Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#4386 closed defect (fixed)

exr piz: crash

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: exr crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

I will compile debug build later if this is not reproducible.

http://www.datafilehost.com/d/3238440a

C:\>ffmpeg -i 96_PIZ_RGB.exr
ffmpeg version N-71042-g83020f8 Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.9.2 (GCC)
  configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av
isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab
le-iconv --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --
enable-libfreetype --enable-libgme --enable-libgsm --enable-libilbc --enable-lib
modplug --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrw
b --enable-libopenjpeg --enable-libopus --enable-librtmp --enable-libschroedinge
r --enable-libsoxr --enable-libspeex --enable-libtheora --enable-libtwolame --en
able-libvidstab --enable-libvo-aacenc --enable-libvo-amrwbenc --enable-libvorbis
 --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx264 --enable-
libx265 --enable-libxavs --enable-libxvid --enable-lzma --enable-decklink --enab
le-zlib
  libavutil      54. 20.100 / 54. 20.100
  libavcodec     56. 29.100 / 56. 29.100
  libavformat    56. 26.101 / 56. 26.101
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5. 13.101 /  5. 13.101
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100

C:\>

Change History (4)

comment:1 by ami_stuff, 10 years ago

(gdb) r -i 96_PIZ_RGB.exr -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (Debian 4.7.2-4)
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      54. 20.101 / 54. 20.101
  libavcodec     56. 30.100 / 56. 30.100
  libavformat    56. 26.101 / 56. 26.101
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5. 13.101 /  5. 13.101
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
Input #0, exr_pipe, from '96_PIZ_RGB.exr':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: exr, rgb48le, 1024x768 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf56.26.101
    Stream #0:0: Video: rawvideo (RGB0 / 0x30424752), rgb48le, 1024x768 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc56.30.100 rawvideo
Stream mapping:
  Stream #0:0 -> #0:0 (exr (native) -> rawvideo (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
5198	malloc.c: No such file or directory.
(gdb) bt
#0  0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
#1  0xb7e8edb5 in _int_malloc (av=<optimized out>, bytes=751108096)
    at malloc.c:4402
#2  0xb7e90037 in _int_memalign (av=<optimized out>, alignment=32, 
    bytes=524296) at malloc.c:5521
#3  0xb7e917f4 in *__GI___libc_memalign (alignment=32, bytes=524296)
    at malloc.c:3895
#4  0xb7e91a59 in __posix_memalign (memptr=memptr@entry=0xbffff0dc, 
    alignment=759508229, alignment@entry=32, size=131104, size@entry=524296)
    at malloc.c:6344
#5  0x08b408c8 in av_malloc (size=524296) at libavutil/mem.c:95
#6  av_mallocz (size=size@entry=524296) at libavutil/mem.c:252
#7  0x08382daf in av_mallocz_array (size=8, nmemb=65537)
    at ./libavutil/mem.h:232
#8  huf_uncompress (dst_size=98304, dst=0x95a5000, gb=<synthetic pointer>)
    at libavcodec/exr.c:574
#9  piz_uncompress (td=0x9542c40, dsize=98304, ssize=<optimized out>, 
    src=<optimized out>, s=0x9551f00) at libavcodec/exr.c:745
#10 decode_block (avctx=0x9542ce0, tdata=0x9542c40, jobnr=0, threadnr=0)
    at libavcodec/exr.c:884
#11 0x087b9f50 in avcodec_default_execute2 (c=0x9542ce0, 
    func=0x8382330 <decode_block>, arg=0x9542c40, ret=0x0, count=24)
    at libavcodec/utils.c:1117
---Type <return> to continue, or q <return> to quit---
#12 0x08381eee in decode_frame (avctx=0x9542ce0, data=0x95445e0, 
    got_frame=0xbffff594, avpkt=0xbffff308) at libavcodec/exr.c:1331
#13 0x087bb69e in avcodec_decode_video2 (avctx=0x9542ce0, 
    picture=picture@entry=0x95445e0, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff594, 
    avpkt=avpkt@entry=0xbffff840) at libavcodec/utils.c:2376
#14 0x080d1c3c in decode_video (ist=ist@entry=0x9542a00, 
    pkt=pkt@entry=0xbffff840, got_output=got_output@entry=0xbffff594)
    at ffmpeg.c:1960
#15 0x080d9f3e in process_input_packet (pkt=0xbffff7e8, ist=0x9542a00)
    at ffmpeg.c:2208
#16 process_input (file_index=0) at ffmpeg.c:3708
#17 transcode_step () at ffmpeg.c:3802
#18 transcode () at ffmpeg.c:3854
#19 0x080b9e36 in main (argc=<optimized out>, argv=<optimized out>)
    at ffmpeg.c:4036
(gdb) 
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
==2549== Memcheck, a memory error detector
==2549== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2549== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2549== Command: ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
==2549== 
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (Debian 4.7.2-4)
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      54. 20.101 / 54. 20.101
  libavcodec     56. 30.100 / 56. 30.100
  libavformat    56. 26.101 / 56. 26.101
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5. 13.101 /  5. 13.101
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
==2549== Invalid write of size 4
==2549==    at 0x402ABFD: memset (mc_replace_strmem.c:966)
==2549==    by 0x8382CE6: decode_block (exr.c:325)
==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549==    by 0x8381EED: decode_frame (exr.c:1331)
==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549==    by 0xFFFFFFFE: ???
==2549==  Address 0x4417ea0 is 0 bytes after a block of size 131,072 alloc'd
==2549==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==2549==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==2549==    by 0x8B405E7: av_malloc (mem.c:95)
==2549==    by 0x838320A: decode_block (exr.c:723)
==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549==    by 0x8381EED: decode_frame (exr.c:1331)
==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549==    by 0xFFFFFFFE: ???
==2549== 
==2549== Invalid write of size 1
==2549==    at 0x402AC10: memset (mc_replace_strmem.c:966)
==2549==    by 0x8382CE6: decode_block (exr.c:325)
==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549==    by 0x8381EED: decode_frame (exr.c:1331)
==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549==    by 0xFFFFFFFE: ???
==2549==  Address 0x4418070 is not stack'd, malloc'd or (recently) free'd
==2549== 

valgrind: m_mallocfree.c:266 (mk_plain_bszB): Assertion 'bszB != 0' failed.
valgrind: This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.

==2549==    at 0x3803D043: report_and_quit (m_libcassert.c:210)
==2549==    by 0x3803D162: vgPlain_assert_fail (m_libcassert.c:284)
==2549==    by 0x380007D6: mk_plain_bszB.part.5 (m_mallocfree.c:266)
==2549==    by 0x3804A72A: vgPlain_arena_malloc (m_mallocfree.c:1511)
==2549==    by 0x3804B20A: vgPlain_arena_memalign (m_mallocfree.c:1892)
==2549==    by 0x380843DB: vgPlain_cli_malloc (replacemalloc_core.c:86)
==2549==    by 0x38016112: vgMemCheck_new_block (mc_malloc_wrappers.c:248)
==2549==    by 0x38016414: vgMemCheck_memalign (mc_malloc_wrappers.c:315)
==2549==    by 0x38086BBC: vgPlain_scheduler (scheduler.c:1469)
==2549==    by 0x38098C07: run_a_thread_NORETURN (syswrap-linux.c:98)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==2549==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==2549==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==2549==    by 0x8B408C7: av_mallocz (mem.c:95)
==2549==    by 0x8382DAE: decode_block (mem.h:232)
==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549==    by 0x8381EED: decode_frame (exr.c:1331)
==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549==    by 0xFFFFFFFE: ???


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

comment:2 by ami_stuff, 10 years ago

looks like regression between 6c91afe and 6c9537b

git-6c9537b 23-Feb-2015 - crash
git-6c91afe 19-Feb-2015 - ok

comment:3 by Carl Eugen Hoyos, 10 years ago

Component: undeterminedavcodec
Keywords: exr added
Priority: normalimportant
Reproduced by developer: set
Resolution: fixed
Status: newclosed
Version: unspecifiedgit-master

Regression since 586ba24f - reverted by Michael in 5dd5b7d5

comment:4 by Carl Eugen Hoyos, 10 years ago

Keywords: crash regression added
Note: See TracTickets for help on using tickets.