Opened 9 years ago

Closed 9 years ago

#5353 closed defect (fixed)

vc2 enc: invalid read

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vc2 crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/d/f87905a4

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -i  test.bmp -s 111x111 -vcodec vc2 -strict -1 out.ts
==13353== Memcheck, a memory error detector
==13353== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==13353== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==13353== Command: ffmpeg/ffmpeg_g -i test.bmp -s 111x111 -vcodec vc2 -strict -1 out.ts
==13353== 
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.1)
  configuration: --disable-ffplay --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      55. 19.100 / 55. 19.100
  libavcodec     57. 28.103 / 57. 28.103
  libavformat    57. 28.102 / 57. 28.102
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 39.102 /  6. 39.102
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, bmp_pipe, from 'test.bmp':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: bmp, bgr24, 1024x768, 25 tbr, 25 tbn, 25 tbc
[vc2 @ 0x544e960] Disabling strict compliance
Output #0, mpegts, to 'out.ts':
  Metadata:
    encoder         : Lavf57.28.102
    Stream #0:0: Video: dirac (vc2), yuv444p, 111x111, q=2-31, 600000 kb/s, 25 fps, 90k tbn, 25 tbc
    Metadata:
      encoder         : Lavc57.28.103 vc2
Stream mapping:
  Stream #0:0 -> #0:0 (bmp (native) -> dirac (vc2))
Press [q] to stop, [?] for help
==13353== Thread 9:
==13353== Use of uninitialised value of size 4
==13353==    at 0x878815E: count_hq_slice (vc2enc.c:567)
==13353==    by 0x8788631: rate_control (vc2enc.c:638)
==13353==    by 0x8696530: worker (pthread_slice.c:93)
==13353==    by 0x40B5F6F: start_thread (pthread_create.c:312)
==13353==    by 0x41B6BED: clone (clone.S:129)
==13353== 
==13353== Invalid read of size 4
==13353==    at 0x878815E: count_hq_slice (vc2enc.c:567)
==13353==    by 0x8788631: rate_control (vc2enc.c:638)
==13353==    by 0x8696530: worker (pthread_slice.c:93)
==13353==    by 0x40B5F6F: start_thread (pthread_create.c:312)
==13353==    by 0x41B6BED: clone (clone.S:129)
==13353==  Address 0xe5decf94 is not stack'd, malloc'd or (recently) free'd
==13353== 
==13353== 
==13353== Process terminating with default action of signal 11 (SIGSEGV)
==13353==  Access not within mapped region at address 0xE5DECF94
==13353==    at 0x878815E: count_hq_slice (vc2enc.c:567)
==13353==    by 0x8788631: rate_control (vc2enc.c:638)
==13353==    by 0x8696530: worker (pthread_slice.c:93)
==13353==    by 0x40B5F6F: start_thread (pthread_create.c:312)
==13353==    by 0x41B6BED: clone (clone.S:129)
==13353==  If you believe this happened as a result of a stack
==13353==  overflow in your program's main thread (unlikely but
==13353==  possible), you can try to increase the size of the
==13353==  main thread stack using the --main-stacksize= flag.
==13353==  The main thread stack size used in this run was 8388608.
==13353== 
==13353== HEAP SUMMARY:
==13353==     in use at exit: 4,381,759 bytes in 407 blocks
==13353==   total heap usage: 3,914 allocs, 3,507 frees, 50,252,454 bytes allocated
==13353== 
==13353== Thread 1:
==13353== 680 bytes in 5 blocks are possibly lost in loss record 153 of 188
==13353==    at 0x402C109: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13353==    by 0x401117E: allocate_dtv (dl-tls.c:296)
==13353==    by 0x40118EB: _dl_allocate_tls (dl-tls.c:460)
==13353==    by 0x40B67A2: allocate_stack (allocatestack.c:589)
==13353==    by 0x40B67A2: pthread_create@@GLIBC_2.1 (pthread_create.c:500)
==13353==    by 0x81167C9: thread_init_internal (pthread.c:179)
==13353==    by 0x81167C9: ff_graph_thread_init (pthread.c:210)
==13353==    by 0x8106F87: avfilter_graph_alloc_filter (avfiltergraph.c:182)
==13353==    by 0x8114A55: create_filter (graphparser.c:114)
==13353==    by 0x8114A55: parse_filter (graphparser.c:176)
==13353==    by 0x81154BC: avfilter_graph_parse2 (graphparser.c:411)
==13353==    by 0x80DB2DE: configure_filtergraph (ffmpeg_filter.c:1010)
==13353==    by 0x80E4630: transcode_init (ffmpeg.c:3057)
==13353==    by 0x80E88CD: transcode (ffmpeg.c:4114)
==13353==    by 0x80C6AC4: main (ffmpeg.c:4334)
==13353== 
==13353== 680 bytes in 5 blocks are possibly lost in loss record 154 of 188
==13353==    at 0x402C109: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==13353==    by 0x401117E: allocate_dtv (dl-tls.c:296)
==13353==    by 0x40118EB: _dl_allocate_tls (dl-tls.c:460)
==13353==    by 0x40B67A2: allocate_stack (allocatestack.c:589)
==13353==    by 0x40B67A2: pthread_create@@GLIBC_2.1 (pthread_create.c:500)
==13353==    by 0x86969B8: ff_slice_thread_init (pthread_slice.c:231)
==13353==    by 0x8751256: avcodec_open2 (utils.c:1367)
==13353==    by 0x80E303C: init_output_stream (ffmpeg.c:2621)
==13353==    by 0x80E303C: transcode_init (ffmpeg.c:3224)
==13353==    by 0x80E88CD: transcode (ffmpeg.c:4114)
==13353==    by 0x80C6AC4: main (ffmpeg.c:4334)
==13353== 
==13353== LEAK SUMMARY:
==13353==    definitely lost: 0 bytes in 0 blocks
==13353==    indirectly lost: 0 bytes in 0 blocks
==13353==      possibly lost: 1,360 bytes in 10 blocks
==13353==    still reachable: 4,380,399 bytes in 397 blocks
==13353==         suppressed: 0 bytes in 0 blocks
==13353== Reachable blocks (those to which a pointer was found) are not shown.
==13353== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==13353== 
==13353== For counts of detected and suppressed errors, rerun with: -v
==13353== Use --track-origins=yes to see where uninitialised values come from
==13353== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
Killed

Attachments (1)

test.bmp (2.3 MB ) - added by Carl Eugen Hoyos 9 years ago.

Change History (3)

by Carl Eugen Hoyos, 9 years ago

Attachment: test.bmp added

comment:1 by Carl Eugen Hoyos, 9 years ago

Component: undeterminedavcodec
Keywords: vc2 crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

comment:2 by Rostislav Pehlivanov, 9 years ago

Resolution: fixed
Status: openclosed

Fixed in commit 500dc20deed in git master

Thanks for reporting it

Note: See TracTickets for help on using tickets.