[FFmpeg-trac] #10305(undetermined:new): Segmentation Violation (libavcodec/mpegvideo_enc.c:4446 in dct_quantize_refine)
FFmpeg
trac at avcodec.org
Tue Apr 4 07:25:10 EEST 2023
#10305: Segmentation Violation (libavcodec/mpegvideo_enc.c:4446 in
dct_quantize_refine)
-------------------------------------+-------------------------------------
Reporter: Youngseok | Owner: (none)
Choi |
Type: defect | Status: new
Priority: normal | Component:
| undetermined
Version: git-master | Resolution:
Keywords: fuzzing, | Blocked By:
SIGSEGV |
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Description changed by Youngseok Choi:
Old description:
> Hi, our fuzzer found a new SEGV bug in ffmpeg.
>
> **Command Input**
>
> {{{
> -lowres E -i poc_file -b 1 -alternate_scan true -quantizer_noise_shaping
> 2 -debug nomc .mp4
> }}}
>
> poc_file is attached.
>
> **Command Output**
> {{{
> matched as AVOption 'debug' with argument 'nomc'.
> Reading option '.mp4' ... matched as output url.
> Finished splitting the commandline.
> Parsing a group of options: global .
> Successfully parsed a group of options.
> Parsing a group of options: input url
> /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file.
> Successfully parsed a group of options.
> Opening an input file:
> /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file.
> [NULL @ 0x617000000080] Opening
> '/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file'
> for reading
> [file @ 0x611000000040] Setting default whitelist 'file,crypto,data'
> [h263 @ 0x617000000080] Format h263 detected only with low score of 25,
> misdetection possible!
> [h263 @ 0x617000000080] Before avformat_find_stream_info() pos: 0 bytes
> read:111 seeks:0 nb_streams:1
> [h263 @ 0x619000000580] Format yuv420p chosen by get_format().
> Last message repeated 1 times
> [h263 @ 0x617000000080] After avformat_find_stream_info() pos: 111 bytes
> read:111 seeks:0 frames:3
> Input #0, h263, from
> '/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file':
> Duration: N/A, bitrate: N/A
> Stream #0:0, 3, 1/1200000: Video: h263, 1 reference frame,
> yuv420p(center), 128x96 [SAR 12:11 DAR 16:11], 0/1, 29.97 fps, 29.97 tbr,
> 1200k tbn
> Successfully opened the file.
> Parsing a group of options: output url .mp4.
> Applying option b (video bitrate (please use -b:v)) with argument 1.
> Please use -b:a or -b:v, -b is ambiguous
> Successfully parsed a group of options.
> Opening an output file: .mp4.
> [file @ 0x610000001440] Setting default whitelist 'file,crypto,data'
> Successfully opened the file.
> Stream mapping:
> Stream #0:0 -> #0:0 (h263 (native) -> mpeg4 (native))
> Press [q] to stop, [?] for help
> [vost#0:0/mpeg4 @ 0x618000000080] cur_dts is invalid [init:0 i_done:0
> finish:0] (this is harmless if it occurs once at the start per stream)
> [h263 @ 0x619000002380] Format yuv420p chosen by get_format().
> [h263 @ 0x619000002380] warning: first frame is no keyframe
> [h263 @ 0x619000002380] Error at MB: 2
> detected 16 logical cores
> [graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'video_size' to
> value '16x12'
> [graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'pix_fmt' to
> value '0'
> [graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'time_base' to
> value '1/1200000'
> [graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'pixel_aspect'
> to value '12/11'
> [graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'frame_rate' to
> value '30000/1001'
> [graph 0 input from stream 0:0 @ 0x6110000011c0] w:16 h:12 pixfmt:yuv420p
> tb:1/1200000 fr:30000/1001 sar:12/11
> [format @ 0x611000001440] Setting 'pix_fmts' to value 'yuv420p'
> [AVFilterGraph @ 0x60e000001000] query_formats: 4 queried, 3 merged, 0
> already done, 0 delayed
> [mpeg4 @ 0x619000003780] Bitrate 1 is extremely low, maybe you mean 1k
> [mpeg4 @ 0x619000003780] intra_quant_bias = 0 inter_quant_bias = -64
> [vost#0:0/mpeg4 @ 0x618000000080] The bitrate parameter is set too low.
> It takes bits/s as argument, not kbits/s
> Output #0, mp4, to '.mp4':
> Metadata:
> encoder : Lavf60.4.101
> Stream #0:0, 0, 1/30000: Video: mpeg4, 1 reference frame (mp4v /
> 0x7634706D), yuv420p(progressive, center), 16x12 (0x0) [SAR 12:11 DAR
> 16:11], 0/1, q=2-31, 0 kb/s, 29.97 fps, 30k tbn
> Metadata:
> encoder : Lavc60.9.100 mpeg4
> Side data:
> cpb: bitrate max/min/avg: 0/0/1 buffer size: 0 vbv_delay: N/A
> [vost#0:0/mpeg4 @ 0x618000000080] Clipping frame in rate conversion by
> 0.000008
> [h263 @ 0x619000002380] Reverting picture dimensions change due to header
> decoding failure
> [h263 @ 0x619000002380] header damaged
> Error while decoding stream #0:0: Invalid data found when processing
> input
> [in#0/h263 @ 0x612000000040] EOF while reading input
> [in#0/h263 @ 0x612000000040] Terminating demuxer thread
> [h263 @ 0x619000002380] illegal ac vlc code at 6x1
> [h263 @ 0x619000002380] Error at MB: 15
> [vost#0:0/mpeg4 @ 0x618000000080] *** 1 dup!
> ASAN:DEADLYSIGNAL
> }}}
>
> **Stack Trace** (Asan)
> {{{
> ==18626==ERROR: AddressSanitizer: SEGV on unknown address 0x55555a6cb803
> (pc 0x5555574cadd9 bp 0x7fffffff1770 sp 0x7fffffff1390 T0)
> ==18626==The signal is caused by a READ memory access.
> #0 0x5555574cadd8 in dct_quantize_refine
> libavcodec/mpegvideo_enc.c:4446
> #1 0x5555574b5a71 in encode_mb_internal
> libavcodec/mpegvideo_enc.c:2405
> #2 0x5555574b5a71 in encode_mb libavcodec/mpegvideo_enc.c:2504
> #3 0x5555574b5a71 in encode_thread libavcodec/mpegvideo_enc.c:3431
> #4 0x555556b49002 in avcodec_default_execute libavcodec/avcodec.c:50
> #5 0x5555574c5cff in encode_picture libavcodec/mpegvideo_enc.c:3837
> #6 0x555557490be8 in ff_mpv_encode_picture
> libavcodec/mpegvideo_enc.c:1801
> #7 0x555556e51a6e in ff_encode_encode_cb libavcodec/encode.c:223
> #8 0x555556e525eb in encode_simple_internal libavcodec/encode.c:309
> #9 0x555556e52734 in encode_simple_receive_packet
> libavcodec/encode.c:323
> #10 0x555556e52c71 in encode_receive_packet_internal
> libavcodec/encode.c:357
> #11 0x555556e537e8 in avcodec_send_frame libavcodec/encode.c:506
> #12 0x555555af7260 in encode_frame fftools/ffmpeg.c:904
> #13 0x555555af871d in submit_encode_frame fftools/ffmpeg.c:985
> #14 0x555555afbd7b in do_video_out fftools/ffmpeg.c:1345
> #15 0x555555afc9d6 in reap_filters fftools/ffmpeg.c:1431
> #16 0x555555b1887c in transcode_step fftools/ffmpeg.c:4007
> #17 0x555555b18a9e in transcode fftools/ffmpeg.c:4044
> #18 0x555555b196f8 in main fftools/ffmpeg.c:4182
> #19 0x7ffff5601c86 in __libc_start_main (/lib/x86_64-linux-
> gnu/libc.so.6+0x21c86)
> #20 0x555555a84499 in _start
> (/home/youngseok/subjects/latest_asan_install/ffmpeg/bin/ffmpeg+0x530499)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV libavcodec/mpegvideo_enc.c:4446 in
> dct_quantize_refine
> ==18626==ABORTING
> }}}
>
> **Assembler code around pc**
> {{{
> Dump of assembler code from 0x5555574cadb9 to 0x5555574cadf9:
> 0x00005555574cadb9 <dct_quantize_refine+7013>: test %dl,%dl
> 0x00005555574cadbb <dct_quantize_refine+7015>: setne %sil
> 0x00005555574cadbf <dct_quantize_refine+7019>: mov %rax,%rdi
> 0x00005555574cadc2 <dct_quantize_refine+7022>: and $0x7,%edi
> 0x00005555574cadc5 <dct_quantize_refine+7025>: cmp %dl,%dil
> 0x00005555574cadc8 <dct_quantize_refine+7028>: setge %dl
> 0x00005555574cadcb <dct_quantize_refine+7031>: and %esi,%edx
> 0x00005555574cadcd <dct_quantize_refine+7033>: test %dl,%dl
> 0x00005555574cadcf <dct_quantize_refine+7035>: je
> 0x5555574cadd9 <dct_quantize_refine+7045>
> 0x00005555574cadd1 <dct_quantize_refine+7037>: mov %rax,%rdi
> 0x00005555574cadd4 <dct_quantize_refine+7040>: callq
> 0x555555a83bd0 <__asan_report_load1 at plt>
> => 0x00005555574cadd9 <dct_quantize_refine+7045>: movzbl
> (%rcx),%eax
> 0x00005555574caddc <dct_quantize_refine+7048>: movzbl %al,%esi
> 0x00005555574caddf <dct_quantize_refine+7051>: mov
> -0x36c(%rbp),%eax
> 0x00005555574cade5 <dct_quantize_refine+7057>: shl $0x7,%eax
> 0x00005555574cade8 <dct_quantize_refine+7060>: mov %eax,%edx
> 0x00005555574cadea <dct_quantize_refine+7062>: mov
> -0x34c(%rbp),%eax
> 0x00005555574cadf0 <dct_quantize_refine+7068>: add %edx,%eax
> 0x00005555574cadf2 <dct_quantize_refine+7070>: movslq %eax,%rdx
> 0x00005555574cadf5 <dct_quantize_refine+7073>: mov
> -0x2d0(%rbp),%rax
> End of assembler dump.
> }}}
>
> **Register Info**
> {{{
> rax 0x55555a6cb803 93825077655555
> rbx 0x7fffffff16b0 140737488295600
> rcx 0x55555a6cb803 93825077655555
> rdx 0x0 0
> rsi 0x0 0
> rdi 0x3 3
> rbp 0x7fffffff16d0 0x7fffffff16d0
> rsp 0x7fffffff12f0 0x7fffffff12f0
> r8 0x555559cb58a0 93825067079840
> r9 0x8 8
> r10 0x616000018680 107064944854656
> r11 0x7fffffff40e0 140737488306400
> r12 0xfffffffe282 17592186036866
> r13 0x7fffffff1410 140737488294928
> r14 0x7fffffff1410 140737488294928
> r15 0x7fffffffd070 140737488343152
> rip 0x5555574cadd9 0x5555574cadd9 <dct_quantize_refine+7045>
> eflags 0x10246 [ PF ZF IF RF ]
> cs 0x33 51
> ss 0x2b 43
> ds 0x0 0
> es 0x0 0
> fs 0x0 0
> gs 0x0 0
> st0 <invalid float value> (raw 0xffff00003c1300009729)
> st1 <invalid float value> (raw 0xffff000183990007df82)
> st2 <invalid float value> (raw 0xffff0000000000001f00)
> st3 -nan(0xfff1fff1fff1fff1) (raw 0xfffffff1fff1fff1fff1)
> st4 <invalid float value> (raw 0xffff0000000000000000)
> st5 <invalid float value> (raw 0xffff0200020002000200)
> st6 -nan(0xe6d7e6d70003ab9f) (raw 0xffffe6d7e6d70003ab9f)
> st7 <invalid float value> (raw 0xffff39b6e49d0001e49d)
> fctrl 0x37f 895
> fstat 0x0 0
> ftag 0xaaaa 43690
> fiseg 0x0 0
> fioff 0x0 0
> foseg 0x0 0
> fooff 0x0 0
> fop 0x0 0
> mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
> ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0x85, 0x0,
> 0x38,
> 0x0, 0xdb, 0xff, 0xa9, 0xff, 0x0 <repeats 24 times>}, v16_int16 =
> {0x85, 0x38, 0xffdb, 0xffa9, 0x0 <repeats 12 times>}, v8_int32 =
> {0x380085,
> 0xffa9ffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
> {0xffa9ffdb00380085, 0x0, 0x0, 0x0}, v2_int128 = {0xffa9ffdb00380085,
> 0x0}}
> ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8
> = {0x1d,
> 0x0, 0xfc, 0xff, 0x44, 0x0, 0xe7, 0xff, 0xe, 0x0, 0x14, 0x0, 0x3,
> 0x0, 0xf7, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x1d, 0xfffc,
> 0x44,
> 0xffe7, 0xe, 0x14, 0x3, 0xfff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0}, v8_int32 = {0xfffc001d, 0xffe70044, 0x14000e, 0xfff70003, 0x0, 0x0,
> 0x0,
> 0x0}, v4_int64 = {0xffe70044fffc001d, 0xfff700030014000e, 0x0, 0x0},
> v2_int128 = {0xfff700030014000effe70044fffc001d, 0x0}}
> ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x62, 0x5e,
> 0xdf,
> 0xff, 0x83, 0xb4, 0x11, 0x0, 0x64, 0x9e, 0x64, 0x0, 0x26, 0x4c, 0xf5,
> 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x5e62, 0xffdf, 0xb483, 0x11,
> 0x9e64, 0x64, 0x4c26, 0xfff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0}, v8_int32 = {0xffdf5e62, 0x11b483, 0x649e64, 0xfff54c26, 0x0, 0x0,
> 0x0,
> 0x0}, v4_int64 = {0x11b483ffdf5e62, 0xfff54c2600649e64, 0x0, 0x0},
> v2_int128 = {0xfff54c2600649e640011b483ffdf5e62, 0x0}}
> ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xe, 0x0,
> 0x0, 0x0,
> 0x14, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xf7, 0xff, 0xff, 0xff, 0x0
> <repeats 16 times>}, v16_int16 = {0xe, 0x0, 0x14, 0x0, 0x3, 0x0, 0xfff7,
> 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xe,
> 0x14, 0x3, 0xfffffff7, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x140000000e,
> 0xfffffff700000003, 0x0, 0x0}, v2_int128 =
> {0xfffffff700000003000000140000000e, 0x0}}
> ymm4 {v8_float = {0xc24b42, 0x88000000, 0x0, 0xfffff904, 0x0,
> 0x0, 0x0, 0x0}, v4_double = {0x7fffffffffffffff, 0x8000000000000000, 0x0,
> 0x0}, v32_int8 = {0x42, 0x4b, 0x42, 0x4b, 0x62, 0x68, 0x7e, 0x58,
> 0x46, 0xd7, 0xac, 0x9d, 0x9e, 0x97, 0xdf, 0xc4, 0x0 <repeats 16 times>},
> v16_int16 = {0x4b42, 0x4b42, 0x6862, 0x587e, 0xd746, 0x9dac, 0x979e,
> 0xc4df, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x4b424b42,
> 0x587e6862, 0x9dacd746, 0xc4df979e, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
> {0x587e68624b424b42, 0xc4df979e9dacd746, 0x0, 0x0}, v2_int128 = {
> 0xc4df979e9dacd746587e68624b424b42, 0x0}}
> ymm5 {v8_float = {0xc24b42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x42, 0x4b,
> 0x42, 0x4b, 0x21, 0x3b, 0xc3, 0x14, 0x54, 0x62, 0xba, 0x28, 0x7e,
> 0x58, 0x3d, 0xeb, 0x0 <repeats 16 times>}, v16_int16 = {0x4b42, 0x4b42,
> 0x3b21,
> 0x14c3, 0x6254, 0x28ba, 0x587e, 0xeb3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0x0}, v8_int32 = {0x4b424b42, 0x14c33b21, 0x28ba6254, 0xeb3d587e,
> 0x0,
> 0x0, 0x0, 0x0}, v4_int64 = {0x14c33b214b424b42, 0xeb3d587e28ba6254,
> 0x0, 0x0}, v2_int128 = {0xeb3d587e28ba625414c33b214b424b42, 0x0}}
> ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x1, 0x0, 0x0,
> 0x0, 0x1,
> 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0 <repeats 17 times>},
> v16_int16 = {0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0,
> 0x0,
> 0x0, 0x0, 0x0}, v8_int32 = {0x10000, 0x10000, 0x10000, 0x10000, 0x0,
> 0x0, 0x0, 0x0}, v4_int64 = {0x1000000010000, 0x1000000010000, 0x0, 0x0},
> v2_int128 = {0x10000000100000001000000010000, 0x0}}
> ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xa4, 0xeb,
> 0x2a,
> 0x0, 0x96, 0x74, 0x3, 0x0, 0x2, 0x5d, 0x1, 0x0, 0xe, 0x4a, 0xe9,
> 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xeba4, 0x2a, 0x7496, 0x3,
> 0x5d02,
> 0x1, 0x4a0e, 0xffe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v8_int32 = {0x2aeba4, 0x37496, 0x15d02, 0xffe94a0e, 0x0, 0x0, 0x0, 0x0},
> v4_int64 = {
> 0x37496002aeba4, 0xffe94a0e00015d02, 0x0, 0x0}, v2_int128 =
> {0xffe94a0e00015d0200037496002aeba4, 0x0}}
> ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8
> = {0x80,
> 0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff,
> 0x80, 0xff, 0x80, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff80,
> 0xff80,
> 0xff80, 0xff80, 0xff80, 0xff80, 0xff80, 0xff80, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff80ff80, 0xff80ff80, 0xff80ff80,
> 0xff80ff80, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff80ff80ff80ff80,
> 0xff80ff80ff80ff80, 0x0, 0x0}, v2_int128 =
> {0xff80ff80ff80ff80ff80ff80ff80ff80,
> 0x0}}
> ymm9 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0xe0,
> 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0,
> 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0,
> 0x0,
> 0x0}, v4_int64 = {0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 =
> {0x3fe0000000000000, 0x0}}
> ymm10 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0xe0,
> 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0,
> 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0,
> 0x0,
> 0x0}, v4_int64 = {0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 =
> {0x3fe0000000000000, 0x0}}
> ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xcd, 0x96, 0xee, 0x94,
> 0x5b, 0x7c,
> 0x18, 0x3e, 0x0 <repeats 24 times>}, v16_int16 = {0x96cd, 0x94ee,
> 0x7c5b, 0x3e18, 0x0 <repeats 12 times>}, v8_int32 = {0x94ee96cd,
> 0x3e187c5b,
> 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3e187c5b94ee96cd, 0x0,
> 0x0, 0x0}, v2_int128 = {0x3e187c5b94ee96cd, 0x0}}
> ymm12 {v8_float = {0xf87cc000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x68, 0xf0,
> 0xcc, 0x96,
> 0xee, 0xa4, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x6800,
> 0xccf0, 0xee96, 0x3ca4, 0x0 <repeats 12 times>}, v8_int32 = {0xccf06800,
> 0x3ca4ee96, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
> {0x3ca4ee96ccf06800, 0x0, 0x0, 0x0}, v2_int128 = {0x3ca4ee96ccf06800,
> 0x0}}
> ymm13 {v8_float = {0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb, 0x2a, 0x20, 0x43,
> 0xe1, 0x68,
> 0x61, 0x3d, 0x0 <repeats 24 times>}, v16_int16 = {0x2a0b, 0x4320,
> 0x68e1, 0x3d61, 0x0 <repeats 12 times>}, v8_int32 = {0x43202a0b,
> 0x3d6168e1,
> 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3d6168e143202a0b, 0x0,
> 0x0, 0x0}, v2_int128 = {0x3d6168e143202a0b, 0x0}}
> ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8
> = {0x65,
> 0x1, 0xde, 0x0, 0x3b, 0x0, 0xe7, 0xff, 0xed, 0xff, 0x7, 0x0, 0x0,
> 0x0, 0xe7, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x165, 0xde, 0x3b,
> 0xffe7, 0xffed, 0x7, 0x0, 0xffe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0}, v8_int32 = {0xde0165, 0xffe7003b, 0x7ffed, 0xffe70000, 0x0, 0x0,
> 0x0,
> 0x0}, v4_int64 = {0xffe7003b00de0165, 0xffe700000007ffed, 0x0, 0x0},
> v2_int128 = {0xffe700000007ffedffe7003b00de0165, 0x0}}
> ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
> v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x4, 0x0, 0x0, 0x0,
> 0x4, 0x0,
> 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0 <repeats 18 times>}, v16_int16
> = {0x400, 0x0, 0x400, 0x0, 0x400, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0,
> 0x0, 0x0, 0x0}, v8_int32 = {0x400, 0x400, 0x400, 0x400, 0x0, 0x0,
> 0x0, 0x0}, v4_int64 = {0x40000000400, 0x40000000400, 0x0, 0x0}, v2_int128
> = {
> 0x400000004000000040000000400, 0x0}}
> }}}
>
> **Environment**
>
> Built with address sanitizer.
> {{{
> ffmpeg version N-110167-g97c95961f0 Copyright (c) 2000-2023 the FFmpeg
> developers
> built with gcc 7 (Ubuntu 7.5.0-3ubuntu1~18.04)
> configuration:
> --prefix=/home/youngseok/subjects/latest_asan_install/ffmpeg --extra-
> cflags='-fsanitize=address -g -O0' --extra-cxxflags='-fsanitize=address
> -g -O0' --extra-ldflags='-fsanitize=address -g -O0' --disable-
> optimizations --disable-stripping
> }}}
New description:
Hi, our fuzzer found a new SEGV bug in ffmpeg.
**Command Input**
{{{
ffmpeg -lowres E -i poc_file -b 1 -alternate_scan true
-quantizer_noise_shaping 2 -debug nomc .mp4
}}}
poc_file is attached.
**Command Output**
{{{
matched as AVOption 'debug' with argument 'nomc'.
Reading option '.mp4' ... matched as output url.
Finished splitting the commandline.
Parsing a group of options: global .
Successfully parsed a group of options.
Parsing a group of options: input url
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file.
Successfully parsed a group of options.
Opening an input file:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file.
[NULL @ 0x617000000080] Opening
'/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file'
for reading
[file @ 0x611000000040] Setting default whitelist 'file,crypto,data'
[h263 @ 0x617000000080] Format h263 detected only with low score of 25,
misdetection possible!
[h263 @ 0x617000000080] Before avformat_find_stream_info() pos: 0 bytes
read:111 seeks:0 nb_streams:1
[h263 @ 0x619000000580] Format yuv420p chosen by get_format().
Last message repeated 1 times
[h263 @ 0x617000000080] After avformat_find_stream_info() pos: 111 bytes
read:111 seeks:0 frames:3
Input #0, h263, from
'/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:027372/poc_file':
Duration: N/A, bitrate: N/A
Stream #0:0, 3, 1/1200000: Video: h263, 1 reference frame,
yuv420p(center), 128x96 [SAR 12:11 DAR 16:11], 0/1, 29.97 fps, 29.97 tbr,
1200k tbn
Successfully opened the file.
Parsing a group of options: output url .mp4.
Applying option b (video bitrate (please use -b:v)) with argument 1.
Please use -b:a or -b:v, -b is ambiguous
Successfully parsed a group of options.
Opening an output file: .mp4.
[file @ 0x610000001440] Setting default whitelist 'file,crypto,data'
Successfully opened the file.
Stream mapping:
Stream #0:0 -> #0:0 (h263 (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
[vost#0:0/mpeg4 @ 0x618000000080] cur_dts is invalid [init:0 i_done:0
finish:0] (this is harmless if it occurs once at the start per stream)
[h263 @ 0x619000002380] Format yuv420p chosen by get_format().
[h263 @ 0x619000002380] warning: first frame is no keyframe
[h263 @ 0x619000002380] Error at MB: 2
detected 16 logical cores
[graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'video_size' to
value '16x12'
[graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'pix_fmt' to
value '0'
[graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'time_base' to
value '1/1200000'
[graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'pixel_aspect' to
value '12/11'
[graph 0 input from stream 0:0 @ 0x6110000011c0] Setting 'frame_rate' to
value '30000/1001'
[graph 0 input from stream 0:0 @ 0x6110000011c0] w:16 h:12 pixfmt:yuv420p
tb:1/1200000 fr:30000/1001 sar:12/11
[format @ 0x611000001440] Setting 'pix_fmts' to value 'yuv420p'
[AVFilterGraph @ 0x60e000001000] query_formats: 4 queried, 3 merged, 0
already done, 0 delayed
[mpeg4 @ 0x619000003780] Bitrate 1 is extremely low, maybe you mean 1k
[mpeg4 @ 0x619000003780] intra_quant_bias = 0 inter_quant_bias = -64
[vost#0:0/mpeg4 @ 0x618000000080] The bitrate parameter is set too low. It
takes bits/s as argument, not kbits/s
Output #0, mp4, to '.mp4':
Metadata:
encoder : Lavf60.4.101
Stream #0:0, 0, 1/30000: Video: mpeg4, 1 reference frame (mp4v /
0x7634706D), yuv420p(progressive, center), 16x12 (0x0) [SAR 12:11 DAR
16:11], 0/1, q=2-31, 0 kb/s, 29.97 fps, 30k tbn
Metadata:
encoder : Lavc60.9.100 mpeg4
Side data:
cpb: bitrate max/min/avg: 0/0/1 buffer size: 0 vbv_delay: N/A
[vost#0:0/mpeg4 @ 0x618000000080] Clipping frame in rate conversion by
0.000008
[h263 @ 0x619000002380] Reverting picture dimensions change due to header
decoding failure
[h263 @ 0x619000002380] header damaged
Error while decoding stream #0:0: Invalid data found when processing input
[in#0/h263 @ 0x612000000040] EOF while reading input
[in#0/h263 @ 0x612000000040] Terminating demuxer thread
[h263 @ 0x619000002380] illegal ac vlc code at 6x1
[h263 @ 0x619000002380] Error at MB: 15
[vost#0:0/mpeg4 @ 0x618000000080] *** 1 dup!
ASAN:DEADLYSIGNAL
}}}
**Stack Trace** (Asan)
{{{
==18626==ERROR: AddressSanitizer: SEGV on unknown address 0x55555a6cb803
(pc 0x5555574cadd9 bp 0x7fffffff1770 sp 0x7fffffff1390 T0)
==18626==The signal is caused by a READ memory access.
#0 0x5555574cadd8 in dct_quantize_refine
libavcodec/mpegvideo_enc.c:4446
#1 0x5555574b5a71 in encode_mb_internal
libavcodec/mpegvideo_enc.c:2405
#2 0x5555574b5a71 in encode_mb libavcodec/mpegvideo_enc.c:2504
#3 0x5555574b5a71 in encode_thread libavcodec/mpegvideo_enc.c:3431
#4 0x555556b49002 in avcodec_default_execute libavcodec/avcodec.c:50
#5 0x5555574c5cff in encode_picture libavcodec/mpegvideo_enc.c:3837
#6 0x555557490be8 in ff_mpv_encode_picture
libavcodec/mpegvideo_enc.c:1801
#7 0x555556e51a6e in ff_encode_encode_cb libavcodec/encode.c:223
#8 0x555556e525eb in encode_simple_internal libavcodec/encode.c:309
#9 0x555556e52734 in encode_simple_receive_packet
libavcodec/encode.c:323
#10 0x555556e52c71 in encode_receive_packet_internal
libavcodec/encode.c:357
#11 0x555556e537e8 in avcodec_send_frame libavcodec/encode.c:506
#12 0x555555af7260 in encode_frame fftools/ffmpeg.c:904
#13 0x555555af871d in submit_encode_frame fftools/ffmpeg.c:985
#14 0x555555afbd7b in do_video_out fftools/ffmpeg.c:1345
#15 0x555555afc9d6 in reap_filters fftools/ffmpeg.c:1431
#16 0x555555b1887c in transcode_step fftools/ffmpeg.c:4007
#17 0x555555b18a9e in transcode fftools/ffmpeg.c:4044
#18 0x555555b196f8 in main fftools/ffmpeg.c:4182
#19 0x7ffff5601c86 in __libc_start_main (/lib/x86_64-linux-
gnu/libc.so.6+0x21c86)
#20 0x555555a84499 in _start
(/home/youngseok/subjects/latest_asan_install/ffmpeg/bin/ffmpeg+0x530499)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libavcodec/mpegvideo_enc.c:4446 in
dct_quantize_refine
==18626==ABORTING
}}}
**Assembler code around pc**
{{{
Dump of assembler code from 0x5555574cadb9 to 0x5555574cadf9:
0x00005555574cadb9 <dct_quantize_refine+7013>: test %dl,%dl
0x00005555574cadbb <dct_quantize_refine+7015>: setne %sil
0x00005555574cadbf <dct_quantize_refine+7019>: mov %rax,%rdi
0x00005555574cadc2 <dct_quantize_refine+7022>: and $0x7,%edi
0x00005555574cadc5 <dct_quantize_refine+7025>: cmp %dl,%dil
0x00005555574cadc8 <dct_quantize_refine+7028>: setge %dl
0x00005555574cadcb <dct_quantize_refine+7031>: and %esi,%edx
0x00005555574cadcd <dct_quantize_refine+7033>: test %dl,%dl
0x00005555574cadcf <dct_quantize_refine+7035>: je
0x5555574cadd9 <dct_quantize_refine+7045>
0x00005555574cadd1 <dct_quantize_refine+7037>: mov %rax,%rdi
0x00005555574cadd4 <dct_quantize_refine+7040>: callq
0x555555a83bd0 <__asan_report_load1 at plt>
=> 0x00005555574cadd9 <dct_quantize_refine+7045>: movzbl (%rcx),%eax
0x00005555574caddc <dct_quantize_refine+7048>: movzbl %al,%esi
0x00005555574caddf <dct_quantize_refine+7051>: mov
-0x36c(%rbp),%eax
0x00005555574cade5 <dct_quantize_refine+7057>: shl $0x7,%eax
0x00005555574cade8 <dct_quantize_refine+7060>: mov %eax,%edx
0x00005555574cadea <dct_quantize_refine+7062>: mov
-0x34c(%rbp),%eax
0x00005555574cadf0 <dct_quantize_refine+7068>: add %edx,%eax
0x00005555574cadf2 <dct_quantize_refine+7070>: movslq %eax,%rdx
0x00005555574cadf5 <dct_quantize_refine+7073>: mov
-0x2d0(%rbp),%rax
End of assembler dump.
}}}
**Register Info**
{{{
rax 0x55555a6cb803 93825077655555
rbx 0x7fffffff16b0 140737488295600
rcx 0x55555a6cb803 93825077655555
rdx 0x0 0
rsi 0x0 0
rdi 0x3 3
rbp 0x7fffffff16d0 0x7fffffff16d0
rsp 0x7fffffff12f0 0x7fffffff12f0
r8 0x555559cb58a0 93825067079840
r9 0x8 8
r10 0x616000018680 107064944854656
r11 0x7fffffff40e0 140737488306400
r12 0xfffffffe282 17592186036866
r13 0x7fffffff1410 140737488294928
r14 0x7fffffff1410 140737488294928
r15 0x7fffffffd070 140737488343152
rip 0x5555574cadd9 0x5555574cadd9 <dct_quantize_refine+7045>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 <invalid float value> (raw 0xffff00003c1300009729)
st1 <invalid float value> (raw 0xffff000183990007df82)
st2 <invalid float value> (raw 0xffff0000000000001f00)
st3 -nan(0xfff1fff1fff1fff1) (raw 0xfffffff1fff1fff1fff1)
st4 <invalid float value> (raw 0xffff0000000000000000)
st5 <invalid float value> (raw 0xffff0200020002000200)
st6 -nan(0xe6d7e6d70003ab9f) (raw 0xffffe6d7e6d70003ab9f)
st7 <invalid float value> (raw 0xffff39b6e49d0001e49d)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xaaaa 43690
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0x85, 0x0,
0x38,
0x0, 0xdb, 0xff, 0xa9, 0xff, 0x0 <repeats 24 times>}, v16_int16 =
{0x85, 0x38, 0xffdb, 0xffa9, 0x0 <repeats 12 times>}, v8_int32 =
{0x380085,
0xffa9ffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xffa9ffdb00380085, 0x0, 0x0, 0x0}, v2_int128 = {0xffa9ffdb00380085,
0x0}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x1d,
0x0, 0xfc, 0xff, 0x44, 0x0, 0xe7, 0xff, 0xe, 0x0, 0x14, 0x0, 0x3, 0x0,
0xf7, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x1d, 0xfffc, 0x44,
0xffe7, 0xe, 0x14, 0x3, 0xfff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int32 = {0xfffc001d, 0xffe70044, 0x14000e, 0xfff70003, 0x0, 0x0,
0x0,
0x0}, v4_int64 = {0xffe70044fffc001d, 0xfff700030014000e, 0x0, 0x0},
v2_int128 = {0xfff700030014000effe70044fffc001d, 0x0}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x62, 0x5e,
0xdf,
0xff, 0x83, 0xb4, 0x11, 0x0, 0x64, 0x9e, 0x64, 0x0, 0x26, 0x4c, 0xf5,
0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x5e62, 0xffdf, 0xb483, 0x11,
0x9e64, 0x64, 0x4c26, 0xfff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0xffdf5e62, 0x11b483, 0x649e64, 0xfff54c26, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x11b483ffdf5e62, 0xfff54c2600649e64, 0x0, 0x0},
v2_int128 = {0xfff54c2600649e640011b483ffdf5e62, 0x0}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xe, 0x0,
0x0, 0x0,
0x14, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xf7, 0xff, 0xff, 0xff, 0x0
<repeats 16 times>}, v16_int16 = {0xe, 0x0, 0x14, 0x0, 0x3, 0x0, 0xfff7,
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xe,
0x14, 0x3, 0xfffffff7, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x140000000e,
0xfffffff700000003, 0x0, 0x0}, v2_int128 =
{0xfffffff700000003000000140000000e, 0x0}}
ymm4 {v8_float = {0xc24b42, 0x88000000, 0x0, 0xfffff904, 0x0,
0x0, 0x0, 0x0}, v4_double = {0x7fffffffffffffff, 0x8000000000000000, 0x0,
0x0}, v32_int8 = {0x42, 0x4b, 0x42, 0x4b, 0x62, 0x68, 0x7e, 0x58,
0x46, 0xd7, 0xac, 0x9d, 0x9e, 0x97, 0xdf, 0xc4, 0x0 <repeats 16 times>},
v16_int16 = {0x4b42, 0x4b42, 0x6862, 0x587e, 0xd746, 0x9dac, 0x979e,
0xc4df, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x4b424b42,
0x587e6862, 0x9dacd746, 0xc4df979e, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0x587e68624b424b42, 0xc4df979e9dacd746, 0x0, 0x0}, v2_int128 = {
0xc4df979e9dacd746587e68624b424b42, 0x0}}
ymm5 {v8_float = {0xc24b42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x42, 0x4b,
0x42, 0x4b, 0x21, 0x3b, 0xc3, 0x14, 0x54, 0x62, 0xba, 0x28, 0x7e,
0x58, 0x3d, 0xeb, 0x0 <repeats 16 times>}, v16_int16 = {0x4b42, 0x4b42,
0x3b21,
0x14c3, 0x6254, 0x28ba, 0x587e, 0xeb3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v8_int32 = {0x4b424b42, 0x14c33b21, 0x28ba6254, 0xeb3d587e,
0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x14c33b214b424b42, 0xeb3d587e28ba6254,
0x0, 0x0}, v2_int128 = {0xeb3d587e28ba625414c33b214b424b42, 0x0}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x1, 0x0, 0x0,
0x0, 0x1,
0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0 <repeats 17 times>},
v16_int16 = {0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v8_int32 = {0x10000, 0x10000, 0x10000, 0x10000, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x1000000010000, 0x1000000010000, 0x0, 0x0},
v2_int128 = {0x10000000100000001000000010000, 0x0}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xa4, 0xeb,
0x2a,
0x0, 0x96, 0x74, 0x3, 0x0, 0x2, 0x5d, 0x1, 0x0, 0xe, 0x4a, 0xe9, 0xff,
0x0 <repeats 16 times>}, v16_int16 = {0xeba4, 0x2a, 0x7496, 0x3, 0x5d02,
0x1, 0x4a0e, 0xffe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32
= {0x2aeba4, 0x37496, 0x15d02, 0xffe94a0e, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{
0x37496002aeba4, 0xffe94a0e00015d02, 0x0, 0x0}, v2_int128 =
{0xffe94a0e00015d0200037496002aeba4, 0x0}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x80,
0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff, 0x80, 0xff,
0x80, 0xff, 0x80, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff80,
0xff80,
0xff80, 0xff80, 0xff80, 0xff80, 0xff80, 0xff80, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff80ff80, 0xff80ff80, 0xff80ff80,
0xff80ff80, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff80ff80ff80ff80,
0xff80ff80ff80ff80, 0x0, 0x0}, v2_int128 =
{0xff80ff80ff80ff80ff80ff80ff80ff80,
0x0}}
ymm9 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xe0,
0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0, 0x0
<repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 =
{0x3fe0000000000000, 0x0}}
ymm10 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xe0,
0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0, 0x0
<repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 =
{0x3fe0000000000000, 0x0}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xcd, 0x96, 0xee, 0x94,
0x5b, 0x7c,
0x18, 0x3e, 0x0 <repeats 24 times>}, v16_int16 = {0x96cd, 0x94ee,
0x7c5b, 0x3e18, 0x0 <repeats 12 times>}, v8_int32 = {0x94ee96cd,
0x3e187c5b,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3e187c5b94ee96cd, 0x0,
0x0, 0x0}, v2_int128 = {0x3e187c5b94ee96cd, 0x0}}
ymm12 {v8_float = {0xf87cc000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x68, 0xf0, 0xcc,
0x96,
0xee, 0xa4, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x6800,
0xccf0, 0xee96, 0x3ca4, 0x0 <repeats 12 times>}, v8_int32 = {0xccf06800,
0x3ca4ee96, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0x3ca4ee96ccf06800, 0x0, 0x0, 0x0}, v2_int128 = {0x3ca4ee96ccf06800,
0x0}}
ymm13 {v8_float = {0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb, 0x2a, 0x20, 0x43, 0xe1,
0x68,
0x61, 0x3d, 0x0 <repeats 24 times>}, v16_int16 = {0x2a0b, 0x4320,
0x68e1, 0x3d61, 0x0 <repeats 12 times>}, v8_int32 = {0x43202a0b,
0x3d6168e1,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3d6168e143202a0b, 0x0,
0x0, 0x0}, v2_int128 = {0x3d6168e143202a0b, 0x0}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x65,
0x1, 0xde, 0x0, 0x3b, 0x0, 0xe7, 0xff, 0xed, 0xff, 0x7, 0x0, 0x0, 0x0,
0xe7, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x165, 0xde, 0x3b,
0xffe7, 0xffed, 0x7, 0x0, 0xffe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int32 = {0xde0165, 0xffe7003b, 0x7ffed, 0xffe70000, 0x0, 0x0,
0x0,
0x0}, v4_int64 = {0xffe7003b00de0165, 0xffe700000007ffed, 0x0, 0x0},
v2_int128 = {0xffe700000007ffedffe7003b00de0165, 0x0}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x4, 0x0, 0x0, 0x0,
0x4, 0x0,
0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0 <repeats 18 times>}, v16_int16
= {0x400, 0x0, 0x400, 0x0, 0x400, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v8_int32 = {0x400, 0x400, 0x400, 0x400, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x40000000400, 0x40000000400, 0x0, 0x0}, v2_int128 = {
0x400000004000000040000000400, 0x0}}
}}}
**Environment**
Built with address sanitizer.
{{{
ffmpeg version N-110167-g97c95961f0 Copyright (c) 2000-2023 the FFmpeg
developers
built with gcc 7 (Ubuntu 7.5.0-3ubuntu1~18.04)
configuration:
--prefix=/home/youngseok/subjects/latest_asan_install/ffmpeg --extra-
cflags='-fsanitize=address -g -O0' --extra-cxxflags='-fsanitize=address -g
-O0' --extra-ldflags='-fsanitize=address -g -O0' --disable-optimizations
--disable-stripping
}}}
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10305#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list