[FFmpeg-trac] #6277(avcodec:new): Use of uninitialized memory in do_decode (utils.c)

FFmpeg trac at avcodec.org
Thu Mar 30 20:46:14 EEST 2017 

#6277: Use of uninitialized memory in do_decode (utils.c)
------------------------------------+-----------------------------------
             Reporter:  Fusl        |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  normal      |                Component:  avcodec
              Version:  git-master  |               Resolution:
             Keywords:              |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+-----------------------------------

Comment (by jamrial):

 I can't reproduce it with git head.

 {{{
 [jamrial at ArchVM build]$ valgrind --track-origins=yes ./ffmpeg -i
 ../corrupt.webm -f null -
 ==24120== Memcheck, a memory error detector
 ==24120== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
 ==24120== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright
 info
 ==24120== Command: ./ffmpeg -i ../corrupt.webm -f null -
 ==24120==
 ffmpeg version N-84863-g59b8c2a4e6 Copyright (c) 2000-2017 the FFmpeg
 developers
   built with gcc 6.3.1 (GCC) 20170306
   configuration: --disable-yasm --disable-shared --enable-static
 --disable-optimizations --disable-mmx --disable-stripping --prefix=/usr
   libavutil      55. 53.100 / 55. 53.100
   libavcodec     57. 86.103 / 57. 86.103
   libavformat    57. 68.100 / 57. 68.100
   libavdevice    57.  3.101 / 57.  3.101
   libavfilter     6. 79.100 /  6. 79.100
   libswscale      4.  3.101 /  4.  3.101
   libswresample   2.  4.100 /  2.  4.100
 Input #0, matroska,webm, from '../corrupt.webm':
   Metadata:
     encoder         : Lavf56.40.101
   Duration: 00:00:01.26, start: 0.000000, bitrate: 31 kb/s
     Stream #0:0(eng): Video: vp9 (Profile 0), yuv420p(tv), 96x65521, SAR
 9:10 DAR 432:327605, 29.67 fps, 29.67 tbr, 1k tbn, 1k tbc (default)
     Stream #0:1(eng): Audio: vorbis, 16000 Hz, mono, fltp (default)
 Stream mapping:
   Stream #0:0 -> #0:0 (vp9 (native) -> wrapped_avframe (native))
   Stream #0:1 -> #0:1 (vorbis (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help
 Output #0, null, to 'pipe:':ze=N/A time=-577014:32:22.77 bitrate=N/A
 speed=N/A
   Metadata:
     encoder         : Lavf57.68.100
     Stream #0:0(eng): Video: wrapped_avframe, yuv420p, 96x65521 [SAR 9:10
 DAR 432:327605], q=2-31, 200 kb/s, 29.67 fps, 29.67 tbn, 29.67 tbc
 (default)
     Metadata:
       encoder         : Lavc57.86.103 wrapped_avframe
     Stream #0:1(eng): Audio: pcm_s16le, 16000 Hz, mono, s16, 256 kb/s
 (default)
     Metadata:
       encoder         : Lavc57.86.103 pcm_s16le
 ==24120==    at 0x1397F26: VALGRIND_PRINTF_BACKTRACE
 (valgrind.h:6818)=0.0126x
 ==24120==    by 0x13989C5: av_log_default_callback (log.c:355)
 ==24120==    by 0x1398B4D: av_vlog (log.c:383)
 ==24120==    by 0x1398B0C: av_log (log.c:375)
 ==24120==    by 0x41C1ED: term_exit (ffmpeg.c:316)
 ==24120==    by 0x42BD6E: transcode (ffmpeg.c:4596)
 ==24120==    by 0x42C360: main (ffmpeg.c:4776)
 frame=   30 fps=0.3 q=-0.0 Lsize=N/A time=00:00:01.24 bitrate=N/A
 speed=0.0133x
 video:15kB audio:32kB subtitle:0kB other streams:0kB global headers:0kB
 muxing overhead: unknown
 ==24120==    at 0x1397F26: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6818)
 ==24120==    by 0x13989C5: av_log_default_callback (log.c:355)
 ==24120==    by 0x1398B4D: av_vlog (log.c:383)
 ==24120==    by 0x1398B0C: av_log (log.c:375)
 ==24120==    by 0x41C1ED: term_exit (ffmpeg.c:316)
 ==24120==    by 0x41CD28: ffmpeg_cleanup (ffmpeg.c:618)
 ==24120==    by 0x4049B2: exit_program (cmdutils.c:138)
 ==24120==    by 0x42C444: main (ffmpeg.c:4787)
 ==24120==
 ==24120== HEAP SUMMARY:
 ==24120==     in use at exit: 40 bytes in 1 blocks
 ==24120==   total heap usage: 7,972 allocs, 7,971 frees, 196,384,632 bytes
 allocated
 ==24120==
 ==24120== LEAK SUMMARY:
 ==24120==    definitely lost: 0 bytes in 0 blocks
 ==24120==    indirectly lost: 0 bytes in 0 blocks
 ==24120==      possibly lost: 0 bytes in 0 blocks
 ==24120==    still reachable: 40 bytes in 1 blocks
 ==24120==         suppressed: 0 bytes in 0 blocks
 ==24120== Rerun with --leak-check=full to see details of leaked memory
 ==24120==
 ==24120== For counts of detected and suppressed errors, rerun with: -v
 ==24120== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
 }}}

 There have been some extra patches to ff_thread_decode_frame() between the
 commit you report as faulty and current git head, so maybe one of them
 fixed it.

 Could you retest using current git head and confirm that?

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6277#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list