[FFmpeg-trac] #4386(undetermined:new): exr piz: crash
FFmpeg
trac at avcodec.org
Wed Mar 25 23:56:40 CET 2015
#4386: exr piz: crash
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: unspecified | undetermined
Keywords: | Resolution:
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Comment (by ami_stuff):
{{{
(gdb) r -i 96_PIZ_RGB.exr -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-ffprobe --disable-ffserver --enable-gpl
libavutil 54. 20.101 / 54. 20.101
libavcodec 56. 30.100 / 56. 30.100
libavformat 56. 26.101 / 56. 26.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 13.101 / 5. 13.101
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
Input #0, exr_pipe, from '96_PIZ_RGB.exr':
Duration: N/A, bitrate: N/A
Stream #0:0: Video: exr, rgb48le, 1024x768 [SAR 1:1 DAR 4:3], 25 tbr,
25 tbn, 25 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf56.26.101
Stream #0:0: Video: rawvideo (RGB0 / 0x30424752), rgb48le, 1024x768
[SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
Metadata:
encoder : Lavc56.30.100 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (exr (native) -> rawvideo (native))
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
5198 malloc.c: No such file or directory.
(gdb) bt
#0 0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
#1 0xb7e8edb5 in _int_malloc (av=<optimized out>, bytes=751108096)
at malloc.c:4402
#2 0xb7e90037 in _int_memalign (av=<optimized out>, alignment=32,
bytes=524296) at malloc.c:5521
#3 0xb7e917f4 in *__GI___libc_memalign (alignment=32, bytes=524296)
at malloc.c:3895
#4 0xb7e91a59 in __posix_memalign (memptr=memptr at entry=0xbffff0dc,
alignment=759508229, alignment at entry=32, size=131104,
size at entry=524296)
at malloc.c:6344
#5 0x08b408c8 in av_malloc (size=524296) at libavutil/mem.c:95
#6 av_mallocz (size=size at entry=524296) at libavutil/mem.c:252
#7 0x08382daf in av_mallocz_array (size=8, nmemb=65537)
at ./libavutil/mem.h:232
#8 huf_uncompress (dst_size=98304, dst=0x95a5000, gb=<synthetic pointer>)
at libavcodec/exr.c:574
#9 piz_uncompress (td=0x9542c40, dsize=98304, ssize=<optimized out>,
src=<optimized out>, s=0x9551f00) at libavcodec/exr.c:745
#10 decode_block (avctx=0x9542ce0, tdata=0x9542c40, jobnr=0, threadnr=0)
at libavcodec/exr.c:884
#11 0x087b9f50 in avcodec_default_execute2 (c=0x9542ce0,
func=0x8382330 <decode_block>, arg=0x9542c40, ret=0x0, count=24)
at libavcodec/utils.c:1117
---Type <return> to continue, or q <return> to quit---
#12 0x08381eee in decode_frame (avctx=0x9542ce0, data=0x95445e0,
got_frame=0xbffff594, avpkt=0xbffff308) at libavcodec/exr.c:1331
#13 0x087bb69e in avcodec_decode_video2 (avctx=0x9542ce0,
picture=picture at entry=0x95445e0,
got_picture_ptr=got_picture_ptr at entry=0xbffff594,
avpkt=avpkt at entry=0xbffff840) at libavcodec/utils.c:2376
#14 0x080d1c3c in decode_video (ist=ist at entry=0x9542a00,
pkt=pkt at entry=0xbffff840, got_output=got_output at entry=0xbffff594)
at ffmpeg.c:1960
#15 0x080d9f3e in process_input_packet (pkt=0xbffff7e8, ist=0x9542a00)
at ffmpeg.c:2208
#16 process_input (file_index=0) at ffmpeg.c:3708
#17 transcode_step () at ffmpeg.c:3802
#18 transcode () at ffmpeg.c:3854
#19 0x080b9e36 in main (argc=<optimized out>, argv=<optimized out>)
at ffmpeg.c:4036
(gdb)
}}}
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full
ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
==2549== Memcheck, a memory error detector
==2549== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2549== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2549== Command: ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
==2549==
ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-ffprobe --disable-ffserver --enable-gpl
libavutil 54. 20.101 / 54. 20.101
libavcodec 56. 30.100 / 56. 30.100
libavformat 56. 26.101 / 56. 26.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 13.101 / 5. 13.101
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
==2549== Invalid write of size 4
==2549== at 0x402ABFD: memset (mc_replace_strmem.c:966)
==2549== by 0x8382CE6: decode_block (exr.c:325)
==2549== by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549== by 0x8381EED: decode_frame (exr.c:1331)
==2549== by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549== by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549== by 0xFFFFFFFE: ???
==2549== Address 0x4417ea0 is 0 bytes after a block of size 131,072
alloc'd
==2549== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==2549== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==2549== by 0x8B405E7: av_malloc (mem.c:95)
==2549== by 0x838320A: decode_block (exr.c:723)
==2549== by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549== by 0x8381EED: decode_frame (exr.c:1331)
==2549== by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549== by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549== by 0xFFFFFFFE: ???
==2549==
==2549== Invalid write of size 1
==2549== at 0x402AC10: memset (mc_replace_strmem.c:966)
==2549== by 0x8382CE6: decode_block (exr.c:325)
==2549== by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549== by 0x8381EED: decode_frame (exr.c:1331)
==2549== by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549== by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549== by 0xFFFFFFFE: ???
==2549== Address 0x4418070 is not stack'd, malloc'd or (recently) free'd
==2549==
valgrind: m_mallocfree.c:266 (mk_plain_bszB): Assertion 'bszB != 0'
failed.
valgrind: This is probably caused by your program erroneously writing past
the
end of a heap block and corrupting heap metadata. If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away. Please try that before reporting this as a bug.
==2549== at 0x3803D043: report_and_quit (m_libcassert.c:210)
==2549== by 0x3803D162: vgPlain_assert_fail (m_libcassert.c:284)
==2549== by 0x380007D6: mk_plain_bszB.part.5 (m_mallocfree.c:266)
==2549== by 0x3804A72A: vgPlain_arena_malloc (m_mallocfree.c:1511)
==2549== by 0x3804B20A: vgPlain_arena_memalign (m_mallocfree.c:1892)
==2549== by 0x380843DB: vgPlain_cli_malloc (replacemalloc_core.c:86)
==2549== by 0x38016112: vgMemCheck_new_block (mc_malloc_wrappers.c:248)
==2549== by 0x38016414: vgMemCheck_memalign (mc_malloc_wrappers.c:315)
==2549== by 0x38086BBC: vgPlain_scheduler (scheduler.c:1469)
==2549== by 0x38098C07: run_a_thread_NORETURN (syswrap-linux.c:98)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==2549== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==2549== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==2549== by 0x8B408C7: av_mallocz (mem.c:95)
==2549== by 0x8382DAE: decode_block (mem.h:232)
==2549== by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
==2549== by 0x8381EED: decode_frame (exr.c:1331)
==2549== by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
==2549== by 0x82C8C7A: try_decode_frame (utils.c:2658)
==2549== by 0xFFFFFFFE: ???
Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.
If that doesn't help, please report this bug to: www.valgrind.org
In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4386#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list