[FFmpeg-trac] #3387(avcodec:new): Out of bound memory accesses with png encoder (and possibly crashes)

FFmpeg trac at avcodec.org
Sat Feb 15 15:46:37 CET 2014 

#3387: Out of bound memory accesses with png encoder (and possibly crashes)
---------------------------------+--------------------------------------
             Reporter:  gjdfgh   |                     Type:  defect
               Status:  new      |                 Priority:  important
            Component:  avcodec  |                  Version:  git-master
             Keywords:           |               Blocked By:
             Blocking:           |  Reproduced by developer:  0
Analyzed by developer:  0        |
---------------------------------+--------------------------------------
 Summary of the bug:
 How to reproduce:
 {{{
 % ffmpeg -i in.mkv -pred 5 -compression_level 7 out%03d.png
 }}}
 This results in out of bound accesses as reported by valgrind:
 {{{
 ==6850== Invalid read of size 8
 ==6850==    at 0x86E352D: diff_bytes_mmx (dsputilenc_mmx.c:667)
 ==6850==    by 0x8570D4C: png_filter_row.isra.0 (pngenc.c:126)
 ==6850==    by 0x8570DFB: png_choose_filter (pngenc.c:170)
 ==6850==    by 0x8571306: encode_frame (pngenc.c:393)
 ==6850==    by 0x86159C3: avcodec_encode_video2 (utils.c:1890)
 ==6850==    by 0x8778CDA: worker (frame_thread_encoder.c:93)
 ==6850==    by 0x470DCF0: start_thread (pthread_create.c:311)
 ==6850==    by 0x4811C3D: clone (clone.S:131)
 ==6850==  Address 0xc62205d is 3 bytes before a block of size 2,959,903
 alloc'd
 ==6850==    at 0x402AF50: memalign (in
 /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
 ==6850==    by 0x402B07E: posix_memalign (in
 /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
 ==6850==    by 0x8879EF7: av_malloc (mem.c:94)
 ==6850==    by 0x886B469: av_buffer_allocz (buffer.c:70)
 ==6850==    by 0x886BB40: av_buffer_pool_get (buffer.c:305)
 ==6850==    by 0x861389B: avcodec_default_get_buffer2 (utils.c:677)
 ==6850==    by 0x8614694: ff_get_buffer (utils.c:973)
 ==6850==    by 0x877935A: ff_thread_video_encode_frame
 (frame_thread_encoder.c:250)
 ==6850==    by 0x8615AE1: avcodec_encode_video2 (utils.c:1873)
 ==6850==    by 0x80D02D4: reap_filters (ffmpeg.c:997)
 ==6850==    by 0x80B70B3: main (ffmpeg.c:3375)
 ==6850==
 }}}

 I suspect this is also the cause of mysterious sporadic crashes on OSX
 when encoding png reported by some of my users.

 Tested with git 89c5de6.

 Patches should be submitted to the ffmpeg-devel mailing list and not this
 bug tracker.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3387>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list