[FFmpeg-trac] #2898(undetermined:new): jpeg2000: invalid write with lowres 3

FFmpeg trac at avcodec.org
Sat Aug 24 12:04:50 CEST 2013 

#2898: jpeg2000: invalid write with lowres 3
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 lowres doesn't work correctly with attached sample

 for more samples (different color spaces) see ticket #2871

 http://www.datafilehost.com/d/8ae6bfef

 {{{
 knoppix at Microknoppix:/media/sdb1$ gdb ffmpeg-HEAD-edf6fb6/ffmpeg_g
 GNU gdb (GDB) 7.4.1-debian
 Copyright (C) 2012 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "i486-linux-gnu".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>...
 Reading symbols from /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g...done.
 (gdb) r -vlowres 3 -i 444_layers1.avi -an -f null -
 Starting program: /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g -vlowres 3 -i
 444_layers1.avi -an -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers
   built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --disable-ffserver --disable-ffprobe
 --enable-gpl
   libavutil      52. 42.100 / 52. 42.100
   libavcodec     55. 29.100 / 55. 29.100
   libavformat    55. 14.102 / 55. 14.102
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 82.102 /  3. 82.102
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100

 Program received signal SIGSEGV, Segmentation fault.
 jpeg2000_decode_tile (s=s at entry=0x91097e0, tile=0x9140fc0,
     picture=picture at entry=0x9140e00) at libavcodec/jpeg2000dec.c:1221
 1221                            decode_cblk(s, codsty, &t1, cblk,
 (gdb) bt
 #0  jpeg2000_decode_tile (s=s at entry=0x91097e0, tile=0x9140fc0,
     picture=picture at entry=0x9140e00) at libavcodec/jpeg2000dec.c:1221
 #1  0x0850d77e in jpeg2000_decode_frame (avctx=0x91066a0, data=0x9140e00,
     got_frame=0xbffff030, avpkt=0xbfffefa8) at
 libavcodec/jpeg2000dec.c:1636
 #2  0x08677b0e in avcodec_decode_video2 (avctx=0x91066a0,
 picture=0x9140e00,
     got_picture_ptr=got_picture_ptr at entry=0xbffff030,
     avpkt=avpkt at entry=0xbffff058) at libavcodec/utils.c:1982
 #3  0x08233ef8 in try_decode_frame (st=st at entry=0x9106420,
     avpkt=avpkt at entry=0x9140d80, options=0x9106ee0) at
 libavformat/utils.c:2463
 #4  0x0823d681 in avformat_find_stream_info (ic=0x9105e40,
 options=0x9106ee0)
     at libavformat/utils.c:2908
 #5  0x080a6325 in open_input_file (o=o at entry=0xbffff51c,
     filename=<optimized out>) at ffmpeg_opt.c:809
 #6  0x080a4b47 in open_files (inout=inout at entry=0x88d82db "input",
     open_file=open_file at entry=0x80a5f40 <open_input_file>,
     l=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
     l=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
     at ffmpeg_opt.c:2494
 #7  0x080acd59 in ffmpeg_parse_options (argc=argc at entry=9,
     argv=argv at entry=0xbffff9a4) at ffmpeg_opt.c:2531
 #8  0x080a224a in main (argc=9, argv=0xbffff9a4) at ffmpeg.c:3389
 (gdb)
 }}}


 {{{
 knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
 edf6fb6/ffmpeg_g -vlowres 3 -i 444_layers1.avi -an -f null -
 ==10646== Memcheck, a memory error detector
 ==10646== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==10646== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==10646== Command: ffmpeg-HEAD-edf6fb6/ffmpeg_g -vlowres 3 -i
 444_layers1.avi -an -f null -
 ==10646==
 ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers
   built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --disable-ffserver --disable-ffprobe
 --enable-gpl
   libavutil      52. 42.100 / 52. 42.100
   libavcodec     55. 29.100 / 55. 29.100
   libavformat    55. 14.102 / 55. 14.102
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 82.102 /  3. 82.102
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 ==10646== Invalid write of size 4
 ==10646==    at 0x8509DBE: jpeg2000_decode_tile (jpeg2000dec.c:1098)
 ==10646==    by 0x850D77D: jpeg2000_decode_frame (jpeg2000dec.c:1636)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==  Address 0x42d2cf0 is 0 bytes after a block of size 5,456
 alloc'd
 ==10646==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==10646==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==10646==    by 0x886CFF7: av_malloc (mem.c:93)
 ==10646==    by 0x8508B9D: ff_jpeg2000_init_component (mem.h:98)
 ==10646==    by 0x850CB96: jpeg2000_decode_frame (jpeg2000dec.c:678)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==
 ==10646== Invalid read of size 2
 ==10646==    at 0x8509990: jpeg2000_decode_tile (jpeg2000dec.c:1221)
 ==10646==    by 0x850D77D: jpeg2000_decode_frame (jpeg2000dec.c:1636)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==  Address 0x43e70984 is not stack'd, malloc'd or (recently)
 free'd
 ==10646==
 ==10646==
 ==10646== Process terminating with default action of signal 11 (SIGSEGV)
 ==10646==  Access not within mapped region at address 0x43E70984
 ==10646==    at 0x8509990: jpeg2000_decode_tile (jpeg2000dec.c:1221)
 ==10646==    by 0x850D77D: jpeg2000_decode_frame (jpeg2000dec.c:1636)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==  If you believe this happened as a result of a stack
 ==10646==  overflow in your program's main thread (unlikely but
 ==10646==  possible), you can try to increase the size of the
 ==10646==  main thread stack using the --main-stacksize= flag.
 ==10646==  The main thread stack size used in this run was 8388608.
 ==10646==
 ==10646== HEAP SUMMARY:
 ==10646==     in use at exit: 1,328,080 bytes in 164 blocks
 ==10646==   total heap usage: 280 allocs, 116 frees, 1,434,676 bytes
 allocated
 ==10646==
 ==10646== 264 bytes in 1 blocks are definitely lost in loss record 25 of
 50
 ==10646==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==10646==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==10646==    by 0x886D267: av_mallocz (mem.c:93)
 ==10646==    by 0x85077A6: ff_jpeg2000_tag_tree_init (mem.h:197)
 ==10646==    by 0x8508912: ff_jpeg2000_init_component (jpeg2000.c:416)
 ==10646==    by 0x850CB96: jpeg2000_decode_frame (jpeg2000dec.c:678)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==
 ==10646== 264 bytes in 1 blocks are definitely lost in loss record 26 of
 50
 ==10646==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
 ==10646==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
 ==10646==    by 0x886D267: av_mallocz (mem.c:93)
 ==10646==    by 0x85077A6: ff_jpeg2000_tag_tree_init (mem.h:197)
 ==10646==    by 0x850892A: ff_jpeg2000_init_component (jpeg2000.c:422)
 ==10646==    by 0x850CB96: jpeg2000_decode_frame (jpeg2000dec.c:678)
 ==10646==    by 0x8677B0D: avcodec_decode_video2 (utils.c:1982)
 ==10646==    by 0x8233EF7: try_decode_frame (utils.c:2463)
 ==10646==
 ==10646== LEAK SUMMARY:
 ==10646==    definitely lost: 528 bytes in 2 blocks
 ==10646==    indirectly lost: 0 bytes in 0 blocks
 ==10646==      possibly lost: 0 bytes in 0 blocks
 ==10646==    still reachable: 1,327,552 bytes in 162 blocks
 ==10646==         suppressed: 0 bytes in 0 blocks
 ==10646== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==10646== To see them, rerun with: --leak-check=full --show-reachable=yes
 ==10646==
 ==10646== For counts of detected and suppressed errors, rerun with: -v
 ==10646== ERROR SUMMARY: 308 errors from 4 contexts (suppressed: 59 from
 6)
 Segmentation fault
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2898>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list