[FFmpeg-trac] #10055(undetermined:new): jpeg2000 crash with lowres (ffplay)

FFmpeg trac at avcodec.org
Sat Nov 19 20:08:58 EET 2022 

#10055: jpeg2000 crash with lowres (ffplay)
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:
  undetermined                       |  unspecified
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 {{{
 r -lowres 1 lossy_gray_decomp_levels_5_bitslice_layers_7.jp2
 Starting program: ffplay_g -lowres 1
 lossy_gray_decomp_levels_5_bitslice_layers_7.jp2
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 ffplay version N-109101-g822da7a317 Copyright (c) 2003-2022 the FFmpeg
 developers
   built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
   configuration:
   libavutil      57. 42.100 / 57. 42.100
   libavcodec     59. 52.102 / 59. 52.102
   libavformat    59. 34.101 / 59. 34.101
   libavdevice    59.  8.101 / 59.  8.101
   libavfilter     8. 50.100 /  8. 50.100
   libswscale      6.  8.112 /  6.  8.112
   libswresample   4.  9.100 /  4.  9.100
 [New Thread 0x7ffff6bdd700 (LWP 7126)]
 [New Thread 0x7ffff4176700 (LWP 7127)]
 [New Thread 0x7ffff396c700 (LWP 7128)]
 [New Thread 0x7ffff38a1700 (LWP 7129)]
 [jpeg2000 @ 0x7fffd80025c0] extra cblk styles 1KB sq=    0B f=0/0
 [jpeg2000 @ 0x7fffd80025c0] Selective arithmetic coding bypass
 Input #0, j2k_pipe, from
 'lossy_gray_decomp_levels_5_bitslice_layers_7.jp2':
   Duration: N/A, bitrate: N/A
   Stream #0:0: Video: jpeg2000, gray16le(12 bpc), 999x767, 25 fps, 25 tbr,
 25 tbn
 [New Thread 0x7ffff30a0700 (LWP 7130)]
 [New Thread 0x7ffff289f700 (LWP 7131)]
 [New Thread 0x7ffff209e700 (LWP 7132)]
 [New Thread 0x7ffff189d700 (LWP 7133)]
 [New Thread 0x7ffff109c700 (LWP 7134)]
 [New Thread 0x7ffff089b700 (LWP 7135)]
 [New Thread 0x7fffd3fff700 (LWP 7136)]
 [New Thread 0x7fffd37fe700 (LWP 7137)]
 [New Thread 0x7fffd2ffd700 (LWP 7138)]
 [New Thread 0x7fffd27fc700 (LWP 7139)]
 [jpeg2000 @ 0x7fffd8006f40] extra cblk styles 1
 [jpeg2000 @ 0x7fffd8006f40] Selective arithmetic coding bypass
 double free or corruption (out)    0KB vq=    0KB sq=    0B f=0/0

 Thread 6 "av:jpeg200:df0" received signal SIGABRT, Aborted.
 [Switching to Thread 0x7ffff30a0700 (LWP 7130)]
 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 50      ../sysdeps/unix/sysv/linux/raise.
 (gdb) bt
 #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 #1  0x00007ffff766c859 in __GI_abort () at abort.c:79
 #2  0x00007ffff76d726e in __libc_message (action=action at entry=do_abort,
     fmt=fmt at entry=0x7ffff7801298 "%s\n") at
 ../sysdeps/posix/libc_fatal.c:155
 #3  0x00007ffff76df2fc in malloc_printerr (
     str=str at entry=0x7ffff7803670 "double free or corruption (out)")
     at malloc.c:5347
 #4  0x00007ffff76e0fa0 in _int_free (av=0x7ffff7836b80 <main_arena>,
     p=0x7fffc401a330, have_lock=<optimized out>) at malloc.c:4314
 #5  0x0000555555d18410 in ff_jpeg2000_cleanup (comp=0x7fffc4001900,
     codsty=0x7fffc400090c) at libavcodec/jpeg2000.c:630
 #6  0x0000555555d18cd3 in jpeg2000_dec_cleanup (s=s at entry=0x7fffd8007440)
     at libavcodec/jpeg2000dec.c:2118
 #7  0x0000555555d1f465 in jpeg2000_decode_frame (avctx=<optimized out>,
     picture=<optimized out>, got_frame=<optimized out>, avpkt=<optimized
 out>)
     at libavcodec/jpeg2000dec.c:2553
 #8  0x0000555555e28b96 in frame_worker_thread (arg=0x7fffd8006280)
     at libavcodec/pthread_frame.c:241
 #9  0x00007ffff7844609 in start_thread (arg=<optimized out>)
     at pthread_create.c:477
 #10 0x00007ffff7769133 in clone ()
     at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 (gdb)
 #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 #1  0x00007ffff766c859 in __GI_abort () at abort.c:79
 #2  0x00007ffff76d726e in __libc_message (action=action at entry=do_abort,
     fmt=fmt at entry=0x7ffff7801298 "%s\n") at
 ../sysdeps/posix/libc_fatal.c:155
 #3  0x00007ffff76df2fc in malloc_printerr (
     str=str at entry=0x7ffff7803670 "double free or corruption (out)")
     at malloc.c:5347
 #4  0x00007ffff76e0fa0 in _int_free (av=0x7ffff7836b80 <main_arena>,
     p=0x7fffc401a330, have_lock=<optimized out>) at malloc.c:4314
 #5  0x0000555555d18410 in ff_jpeg2000_cleanup (comp=0x7fffc4001900,
     codsty=0x7fffc400090c) at libavcodec/jpeg2000.c:630
 #6  0x0000555555d18cd3 in jpeg2000_dec_cleanup (s=s at entry=0x7fffd8007440)
     at libavcodec/jpeg2000dec.c:2118
 #7  0x0000555555d1f465 in jpeg2000_decode_frame (avctx=<optimized out>,
     picture=<optimized out>, got_frame=<optimized out>, avpkt=<optimized
 out>)
     at libavcodec/jpeg2000dec.c:2553
 #8  0x0000555555e28b96 in frame_worker_thread (arg=0x7fffd8006280)
     at libavcodec/pthread_frame.c:241
 #9  0x00007ffff7844609 in start_thread (arg=<optimized out>)
     at pthread_create.c:477
 #10 0x00007ffff7769133 in clone ()
     at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 }}}


 {{{
 ==7025== Thread 6 av:jpeg200:df0:  0KB vq=    0KB sq=    0B f=0/0
 ==7025== Invalid write of size 2
 ==7025==    at 0x8CE622: write_frame_16 (jpeg2000dec.c:2078)
 ==7025==    by 0x8CE622: jpeg2000_decode_tile (jpeg2000dec.c:2103)
 ==7025==    by 0x6D3974: avcodec_default_execute2 (avcodec.c:63)
 ==7025==    by 0x8D345C: jpeg2000_decode_frame (jpeg2000dec.c:2551)
 ==7025==    by 0x9DCB95: frame_worker_thread (pthread_frame.c:241)
 ==7025==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==7025==    by 0x50F6132: clone (clone.S:95)
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10055>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list