[FFmpeg-trac] #2971(undetermined:new): g2m4: invalid write 3

FFmpeg trac at avcodec.org
Wed Sep 18 23:51:25 CEST 2013 

#2971: g2m4: invalid write 3
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www1.datafilehost.com/d/00e98d72

 {{{
 (gdb) r -i ./g2m4_fuzz4.wmv -an -f null -
 Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -i
 ./g2m4_fuzz4.wmv -an -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
 ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
   built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
   configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-
 ffserver
   libavutil      52. 44.100 / 52. 44.100
   libavcodec     55. 31.101 / 55. 31.101
   libavformat    55. 18.100 / 55. 18.100
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 86.101 /  3. 86.101
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103
   libpostproc    52.  3.100 / 52.  3.100
 [asf @ 0x9114d60] Estimating duration from bitrate, this may be inaccurate
 Guessed Channel Layout for  Input Stream #0.0 : mono
 Input #0, asf, from './g2m4_fuzz4.wmv':
   Metadata:
     DeviceConformanceTemplate: L2
     WMFSDKNeeded    : 0.0.0.0000
     WMFSDKVersion   : 12.0.7601.17514
     IsVBR           : 1
     WM/ToolVersion  : 5.1 Build 880
     WM/ToolName     : GoToMeeting
     BitRateFrom the writer: 492407
     Audio samples   : 29959
     Video samples   : 25936
     recording time  : Thu, 05 Apr 2012 14:03:20 Eastern Daylight Time
   Duration: 00:05:58.11, start: 0.000000, bitrate: 494 kb/s
     Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 44100 Hz, mono, fltp,
 48 kb/s
     Stream #0:1: Data: none, 2 kb/s
     Stream #0:2: Video: g2m (G2M4 / 0x344D3247), rgb24, 1024x768, 444
 kb/s, 9.92 tbr, 1k tbn, 1k tbc
 [New Thread 0xb7dd1b70 (LWP 11402)]
 [New Thread 0xb75d1b70 (LWP 11403)]
 [New Thread 0xb6dd1b70 (LWP 11404)]
 [New Thread 0xb65d1b70 (LWP 11405)]
 [New Thread 0xb5dd1b70 (LWP 11406)]
 [New Thread 0xb55d1b70 (LWP 11407)]
 [New Thread 0xb4dd1b70 (LWP 11408)]
 [New Thread 0xb45d1b70 (LWP 11409)]
 [New Thread 0xb3dd1b70 (LWP 11410)]
 Output #0, null, to 'pipe:':
   Metadata:
     DeviceConformanceTemplate: L2
     WMFSDKNeeded    : 0.0.0.0000
     WMFSDKVersion   : 12.0.7601.17514
     IsVBR           : 1
     WM/ToolVersion  : 5.1 Build 880
     WM/ToolName     : GoToMeeting
     BitRateFrom the writer: 492407
     Audio samples   : 29959
     Video samples   : 25936
     recording time  : Thu, 05 Apr 2012 14:03:20 Eastern Daylight Time
     encoder         : Lavf55.18.100
     Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 1024x768,
 q=2-31, 200 kb/s, 90k tbn, 9.92 tbc
 Stream mapping:
   Stream #0:2 -> #0:0 (g2m -> rawvideo)
 Press [q] to stop, [?] for help
 [g2m @ 0x9116d20] Error decoding tile 0,0
 [g2m @ 0x9116d20] Error decoding tile 1,0
 [g2m @ 0x9116d20] Error decoding tile 2,0
 [g2m @ 0x9116d20] Error decoding tile 3,0
 [g2m @ 0x9116d20] Error decoding tile 4,0
 [g2m @ 0x9116d20] Error decoding tile 5,0
 [g2m @ 0x9116d20] Error decoding tile 0,1
 [g2m @ 0x9116d20] Error decoding tile 1,1
 [g2m @ 0x9116d20] Error decoding tile 4,1
 [g2m @ 0x9116d20] Error decoding tile 5,1
 [g2m @ 0x9116d20] Error decoding tile 0,2
 [g2m @ 0x9116d20] Error decoding tile 1,2
 [g2m @ 0x9116d20] Error decoding tile 2,2
 [g2m @ 0x9116d20] Error decoding tile 4,2
 [g2m @ 0x9116d20] Error decoding tile 5,2
 [g2m @ 0x9116d20] Error decoding tile 0,3
 [g2m @ 0x9116d20] Error decoding tile 1,3
 [g2m @ 0x9116d20] Error decoding tile 2,3
 [g2m @ 0x9116d20] Error decoding tile 0,4
 [g2m @ 0x9116d20] Error decoding tile 1,4
 [g2m @ 0x9116d20] Error decoding tile 5,4

 Program received signal SIGSEGV, Segmentation fault.
 yuv2rgb (V=-1, U=1, Y=247, out=<optimized out>) at libavcodec/g2meet.c:227
 227         out[0] = av_clip_uint8(Y + (             91881 * V + 32768 >>
 16));
 (gdb) bt
 #0  yuv2rgb (V=-1, U=1, Y=247, out=<optimized out>) at
 libavcodec/g2meet.c:227
 #1  jpg_decode_data (c=c at entry=0x9147f80, width=0, width at entry=176,
 height=2,
     height at entry=88,
     src=src at entry=0x915fab8
 "\366b=(\306E(S\232S\305Q#vŃŽi\330\315\033s@\b\006M\001q\316iq\203\307\064\273Nh\001:ŃŚw\245\306\071\315",
 <incomplete sequence \343\232>, src_size=src_size at entry=785,
     dst=dst at entry=0xb358f230
 "\341\345\350\341\345\350\342\346\351\342\346\351\342\346\351\342\346\351\342\346\351\342\346\351\343\347\352\343\347\352\343\347\352\343\347\352\342\346\351\341\345\350\340\344\347\340\344\347\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\343\347\352\342\346\351\342\346\351\341\345\350\341\345\350\342\346\351\342\346\351\343\347\352\344\350\353\344\350\353\343\347\352\342\346\351\342\346\351\342\346\351\343\347\352\343\347\352\342\346\351\341\345\350\341\345\350\341\345\350\342\346\351\344\350\353\346\352\355\347\353\356\346\352\355\346\352\355\346\352\355\345\351\354\345\351\354\344\350\353\344\350\353\344\350\353\344\350\353\344\350\353\344\350\353\345\351\354\345\351\354\346\352\355\346\352\355\346\352\355\344\350\353\344\350\353\344",
 <incomplete sequence \350>..., dst_stride=3072,
     mask=mask at entry=0x0, mask_stride=mask_stride at entry=0, num_mbs=11,
     num_mbs at entry=0, swapuv=0) at libavcodec/g2meet.c:291
 #2  0x0834f161 in kempf_decode_tile (c=c at entry=0x9147f80,
     tile_x=<optimized out>, tile_y=<optimized out>, src=<optimized out>,
     src at entry=0x915fab7 "
 \366b=(\306E(S\232S\305Q#vŃŽi\330\315\033s@\b\006M\001q\316iq\203\307\064\273Nh\001:ŃŚw\245\306\071\315",
 <incomplete sequence \343\23---Type <return> to continue, or q <return> to
 quit---
 2>, src_size=src_size at entry=786) at libavcodec/g2meet.c:369
 #3  0x0835003c in g2m_decode_frame (avctx=0x9116d20, data=0x9148900,
     got_picture_ptr=0xbffff504, avpkt=0xbffff2a8) at
 libavcodec/g2meet.c:760
 #4  0x0867a58e in avcodec_decode_video2 (avctx=0x9116d20,
     picture=picture at entry=0x9148900,
     got_picture_ptr=got_picture_ptr at entry=0xbffff504,
     avpkt=avpkt at entry=0xbffff750) at libavcodec/utils.c:1995
 #5  0x080b394d in decode_video (ist=ist at entry=0x9117220,
     pkt=pkt at entry=0xbffff750, got_output=got_output at entry=0xbffff504)
     at ffmpeg.c:1668
 #6  0x080b786a in output_packet (pkt=0xbffff6e8, ist=0x9117220)
     at ffmpeg.c:1866
 #7  process_input (file_index=3) at ffmpeg.c:3089
 #8  0x080a3043 in transcode_step () at ffmpeg.c:3185
 #9  transcode () at ffmpeg.c:3237
 #10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2971>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list