protocol 35, server protocol 35
[000064b21f912d20] pulse audio output debug: adding sink 53: alsa_output.pci-0000_00_1f.3.analog-stereo (Built-in Audio Analog Stereo)
[000064b21f912d20] main audio output debug: using audio output module "pulse"
[000064b21f8d82e0] main playlist debug: keeping audio output
[000064b21f921200] main interface debug: looking for interface module matching "dbus,none": 19 candidates
[000064b21f921200] dbus interface debug: listening on dbus as: org.mpris.MediaPlayer2.vlc
[000064b21f921200] main interface debug: using interface module "dbus"
[000064b21f944de0] main interface debug: looking for interface module matching "hotkeys,none": 19 candidates
[00007d9b00000c30] main input debug: Creating an input for preparsing 'hang1.flac'
[000064b21f944de0] main interface debug: using interface module "hotkeys"
[000064b21f945970] main interface debug: looking for interface module matching "globalhotkeys,none": 19 candidates
[000064b21f945970] main interface debug: using interface module "xcb_hotkeys"
[000064b21f83f550] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000064b21f9468b0] main interface debug: looking for interface module matching "any": 19 candidates
[00007d9ae8000c30] main meta fetcher debug: looking for meta fetcher module matching "any": 1 candidates
[00007d9ae8000c30] lua meta fetcher debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/fetcher
[00007d9ae8000c30] lua meta fetcher debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/fetcher
[00007d9ae8000c30] lua meta fetcher debug: Trying Lua scripts in /usr/share/vlc/lua/meta/fetcher
[00007d9ae8000c30] main meta fetcher debug: no meta fetcher modules matched
[00007d9ae8000c30] main art finder debug: looking for art finder module matching "any": 2 candidates
[00007d9ae8000c30] lua art finder debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/art
[00007d9ae8000c30] lua art finder debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/art
[00007d9ae8000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007d9ae8000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007d9ae8000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007d9ae8000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007d9ae8000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007d9ae8000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007d9ae8000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007d9ae8000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007d9ae8000c30] lua art finder debug: Trying Lua scripts in /usr/share/vlc/lua/meta/art
[00007d9ae8000c30] main art finder debug: no art finder modules matched
[00007d9af01a7180] main generic debug: looking for extension module matching "any": 1 candidates
[00007d9af01a7180] lua generic debug: Opening Lua Extension module
[00007d9af01a7180] lua generic debug: Trying Lua scripts in ~/jonas/.local/share/vlc/lua/extensions
[00007d9af01a7180] lua generic debug: Trying Lua scripts in /usr/lib/vlc/lua/extensions
[00007d9af01a7180] lua generic debug: Trying Lua playlist script /usr/lib/vlc/lua/extensions/VLSub.luac
[00007d9af01a7180] lua generic debug: Scanning Lua script /usr/lib/vlc/lua/extensions/VLSub.luac
[00007d9af01a7180] lua generic debug: Script /usr/lib/vlc/lua/extensions/VLSub.luac has the following capability flags: 0x5
[00007d9af01a7180] lua generic debug: Trying Lua scripts in /usr/share/vlc/lua/extensions
[00007d9af01a7180] main generic debug: using extension module "lua"
[000064b21f9468b0] main interface debug: using interface module "qt"
[000064b21f8d82e0] main playlist debug: processing request item: null, node: Playlist, skip: 0
[000064b21f8d82e0] main playlist debug: rebuilding array of current - root Playlist
[000064b21f8d82e0] main playlist debug: rebuild done - 1 items, index -1
[000064b21f8d82e0] main playlist debug: starting playback of new item
[000064b21f8d82e0] main playlist debug: resyncing on hang1.flac
[000064b21f8d82e0] main playlist debug: hang1.flac is at 0
[000064b21f8d82e0] main playlist debug: creating new input thread
[00007d9aa0000c90] main input debug: Creating an input for 'hang1.flac'
[000064b21f8d82e0] main playlist debug: requesting art for new input thread
[00007d9aa0000c90] main input debug: using timeshift granularity of 50 MiB
[00007d9aa0000c90] main input debug: using default timeshift path
[00007d9aa0000c90] main input debug:
file:///..../hang1.flac' gives access
file' demuxany' path
...../hang1.flac'[00007d9a98000ff0] main input source debug: creating demux: access='file' demux='any' location='....hang1.flac' file='..../hang1.flac'
[00007d9a980011a0] main demux debug: looking for access_demux module matching "file": 19 candidates
[00007d9a980011a0] main demux debug: no access_demux modules matched
[00007d9a90000c30] main meta fetcher debug: looking for meta fetcher module matching "any": 1 candidates
[00007d9a98001660] main stream debug: creating access: file:///..../hang1.flac
[00007d9a98001660] main stream debug: (path: ..../flac/hang1.flac)
[00007d9a98001660] main stream debug: looking for access module matching "file": 30 candidates
[00007d9a90000c30] lua meta fetcher debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/fetcher
[00007d9a90000c30] lua meta fetcher debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/fetcher
[00007d9a90000c30] lua meta fetcher debug: Trying Lua scripts in /usr/share/vlc/lua/meta/fetcher
[00007d9a90000c30] main meta fetcher debug: no meta fetcher modules matched
[00007d9a98001660] main stream debug: using access module "filesystem"
[00007d9a90000c30] main art finder debug: looking for art finder module matching "any": 2 candidates
[00007d9a98001990] main stream debug: looking for stream_filter module matching "prefetch,cache_read": 27 candidates
[00007d9a98001990] cache_read stream debug: Using stream method for AStream*
[00007d9a90000c30] lua art finder debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/art
[00007d9a90000c30] lua art finder debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/art
[00007d9a98001990] cache_read stream debug: starting pre-buffering
[00007d9a98001990] cache_read stream debug: received first data after 0 ms
[00007d9a98001990] main stream debug: using stream_filter module "cache_read"
[00007d9a98c01d50] main stream debug: looking for stream_filter module matching "any": 27 candidates
[00007d9a90000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007d9a98c01d50] lua stream debug: Trying Lua scripts in ~/.local/share/vlc/lua/playlist
[00007d9a98c01d50] lua stream debug: Trying Lua scripts in /usr/lib/vlc/lua/playlist
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/anevia_streams.luac
[00007d9a90000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/00_musicbrainz.luac
[00007d9a90000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/anevia_xml.luac
[00007d9a90000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/01_googleimage.luac
[00007d9a90000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/appletrailers.luac
[00007d9a90000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/02_frenchtv.luac
[00007d9a90000c30] lua art finder debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/bbc_co_uk.luac
[00007d9a90000c30] lua art finder debug: skipping script (unmatched scope) /usr/lib/vlc/lua/meta/art/03_lastfm.luac
[00007d9a90000c30] lua art finder debug: Trying Lua scripts in /usr/share/vlc/lua/meta/art
[00007d9a90000c30] main art finder debug: no art finder modules matched
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/cue.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/dailymotion.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/jamendo.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/koreus.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/liveleak.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/newgrounds.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/rockbox_fm_presets.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/soundcloud.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/twitch.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/vimeo.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/vocaroo.luac
[00007d9a98c01d50] lua stream debug: Trying Lua playlist script /usr/lib/vlc/lua/playlist/youtube.luac
[00007d9a98c01d50] lua stream debug: Trying Lua scripts in /usr/share/vlc/lua/playlist
[00007d9a98c01d50] main stream debug: no stream_filter modules matched
[00007d9a98c19740] main stream_directory debug: looking for stream_directory module matching "any": 1 candidates
[00007d9a98c19740] main stream_directory debug: no stream_directory modules matched
[00007d9a98000ff0] main input source debug: attachment of directory-extractor failed for file:///...../hang1.flac
[00007d9a98c01d50] main stream debug: looking for stream_filter module matching "record": 27 candidates
[00007d9a98c01d50] main stream debug: using stream_filter module "record"
[00007d9a98000ff0] main input source debug: creating demux: access='file' demux='any' location='...../hang1.flac' file='...../hang1.flac'
[00007d9a980011a0] main demux debug: looking for demux module matching "flac": 55 candidates
[00007d9a98c0d2a0] main demux packetizer debug: looking for packetizer module matching "any": 25 candidates
[00007d9a98c0d2a0] main demux packetizer debug: using packetizer module "flac"
[00007d9aa0000c90] main input debug: selecting program id=0
[00007d9a980011a0] main demux debug: using demux module "flacsys"
[00007d9aa0000c90] main input debug: looking for a subtitle file in ......
[00007d9a98c0b1c0] main packetizer debug: looking for packetizer module matching "any": 25 candidates
[00007d9a98c0b1c0] main packetizer debug: using packetizer module "flac"
[00007d9a98c03e60] main decoder debug: looking for audio decoder module matching "any": 20 candidates
[00007d9a98c03e60] main decoder debug: using audio decoder module "flac"
[00007d9af8c18c00] main demux meta debug: looking for meta reader module matching "any": 2 candidates
[00007d9af8c18c00] lua demux meta debug: Trying Lua scripts in ~/.local/share/vlc/lua/meta/reader
[00007d9af8c18c00] lua demux meta debug: Trying Lua scripts in /usr/lib/vlc/lua/meta/reader
[00007d9af8c18c00] lua demux meta debug: Trying Lua playlist script /usr/lib/vlc/lua/meta/reader/filename.luac
[00007d9af8c18c00] lua demux meta debug: Trying Lua scripts in /usr/share/vlc/lua/meta/reader
[00007d9af8c18c00] main demux meta debug: no meta reader modules matched
[00007d9aa0000c90] main input debug: `file:///...../hang1.flac' successfully opened
[00007d9a98c0d2a0] flac demux packetizer warning: discarding bytes as we're over framesize 14, 19
[00007d9a98c0d2a0] flac demux packetizer warning: discarding bytes as we're over framesize 14, 17
[00007d9a98c0d2a0] flac demux packetizer warning: discarding bytes as we're over framesize 14, 17h