[FFmpeg-trac] #5055(avfilter:open): maskedmerge filter crashes on 64 bit (was: 64bit ffmpeg/ffplay cannot mask gray format using maskedmerge filter)

FFmpeg trac at avcodec.org
Thu Dec 3 18:54:33 CET 2015 

#5055: maskedmerge filter crashes on 64 bit
-------------------------------------+-------------------------------------
             Reporter:  nicol        |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avfilter
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV maskedmerge                |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:  maskedmerge => crash SIGSEGV maskedmerge
 * priority:  normal => important
 * status:  new => open
 * reproduced:  0 => 1


Comment:

 {{{
 $ valgrind ./ffmpeg_g -f lavfi -i color -vf
 "split=3[0][1][2];[2]format=gray[2a];[0][1][2a]maskedmerge" -f null -
 ==16690== Memcheck, a memory error detector
 ==16690== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==16690== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==16690== Command: ./ffmpeg_g -f lavfi -i color -vf
 split=3[0][1][2];[2]format=gray[2a];[0][1][2a]maskedmerge -f null -
 ==16690==
 ffmpeg version N-77003-g64f7db5 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      55.  9.100 / 55.  9.100
   libavcodec     57. 16.101 / 57. 16.101
   libavformat    57. 19.100 / 57. 19.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6. 19.100 /  6. 19.100
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.101 /  2.  0.101
   libpostproc    54.  0.100 / 54.  0.100
 Input #0, lavfi, from 'color':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240
 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.19.100
     Stream #0:0: Video: wrapped_avframe, yuv420p, 320x240 [SAR 1:1 DAR
 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
     Metadata:
       encoder         : Lavc57.16.101 wrapped_avframe
 Stream mapping:
   Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
 Press [q] to stop, [?] for help
 ==16690== Use of uninitialised value of size 8
 ==16690==    at 0x5720AE: ??? (vf_maskedmerge.asm:48)
 ==16690==
 ==16690== Use of uninitialised value of size 8
 ==16690==    at 0x5720B3: ??? (vf_maskedmerge.asm:49)
 ==16690==
 ==16690== Use of uninitialised value of size 8
 ==16690==    at 0x5720B8: ??? (vf_maskedmerge.asm:50)
 ==16690==
 ==16690== Use of uninitialised value of size 8
 ==16690==    at 0x5720EA: ??? (vf_maskedmerge.asm:62)
 ==16690==
 ==16690== Conditional jump or move depends on uninitialised value(s)
 ==16690==    at 0x5720F3: ??? (vf_maskedmerge.asm:64)
 ==16690==
 ==16690== Invalid read of size 8
 ==16690==    at 0x5720B8: ??? (vf_maskedmerge.asm:50)
 ==16690==  Address 0xb905a78 is 81,944 bytes inside a block of size 81,951
 alloc'd
 ==16690==    at 0x4C290FE: memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16690==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16690==    by 0x1004C09: av_malloc (mem.c:97)
 ==16690==    by 0xFF6627: av_buffer_alloc (buffer.c:71)
 ==16690==    by 0xFFE38F: get_video_buffer (frame.c:193)
 ==16690==    by 0x5469F8: ff_get_video_buffer (video.c:55)
 ==16690==    by 0x523560: filter_frame (vf_scale.c:516)
 ==16690==    by 0x4AE0CD: ff_filter_frame_framed (avfilter.c:1080)
 ==16690==    by 0x4AEEDC: ff_filter_frame (avfilter.c:1174)
 ==16690==    by 0x4AE0CD: ff_filter_frame_framed (avfilter.c:1080)
 ==16690==    by 0x4AEEDC: ff_filter_frame (avfilter.c:1174)
 ==16690==    by 0x52385C: filter_frame (vf_scale.c:583)
 ==16690==
 ==16690== Invalid write of size 8
 ==16690==    at 0x5720EA: ??? (vf_maskedmerge.asm:62)
 ==16690==  Address 0xb9243f8 is 81,944 bytes inside a block of size 81,951
 alloc'd
 ==16690==    at 0x4C290FE: memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16690==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16690==    by 0x1004C09: av_malloc (mem.c:97)
 ==16690==    by 0xFF6627: av_buffer_alloc (buffer.c:71)
 ==16690==    by 0xFFE38F: get_video_buffer (frame.c:193)
 ==16690==    by 0x5469F8: ff_get_video_buffer (video.c:55)
 ==16690==    by 0x505632: process_frame (vf_maskedmerge.c:84)
 ==16690==    by 0x56F84D: ff_framesync_process_frame (framesync.c:288)
 ==16690==    by 0x56FA4F: ff_framesync_filter_frame (framesync.c:309)
 ==16690==    by 0x4AE0CD: ff_filter_frame_framed (avfilter.c:1080)
 ==16690==    by 0x4AEEDC: ff_filter_frame (avfilter.c:1174)
 ==16690==    by 0x52385C: filter_frame (vf_scale.c:583)
 ==16834==
 ==16834== Invalid read of size 8
 ==16834==    at 0x5720AE: ??? (vf_maskedmerge.asm:48)
 ==16834==  Address 0xb7b2790 is 0 bytes after a block of size 115,232
 alloc'd
 ==16834==    at 0x4C2ABED: malloc (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16834==    by 0x4C2AD6F: realloc (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16834==    by 0xFF6C59: av_buffer_realloc (buffer.c:176)
 ==16834==    by 0x6DEC6D: av_new_packet (avpacket.c:77)
 ==16834==    by 0x49B9E0: lavfi_read_packet (lavfi.c:434)
 ==16834==    by 0x692B5C: ff_read_packet (utils.c:681)
 ==16834==    by 0x6956A3: read_frame_internal (utils.c:1338)
 ==16834==    by 0x69A40D: avformat_find_stream_info (utils.c:3285)
 ==16834==    by 0x487660: open_input_file (ffmpeg_opt.c:970)
 ==16834==    by 0x481402: open_files.isra.8 (ffmpeg_opt.c:2939)
 ==16834==    by 0x488F80: ffmpeg_parse_options (ffmpeg_opt.c:2976)
 ==16834==    by 0x479AE2: main (ffmpeg.c:4273)
 ==16834==
 ==16834== Invalid read of size 8
 ==16834==    at 0x5720B3: ??? (vf_maskedmerge.asm:49)
 ==16834==  Address 0xb7b2790 is 0 bytes after a block of size 115,232
 alloc'd
 ==16834==    at 0x4C2ABED: malloc (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16834==    by 0x4C2AD6F: realloc (in /usr/lib64/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==16834==    by 0xFF6C59: av_buffer_realloc (buffer.c:176)
 ==16834==    by 0x6DEC6D: av_new_packet (avpacket.c:77)
 ==16834==    by 0x49B9E0: lavfi_read_packet (lavfi.c:434)
 ==16834==    by 0x692B5C: ff_read_packet (utils.c:681)
 ==16834==    by 0x6956A3: read_frame_internal (utils.c:1338)
 ==16834==    by 0x69A40D: avformat_find_stream_info (utils.c:3285)
 ==16834==    by 0x487660: open_input_file (ffmpeg_opt.c:970)
 ==16834==    by 0x481402: open_files.isra.8 (ffmpeg_opt.c:2939)
 ==16834==    by 0x488F80: ffmpeg_parse_options (ffmpeg_opt.c:2976)
 ==16834==    by 0x479AE2: main (ffmpeg.c:4273)
 ==16834==
 ==16834==
 ==16834== Process terminating with default action of signal 11 (SIGSEGV)
 ==16834==  Bad permissions for mapped region at address 0xBB18000
 ==16834==    at 0x5720EA: ??? (vf_maskedmerge.asm:62)
 }}}
 I get no useful backtrace with gdb.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5055#comment:5>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list