[FFmpeg-trac] #3462(undetermined:new): cinepakenc: invalid read

FFmpeg trac at avcodec.org
Fri Mar 14 22:00:38 CET 2014 

#3462: cinepakenc: invalid read
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 (gdb) r -i 2.tif -vcodec cinepak out.avi
 Starting program: /media/sdb1/ffmpeg-HEAD-7d7487e/ffmpeg_g -i 2.tif
 -vcodec cinepak out.avi
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.2.git-7d7487e Copyright (c) 2000-2014 the FFmpeg
 developers
   built on Mar 13 2014 12:14:03 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --disable-ffprobe --disable-ffserver
 --enable-gpl
   libavutil      52. 66.101 / 52. 66.101
   libavcodec     55. 52.102 / 55. 52.102
   libavformat    55. 34.101 / 55. 34.101
   libavdevice    55. 11.100 / 55. 11.100
   libavfilter     4.  3.100 /  4.  3.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 18.100 /  0. 18.100
   libpostproc    52.  3.100 / 52.  3.100
 Input #0, image2, from '2.tif':
   Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: tiff, monob, 2048x2048, 25 tbr, 25 tbn, 25 tbc
 [New Thread 0xb7db5b70 (LWP 2937)]
 [New Thread 0xb75b5b70 (LWP 2938)]
 [New Thread 0xb6db5b70 (LWP 2939)]
 [New Thread 0xb65b5b70 (LWP 2940)]
 [New Thread 0xb5db5b70 (LWP 2941)]
 [New Thread 0xb55b5b70 (LWP 2942)]
 [New Thread 0xb4db5b70 (LWP 2943)]
 [New Thread 0xb45b5b70 (LWP 2944)]
 [New Thread 0xb3db5b70 (LWP 2945)]
 [New Thread 0xb086bb70 (LWP 2946)]
 [New Thread 0xb006bb70 (LWP 2947)]
 [New Thread 0xaf86bb70 (LWP 2948)]
 [New Thread 0xaf06bb70 (LWP 2949)]
 [New Thread 0xae86bb70 (LWP 2950)]
 [New Thread 0xae06bb70 (LWP 2951)]
 [New Thread 0xad86bb70 (LWP 2952)]
 [New Thread 0xad06bb70 (LWP 2953)]
 [New Thread 0xac86bb70 (LWP 2954)]
 Output #0, avi, to 'out.avi':
   Metadata:
     ISFT            : Lavf55.34.101
     Stream #0:0: Video: cinepak (cvid / 0x64697663), gray, 2048x2048,
 q=2-31, 200 kb/s, 25 tbn, 25 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (tiff -> cinepak)
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 get_high_utility_cell (elbg=<synthetic pointer>) at libavcodec/elbg.c:112
 112         while (elbg->utility_inc[i] < r)
 (gdb) bt
 #0  get_high_utility_cell (elbg=<synthetic pointer>) at
 libavcodec/elbg.c:112
 #1  do_shiftings (elbg=<optimized out>) at libavcodec/elbg.c:317
 #2  avpriv_do_elbg (points=0xb25b5020, dim=4, numpoints=471444,
     codebook=0xbfffda64, numCB=4, max_steps=1, closest_cb=0xb21b4020,
     rand_state=0x92d0148) at libavcodec/elbg.c:411
 #3  0x082b5196 in quantize (s=s at entry=0x92d0100, h=h at entry=1024,
     pict=pict at entry=0xbffff340, info=info at entry=0xbfffc264,
 encoding=ENC_V4,
     encoding at entry=16, v1mode=0) at libavcodec/cinepakenc.c:856
 #4  0x082b6788 in rd_strip (s=s at entry=0x92d0100, h=1024,
     keyframe=keyframe at entry=1, last_pict=last_pict at entry=0xbffff300,
     pict=pict at entry=0xbffff340,
 scratch_pict=scratch_pict at entry=0xbffff380,
     buf=0xb116d02a "\020\017\230\250",
 best_score=best_score at entry=0xbffff2f8,
     y=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
     at libavcodec/cinepakenc.c:1015
 #5  0x082b77c7 in rd_frame (buf=0xab87a020 "", isakeyframe=1,
 frame=0x9319940,
     s=<optimized out>, buf_size=<optimized out>)
     at libavcodec/cinepakenc.c:1205
 #6  cinepak_encode_frame (avctx=0x92cfb40, pkt=0xbffff778,
 frame=0x9319940,
     got_packet=0xbffff4f4) at libavcodec/cinepakenc.c:1278
 #7  0x086f3575 in avcodec_encode_video2 (avctx=avctx at entry=0x92cfb40,
     avpkt=avpkt at entry=0xbffff778, frame=frame at entry=0x9319940,
     got_packet_ptr=got_packet_ptr at entry=0xbffff4f4) at
 libavcodec/utils.c:1892
 #8  0x080c4725 in do_video_out (in_picture=0x9319940, ost=0x92cff40,
 ---Type <return> to continue, or q <return> to quit---
     s=0x92cf380) at ffmpeg.c:997
 #9  reap_filters () at ffmpeg.c:1157
 #10 0x080ac17c in transcode_from_filter (best_ist=<synthetic pointer>,
     graph=0x92ceae0) at ffmpeg.c:3330
 #11 transcode_step () at ffmpeg.c:3381
 #12 transcode () at ffmpeg.c:3442
 #13 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3622
 (gdb)
 }}}

 {{{
 knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
 7d7487e/ffmpeg_g -i 2.tif -vcodec cinepak out.avi
 ==2895== Memcheck, a memory error detector
 ==2895== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==2895== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
 ==2895== Command: ffmpeg-HEAD-7d7487e/ffmpeg_g -i 2.tif -vcodec cinepak
 out.avi
 ==2895==
 ffmpeg version 2.2.git-7d7487e Copyright (c) 2000-2014 the FFmpeg
 developers
   built on Mar 13 2014 12:14:03 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --disable-ffprobe --disable-ffserver
 --enable-gpl
   libavutil      52. 66.101 / 52. 66.101
   libavcodec     55. 52.102 / 55. 52.102
   libavformat    55. 34.101 / 55. 34.101
   libavdevice    55. 11.100 / 55. 11.100
   libavfilter     4.  3.100 /  4.  3.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 18.100 /  0. 18.100
   libpostproc    52.  3.100 / 52.  3.100
 Input #0, image2, from '2.tif':
   Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: tiff, monob, 2048x2048, 25 tbr, 25 tbn, 25 tbc
 Output #0, avi, to 'out.avi':
   Metadata:
     ISFT            : Lavf55.34.101
     Stream #0:0: Video: cinepak (cvid / 0x64697663), gray, 2048x2048,
 q=2-31, 200 kb/s, 25 tbn, 25 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (tiff -> cinepak)
 Press [q] to stop, [?] for help
 ==2895== Invalid read of size 4
 ==2895==    at 0x8342E6B: avpriv_do_elbg (elbg.c:112)
 ==2895==    by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
 ==2895==  Address 0x158b2210 is 0 bytes after a block of size 16 alloc'd
 ==2895==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==2895==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==2895==    by 0x893B337: av_malloc (mem.c:94)
 ==2895==    by 0x8342B63: avpriv_do_elbg (elbg.c:376)
 ==2895==    by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
 ==2895==
 ==2895== Conditional jump or move depends on uninitialised value(s)
 ==2895==    at 0x8342E75: avpriv_do_elbg (elbg.c:112)
 ==2895==    by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
 ==2895==
 ==2895==
 ==2895== Process terminating with default action of signal 11 (SIGSEGV)
 ==2895==  Access not within mapped region at address 0x158B3000
 ==2895==    at 0x8342E6B: avpriv_do_elbg (elbg.c:112)
 ==2895==    by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
 ==2895==  If you believe this happened as a result of a stack
 ==2895==  overflow in your program's main thread (unlikely but
 ==2895==  possible), you can try to increase the size of the
 ==2895==  main thread stack using the --main-stacksize= flag.
 ==2895==  The main thread stack size used in this run was 8388608.
 ==2895==
 ==2895== HEAP SUMMARY:
 ==2895==     in use at exit: 69,016,706 bytes in 229 blocks
 ==2895==   total heap usage: 3,193 allocs, 2,964 frees, 152,027,251 bytes
 allocated
 ==2895==
 ==2895== 1,296 bytes in 9 blocks are possibly lost in loss record 109 of
 146
 ==2895==    at 0x4026A68: calloc (vg_replace_malloc.c:566)
 ==2895==    by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
 ==2895==    by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
 ==2895==    by 0x80E5351: ff_graph_thread_init (pthread.c:187)
 ==2895==    by 0x80D8B1F: avfilter_graph_alloc_filter
 (avfiltergraph.c:189)
 ==2895==    by 0x422B3DF: ???
 ==2895==
 ==2895== 1,296 bytes in 9 blocks are possibly lost in loss record 110 of
 146
 ==2895==    at 0x4026A68: calloc (vg_replace_malloc.c:566)
 ==2895==    by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
 ==2895==    by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
 ==2895==    by 0x8648BC2: ff_frame_thread_init (pthread_frame.c:710)
 ==2895==    by 0x86F816D: avcodec_open2 (utils.c:1315)
 ==2895==    by 0x80CA721: transcode_init (ffmpeg.c:2145)
 ==2895==    by 0x80AB2DE: main (ffmpeg.c:3413)
 ==2895==
 ==2895== LEAK SUMMARY:
 ==2895==    definitely lost: 0 bytes in 0 blocks
 ==2895==    indirectly lost: 0 bytes in 0 blocks
 ==2895==      possibly lost: 2,592 bytes in 18 blocks
 ==2895==    still reachable: 69,014,114 bytes in 211 blocks
 ==2895==         suppressed: 0 bytes in 0 blocks
 ==2895== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==2895== To see them, rerun with: --leak-check=full --show-reachable=yes
 ==2895==
 ==2895== For counts of detected and suppressed errors, rerun with: -v
 ==2895== Use --track-origins=yes to see where uninitialised values come
 from
 ==2895== ERROR SUMMARY: 895 errors from 4 contexts (suppressed: 59 from 6)
 Killed
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3462>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list