[FFmpeg-trac] #10089(undetermined:new): smc enc crash

FFmpeg trac at avcodec.org
Thu Dec 1 22:30:05 EET 2022


#10089: smc enc crash
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:
  undetermined                       |  unspecified
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 https://trac.ffmpeg.org/raw-attachment/ticket/10068/gold2.avi

 {{{
 (gdb) r -i gold2.avi -s 157x333 -vcodec smc -y out.mov
 Starting program: ffmpeg_g -i gold2.avi -s 157x333 -vcodec smc -y out.mov
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 ffmpeg version N-109341-g6b368bcb85 Copyright (c) 2000-2022 the FFmpeg
 developers
   built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
   configuration: --enable-libopenjpeg
   libavutil      57. 43.100 / 57. 43.100
   libavcodec     59. 54.100 / 59. 54.100
   libavformat    59. 34.102 / 59. 34.102
   libavdevice    59.  8.101 / 59.  8.101
   libavfilter     8. 51.100 /  8. 51.100
   libswscale      6.  8.112 /  6.  8.112
   libswresample   4.  9.100 /  4.  9.100
 Input #0, avi, from 'gold2.avi':
   Duration: 00:00:12.00, start: 0.000000, bitrate: 153 kb/s
   Stream #0:0: Video: srgc (srgc / 0x63677273), bgra, 299x171, 149 kb/s,
 15 fps, 15 tbr, 15 tbn
 Stream mapping:
   Stream #0:0 -> #0:0 (srgc (native) -> smc (native))
 Press [q] to stop, [?] for help
 [New Thread 0x7ffff6b6d700 (LWP 18163)]
 [New Thread 0x7ffff636c700 (LWP 18164)]
 [New Thread 0x7ffff5b6b700 (LWP 18165)]
 [New Thread 0x7ffff536a700 (LWP 18166)]
 [New Thread 0x7ffff4b69700 (LWP 18167)]
 [New Thread 0x7fffeffff700 (LWP 18168)]
 [New Thread 0x7fffef7fe700 (LWP 18169)]
 [New Thread 0x7fffeeffd700 (LWP 18170)]
 [New Thread 0x7fffee7fc700 (LWP 18171)]
 [New Thread 0x7fffedffb700 (LWP 18172)]
 [New Thread 0x7fffed7fa700 (LWP 18173)]
 [New Thread 0x7fffecff9700 (LWP 18174)]
 [New Thread 0x7fffec7f8700 (LWP 18175)]
 [New Thread 0x7fffebff7700 (LWP 18176)]
 [New Thread 0x7fffeb7f6700 (LWP 18177)]
 [New Thread 0x7fffeaff5700 (LWP 18178)]
 [New Thread 0x7fffea7f4700 (LWP 18179)]
 Output #0, mov, to 'out.mov':
   Metadata:
     encoder         : Lavf59.34.102
   Stream #0:0: Video: smc (smc  / 0x20636D73), pal8(pc, progressive),
 157x333, q=2-31, 200 kb/s, 15 fps, 15360 tbn
     Metadata:
       encoder         : Lavc59.54.100 smc
 [New Thread 0x7fffe9ff3700 (LWP 18180)]

 --Type <RET> for more, q to quit, c to continue without paging--
 Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 0x0000555555ee1521 in memcpy (__len=18446744073709551613,
     __src=0x5555572a4880, __dest=0x7fffffffd410)
     at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
 34        return __builtin___memcpy_chk (__dest, __src, __len, __bos0
 (__dest));
 (gdb) bt
 #0  0x0000555555ee1521 in memcpy (__len=18446744073709551613,
     __src=0x5555572a4880, __dest=0x7fffffffd410)
     at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
 #1  smc_encode_stream (pb=<synthetic pointer>, frame=<optimized out>,
     s=<optimized out>) at libavcodec/smcenc.c:223
 #2  smc_encode_frame (avctx=<optimized out>, pkt=<optimized out>,
     frame=<optimized out>, got_packet=<optimized out>)
     at libavcodec/smcenc.c:557
 #3  0xffffffffffffffff in ?? ()
 #4  0xffffffffffffffff in ?? ()
 #5  0xffffffffffffffff in ?? ()
 #6  0xffffffffffffffff in ?? ()
 #7  0xffffffffffffffff in ?? ()
 #8  0xffffffffffffffff in ?? ()
 #9  0xffffffffffffffff in ?? ()
 #10 0xffffffffffffffff in ?? ()
 #11 0x000000ffffffffff in ?? ()
 #12 0xffffffffffffffff in ?? ()
 #13 0xffffffffffffffff in ?? ()
 #14 0xffffffffffffffff in ?? ()
 #15 0xffffffffffffffff in ?? ()
 #16 0xffffffffffffffff in ?? ()
 #17 0xffffffffffffffff in ?? ()
 --Type <RET> for more, q to quit, c to continue without paging--
 #18 0xffffffffffffffff in ?? ()
 #19 0xffffffffffffffff in ?? ()
 #20 0xffffffffffffffff in ?? ()
 #21 0xffffffffffffffff in ?? ()
 #22 0xffffffffffffffff in ?? ()
 #23 0xffffffffffffffff in ?? ()
 #24 0xffffffffffffffff in ?? ()
 #25 0xffffffffffffffff in ?? ()
 #26 0xffffffffffffffff in ?? ()
 }}}

 {{{
 ==18059== Invalid write of size 1
 ==18059==    at 0xA95521: memcpy (string_fortified.h:34)
 ==18059==    by 0xA95521: smc_encode_stream (smcenc.c:223)
 ==18059==    by 0xA95521: smc_encode_frame (smcenc.c:557)
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==  Address 0x1fff001000 is not stack'd, malloc'd or (recently)
 free'd
 ==18059==
 ==18059==
 ==18059== Process terminating with default action of signal 11 (SIGSEGV)
 ==18059==  Access not within mapped region at address 0x1FFF001000
 ==18059==    at 0xA95521: memcpy (string_fortified.h:34)
 ==18059==    by 0xA95521: smc_encode_stream (smcenc.c:223)
 ==18059==    by 0xA95521: smc_encode_frame (smcenc.c:557)
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==    by 0xFFFFFFFFFFFFFFFE: ???
 ==18059==  If you believe this happened as a result of a stack
 ==18059==  overflow in your program's main thread (unlikely but
 ==18059==  possible), you can try to increase the size of the
 ==18059==  main thread stack using the --main-stacksize= flag.
 ==18059==  The main thread stack size used in this run was 8388608.
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10089>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list