[FFmpeg-trac] #3188(avcodec:reopened): vp9 crash (fuzzed input, MT regression)

FFmpeg trac at avcodec.org
Thu Jan 9 00:03:05 CET 2014 

#3188: vp9 crash (fuzzed input, MT regression)
-------------------------------------+-------------------------------------
             Reporter:  ubitux       |                    Owner:
                 Type:  defect       |                   Status:  reopened
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  vp9          |               Blocked By:
  regression crash SIGSEGV           |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by cehoyos):

 Replying to [comment:3 ubitux]:
 > Another crash, with same commit as regression.

 Works fine here with the version you originally tested:
 {{{
 $ valgrind ffmpeg_g -f ivf -c:v vp9 -i fuzzed1.ivf -f null -
 ==29720== Memcheck, a memory error detector
 ==29720== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==29720== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==29720== Command: ffmpeg_g -f ivf -c:v vp9 -i fuzzed1.ivf -f null -
 ==29720==
 ffmpeg version N-59315-gacafbb4 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Jan  8 2014 23:58:04 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      52. 59.100 / 52. 59.100
   libavcodec     55. 46.100 / 55. 46.100
   libavformat    55. 22.100 / 55. 22.100
   libavdevice    55.  5.102 / 55.  5.102
   libavfilter     4.  0.100 /  4.  0.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 17.104 /  0. 17.104
   libpostproc    52.  3.100 / 52.  3.100
 Input #0, ivf, from 'fuzzed1.ivf':
   Duration: 00:08:42.22, start: 342228469.800797, bitrate: 31 kb/s
     Stream #0:0: Video: vp9 (VP90 / 0x30395056), yuv420p, 320x180, 26.42
 tbr, 1004 tbn, 1004 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.22.100
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x180,
 q=2-31, 200 kb/s, 90k tbn, 26.42 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (vp9 -> rawvideo)
 Press [q] to stop, [?] for help
 DTS -17592186044376, next:996 st:0 invalid dropping
 PTS -17592186044376, next:996 invalid dropping st:0
 DTS -17592186044336, next:1992 st:0 invalid dropping
 PTS -17592186044336, next:1992 invalid dropping st:0
 DTS -17592186044296, next:2988 st:0 invalid dropping
 PTS -17592186044296, next:2988 invalid dropping st:0
 DTS -17592186044256, next:3984 st:0 invalid dropping
 PTS -17592186044256, next:3984 invalid dropping st:0
 DTS -17592186043192, next:4980 st:0 invalid droppingbitrate=N/A
 PTS -17592186043192, next:4980 invalid dropping st:0
 DTS -17592186044176, next:5976 st:0 invalid droppingbitrate=N/A
 PTS -17592186044176, next:5976 invalid dropping st:0
 DTS -17592152489704, next:6972 st:0 invalid dropping
 PTS -17592152489704, next:6972 invalid dropping st:0
 [vp9 @ 0xc083b00] Invalid sync code
 DTS -17592186044096, next:7968 st:0 invalid dropping
 PTS -17592186044096, next:7968 invalid dropping st:0
 [vp9 @ 0xc092700] Not all references are available
 [null @ 0x773a660] Encoder did not produce proper pts, making some up.
 Input stream #0:0 frame changed from size:320x180 fmt:yuv420p to
 size:320x8372 fmt:yuv420p
 [vp9 @ 0xc0a12e0] Marker bit was set
 Input stream #0:0 frame changed from size:320x8372 fmt:yuv420p to
 size:320x180 fmt:yuv420p
 frame=    2 fps=0.7 q=0.0 Lsize=N/A time=00:00:00.07 bitrate=N/A    N/A
 video:0kB audio:0kB subtitle:0 global headers:0kB muxing overhead
 -111.458333%
 ==29720==
 ==29720== HEAP SUMMARY:
 ==29720==     in use at exit: 80 bytes in 2 blocks
 ==29720==   total heap usage: 8,112 allocs, 8,110 frees, 19,936,539 bytes
 allocated
 ==29720==
 ==29720== LEAK SUMMARY:
 ==29720==    definitely lost: 0 bytes in 0 blocks
 ==29720==    indirectly lost: 0 bytes in 0 blocks
 ==29720==      possibly lost: 0 bytes in 0 blocks
 ==29720==    still reachable: 80 bytes in 2 blocks
 ==29720==         suppressed: 0 bytes in 0 blocks
 ==29720== Rerun with --leak-check=full to see details of leaked memory
 ==29720==
 ==29720== For counts of detected and suppressed errors, rerun with: -v
 ==29720== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3188#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list