Opened 9 years ago
Closed 9 years ago
#5139 closed defect (fixed)
memory leak when invalid data is found processing input
Reported by: | tsmith | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | git-master | Keywords: | h264 leak regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
Summary of the bug:
Memory leak of 960 bytes
How to reproduce:
% ffmpeg -i input ... output ==4985== Memcheck, a memory error detector ==4985== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==4985== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==4985== Command: ./ffmpeg_clean -f ivf -i ivf_corpus/13074d77d64a80773038b64b8542e10295089d81 -f null - ==4985== ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04) configuration: --cc=gcc --cxx=g++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv libavutil 55. 12.100 / 55. 12.100 libavcodec 57. 22.100 / 57. 22.100 libavformat 57. 21.101 / 57. 21.101 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 23.100 / 6. 23.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 st:0 has too large timebase, reducing [h264 @ 0x624efa0] Warning: not compiled with thread support, using thread emulation Truncating packet of size 1175257088 to 34917 [h264 @ 0x624efa0] sps_id 32 out of range [h264 @ 0x624efa0] FMO not supported [h264 @ 0x624efa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0x624efa0] Truncating likely oversized SPS [h264 @ 0x624efa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0x624efa0] FMO not supported [h264 @ 0x624efa0] sps_id 32 out of range [h264 @ 0x624efa0] Truncating likely oversized SPS [h264 @ 0x624efa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0x624efa0] Missing reference picture, default is 0 Last message repeated 2 times [h264 @ 0x624efa0] co located POCs unavailable [h264 @ 0x624efa0] error while decoding MB 86 3, bytestream -11 [h264 @ 0x624efa0] non-existing SPS 0 referenced in buffering period [h264 @ 0x624efa0] number of reference frames (0+3) exceeds max (2; probably corrupt input), discarding one [h264 @ 0x624efa0] concealing 258 DC, 258 AC, 258 MV errors in B frame [ivf @ 0x6245780] decoding for stream 0 failed Input #0, ivf, from 'ivf_corpus/13074d77d64a80773038b64b8542e10295089d81': Duration: -404950:-11:-49.57, bitrate: N/A Stream #0:0: Video: h264 (CAVLC 4:4:4) (V264 / 0x34363256), yuv444p, 1566x94, 278.66 tbr, 278.66 tbn, 557.33 tbc [wrapped_avframe @ 0x65c6560] Warning: not compiled with thread support, using thread emulation [h264 @ 0x658fb20] Warning: not compiled with thread support, using thread emulation Output #0, null, to 'pipe:': Stream #0:0: Video: wrapped_avframe, yuv444p, 1566x94, q=2-31, 200 kb/s, 278.66 fps, 278.66 tbn, 278.66 tbc Metadata: encoder : Lavc57.22.100 wrapped_avframe Stream mapping: Stream #0:0 -> #0:0 (h264 (native) -> wrapped_avframe (native)) Error while opening decoder for input stream #0:0 : Invalid data found when processing input ==4985== ==4985== HEAP SUMMARY: ==4985== in use at exit: 960 bytes in 2 blocks ==4985== total heap usage: 1,246 allocs, 1,244 frees, 4,215,316 bytes allocated ==4985== ==4985== 480 bytes in 1 blocks are definitely lost in loss record 1 of 2 ==4985== at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4985== by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4985== by 0xE3E89F: av_malloc (mem.c:97) ==4985== by 0xE3E89F: av_mallocz (mem.c:254) ==4985== by 0xE380AA: av_frame_alloc (frame.c:143) ==4985== by 0x4230D1: h264_init_context (h264.c:635) ==4985== by 0x4230D1: ff_h264_decode_init (h264.c:656) ==4985== by 0xA29703: avcodec_open2 (utils.c:1483) ==4985== by 0x48E1F8: init_input_stream (ffmpeg.c:2542) ==4985== by 0x48E1F8: transcode_init (ffmpeg.c:3200) ==4985== by 0x471163: transcode (ffmpeg.c:4093) ==4985== by 0x471163: main (ffmpeg.c:4314) ==4985== ==4985== 480 bytes in 1 blocks are definitely lost in loss record 2 of 2 ==4985== at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4985== by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4985== by 0xE3E89F: av_malloc (mem.c:97) ==4985== by 0xE3E89F: av_mallocz (mem.c:254) ==4985== by 0xE380AA: av_frame_alloc (frame.c:143) ==4985== by 0x4230E6: h264_init_context (h264.c:639) ==4985== by 0x4230E6: ff_h264_decode_init (h264.c:656) ==4985== by 0xA29703: avcodec_open2 (utils.c:1483) ==4985== by 0x48E1F8: init_input_stream (ffmpeg.c:2542) ==4985== by 0x48E1F8: transcode_init (ffmpeg.c:3200) ==4985== by 0x471163: transcode (ffmpeg.c:4093) ==4985== by 0x471163: main (ffmpeg.c:4314) ==4985== ==4985== LEAK SUMMARY: ==4985== definitely lost: 960 bytes in 2 blocks ==4985== indirectly lost: 0 bytes in 0 blocks ==4985== possibly lost: 0 bytes in 0 blocks ==4985== still reachable: 0 bytes in 0 blocks ==4985== suppressed: 0 bytes in 0 blocks ==4985== ==4985== For counts of detected and suppressed errors, rerun with: -v ==4985== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Attachments (2)
Change History (9)
comment:1 by , 9 years ago
Keywords: | h264 leak added |
---|
comment:2 by , 9 years ago
My bad I forgot to include the command line. Try:
% valgrind ffmpeg -f ivf -i <test_case> -f null -
comment:3 by , 9 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
Please reopen if I miss something.
$ valgrind ffmpeg_g -f ivf -i test_case.ivf -f null - ==30399== Memcheck, a memory error detector ==30399== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30399== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30399== Command: ffmpeg_g -f ivf -i test_case.ivf -f null - ==30399== ffmpeg version N-77727-gf4c1a48 Copyright (c) 2000-2016 the FFmpeg developers built with gcc 4.7 (SUSE Linux) configuration: --enable-gpl libavutil 55. 12.100 / 55. 12.100 libavcodec 57. 22.100 / 57. 22.100 libavformat 57. 21.101 / 57. 21.101 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 23.100 / 6. 23.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 libpostproc 54. 0.100 / 54. 0.100 st:0 has too large timebase, reducing Truncating packet of size 1175257088 to 34917 [h264 @ 0xb721fa0] sps_id 32 out of range [h264 @ 0xb721fa0] FMO not supported [h264 @ 0xb721fa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0xb721fa0] Truncating likely oversized SPS [h264 @ 0xb721fa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0xb721fa0] FMO not supported [h264 @ 0xb721fa0] sps_id 32 out of range [h264 @ 0xb721fa0] Truncating likely oversized SPS [h264 @ 0xb721fa0] sps_id 32 out of range Last message repeated 1 times [h264 @ 0xb721fa0] Missing reference picture, default is 0 Last message repeated 2 times [h264 @ 0xb721fa0] co located POCs unavailable [h264 @ 0xb721fa0] error while decoding MB 86 3, bytestream -11 [h264 @ 0xb721fa0] non-existing SPS 0 referenced in buffering period [h264 @ 0xb721fa0] number of reference frames (0+3) exceeds max (2; probably corrupt input), discarding one [h264 @ 0xb721fa0] concealing 258 DC, 258 AC, 258 MV errors in B frame [ivf @ 0xb7187a0] decoding for stream 0 failed Input #0, ivf, from 'test_case.ivf': Duration: -404950:-11:-49.57, bitrate: N/A Stream #0:0: Video: h264 (CAVLC 4:4:4) (V264 / 0x34363256), yuv444p, 1566x94, 278.66 tbr, 278.66 tbn, 557.33 tbc Output #0, null, to 'pipe:': Stream #0:0: Video: wrapped_avframe, yuv444p, 1566x94, q=2-31, 200 kb/s, 278.66 fps, 278.66 tbn, 278.66 tbc Metadata: encoder : Lavc57.22.100 wrapped_avframe Stream mapping: Stream #0:0 -> #0:0 (h264 (native) -> wrapped_avframe (native)) Error while opening decoder for input stream #0:0 : Invalid data found when processing input ==30399== ==30399== HEAP SUMMARY: ==30399== in use at exit: 48 bytes in 1 blocks ==30399== total heap usage: 1,263 allocs, 1,262 frees, 4,224,114 bytes allocated ==30399== ==30399== LEAK SUMMARY: ==30399== definitely lost: 0 bytes in 0 blocks ==30399== indirectly lost: 0 bytes in 0 blocks ==30399== possibly lost: 0 bytes in 0 blocks ==30399== still reachable: 48 bytes in 1 blocks ==30399== suppressed: 0 bytes in 0 blocks ==30399== Rerun with --leak-check=full to see details of leaked memory ==30399== ==30399== For counts of detected and suppressed errors, rerun with: -v ==30399== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
comment:4 by , 9 years ago
It must have something to do with the configure options I am using. I tired with configuration: --cc=clang --cxx=clang++ --enable-gpl and was unable to reproduce the issue.
by , 9 years ago
Attachment: | test_case.ivf added |
---|
comment:5 by , 9 years ago
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
I have a better test case and I have tested it with the configuration from your log.
$ valgrind --leak-check=full ./ffmpeg_g -f ivf -i test_case.ivf -f null - ==55920== Memcheck, a memory error detector ==55920== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==55920== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==55920== Command: ./ffmpeg_g -f ivf -i ivf_corpus/test_case.ivf -f null - ==55920== ffmpeg version N-77728-g84a967df Copyright (c) 2000-2016 the FFmpeg developers built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04) configuration: --enable-gpl libavutil 55. 12.100 / 55. 12.100 libavcodec 57. 22.100 / 57. 22.100 libavformat 57. 21.101 / 57. 21.101 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 23.100 / 6. 23.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 libpostproc 54. 0.100 / 54. 0.100 [NULL @ 0xa203fa0] [IMGUTILS @ 0xffeffee30] Picture size 32853x9472 is invalid [ivf @ 0xa1fa780] Failed to open codec in av_find_stream_info [NULL @ 0xa203fa0] pps_id 1363 out of range [NULL @ 0xa203fa0] pps_id 1343 out of range [NULL @ 0xa203fa0] missing picture in access unit with size 247 [h264 @ 0xa203fa0] pps_id 1363 out of range [h264 @ 0xa203fa0] illegal POC type 4 [h264 @ 0xa203fa0] illegal aspect ratio [h264 @ 0xa203fa0] illegal POC type 4 [ivf @ 0xa1fa780] Could not find codec parameters for stream 0 (Video: h264 (V264 / 0x34363256), none): unspecified size Consider increasing the value for the 'analyzeduration' and 'probesize' options ivf_corpus/test_case.ivf: could not find codec parameters Input #0, ivf, from 'ivf_corpus/test_case.ivf': Duration: N/A, bitrate: N/A Stream #0:0: Video: h264 (V264 / 0x34363256), none, 1.99 tbr, 1.99 tbn, 3.98 tbc [buffer @ 0xa38afe0] Unable to parse option value "0x0" as image size [buffer @ 0xa38afe0] Unable to parse option value "-1" as pixel format [buffer @ 0xa38afe0] Unable to parse option value "0x0" as image size [buffer @ 0xa38afe0] Error setting option video_size to value 0x0. [graph 0 input from stream 0:0 @ 0xa38ae60] Error applying options to the filter. Error opening filters! ==55920== ==55920== HEAP SUMMARY: ==55920== in use at exit: 1,006 bytes in 6 blocks ==55920== total heap usage: 285 allocs, 279 frees, 1,619,103 bytes allocated ==55920== ==55920== 46 (16 direct, 30 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 6 ==55920== at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0xEBF13F: av_malloc (mem.c:97) ==55920== by 0xEBF13F: av_mallocz (mem.c:254) ==55920== by 0xEB29EC: av_dict_set (dict.c:85) ==55920== by 0xEB29EC: av_dict_copy (dict.c:218) ==55920== by 0x4815DC: new_output_stream (ffmpeg_opt.c:1289) ==55920== by 0x484928: new_video_stream (ffmpeg_opt.c:1395) ==55920== by 0x48704C: open_output_file (ffmpeg_opt.c:2036) ==55920== by 0x488436: open_files (ffmpeg_opt.c:2999) ==55920== by 0x488436: ffmpeg_parse_options (ffmpeg_opt.c:3050) ==55920== by 0x475D1C: main (ffmpeg.c:4292) ==55920== ==55920== 480 bytes in 1 blocks are definitely lost in loss record 5 of 6 ==55920== at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0xEBF13F: av_malloc (mem.c:97) ==55920== by 0xEBF13F: av_mallocz (mem.c:254) ==55920== by 0xEB845A: av_frame_alloc (frame.c:143) ==55920== by 0x427A7B: h264_init_context (h264.c:635) ==55920== by 0x427A7B: ff_h264_decode_init (h264.c:656) ==55920== by 0xA8C0EE: avcodec_open2 (utils.c:1491) ==55920== by 0x68BDE3: try_decode_frame (utils.c:2730) ==55920== by 0x694552: avformat_find_stream_info (utils.c:3412) ==55920== by 0x483623: open_input_file (ffmpeg_opt.c:970) ==55920== by 0x4881F6: open_files (ffmpeg_opt.c:2999) ==55920== by 0x4881F6: ffmpeg_parse_options (ffmpeg_opt.c:3036) ==55920== by 0x475D1C: main (ffmpeg.c:4292) ==55920== ==55920== 480 bytes in 1 blocks are definitely lost in loss record 6 of 6 ==55920== at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==55920== by 0xEBF13F: av_malloc (mem.c:97) ==55920== by 0xEBF13F: av_mallocz (mem.c:254) ==55920== by 0xEB845A: av_frame_alloc (frame.c:143) ==55920== by 0x427A90: h264_init_context (h264.c:639) ==55920== by 0x427A90: ff_h264_decode_init (h264.c:656) ==55920== by 0xA8C0EE: avcodec_open2 (utils.c:1491) ==55920== by 0x68BDE3: try_decode_frame (utils.c:2730) ==55920== by 0x694552: avformat_find_stream_info (utils.c:3412) ==55920== by 0x483623: open_input_file (ffmpeg_opt.c:970) ==55920== by 0x4881F6: open_files (ffmpeg_opt.c:2999) ==55920== by 0x4881F6: ffmpeg_parse_options (ffmpeg_opt.c:3036) ==55920== by 0x475D1C: main (ffmpeg.c:4292) ==55920== ==55920== LEAK SUMMARY: ==55920== definitely lost: 976 bytes in 3 blocks ==55920== indirectly lost: 30 bytes in 3 blocks ==55920== possibly lost: 0 bytes in 0 blocks ==55920== still reachable: 0 bytes in 0 blocks ==55920== suppressed: 0 bytes in 0 blocks ==55920== ==55920== For counts of detected and suppressed errors, rerun with: -v ==55920== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
by , 9 years ago
comment:6 by , 9 years ago
Component: | undetermined → avcodec |
---|---|
Keywords: | regression added |
Priority: | normal → important |
Reproduced by developer: | set |
Status: | reopened → open |
Regression since 36f862e0 / a0f29460
$ valgrind --leak-check=full ffmpeg_g -i leak.ivf ==27692== Memcheck, a memory error detector ==27692== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==27692== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==27692== Command: ffmpeg_g -i leak.ivf ==27692== ffmpeg version N-78065-ge9e6233 Copyright (c) 2000-2016 the FFmpeg developers built with gcc 4.7 (SUSE Linux) configuration: --enable-gpl --enable-libx264 libavutil 55. 15.100 / 55. 15.100 libavcodec 57. 22.102 / 57. 22.102 libavformat 57. 23.100 / 57. 23.100 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 27.100 / 6. 27.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 libpostproc 54. 0.100 / 54. 0.100 [NULL @ 0xbaa2760] [IMGUTILS @ 0x7fefff020] Picture size 32853x9472 is invalid [ivf @ 0xba904a0] Failed to open codec in av_find_stream_info [NULL @ 0xbaa2760] pps_id 1363 out of range [NULL @ 0xbaa2760] pps_id 1343 out of range [NULL @ 0xbaa2760] missing picture in access unit with size 247 [h264 @ 0xbaa2760] pps_id 1363 out of range [h264 @ 0xbaa2760] illegal POC type 4 [h264 @ 0xbaa2760] illegal aspect ratio [h264 @ 0xbaa2760] illegal POC type 4 [ivf @ 0xba904a0] Could not find codec parameters for stream 0 (Video: h264 (V264 / 0x34363256), none): unspecified size Consider increasing the value for the 'analyzeduration' and 'probesize' options leak.ivf: could not find codec parameters Input #0, ivf, from 'leak.ivf': Duration: N/A, bitrate: N/A Stream #0:0: Video: h264 (V264 / 0x34363256), none, 1.99 tbr, 1.99 tbn, 3.98 tbc At least one output file must be specified ==27692== ==27692== HEAP SUMMARY: ==27692== in use at exit: 1,008 bytes in 3 blocks ==27692== total heap usage: 157 allocs, 154 frees, 1,642,342 bytes allocated ==27692== ==27692== 480 bytes in 1 blocks are definitely lost in loss record 2 of 3 ==27692== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27692== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27692== by 0x1032BCF: av_mallocz (mem.c:97) ==27692== by 0x102BB8A: av_frame_alloc (frame.c:143) ==27692== by 0x7A4B34: h264_init_context (h264.c:634) ==27692== by 0x42984E: ff_h264_decode_init (h264.c:655) ==27692== by 0xB77AAE: avcodec_open2 (utils.c:1491) ==27692== by 0x6A182F: try_decode_frame (utils.c:2730) ==27692== by 0x6AA325: avformat_find_stream_info (utils.c:3416) ==27692== by 0x488ED0: open_input_file (ffmpeg_opt.c:970) ==27692== by 0x4829D2: open_files.isra.8 (ffmpeg_opt.c:3006) ==27692== by 0x48A7F0: ffmpeg_parse_options (ffmpeg_opt.c:3043) ==27692== ==27692== 480 bytes in 1 blocks are definitely lost in loss record 3 of 3 ==27692== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27692== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27692== by 0x1032BCF: av_mallocz (mem.c:97) ==27692== by 0x102BB8A: av_frame_alloc (frame.c:143) ==27692== by 0x7A4B45: h264_init_context (h264.c:638) ==27692== by 0x42984E: ff_h264_decode_init (h264.c:655) ==27692== by 0xB77AAE: avcodec_open2 (utils.c:1491) ==27692== by 0x6A182F: try_decode_frame (utils.c:2730) ==27692== by 0x6AA325: avformat_find_stream_info (utils.c:3416) ==27692== by 0x488ED0: open_input_file (ffmpeg_opt.c:970) ==27692== by 0x4829D2: open_files.isra.8 (ffmpeg_opt.c:3006) ==27692== by 0x48A7F0: ffmpeg_parse_options (ffmpeg_opt.c:3043) ==27692== ==27692== LEAK SUMMARY: ==27692== definitely lost: 960 bytes in 2 blocks ==27692== indirectly lost: 0 bytes in 0 blocks ==27692== possibly lost: 0 bytes in 0 blocks ==27692== still reachable: 48 bytes in 1 blocks ==27692== suppressed: 0 bytes in 0 blocks ==27692== Reachable blocks (those to which a pointer was found) are not shown. ==27692== To see them, rerun with: --leak-check=full --show-reachable=yes ==27692== ==27692== For counts of detected and suppressed errors, rerun with: -v ==27692== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)
comment:7 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
I cannot reproduce this: