Opened 9 years ago
Closed 8 years ago
#5128 closed defect (fixed)
null pointer passed as argument in av_packet_ref()
Reported by: | tsmith | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avcodec |
Version: | git-master | Keywords: | ubsan |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
Summary of the bug:
UBSan: libavcodec/avpacket.c:566:32: runtime error: null pointer passed as argument 2, which is declared to never be null
How to reproduce:
% ffmpeg -f ivf -i <test_case> -f null - ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1) configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv libavutil 55. 12.100 / 55. 12.100 libavcodec 57. 22.100 / 57. 22.100 libavformat 57. 21.101 / 57. 21.101 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 23.100 / 6. 23.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 [vp8 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation Input #0, ivf, from '/home/user/Desktop/vpx/corpus/15d591cfc299e559f570fa445ba91fb768230159': Duration: 00:00:00.10, start: 0.000000, bitrate: 115 kb/s Stream #0:0: Video: vp8 (VP80 / 0x30385056), yuv420p, 5696x36, 30 tbr, 30 tbn, 30 tbc [wrapped_avframe @ 0x619000003780] Warning: not compiled with thread support, using thread emulation [vp8 @ 0x619000004180] Warning: not compiled with thread support, using thread emulation Output #0, null, to 'pipe:': Metadata: encoder : Lavf57.21.101 Stream #0:0: Video: wrapped_avframe, yuv420p, 5696x36, q=2-31, 200 kb/s, 30 fps, 30 tbn, 30 tbc Metadata: encoder : Lavc57.22.100 wrapped_avframe Stream mapping: Stream #0:0 -> #0:0 (vp8 (native) -> wrapped_avframe (native)) Press [q] to stop, [?] for help Input stream #0:0 frame changed from size:5696x36 fmt:yuv420p to size:64x36 fmt:yuv420p DTS -212200375451618, next:33333 st:0 invalid dropping PTS -212200375451618, next:33333 invalid dropping st:0 [vp8 @ 0x619000004180] Invalid partitions Error while decoding stream #0:0: Invalid data found when processing input libavcodec/avpacket.c:566:32: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:47:28: note: nonnull attribute specified here #0 0xd11745 in av_packet_ref /home/user/code/ffmpeg/libavcodec/avpacket.c:566:9 #1 0xc0bb7f in ff_read_packet /home/user/code/ffmpeg/libavformat/utils.c:702:19 #2 0xc112dc in read_frame_internal /home/user/code/ffmpeg/libavformat/utils.c:1343:15 #3 0xc1079a in av_read_frame /home/user/code/ffmpeg/libavformat/utils.c:1504:17 #4 0x594311 in process_input /home/user/code/ffmpeg/ffmpeg.c:3758:11 #5 0x5726c6 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4068:11 #6 0x5726c6 in transcode /home/user/code/ffmpeg/ffmpeg.c:4122 #7 0x56f73c in main /home/user/code/ffmpeg/ffmpeg.c:4314:9 #8 0x7fce5cfe2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #9 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)
Attachments (1)
Change History (5)
by , 9 years ago
Attachment: | test_case.vp8.ivf added |
---|
comment:1 by , 8 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 8 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
If there ever was an issue, it is still reproducible with a2c40931
comment:3 by , 8 years ago
Reproduced by developer: | set |
---|---|
Status: | reopened → open |
comment:4 by , 8 years ago
Keywords: | ubsan added |
---|---|
Resolution: | → fixed |
Status: | open → closed |
Should be fixed in f077ad69c682c13ab75a72aec11a61cac53f0c91
Note:
See TracTickets
for help on using tickets.
Looks to be fixed.