[FFmpeg-trac] #2923(undetermined:new): ffv1: invalid read
FFmpeg
trac at avcodec.org
Sun Sep 1 11:50:41 CEST 2013
#2923: ffv1: invalid read
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: | undetermined
unspecified | Keywords:
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
crashes with threads > 2
http://www.datafilehost.com/d/ec2176ad
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-
HEAD-c042684/ffmpeg_g -i ./ffv1_fuzz2.avi -f null -
==3389== Memcheck, a memory error detector
==3389== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==3389== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==3389== Command: ffmpeg-HEAD-c042684/ffmpeg_g -i ./ffv1_fuzz2.avi -f null
-
==3389==
ffmpeg version 2.0-c042684 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 30 2013 20:55:53 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[avi @ 0x4229020] Something went wrong during header parsing, I will
ignore it and try to continue anyway.
[ffv1 @ 0x423a500] Cannot decode non-keyframe without valid keyframe
Last message repeated 1 times
[ffv1 @ 0x423a500] read_quant_table error
Input #0, avi, from './ffv1_fuzz2.avi':
Metadata:
encoder : Lavf55.13.101
Duration: 00:00:12.64, start: 0.000000, bitrate: 5802 kb/s
Stream #0:0: Video: ffv1 (FFV1 / 0x31564646), yuv410p, 320x240, 23.98
fps, 23.97 tbr, 23.97 tbn, 23.97 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.15.100
Stream #0:0: Video: rawvideo (YUV9 / 0x39565559), yuv410p, 320x240,
q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (ffv1 -> rawvideo)
Press [q] to stop, [?] for help
[ffv1 @ 0x4548000] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x4554860] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x455efc0] read_quant_table error
[ffv1 @ 0x4569700] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x4573e60] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x457e5a0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x4588d00] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x4593440] Invalid change of global parameters
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x459dba0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x4548000] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4554860] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x455efc0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4569700] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4573e60] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x457e5a0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4588d00] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4593440] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x459dba0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4548000] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4554860] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x455efc0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4569700] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x4573e60] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
==3389== Thread 11:peated 4 times
==3389== Invalid read of size 2
==3389== at 0x832D168: decode_plane (ffv1dec.c:74)
==3389== by 0x832FEB2: decode_slice (ffv1dec.c:399)
==3389== by 0x86753C3: avcodec_default_execute (utils.c:948)
==3389== by 0x832E56D: decode_frame (ffv1dec.c:898)
==3389== by 0x85CC83D: frame_worker_thread (pthread.c:339)
==3389== by 0x407B953: start_thread (pthread_create.c:304)
==3389== by 0x416395D: clone (clone.S:130)
==3389== Address 0x2 is not stack'd, malloc'd or (recently) free'd
==3389==
==3389==
==3389== Process terminating with default action of signal 11 (SIGSEGV)
==3389== Access not within mapped region at address 0x2
==3389== at 0x832D168: decode_plane (ffv1dec.c:74)
==3389== by 0x832FEB2: decode_slice (ffv1dec.c:399)
==3389== by 0x86753C3: avcodec_default_execute (utils.c:948)
==3389== by 0x832E56D: decode_frame (ffv1dec.c:898)
==3389== by 0x85CC83D: frame_worker_thread (pthread.c:339)
==3389== by 0x407B953: start_thread (pthread_create.c:304)
==3389== by 0x416395D: clone (clone.S:130)
==3389== If you believe this happened as a result of a stack
==3389== overflow in your program's main thread (unlikely but
==3389== possible), you can try to increase the size of the
==3389== main thread stack using the --main-stacksize= flag.
==3389== The main thread stack size used in this run was 8388608.
==3389==
==3389== HEAP SUMMARY:
==3389== in use at exit: 1,911,601 bytes in 297 blocks
==3389== total heap usage: 1,826 allocs, 1,529 frees, 8,842,790 bytes
allocated
==3389==
==3389== Thread 1:
==3389== 1,296 bytes in 9 blocks are possibly lost in loss record 105 of
125
==3389== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==3389== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==3389== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==3389== by 0x80D9591: ff_graph_thread_init (pthread.c:180)
==3389== by 0x80CD507: avfilter_graph_alloc_filter
(avfiltergraph.c:186)
==3389== by 0x80D8144: create_filter (graphparser.c:112)
==3389== by 0x80D8B99: avfilter_graph_parse2 (graphparser.c:169)
==3389==
==3389== 1,296 bytes in 9 blocks are possibly lost in loss record 106 of
125
==3389== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==3389== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==3389== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==3389== by 0x85CE7BE: ff_thread_init (pthread.c:872)
==3389== by 0x867B19D: avcodec_open2 (utils.c:1223)
==3389== by 0x80B9F46: transcode_init (ffmpeg.c:1983)
==3389== by 0x80A242F: main (ffmpeg.c:3204)
==3389==
==3389== LEAK SUMMARY:
==3389== definitely lost: 0 bytes in 0 blocks
==3389== indirectly lost: 0 bytes in 0 blocks
==3389== possibly lost: 2,592 bytes in 18 blocks
==3389== still reachable: 1,909,009 bytes in 279 blocks
==3389== suppressed: 0 bytes in 0 blocks
==3389== Reachable blocks (those to which a pointer was found) are not
shown.
==3389== To see them, rerun with: --leak-check=full --show-reachable=yes
==3389==
==3389== For counts of detected and suppressed errors, rerun with: -v
==3389== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 59 from 6)
Killed
}}}
{{{
knoppix at Microknoppix:/media/sdb1$ gdb ffmpeg-HEAD-c042684/ffmpeg_gGNU gdb
(GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /media/sdb1/ffmpeg-HEAD-c042684/ffmpeg_g...done.
(gdb) r -i ./ffv1_fuzz2.avi -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-c042684/ffmpeg_g -i
./ffv1_fuzz2.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-c042684 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 30 2013 20:55:53 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[avi @ 0x9104d40] Something went wrong during header parsing, I will
ignore it and try to continue anyway.
[ffv1 @ 0x9105640] Cannot decode non-keyframe without valid keyframe
Last message repeated 1 times
[ffv1 @ 0x9105640] read_quant_table error
Input #0, avi, from './ffv1_fuzz2.avi':
Metadata:
encoder : Lavf55.13.101
Duration: 00:00:12.64, start: 0.000000, bitrate: 5802 kb/s
Stream #0:0: Video: ffv1 (FFV1 / 0x31564646), yuv410p, 320x240, 23.98
fps, 23.97 tbr, 23.97 tbn, 23.97 tbc
[New Thread 0xb7befb70 (LWP 3415)]
[New Thread 0xb73efb70 (LWP 3416)]
[New Thread 0xb6befb70 (LWP 3417)]
[New Thread 0xb63efb70 (LWP 3418)]
[New Thread 0xb5befb70 (LWP 3419)]
[New Thread 0xb53efb70 (LWP 3420)]
[New Thread 0xb4befb70 (LWP 3421)]
[New Thread 0xb43efb70 (LWP 3422)]
[New Thread 0xb3befb70 (LWP 3423)]
[New Thread 0xb33efb70 (LWP 3424)]
[New Thread 0xb2befb70 (LWP 3425)]
[New Thread 0xb23efb70 (LWP 3426)]
[New Thread 0xb1befb70 (LWP 3427)]
[New Thread 0xb13efb70 (LWP 3428)]
[New Thread 0xb0befb70 (LWP 3429)]
[New Thread 0xb03efb70 (LWP 3430)]
[New Thread 0xafbefb70 (LWP 3431)]
[New Thread 0xaf3efb70 (LWP 3432)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.15.100
Stream #0:0: Video: rawvideo (YUV9 / 0x39565559), yuv410p, 320x240,
q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (ffv1 -> rawvideo)
Press [q] to stop, [?] for help
[ffv1 @ 0x91077e0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x9107dc0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f53a0] read_quant_table error
[ffv1 @ 0x90f5960] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f5fe0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f6660] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f6ce0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f7360] Invalid change of global parameters
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f79e0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x91077e0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x9107dc0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f53a0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f5960] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f5fe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f6660] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f6ce0] Cannot decode non-keyframe without valid keyframe
[ffv1 @ 0x90f7360] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f79e0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x91077e0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x9107dc0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f53a0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f5960] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
[ffv1 @ 0x90f5fe0] Cannot decode non-keyframe without valid keyframe
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 6 times
[null @ 0x910c700] Encoder did not produce proper pts, making some up.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb33efb70 (LWP 3424)]
decode_line (bits=8, plane_index=<optimized out>, sample=<synthetic
pointer>,
w=320, s=0x9115420) at libavcodec/ffv1dec.c:146
146 diff = get_vlc_symbol(&s->gb,
&p->vlc_state[context],
(gdb) bt
#0 decode_line (bits=8, plane_index=<optimized out>,
sample=<synthetic pointer>, w=320, s=0x9115420) at
libavcodec/ffv1dec.c:146
#1 decode_plane (s=s at entry=0x9115420, src=0xaea01c90 "", w=w at entry=320,
h=h at entry=240, stride=384, plane_index=plane_index at entry=0)
at libavcodec/ffv1dec.c:191
#2 0x0832feb3 in decode_slice (c=0x91077e0, arg=0x9102aa8)
at libavcodec/ffv1dec.c:399
#3 0x086753c4 in avcodec_default_execute (c=0x91077e0,
func=0x832f8c0 <decode_slice>, arg=0x9102aa8, ret=0x0, count=1,
size=4)
at libavcodec/utils.c:948
#4 0x0832e56e in decode_frame (avctx=0x91077e0, data=0x9103000,
got_frame=0x91031bc, avpkt=0x9102fb0) at libavcodec/ffv1dec.c:898
#5 0x085cc83e in frame_worker_thread (arg=0x9102ee0)
at libavcodec/pthread.c:339
#6 0xb7f87954 in start_thread (arg=0xb33efb70) at pthread_create.c:304
#7 0xb7f0895e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2923>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list