[FFmpeg-trac] #689(avcodec:reopened): invalid reads in iff.c
FFmpeg
trac at avcodec.org
Mon Nov 28 11:52:35 CET 2011
#689: invalid reads in iff.c
------------------------------------+------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: reopened
Priority: normal | Component: avcodec
Version: git-master | Resolution:
Keywords: iff | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
------------------------------------+------------------------------------
Changes (by ami_stuff):
* status: closed => reopened
* resolution: fixed =>
Comment:
There are still invalid writes while testing with FFplay (Peter's valgrid
log).
{{{
ffplay version N-35236-g4704462, Copyright (c) 2003-2011 the FFmpeg
developers
built on Nov 28 2011 20:24:07 with gcc 4.6.2
configuration:
libavutil 51. 29. 1 / 51. 29. 1
libavcodec 53. 38. 1 / 53. 38. 1
libavformat 53. 22. 0 / 53. 22. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 50. 0 / 2. 50. 0
libswscale 2. 1. 0 / 2. 1. 0
[IFF @ 0xc944b00] Estimating duration from bitrate, this may be inaccurate
Input #0, IFF, from '/home/user/bug/A4000T_HAM8.IFF':
Metadata:
comment : $VER: Written by ASDG's Art Department Professional
IFF3.0.1 (03.19.93)
Duration: N/A, bitrate: N/A
Stream #0:0: Video: iff_byterun1 (ILBM / 0x4D424C49), rgba, 628x512,
SAR 1:1 DAR 157:128, 90k tbr, 90k tbn, 90k tbc
[buffersink @ 0xb8a4380] auto-inserting filter 'auto-inserted scale 0'
between the filter 'src' and the filter 'out'
[scale @ 0xb8a4920] w:628 h:512 fmt:rgba -> w:628 h:512 fmt:yuv420p
flags:0x4
4.44 A-V: 0.000 fd= 0 aq= 0KB vq= 0KB sq= 0B f=0/0 0/0
==18169== Memcheck, a memory error detector
==18169== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==18169== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright
info
==18169== Command: ./ffplay_g /home/user/bug/A4000T_HAM8.IFF
==18169== Parent PID: 18011
==18169==
==18169== Thread 4:
==18169== Invalid write of size 4
==18169== at 0x728986: decode_ham_plane32 (iff.c:376)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac30 is 0 bytes after a block of size 1,286,160
alloc'd
==18169== at 0x4C25CB8: memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0x4C25D67: posix_memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0xA320BF: av_malloc (mem.c:90)
==18169== by 0xA2F779: av_image_alloc (imgutils.c:200)
==18169== by 0x449A59: avfilter_default_get_video_buffer
(defaults.c:66)
==18169== by 0x446E78: avfilter_get_video_buffer (avfilter.c:406)
==18169== by 0x438B39: input_get_buffer (ffplay.c:1569)
==18169== by 0x72916E: decode_frame_byterun1 (iff.c:535)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169==
==18169== Invalid write of size 4
==18169== at 0x728994: decode_ham_plane32 (iff.c:376)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac34 is 4 bytes after a block of size 1,286,160
alloc'd
==18169== at 0x4C25CB8: memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0x4C25D67: posix_memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0xA320BF: av_malloc (mem.c:90)
==18169== by 0xA2F779: av_image_alloc (imgutils.c:200)
==18169== by 0x449A59: avfilter_default_get_video_buffer
(defaults.c:66)
==18169== by 0x446E78: avfilter_get_video_buffer (avfilter.c:406)
==18169== by 0x438B39: input_get_buffer (ffplay.c:1569)
==18169== by 0x72916E: decode_frame_byterun1 (iff.c:535)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169==
==18169== Invalid write of size 4
==18169== at 0x7289BD: decode_ham_plane32 (iff.c:377)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac38 is 8 bytes after a block of size 1,286,160
alloc'd
==18169== at 0x4C25CB8: memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0x4C25D67: posix_memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0xA320BF: av_malloc (mem.c:90)
==18169== by 0xA2F779: av_image_alloc (imgutils.c:200)
==18169== by 0x449A59: avfilter_default_get_video_buffer
(defaults.c:66)
==18169== by 0x446E78: avfilter_get_video_buffer (avfilter.c:406)
==18169== by 0x438B39: input_get_buffer (ffplay.c:1569)
==18169== by 0x72916E: decode_frame_byterun1 (iff.c:535)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169==
==18169== Invalid write of size 4
==18169== at 0x7289C8: decode_ham_plane32 (iff.c:377)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac3c is 12 bytes after a block of size 1,286,160
alloc'd
==18169== at 0x4C25CB8: memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0x4C25D67: posix_memalign (in /usr/lib/valgrind
/vgpreload_memcheck-amd64-linux.so)
==18169== by 0xA320BF: av_malloc (mem.c:90)
==18169== by 0xA2F779: av_image_alloc (imgutils.c:200)
==18169== by 0x449A59: avfilter_default_get_video_buffer
(defaults.c:66)
==18169== by 0x446E78: avfilter_get_video_buffer (avfilter.c:406)
==18169== by 0x438B39: input_get_buffer (ffplay.c:1569)
==18169== by 0x72916E: decode_frame_byterun1 (iff.c:535)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169==
==18169== Invalid write of size 4
==18169== at 0x7289F1: decode_ham_plane32 (iff.c:378)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac40 is not stack'd, malloc'd or (recently) free'd
==18169==
==18169== Invalid write of size 4
==18169== at 0x7289FC: decode_ham_plane32 (iff.c:378)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac44 is not stack'd, malloc'd or (recently) free'd
==18169==
==18169== Invalid write of size 4
==18169== at 0x728A29: decode_ham_plane32 (iff.c:379)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac48 is not stack'd, malloc'd or (recently) free'd
==18169==
==18169== Invalid write of size 4
==18169== at 0x728A37: decode_ham_plane32 (iff.c:379)
==18169== by 0x7294D4: decode_frame_byterun1 (iff.c:562)
==18169== by 0x86F9D6: avcodec_decode_video2 (utils.c:825)
==18169== by 0x43B38E: input_request_frame (ffplay.c:1483)
==18169== by 0x447304: avfilter_request_frame (avfilter.c:520)
==18169== by 0x44B8F3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==18169== by 0x43C270: video_thread (ffplay.c:1825)
==18169== by 0x5351C24: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x53981F8: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==18169== by 0x5A7AB3F: start_thread (pthread_create.c:304)
==18169== by 0x5D6536C: clone (clone.S:112)
==18169== Address 0xcb1ac4c is not stack'd, malloc'd or (recently) free'd
==18169==
==18169==
==18169== HEAP SUMMARY:
==18169== in use at exit: 1,835,937 bytes in 555 blocks
==18169== total heap usage: 13,501 allocs, 12,946 frees, 7,069,830 bytes
allocated
==18169==
==18169== LEAK SUMMARY:
==18169== definitely lost: 1,067 bytes in 11 blocks
==18169== indirectly lost: 1,288,656 bytes in 45 blocks
==18169== possibly lost: 491,536 bytes in 1 blocks
==18169== still reachable: 54,678 bytes in 498 blocks
==18169== suppressed: 0 bytes in 0 blocks
==18169== Rerun with --leak-check=full to see details of leaked memory
==18169==
==18169== For counts of detected and suppressed errors, rerun with: -v
==18169== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 6 from 6)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/689#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list