[FFmpeg-trac] #5412(undetermined:new): Invalid read in avcodec_string with fuzzed file
FFmpeg
trac at avcodec.org
Thu Apr 7 00:47:50 CEST 2016
#5412: Invalid read in avcodec_string with fuzzed file
-------------------------------------+-------------------------------------
Reporter: qiubit | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: SIGSEGV | Blocked By:
crash | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
FFmpeg segfaults when probing fuzzed file (actually 2 different files, but
it seems the reason of crash is the same in both cases).
How to reproduce:
{{{
$ ffmpeg -i fuzz1 -acodec copy -vcodec copy fuzzOut
OR
$ ffmpeg -i fuzz2 -acodec copy -vcodec copy fuzzOut
}}}
Backtrace (fuzz2):
gdb
{{{
pgolinski at pgolinski-VirtualBox:~/Documents/fuzzes$ gdb -q
../git/ffmpeg/build/ffmpeg_g
Reading symbols from ../git/ffmpeg/build/ffmpeg_g...done.
(gdb) r -v 9 -loglevel 99 -i fuzz2 -acodec copy -vcodec copy fuzzOut
Starting program: /home/pgolinski/Documents/git/ffmpeg/build/ffmpeg_g -v 9
-loglevel 99 -i fuzz2 -acodec copy -vcodec copy fuzzOut
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-79255-g6d7f566 Copyright (c) 2000-2016 the FFmpeg
developers
built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
configuration: --enable-debug
libavutil 55. 20.100 / 55. 20.100
libavcodec 57. 34.100 / 57. 34.100
libavformat 57. 30.100 / 57. 30.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 40.102 / 6. 40.102
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 0.101 / 2. 0.101
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as input file with argument 'fuzz2'.
Reading option '-acodec' ... matched as option 'acodec' (force audio codec
('copy' to copy stream)) with argument 'copy'.
Reading option '-vcodec' ... matched as option 'vcodec' (force video codec
('copy' to copy stream)) with argument 'copy'.
Reading option 'fuzzOut' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file fuzz2.
Successfully parsed a group of options.
Opening an input file: fuzz2.
[file @ 0x1f8ab80] Setting default whitelist 'file,crypto'
Probing ffm score:101 size:1297
Probing mp3 score:1 size:1297
[ffm @ 0x1f8a3e0] Format ffm probed with size=2048 and score=101
[ffm @ 0x1f8a3e0] Before avformat_find_stream_info() pos: 1297 bytes
read:1297 seeks:0
[NULL @ 0x1f8c320] [IMGUTILS @ 0x7fffffffd120] Picture size 0x0 is invalid
[NULL @ 0x1f8c320] Ignoring invalid width/height values
[NULL @ 0x1f8c320] [IMGUTILS @ 0x7fffffffd120] Picture size 0x0 is invalid
[ffm @ 0x1f8a3e0] 0: start_time: -9223372036854.775 duration:
-9223372036854.775
[ffm @ 0x1f8a3e0] stream: start_time: -9223372036854.775 duration:
-9223372036854.775 bitrate=8388 kb/s
Program received signal SIGSEGV, Segmentation fault.
avcodec_string (buf=buf at entry=0x7fffffffd540 "Video: prores, 6619250
reference frames ([142]u[197][38] / 0x26C5758E), (null)",
buf_size=buf_size at entry=256, enc=0x1f8c320, encode=encode at entry=0) at
src/libavcodec/utils.c:2868
2868 if (enc->bits_per_raw_sample && enc->pix_fmt !=
AV_PIX_FMT_NONE &&
(gdb) bt
#0 avcodec_string (buf=buf at entry=0x7fffffffd540 "Video: prores, 6619250
reference frames ([142]u[197][38] / 0x26C5758E), (null)",
buf_size=buf_size at entry=256, enc=0x1f8c320, encode=encode at entry=0) at
src/libavcodec/utils.c:2868
#1 0x00000000006b9bd8 in avformat_find_stream_info (ic=0x1f8a3e0,
options=<optimized out>) at src/libavformat/utils.c:3628
#2 0x000000000047a464 in open_input_file (o=o at entry=0x7fffffffd880,
filename=<optimized out>) at src/ffmpeg_opt.c:969
#3 0x000000000047d351 in open_files (l=0x1f8a058, l=0x1f8a058,
open_file=0x479f90 <open_input_file>, inout=0x1277f46 "input")
at src/ffmpeg_opt.c:3003
#4 ffmpeg_parse_options (argc=argc at entry=12,
argv=argv at entry=0x7fffffffde38) at src/ffmpeg_opt.c:3040
#5 0x000000000046fc62 in main (argc=12, argv=0x7fffffffde38) at
src/ffmpeg.c:4312
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xc4d2fc to 0xc4d33c:
0x0000000000c4d2fc <avcodec_string+2348>: incl -0x75(%rcx)
0x0000000000c4d2ff <avcodec_string+2351>: mov $0xb0,%edi
0x0000000000c4d304 <avcodec_string+2356>: lea 0x40(%rsp),%rax
0x0000000000c4d309 <avcodec_string+2361>: mov %rax,0x18(%rsp)
0x0000000000c4d30e <avcodec_string+2366>: cmp $0xffffffff,%edi
0x0000000000c4d311 <avcodec_string+2369>: je 0xc4cc97
<avcodec_string+711>
0x0000000000c4d317 <avcodec_string+2375>: callq 0x11c8fa0
<av_pix_fmt_desc_get>
=> 0x0000000000c4d31c <avcodec_string+2380>: cmp 0x28(%rax),%r12d
0x0000000000c4d320 <avcodec_string+2384>: jge 0xc4cc97
<avcodec_string+711>
0x0000000000c4d326 <avcodec_string+2390>: mov 0x36c(%r15),%ecx
0x0000000000c4d32d <avcodec_string+2397>: mov 0x18(%rsp),%rdi
0x0000000000c4d332 <avcodec_string+2402>: mov $0x143b9ad,%edx
0x0000000000c4d337 <avcodec_string+2407>: mov $0x100,%esi
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x7fffffffd540 140737488344384
rcx 0x7ffffff9 2147483641
rdx 0x7fffffffd58e 140737488344462
rsi 0x11e738c 18772876
rdi 0x14c0ff20 348192544
rbp 0x1275ad8 0x1275ad8
rsp 0x7fffffffd230 0x7fffffffd230
r8 0x7ffff76754a2 140737344132258
r9 0x6 6
r10 0x883 2179
r11 0x7ffff753dc50 140737342856272
r12 0xa 10
r13 0x11 17
r14 0x0 0
r15 0x1f8c320 33080096
rip 0xc4d31c 0xc4d31c <avcodec_string+2380>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fba [ DE OE UE PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0 <repeats 18 times>},
v16_int16 = {0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff, 0x0, 0xff, 0xff00, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0xff, 0xff00000000ff, 0x0, 0x0}, v2_int128 = {
0x0000ff00000000ff00000000000000ff,
0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x25 <repeats 16 times>,
0x0 <repeats 16 times>}, v16_int16 = {0x2525, 0x2525, 0x2525, 0x2525,
0x2525, 0x2525, 0x2525, 0x2525, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x2525252525252525, 0x2525252525252525, 0x0, 0x0},
v2_int128 = {0x25252525252525252525252525252525,
0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0x0, 0xff,
0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xffff,
0xffff, 0xffff, 0xffff, 0xff00, 0xff00, 0xffff, 0xffff, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xff00ff00,
0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffffffffff,
0xffffffffff00ff00, 0x0, 0x0}, v2_int128 =
{0xffffffffff00ff00ffffffffffffffff,
0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0x0 <repeats 31
times>},
v16_int16 = {0xff, 0x0 <repeats 15 times>}, v8_int32 = {0xff, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff, 0x0, 0x0, 0x0}, v2_int128 = {
0x000000000000000000000000000000ff,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x74, 0x69, 0x6d, 0x65,
0x3a,
0x20, 0x2d, 0x39, 0x32, 0x32, 0x33, 0x33, 0x37, 0x32, 0x30, 0x33, 0x0
<repeats 16 times>}, v16_int16 = {0x6974, 0x656d, 0x203a, 0x392d, 0x3232,
0x3333, 0x3237, 0x3330, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0x656d6974, 0x392d203a, 0x33333232, 0x33303237, 0x0, 0x0, 0x0,
0x0},
v4_int64 = {0x392d203a656d6974, 0x3330323733333232, 0x0, 0x0}, v2_int128
= {0x3330323733333232392d203a656d6974,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{
0x5d, 0x20, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x3a, 0x20, 0x73,
0x74, 0x61, 0x72, 0x74, 0x5f, 0x0 <repeats 16 times>}, v16_int16 =
{0x205d,
0x7473, 0x6572, 0x6d61, 0x203a, 0x7473, 0x7261, 0x5f74, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x7473205d, 0x6d616572, 0x7473203a,
0x5f747261, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6d6165727473205d,
0x5f7472617473203a, 0x0, 0x0}, v2_int128 =
{0x5f7472617473203a6d6165727473205d,
0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0
<repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0,
0xffff,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xff,
0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0xffff0000000000ff, 0x0,
0x0}, v2_int128 = {0xffff0000000000ff0000000000000000,
0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x0,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0xff,
0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff,
0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0x0, 0xffffffff, 0x0,
0x0,
0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffff00000000, 0x0,
0x0}, v2_int128 = {0xffffffff00000000ffffffffffffff00,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x0,
0x0, 0x0, 0x0, 0xff <repeats 12 times>, 0x0 <repeats 16 times>},
v16_int16 = {0x0, 0x0, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xffffffff,
0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xffffffff00000000,
0xffffffffffffffff, 0x0, 0x0}, v2_int128 =
{0xffffffffffffffffffffffff00000000, 0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 =
{0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0xffff,
0x0,
0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
{0x0, 0xffff0000, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0xffff000000000000, 0xffff000000000000, 0x0, 0x0}, v2_int128 =
{0xffff000000000000ffff000000000000, 0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
}}}
valgrind
{{{
pgolinski at pgolinski-VirtualBox:~/Documents/fuzzes$ valgrind
../git/ffmpeg/build/ffmpeg_g -v 9 -loglevel 99 -i fuzz2 -acodec copy
-vcodec copy fuzzOut
==4956== Memcheck, a memory error detector
==4956== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==4956== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
info
==4956== Command: ../git/ffmpeg/build/ffmpeg_g -v 9 -loglevel 99 -i fuzz2
-acodec copy -vcodec copy fuzzOut
==4956==
ffmpeg version N-79255-g6d7f566 Copyright (c) 2000-2016 the FFmpeg
developers
built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
configuration: --enable-debug
libavutil 55. 20.100 / 55. 20.100
libavcodec 57. 34.100 / 57. 34.100
libavformat 57. 30.100 / 57. 30.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 40.102 / 6. 40.102
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 0.101 / 2. 0.101
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as input file with argument 'fuzz2'.
Reading option '-acodec' ... matched as option 'acodec' (force audio codec
('copy' to copy stream)) with argument 'copy'.
Reading option '-vcodec' ... matched as option 'vcodec' (force video codec
('copy' to copy stream)) with argument 'copy'.
Reading option 'fuzzOut' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file fuzz2.
Successfully parsed a group of options.
Opening an input file: fuzz2.
[file @ 0x5729680] Setting default whitelist 'file,crypto'
Probing ffm score:101 size:1297
Probing mp3 score:1 size:1297
[ffm @ 0x57288a0] Format ffm probed with size=2048 and score=101
[ffm @ 0x57288a0] Before avformat_find_stream_info() pos: 1297 bytes
read:1297 seeks:0
[NULL @ 0x573c360] [IMGUTILS @ 0xffefff070] Picture size 0x0 is invalid
[NULL @ 0x573c360] Ignoring invalid width/height values
[NULL @ 0x573c360] [IMGUTILS @ 0xffefff070] Picture size 0x0 is invalid
[ffm @ 0x57288a0] 0: start_time: -9223372036854.775 duration:
-9223372036854.775
[ffm @ 0x57288a0] stream: start_time: -9223372036854.775 duration:
-9223372036854.775 bitrate=8388 kb/s
==4956== Invalid read of size 4
==4956== at 0xC4D31C: avcodec_string (utils.c:2868)
==4956== by 0x6B9BD7: avformat_find_stream_info (utils.c:3628)
==4956== by 0x47A463: open_input_file (ffmpeg_opt.c:969)
==4956== by 0x47D350: open_files (ffmpeg_opt.c:3003)
==4956== by 0x47D350: ffmpeg_parse_options (ffmpeg_opt.c:3040)
==4956== by 0x46FC61: main (ffmpeg.c:4312)
==4956== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==4956==
==4956==
==4956== Process terminating with default action of signal 11 (SIGSEGV)
==4956== Access not within mapped region at address 0x28
==4956== at 0xC4D31C: avcodec_string (utils.c:2868)
==4956== by 0x6B9BD7: avformat_find_stream_info (utils.c:3628)
==4956== by 0x47A463: open_input_file (ffmpeg_opt.c:969)
==4956== by 0x47D350: open_files (ffmpeg_opt.c:3003)
==4956== by 0x47D350: ffmpeg_parse_options (ffmpeg_opt.c:3040)
==4956== by 0x46FC61: main (ffmpeg.c:4312)
==4956== If you believe this happened as a result of a stack
==4956== overflow in your program's main thread (unlikely but
==4956== possible), you can try to increase the size of the
==4956== main thread stack using the --main-stacksize= flag.
==4956== The main thread stack size used in this run was 8388608.
==4956==
==4956== HEAP SUMMARY:
==4956== in use at exit: 41,463 bytes in 36 blocks
==4956== total heap usage: 92 allocs, 56 frees, 78,475 bytes allocated
==4956==
==4956== LEAK SUMMARY:
==4956== definitely lost: 0 bytes in 0 blocks
==4956== indirectly lost: 0 bytes in 0 blocks
==4956== possibly lost: 0 bytes in 0 blocks
==4956== still reachable: 41,463 bytes in 36 blocks
==4956== suppressed: 0 bytes in 0 blocks
==4956== Rerun with --leak-check=full to see details of leaked memory
==4956==
==4956== For counts of detected and suppressed errors, rerun with: -v
==4956== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5412>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list