Opened 9 months ago

Closed 9 months ago

#10866 closed defect (fixed)

speexdec regression

Reported by: Michael Niedermayer Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords:
Cc: James Blocked By:
Blocking: 7.0 Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:

out of array accesses
testcase provided to james
this issue is to keep trac of 7.0 blocking issues

Regression since ab39cc36c72bb73318bb911acb66873de850a107.

==18832== Invalid write of size 4
==18832== at 0xD1CFC3: sb_decode (speexdec.c:1260)
==18832== by 0xD1E5EE: speex_decode_frame (speexdec.c:1558)
==18832== by 0x998846: decode_simple_internal (decode.c:430)
==18832== by 0x998DD7: decode_simple_receive_frame (decode.c:609)
==18832== by 0x998F47: decode_receive_frame_internal (decode.c:637)
==18832== by 0x99930C: avcodec_send_packet (decode.c:734)
==18832== by 0x669D2F: try_decode_frame (demux.c:2126)
==18832== by 0x66CAA0: avformat_find_stream_info (demux.c:2809)
==18832== by 0x24E9C2: ifile_open (ffmpeg_demux.c:1663)
==18832== by 0x2755BE: open_files (ffmpeg_opt.c:1333)
==18832== by 0x275780: ffmpeg_parse_options (ffmpeg_opt.c:1373)
==18832== by 0x289702: main (ffmpeg.c:1032)
==18832== Address 0x16a170c0 is 0 bytes after a block of size 1,536 alloc'd
==18832== at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18832== by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18832== by 0x13E4006: av_malloc (mem.c:105)
==18832== by 0x13BFC1D: av_buffer_alloc (buffer.c:82)
==18832== by 0x13C0665: pool_alloc_buffer (buffer.c:362)
==18832== by 0x13C07E6: av_buffer_pool_get (buffer.c:401)
==18832== by 0xA46052: audio_get_buffer (get_buffer.c:203)
==18832== by 0xA4648D: avcodec_default_get_buffer2 (get_buffer.c:278)
==18832== by 0x99B967: ff_get_buffer (decode.c:1673)
==18832== by 0xD1E52E: speex_decode_frame (speexdec.c:1552)
==18832== by 0x998846: decode_simple_internal (decode.c:430)
==18832== by 0x998DD7: decode_simple_receive_frame (decode.c:609)
==18832== by 0x998F47: decode_receive_frame_internal (decode.c:637)
==18832== by 0x99930C: avcodec_send_packet (decode.c:734)
==18832== by 0x669D2F: try_decode_frame (demux.c:2126)
==18832== by 0x66CAA0: avformat_find_stream_info (demux.c:2809)
==18832== by 0x24E9C2: ifile_open (ffmpeg_demux.c:1663)
==18832== by 0x2755BE: open_files (ffmpeg_opt.c:1333)
==18832== by 0x275780: ffmpeg_parse_options (ffmpeg_opt.c:1373)
==18832== by 0x289702: main (ffmpeg.c:1032)

Change History (2)

comment:1 by Michael Niedermayer, 9 months ago

Cc: James added
Status: newopen

comment:2 by Michael Niedermayer, 9 months ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.