[FFmpeg-trac] #4386(undetermined:new): exr piz: crash

FFmpeg trac at avcodec.org
Wed Mar 25 23:56:40 CET 2015


#4386: exr piz: crash
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  normal       |                Component:
              Version:  unspecified  |  undetermined
             Keywords:               |               Resolution:
             Blocking:               |               Blocked By:
Analyzed by developer:  0            |  Reproduced by developer:  0
-------------------------------------+-------------------------------------

Comment (by ami_stuff):

 {{{
 (gdb) r -i 96_PIZ_RGB.exr -f null -
 Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.7 (Debian 4.7.2-4)
   configuration: --disable-ffprobe --disable-ffserver --enable-gpl
   libavutil      54. 20.101 / 54. 20.101
   libavcodec     56. 30.100 / 56. 30.100
   libavformat    56. 26.101 / 56. 26.101
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 13.101 /  5. 13.101
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 Input #0, exr_pipe, from '96_PIZ_RGB.exr':
   Duration: N/A, bitrate: N/A
     Stream #0:0: Video: exr, rgb48le, 1024x768 [SAR 1:1 DAR 4:3], 25 tbr,
 25 tbn, 25 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf56.26.101
     Stream #0:0: Video: rawvideo (RGB0 / 0x30424752), rgb48le, 1024x768
 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
     Metadata:
       encoder         : Lavc56.30.100 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (exr (native) -> rawvideo (native))
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
 5198    malloc.c: No such file or directory.
 (gdb) bt
 #0  0xb7e8cace in malloc_consolidate (av=<optimized out>) at malloc.c:5198
 #1  0xb7e8edb5 in _int_malloc (av=<optimized out>, bytes=751108096)
     at malloc.c:4402
 #2  0xb7e90037 in _int_memalign (av=<optimized out>, alignment=32,
     bytes=524296) at malloc.c:5521
 #3  0xb7e917f4 in *__GI___libc_memalign (alignment=32, bytes=524296)
     at malloc.c:3895
 #4  0xb7e91a59 in __posix_memalign (memptr=memptr at entry=0xbffff0dc,
     alignment=759508229, alignment at entry=32, size=131104,
 size at entry=524296)
     at malloc.c:6344
 #5  0x08b408c8 in av_malloc (size=524296) at libavutil/mem.c:95
 #6  av_mallocz (size=size at entry=524296) at libavutil/mem.c:252
 #7  0x08382daf in av_mallocz_array (size=8, nmemb=65537)
     at ./libavutil/mem.h:232
 #8  huf_uncompress (dst_size=98304, dst=0x95a5000, gb=<synthetic pointer>)
     at libavcodec/exr.c:574
 #9  piz_uncompress (td=0x9542c40, dsize=98304, ssize=<optimized out>,
     src=<optimized out>, s=0x9551f00) at libavcodec/exr.c:745
 #10 decode_block (avctx=0x9542ce0, tdata=0x9542c40, jobnr=0, threadnr=0)
     at libavcodec/exr.c:884
 #11 0x087b9f50 in avcodec_default_execute2 (c=0x9542ce0,
     func=0x8382330 <decode_block>, arg=0x9542c40, ret=0x0, count=24)
     at libavcodec/utils.c:1117
 ---Type <return> to continue, or q <return> to quit---
 #12 0x08381eee in decode_frame (avctx=0x9542ce0, data=0x95445e0,
     got_frame=0xbffff594, avpkt=0xbffff308) at libavcodec/exr.c:1331
 #13 0x087bb69e in avcodec_decode_video2 (avctx=0x9542ce0,
     picture=picture at entry=0x95445e0,
     got_picture_ptr=got_picture_ptr at entry=0xbffff594,
     avpkt=avpkt at entry=0xbffff840) at libavcodec/utils.c:2376
 #14 0x080d1c3c in decode_video (ist=ist at entry=0x9542a00,
     pkt=pkt at entry=0xbffff840, got_output=got_output at entry=0xbffff594)
     at ffmpeg.c:1960
 #15 0x080d9f3e in process_input_packet (pkt=0xbffff7e8, ist=0x9542a00)
     at ffmpeg.c:2208
 #16 process_input (file_index=0) at ffmpeg.c:3708
 #17 transcode_step () at ffmpeg.c:3802
 #18 transcode () at ffmpeg.c:3854
 #19 0x080b9e36 in main (argc=<optimized out>, argv=<optimized out>)
     at ffmpeg.c:4036
 (gdb)
 }}}

 {{{
 knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full
 ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
 ==2549== Memcheck, a memory error detector
 ==2549== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==2549== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
 ==2549== Command: ffmpeg/ffmpeg_g -i 96_PIZ_RGB.exr -f null -
 ==2549==
 ffmpeg version 2.6.git Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.7 (Debian 4.7.2-4)
   configuration: --disable-ffprobe --disable-ffserver --enable-gpl
   libavutil      54. 20.101 / 54. 20.101
   libavcodec     56. 30.100 / 56. 30.100
   libavformat    56. 26.101 / 56. 26.101
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 13.101 /  5. 13.101
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 ==2549== Invalid write of size 4
 ==2549==    at 0x402ABFD: memset (mc_replace_strmem.c:966)
 ==2549==    by 0x8382CE6: decode_block (exr.c:325)
 ==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
 ==2549==    by 0x8381EED: decode_frame (exr.c:1331)
 ==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
 ==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
 ==2549==    by 0xFFFFFFFE: ???
 ==2549==  Address 0x4417ea0 is 0 bytes after a block of size 131,072
 alloc'd
 ==2549==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==2549==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==2549==    by 0x8B405E7: av_malloc (mem.c:95)
 ==2549==    by 0x838320A: decode_block (exr.c:723)
 ==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
 ==2549==    by 0x8381EED: decode_frame (exr.c:1331)
 ==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
 ==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
 ==2549==    by 0xFFFFFFFE: ???
 ==2549==
 ==2549== Invalid write of size 1
 ==2549==    at 0x402AC10: memset (mc_replace_strmem.c:966)
 ==2549==    by 0x8382CE6: decode_block (exr.c:325)
 ==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
 ==2549==    by 0x8381EED: decode_frame (exr.c:1331)
 ==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
 ==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
 ==2549==    by 0xFFFFFFFE: ???
 ==2549==  Address 0x4418070 is not stack'd, malloc'd or (recently) free'd
 ==2549==

 valgrind: m_mallocfree.c:266 (mk_plain_bszB): Assertion 'bszB != 0'
 failed.
 valgrind: This is probably caused by your program erroneously writing past
 the
 end of a heap block and corrupting heap metadata.  If you fix any
 invalid writes reported by Memcheck, this assertion failure will
 probably go away.  Please try that before reporting this as a bug.

 ==2549==    at 0x3803D043: report_and_quit (m_libcassert.c:210)
 ==2549==    by 0x3803D162: vgPlain_assert_fail (m_libcassert.c:284)
 ==2549==    by 0x380007D6: mk_plain_bszB.part.5 (m_mallocfree.c:266)
 ==2549==    by 0x3804A72A: vgPlain_arena_malloc (m_mallocfree.c:1511)
 ==2549==    by 0x3804B20A: vgPlain_arena_memalign (m_mallocfree.c:1892)
 ==2549==    by 0x380843DB: vgPlain_cli_malloc (replacemalloc_core.c:86)
 ==2549==    by 0x38016112: vgMemCheck_new_block (mc_malloc_wrappers.c:248)
 ==2549==    by 0x38016414: vgMemCheck_memalign (mc_malloc_wrappers.c:315)
 ==2549==    by 0x38086BBC: vgPlain_scheduler (scheduler.c:1469)
 ==2549==    by 0x38098C07: run_a_thread_NORETURN (syswrap-linux.c:98)

 sched status:
   running_tid=1

 Thread 1: status = VgTs_Runnable
 ==2549==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==2549==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==2549==    by 0x8B408C7: av_mallocz (mem.c:95)
 ==2549==    by 0x8382DAE: decode_block (mem.h:232)
 ==2549==    by 0x87B9F4F: avcodec_default_execute2 (utils.c:1117)
 ==2549==    by 0x8381EED: decode_frame (exr.c:1331)
 ==2549==    by 0x87BB69D: avcodec_decode_video2 (utils.c:2376)
 ==2549==    by 0x82C8C7A: try_decode_frame (utils.c:2658)
 ==2549==    by 0xFFFFFFFE: ???


 Note: see also the FAQ in the source distribution.
 It contains workarounds to several common problems.
 In particular, if Valgrind aborted or crashed after
 identifying problems in your program, there's a good chance
 that fixing those problems will prevent Valgrind aborting or
 crashing, especially if it happened in m_mallocfree.c.

 If that doesn't help, please report this bug to: www.valgrind.org

 In the bug report, send all the above text, the valgrind
 version, and what OS and version you are using.  Thanks.
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4386#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list