Opened 7 years ago

Closed 7 years ago

#6388 closed defect (invalid)

MSan: use-of-uninitialized-value in ff_get_cpu_flags_x86()

Reported by: tsmith Owned by:
Priority: normal Component: avutil
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

How to reproduce:
Built with MSan or run with Valgrind

% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-86050-g0fbc7a2 Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic

% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-86050-g0fbc7a2 Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic

==21976==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0xea6be0 in ff_get_cpu_flags_x86 FFmpeg/libavutil/x86/cpu.c:106:9
    #1 0xdd3651 in get_cpu_flags FFmpeg/libavutil/cpu.c:59:16
    #2 0xdd3651 in av_get_cpu_flags FFmpeg/libavutil/cpu.c:93
    #3 0xc2d18b in ff_vp9dsp_init_x86 FFmpeg/libavcodec/x86/vp9dsp_init.c:230:17
    #4 0x7bfbe0 in update_size FFmpeg/libavcodec/vp9.c:205:9
    #5 0x7bfbe0 in decode_frame_header FFmpeg/libavcodec/vp9.c:645
    #6 0x7a77d8 in vp9_decode_frame FFmpeg/libavcodec/vp9.c:1113:16
    #7 0x744fdc in decode_simple_internal FFmpeg/libavcodec/decode.c:417:15
    #8 0x744fdc in decode_simple_receive_frame FFmpeg/libavcodec/decode.c:620
    #9 0x744fdc in decode_receive_frame_internal FFmpeg/libavcodec/decode.c:638
    #10 0x741daa in avcodec_send_packet FFmpeg/libavcodec/decode.c:678:15
    #11 0x6edb60 in try_decode_frame FFmpeg/libavformat/utils.c:3004:19
    #12 0x6d98dc in avformat_find_stream_info FFmpeg/libavformat/utils.c:3821:9
    #13 0x4baedc in open_input_file FFmpeg/ffmpeg_opt.c:1013:11
    #14 0x4b608c in open_files FFmpeg/ffmpeg_opt.c:3214:15
    #15 0x4b521d in ffmpeg_parse_options FFmpeg/ffmpeg_opt.c:3254:11
    #16 0x525f67 in main FFmpeg/ffmpeg.c:4771:11
    #17 0x7fab6e3dd82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
    #18 0x41a6a8 in _start (FFmpeg/ffmpeg+0x41a6a8)

  Uninitialized value was created by an allocation of 'max_std_level' in the stack frame of function 'ff_get_cpu_flags_x86'
    #0 0xea5740 in ff_get_cpu_flags_x86 FFmpeg/libavutil/x86/cpu.c:91

built on Ubuntu 16.04 x64 with clang 3.8

Attachments (1)

test_case.ivf (13.9 KB ) - added by tsmith 7 years ago.

Download all attachments as: .zip

Change History (2)

by tsmith, 7 years ago

Attachment: test_case.ivf added

comment:1 by Carl Eugen Hoyos, 7 years ago

Resolution: invalid
Status: newclosed

For future tickets: Please always use unpatched FFmpeg source and provide the complete, uncut console output, not the excerpt that you consider useful. (Your configure line does not allow me to reproduce, I tested with --toolchain=clang-msan.)

I cannot reproduce with valgrind.

The false positive with the clang memory sanitizer can be easily reproduced with make libavutil/tests/cpu && libavutil/tests/cpu. I guess the reason is that initializations through external assembler code are not visible to the memory sanitizer. A possible work-around for you is to compile with --disable-yasm, the internal assembler code is correctly analyzed. Given that the yasm-code isn't covered by your tests anyway (or is it?), I believe this is the sanest solution.

Note: See TracTickets for help on using tickets.