[FFmpeg-trac] #2850(undetermined:new): ffplay: invalid write with fuzzed rpza
FFmpeg
trac at avcodec.org
Sat Aug 10 14:30:26 CEST 2013
#2850: ffplay: invalid write with fuzzed rpza
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
knoppix at Microknoppix:/media/sdb1$ gdb ffmpeg-HEAD-d4db7c3/ffplay_gGNU gdb
(GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg-HEAD-d4db7c3/ffplay_g...done.
(gdb) r -i fuzzed6.mov -an
Starting program: /media/sdb1/ffmpeg-HEAD-d4db7c3/ffplay_g -i fuzzed6.mov
-an
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffplay version 2.0-d4db7c3 Copyright (c) 2003-2013 the FFmpeg developers
built on Aug 10 2013 08:08:58 with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 52. 41.100 / 52. 41.100
libavcodec 55. 24.100 / 55. 24.100
libavformat 55. 13.102 / 55. 13.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.100 / 3. 82.100
libswscale 2. 4.100 / 2. 4.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[New Thread 0xb73fdb70 (LWP 2918)]
[New Thread 0xb67c1b70 (LWP 2919)]
[New Thread 0xb5ec0b70 (LWP 2920)]
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'fuzzed6.mov': 0B f=0/0
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 21:02:22
Duration: 00:00:05.96, start: 0.000000, bitrate: 903 kb/s
Stream #0:0(eng): Video: rpza (rpza / 0x617A7072), rgb555le, 189x127,
901 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc
Metadata:
creation_time : 2012-03-24 21:02:22
handler_name : Procedura obs�ugi skr�t�w danych Apple
[New Thread 0xb56c0b70 (LWP 2921)]
[rpza @ 0x90f8f00] Unknown opcode 255 in rpza chunk. Skip remaining 1600
bytes of chunk data.
[rpza @ 0x90f8f00] warning: block counter just went negative (this should
not happen)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb56c0b70 (LWP 2921)]
0x080bbf73 in ff_request_frame (link=0x912afe0) at
libavfilter/avfilter.c:335
335 if (link->srcpad->request_frame)
(gdb) bt
#0 0x080bbf73 in ff_request_frame (link=0x912afe0)
at libavfilter/avfilter.c:335
#1 0x080bbffb in ff_request_frame (link=0x9114fc0)
at libavfilter/avfilter.c:338
#2 0x080bbffb in ff_request_frame (link=link at entry=0x912af00)
at libavfilter/avfilter.c:338
#3 0x080c1066 in av_buffersink_get_frame_flags (ctx=ctx at entry=0x91160a0,
frame=0x9114720, flags=0, flags at entry=127) at
libavfilter/buffersink.c:138
#4 0x080a9e08 in video_thread (arg=0xb5ec1020) at ffplay.c:1957
#5 0xb7e004c1 in ?? () from /usr/lib/i386-linux-gnu/libSDL-1.2.so.0
#6 0xb7e49d3b in ?? () from /usr/lib/i386-linux-gnu/libSDL-1.2.so.0
#7 0xb7dda954 in start_thread (arg=0xb56c0b70) at pthread_create.c:304
#8 0xb7d5b95e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb)
}}}
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
d4db7c3/ffplay_g fuzzed6.mov -t 10 -an -autoexit
==8682== Memcheck, a memory error detector
==8682== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==8682== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==8682== Command: ffmpeg-HEAD-d4db7c3/ffplay_g fuzzed6.mov -t 10 -an
-autoexit
==8682==
ffplay version 2.0-d4db7c3 Copyright (c) 2003-2013 the FFmpeg developers
built on Aug 10 2013 08:08:58 with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 52. 41.100 / 52. 41.100
libavcodec 55. 24.100 / 55. 24.100
libavformat 55. 13.102 / 55. 13.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.100 / 3. 82.100
libswscale 2. 4.100 / 2. 4.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'fuzzed6.mov': 0B f=0/0
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 21:02:22
Duration: 00:00:05.96, start: 0.000000, bitrate: 903 kb/s
Stream #0:0(eng): Video: rpza (rpza / 0x617A7072), rgb555le, 189x127,
901 kb, 24 fps, 24 tbr, 1000k tbn, 1000k tbcKB vq= 0KB sq= 0B f=0/0
Metadata:
creation_time : 2012-03-24 21:02:22
handler_name : Procedura obs�ugi skr�t�w danych Apple
[rpza @ 0x4ff0720] Unknown opcode 255 in rpza chunk. Skip remaining 1600
bytes of chunk data.
==8682== Thread 5:4 fd= 0 aq= 0KB vq= 12KB sq= 0B f=0/0
==8682== Invalid write of size 2
==8682== at 0x85E2F53: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de0 is 8 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F57: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de2 is 6 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F5C: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de4 is 4 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F61: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de6 is 2 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F81: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e0 is 8 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F85: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e2 is 10 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F8A: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e4 is 12 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2F8F: rpza_decode_frame (rpza.c:147)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e6 is 14 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] Unknown opcode 243 in rpza chunk. Skip remaining 1402
bytes of chunk data.
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] Unknown opcode 228 in rpza chunk. Skip remaining 2511
bytes of chunk data.
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] Unknown opcode 240 in rpza chunk. Skip remaining 1633
bytes of chunk data.
[rpza @ 0x4ff0720] Unknown opcode 231 in rpza chunk. Skip remaining 2568
bytes of chunk data.
==8682== Invalid write of size 2 0KB vq= 23KB sq= 0B f=0/0
==8682== at 0x85E2CD9: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de0 is 8 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2CF3: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de2 is 6 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2D00: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de4 is 4 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2D0D: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x5005de6 is 2 bytes before a block of size 8 free'd
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x80C7A0F: ff_all_formats (formats.c:346)
==8682== by 0x80BD70A: filter_query_formats (avfiltergraph.c:328)
==8682== by 0x80BD8C2: query_formats (avfiltergraph.c:434)
==8682== by 0x80BEB08: avfilter_graph_config (avfiltergraph.c:1063)
==8682== by 0x80A4B6F: configure_filtergraph (ffplay.c:1755)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2D97: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e0 is 8 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2DB1: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e2 is 10 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2DBE: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e4 is 12 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
==8682== Invalid write of size 2
==8682== at 0x85E2DCB: rpza_decode_frame (rpza.c:196)
==8682== by 0x86661DD: avcodec_decode_video2 (utils.c:1982)
==8682== by 0x80A9593: video_thread (ffplay.c:1675)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x50060e6 is 14 bytes inside a block of size 20 free'd
==8682== at 0x402750C: free (vg_replace_malloc.c:427)
==8682== by 0x4439D6A: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x41F6FF3: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682==
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] warning: block counter just went negative (this should
not happen)
[rpza @ 0x4ff0720] Unknown opcode 248 in rpza chunk. Skip remaining 560
bytes of chunk data.
[rpza @ 0x4ff0720] First chunk byte is 0xa1 instead of 0xe1 f=0/0
[rpza @ 0x4ff0720] Unknown opcode 227 in rpza chunk. Skip remaining 3919
bytes of chunk data.
[rpza @ 0x4ff0720] Unknown opcode 228 in rpza chunk. Skip remaining 2215
bytes of chunk data.
[rpza @ 0x4ff0720] Unknown opcode 234 in rpza chunk. Skip remaining 3113
bytes of chunk data.
[rpza @ 0x4ff0720] MOV chunk size != encoded chunk size; using MOV chunk
size
[rpza @ 0x4ff0720] Unknown opcode 250 in rpza chunk. Skip remaining 2752
bytes of chunk data.
==8682== Invalid read of size 4 0KB vq= 0KB sq= 0B f=0/0
==8682== at 0x422AE5D: pthread_mutex_lock (pthread_mutex_lock.c:50)
==8682== by 0x80CAB77: ff_graph_thread_free (pthread.c:99)
==8682== by 0x80BE5ED: avfilter_graph_free (avfiltergraph.c:116)
==8682== by 0x80A94D4: video_thread (ffplay.c:1985)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682== Address 0x144250c is not stack'd, malloc'd or (recently) free'd
==8682==
[xcb] Unknown sequence number while processing queue
[xcb] Most likely this is a multi-threaded client and XInitThreads has not
been called
[xcb] Aborting, sorry about that.
ffplay_g: ../../src/xcb_io.c:274: poll_for_event: Assertion
`!xcb_xlib_threads_sequence_lost' failed.
==8682==
==8682== HEAP SUMMARY:
==8682== in use at exit: 1,496,408 bytes in 787 blocks
==8682== total heap usage: 18,902 allocs, 18,115 frees, 11,428,777 bytes
allocated
==8682==
==8682== Thread 1:
==8682== 1 bytes in 1 blocks are definitely lost in loss record 1 of 304
==8682== at 0x4028308: malloc (vg_replace_malloc.c:263)
==8682== by 0x443D583: _XlcDefaultMapModifiers (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x443D9CA: XSetLocaleModifiers (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x41C844D: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41B620B: SDL_VideoInit (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x418CF81: SDL_InitSubSystem (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x4252E15: (below main) (libc-start.c:228)
==8682==
==8682== 8 bytes in 1 blocks are definitely lost in loss record 33 of 304
==8682== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==8682== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==8682== by 0x884D097: av_mallocz (mem.c:93)
==8682== by 0x80BE515: avfilter_graph_alloc (avfiltergraph.c:83)
==8682== by 0x80A983B: video_thread (ffplay.c:1930)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682==
==8682== 18 bytes in 2 blocks are definitely lost in loss record 79 of 304
==8682== at 0x4028308: malloc (vg_replace_malloc.c:263)
==8682== by 0x42B49FF: strdup (strdup.c:43)
==8682== by 0x444D069: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x444D64D: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x444E187: _XimSetICValueData (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x44491C1: _XimLocalCreateIC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x442D754: XCreateIC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x41C844D: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41B620B: SDL_VideoInit (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x418CF81: SDL_InitSubSystem (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x4252E15: (below main) (libc-start.c:228)
==8682==
==8682== 112 (8 direct, 104 indirect) bytes in 1 blocks are definitely
lost in loss record 235 of 304
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x4433131: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x4433604: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x443513D: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x4435A3B: _XlcCreateLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x4454679: _XlcDefaultLoader (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x443D7BC: _XOpenLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x443D921: _XlcCurrentLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x41C844D: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41B620B: SDL_VideoInit (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x418CF81: SDL_InitSubSystem (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x4252E15: (below main) (libc-start.c:228)
==8682==
==8682== 144 bytes in 1 blocks are possibly lost in loss record 244 of 304
==8682== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==8682== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==8682== by 0x42292A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==8682== by 0x41DFDBE: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41965B6: SDL_CreateThread (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41E264E: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x4252E15: (below main) (libc-start.c:228)
==8682==
==8682== 144 bytes in 1 blocks are possibly lost in loss record 245 of 304
==8682== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==8682== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==8682== by 0x42292A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==8682== by 0x41DFDBE: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41965B6: SDL_CreateThread (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x80A22AF: main (ffplay.c:3031)
==8682==
==8682== 144 bytes in 1 blocks are possibly lost in loss record 246 of 304
==8682== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==8682== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==8682== by 0x42292A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==8682== by 0x41DFDBE: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41965B6: SDL_CreateThread (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x80AA6F0: stream_component_open (ffplay.c:2579)
==8682== by 0x80AC546: read_thread (ffplay.c:2815)
==8682== by 0x41964C0: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41DFD3A: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x431095D: clone (clone.S:130)
==8682==
==8682== 980 (68 direct, 912 indirect) bytes in 1 blocks are definitely
lost in loss record 273 of 304
==8682== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==8682== by 0x4433131: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x4433604: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x443513D: ??? (in /usr/lib/i386-linux-gnu/libX11.so.6.3.0)
==8682== by 0x4435A3B: _XlcCreateLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x4458797: _XlcUtf8Loader (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x443D7BC: _XOpenLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x443D921: _XlcCurrentLC (in /usr/lib/i386-linux-
gnu/libX11.so.6.3.0)
==8682== by 0x41C844D: ??? (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x41B620B: SDL_VideoInit (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x418CF81: SDL_InitSubSystem (in /usr/lib/i386-linux-
gnu/libSDL-1.2.so.0.11.4)
==8682== by 0x4252E15: (below main) (libc-start.c:228)
==8682==
==8682== LEAK SUMMARY:
==8682== definitely lost: 103 bytes in 6 blocks
==8682== indirectly lost: 1,016 bytes in 38 blocks
==8682== possibly lost: 432 bytes in 3 blocks
==8682== still reachable: 1,494,857 bytes in 740 blocks
==8682== suppressed: 0 bytes in 0 blocks
==8682== Reachable blocks (those to which a pointer was found) are not
shown.
==8682== To see them, rerun with: --leak-check=full --show-reachable=yes
==8682==
==8682== For counts of detected and suppressed errors, rerun with: -v
==8682== ERROR SUMMARY: 89 errors from 25 contexts (suppressed: 247 from
11)
Killed
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2850>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list