[FFmpeg-trac] #7038(avformat:new): Use of uninitialized values in libavformat's hvcc code

FFmpeg trac at avcodec.org
Fri Feb 23 03:04:04 EET 2018


#7038: Use of uninitialized values in libavformat's hvcc code
------------------------------------+------------------------------------
             Reporter:  jamrial     |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  important   |                Component:  avformat
              Version:  git-master  |               Resolution:
             Keywords:  hevc        |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+------------------------------------
Description changed by jamrial:

Old description:

> {{{
> valgrind --track-origins=yes --leak-check=full ./ffmpeg -i $FATE_SAMPLES
> /hevc-conformance/WPP_A_ericsson_MAIN10_2.bit -c:v copy out.mov
> }}}
>
> The above will report a lot of such errors in different functions from
> libavformat/hevc.c

New description:

 {{{
 [jamrial at ArchVM build]$ valgrind --track-origins=yes --leak-check=full
 ./ffmpeg -i /var/tmp/samples/hevc-conformance/WPP_A_ericsson_MAIN10_2.bit
 -c:v copy out.mov
 ==27390== Memcheck, a memory error detector
 ==27390== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
 ==27390== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright
 info
 ==27390== Command: ./ffmpeg -i /var/tmp/samples/hevc-
 conformance/WPP_A_ericsson_MAIN10_2.bit -c:v copy out.mov
 ==27390==
 ffmpeg version N-90141-gaedbb3c72c Copyright (c) 2000-2018 the FFmpeg
 developers
   built with gcc 7.3.0 (GCC)
   configuration: --enable-gpl --valgrind=valgrind --disable-optimizations
 --disable-stripping --prefix=/usr
   libavutil      56.  7.101 / 56.  7.101
   libavcodec     58. 12.102 / 58. 12.102
   libavformat    58.  9.100 / 58.  9.100
   libavdevice    58.  2.100 / 58.  2.100
   libavfilter     7. 12.100 /  7. 12.100
   libswscale      5.  0.101 /  5.  0.101
   libswresample   3.  0.101 /  3.  0.101
   libpostproc    55.  0.100 / 55.  0.100
 [hevc @ 0x6c01c00] missing picture in access unit
 ==27390==    at 0x1569AAE: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303)
 ==27390==    by 0x156A697: av_log_default_callback (log.c:351)
 ==27390==    by 0x156A861: av_vlog (log.c:377)
 ==27390==    by 0x156A809: av_log (log.c:369)
 ==27390==    by 0x1212F8E: parse_nal_units (hevc_parser.c:242)
 ==27390==    by 0x1213211: hevc_parse (hevc_parser.c:316)
 ==27390==    by 0xA5A7A2: av_parser_parse2 (parser.c:250)
 ==27390==    by 0x68CB76: parse_packet (utils.c:1451)
 ==27390==    by 0x68D20A: read_frame_internal (utils.c:1562)
 ==27390==    by 0x694E76: avformat_find_stream_info (utils.c:3733)
 ==27390==    by 0x1E9691: open_input_file (ffmpeg_opt.c:1091)
 ==27390==    by 0x1F31AA: open_files (ffmpeg_opt.c:3202)
 Input #0, hevc, from '/var/tmp/samples/hevc-
 conformance/WPP_A_ericsson_MAIN10_2.bit':
   Duration: N/A, bitrate: N/A
     Stream #0:0: Video: hevc (Main 10), yuv420p10le(tv), 416x240, 25 fps,
 25 tbr, 1200k tbn, 25 tbc
 [mov @ 0x6d26f80] WARNING codec timebase is very high. If duration is too
 long,
 file may not be playable by quicktime. Specify a shorter timebase
 or choose different container.
 Output #0, mov, to 'out.mov':
   Metadata:
     encoder         : Lavf58.9.100
     Stream #0:0: Video: hevc (Main 10) (hev1 / 0x31766568),
 yuv420p10le(tv), 416x240, q=2-31, 25 fps, 25 tbr, 1200k tbn, 1200k tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (copy)
 Press [q] to stop, [?] for help
 [mov @ 0x6d26f80] Timestamps are unset in a packet for stream 0. This is
 deprecated and will stop working in the future. Fix your code to set the
 timestamps properly
 [mov @ 0x6d26f80] pts has no value
     Last message repeated 47 times
 ==27390==    at 0x1569AAE: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6303)
 ==27390==    by 0x156A697: av_log_default_callback (log.c:351)
 ==27390==    by 0x156A861: av_vlog (log.c:377)
 ==27390==    by 0x156A809: av_log (log.c:369)
 ==27390==    by 0x20060D: term_exit (ffmpeg.c:323)
 ==27390==    by 0x2122EA: transcode (ffmpeg.c:4662)
 ==27390==    by 0x212AC0: main (ffmpeg.c:4843)
 ==27390== Conditional jump or move depends on uninitialised value(s)
 ==27390==    at 0x6CA7B1: av_clip_c (common.h:132)
 ==27390==    by 0x6CA7B1: skip_bits_long (get_bits.h:209)
 ==27390==    by 0x6CAD66: get_ue_golomb_long (golomb.h:91)
 ==27390==    by 0x6CB358: hvcc_parse_vui (hevc.c:315)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==
 ==27390== Conditional jump or move depends on uninitialised value(s)
 ==27390==    at 0x6CA7BE: av_clip_c (common.h:133)
 ==27390==    by 0x6CA7BE: skip_bits_long (get_bits.h:209)
 ==27390==    by 0x6CAD66: get_ue_golomb_long (golomb.h:91)
 ==27390==    by 0x6CB358: hvcc_parse_vui (hevc.c:315)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==
 ==27390== Conditional jump or move depends on uninitialised value(s)
 ==27390==    at 0x6CA9EE: get_bits_long (get_bits.h:349)
 ==27390==    by 0x6CAD7C: get_ue_golomb_long (golomb.h:93)
 ==27390==    by 0x6CB358: hvcc_parse_vui (hevc.c:315)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==
 ==27390== Conditional jump or move depends on uninitialised value(s)
 ==27390==    at 0x6CA9FB: get_bits_long (get_bits.h:351)
 ==27390==    by 0x6CAD7C: get_ue_golomb_long (golomb.h:93)
 ==27390==    by 0x6CB358: hvcc_parse_vui (hevc.c:315)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==
 ==27390== Use of uninitialised value of size 8
 ==27390==    at 0x6CA80A: get_bits (get_bits.h:266)
 ==27390==    by 0x6CAA0D: get_bits_long (get_bits.h:352)
 ==27390==    by 0x6CAD7C: get_ue_golomb_long (golomb.h:93)
 ==27390==    by 0x6CB358: hvcc_parse_vui (hevc.c:315)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 ==27390==
 ==27390== Use of uninitialised value of size 8
 ==27390==    at 0x6CA80A: get_bits (get_bits.h:266)
 ==27390==    by 0x6CAA20: get_bits_long (get_bits.h:358)
 ==27390==    by 0x6CAB16: show_bits_long (get_bits.h:403)
 ==27390==    by 0x6CAD43: get_ue_golomb_long (golomb.h:89)
 ==27390==    by 0x6CB364: hvcc_parse_vui (hevc.c:316)
 ==27390==    by 0x6CBBFC: hvcc_parse_sps (hevc.c:583)
 ==27390==    by 0x6CC22A: hvcc_add_nal_unit (hevc.c:784)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==  Uninitialised value was created by a heap allocation
 ==27390==    at 0x4C2F246: memalign (vg_replace_malloc.c:857)
 ==27390==    by 0x4C2F361: posix_memalign (vg_replace_malloc.c:1020)
 ==27390==    by 0x156D1A1: av_malloc (mem.c:87)
 ==27390==    by 0x6CBD50: nal_unit_extract_rbsp (hevc.c:652)
 ==27390==    by 0x6CC156: hvcc_add_nal_unit (hevc.c:754)
 ==27390==    by 0x6CD0E7: ff_isom_write_hvcc (hevc.c:1136)
 ==27390==    by 0x5BB313: mov_write_hvcc_tag (movenc.c:1174)
 ==27390==    by 0x5BEACF: mov_write_video_tag (movenc.c:1972)
 ==27390==    by 0x5BF902: mov_write_stsd_tag (movenc.c:2165)
 ==27390==    by 0x5C0744: mov_write_stbl_tag (movenc.c:2382)
 ==27390==    by 0x5C1ABD: mov_write_minf_tag (movenc.c:2643)
 ==27390==    by 0x5C1E55: mov_write_mdia_tag (movenc.c:2697)
 }}}

--

--
Ticket URL: <https://trac.ffmpeg.org/ticket/7038#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list