[FFmpeg-trac] #2645(avcodec:open): mpeg4 encoder potential buffer overflow with certain video dimensions
FFmpeg
trac at avcodec.org
Thu Jun 6 00:37:35 CEST 2013
#2645: mpeg4 encoder potential buffer overflow with certain video dimensions
------------------------------------+-----------------------------------
Reporter: walisser | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: regression | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Changes (by cehoyos):
* keywords: => regression
* priority: normal => important
* status: new => open
* reproduced: 0 => 1
Comment:
Regression since 1e78679
{{{
$ valgrind ./ffmpeg_g -f rawvideo -s 856x480 -i /dev/zero -vcodec
mpeg1video -f null -vframes 2 -
==5806== Memcheck, a memory error detector
==5806== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==5806== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==5806== Command: ./ffmpeg_g -f rawvideo -s 856x480 -i /dev/zero -vcodec
mpeg1video -f null -vframes 2 -
==5806==
ffmpeg version N-53859-g258a05b Copyright (c) 2000-2013 the FFmpeg
developers
built on Jun 6 2013 00:35:52 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 35.100 / 52. 35.100
libavcodec 55. 15.100 / 55. 15.100
libavformat 55. 8.102 / 55. 8.102
libavdevice 55. 2.100 / 55. 2.100
libavfilter 3. 75.101 / 3. 75.101
libswscale 2. 3.100 / 2. 3.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 3.100 / 52. 3.100
Input #0, rawvideo, from '/dev/zero':
Duration: N/A, start: 0.000000, bitrate: 123264 kb/s
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 856x480,
123264 kb/s, 25 tbr, 25 tbn, 25 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.8.102
Stream #0:0: Video: mpeg1video, yuv420p, 856x480, q=2-31, 200 kb/s,
90k tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (rawvideo -> mpeg1video)
Press [q] to stop, [?] for help
==5806== Invalid write of size 8
==5806== at 0xA72853: ff_draw_edges_mmx (dsputil_mmx.c:389)
==5806== by 0x8E77EB: ff_MPV_encode_picture (mpegvideo_enc.c:1063)
==5806== by 0x9C84C6: avcodec_encode_video2 (utils.c:1762)
==5806== by 0x46B675: reap_filters (ffmpeg.c:947)
==5806== by 0x45BF14: main (ffmpeg.c:3162)
==5806== Address 0x74c9eb0 is 0 bytes after a block of size 114,704
alloc'd
==5806== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==5806== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==5806== by 0xBF6F39: av_malloc (mem.c:93)
==5806== by 0xBEAFED: av_buffer_allocz (buffer.c:70)
==5806== by 0xBEB5CB: av_buffer_pool_get (buffer.c:305)
==5806== by 0x9C5546: video_get_buffer (utils.c:550)
==5806== by 0x9C6B4E: get_buffer_internal (utils.c:830)
==5806== by 0x9C7075: ff_get_buffer (utils.c:842)
==5806== by 0x921EDD: ff_thread_get_buffer (pthread.c:923)
==5806== by 0x8CCAA2: ff_alloc_picture (mpegvideo.c:234)
==5806== by 0x8E7651: ff_MPV_encode_picture (mpegvideo_enc.c:1020)
==5806== by 0x9C84C6: avcodec_encode_video2 (utils.c:1762)
==5806==
frame= 2 fps=0.0 q=2.0 Lsize=N/A time=00:00:00.04 bitrate=N/A
video:6kB audio:0kB subtitle:0 global headers:0kB muxing overhead
-100.347496%
==5806==
==5806== HEAP SUMMARY:
==5806== in use at exit: 0 bytes in 0 blocks
==5806== total heap usage: 2,161 allocs, 2,161 frees, 11,511,876 bytes
allocated
==5806==
==5806== All heap blocks were freed -- no leaks are possible
==5806==
==5806== For counts of detected and suppressed errors, rerun with: -v
==5806== ERROR SUMMARY: 4 errors from 1 contexts (suppressed: 2 from 2)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2645#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list