[FFmpeg-trac] #10806(avutil:new): Heap-use-after-free in av_expr_free (libavutil/eval.c:361)
FFmpeg
trac at avcodec.org
Tue Jan 16 19:31:33 EET 2024
#10806: Heap-use-after-free in av_expr_free (libavutil/eval.c:361)
-------------------------------------+-------------------------------------
Reporter: Bachir | Type: defect
Bendrissou |
Status: new | Priority: important
Component: avutil | Version: git-
Keywords: error, | master
corrupted, bugs, memory | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
==== Summary of the bug:
While attempting to apply a two-pass video encoding to a small mp4 video,
we encountered a heap-use-after-free memory error in file:
libavutil/eval.c, line: 361.
==== How to reproduce:
The bug is reproducible on the latest commit be4fcf027b.
The following builds ffmpeg:
{{{#!bash
git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg
cd ffmpeg
./configure --disable-asm --toolchain=gcc-asan --disable-ffplay --disable-
ffprobe
make
}}}
Next, run the first pass that generates a log file, which is required by
the ffmpeg two-pass video encoding command:
{{{#!bash
./ffmpeg_g -y -v 9 -loglevel 99 -i small_movie.mp4 -pass 1
small_movie_out.mp4
}}}
The video file "small_movie.mp4" is attached.
Next, run the ffmpeg command:
{{{#!bash
./ffmpeg_g -y -v 9 -loglevel 99 -i small_movie.mp4 -pass 2
small_movie_out.mp4
}}}
Options `-v 9 -loglevel 99` are optional and were only added to produce
verbose logs.
==== Console output:
{{{
ffmpeg version N-113344-gbe4fcf027b Copyright (c) 2000-2024 the FFmpeg
developers
built with gcc 11 (Ubuntu 11.4.0-1ubuntu1~22.04)
configuration: --disable-asm --toolchain=gcc-asan --disable-ffplay
--disable-ffprobe
libavutil 58. 36.101 / 58. 36.101
libavcodec 60. 37.100 / 60. 37.100
libavformat 60. 20.100 / 60. 20.100
libavdevice 60. 4.100 / 60. 4.100
libavfilter 9. 17.100 / 9. 17.100
libswscale 7. 6.100 / 7. 6.100
libswresample 4. 13.100 / 4. 13.100
Splitting the commandline.
Reading option '-y' ... matched as option 'y' (overwrite output files)
with argument '1'.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as output url with argument 'input.mp4'.
Reading option '-pass' ... matched as option 'pass' (select the pass
number (1 to 3)) with argument '2'.
Reading option 'small_movie_out.mp4' ... matched as output url.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option y (overwrite output files) with argument 1.
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input url input.mp4.
Successfully parsed a group of options.
Opening an input file: input.mp4.
[AVFormatContext @ 0x617000000080] Opening 'input.mp4' for reading
[file @ 0x60c000000280] Setting default whitelist 'file,crypto,data'
Probing mov,mp4,m4a,3gp,3g2,mj2 score:100 size:1267
Probing mp3 score:1 size:1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] Format mov,mp4,m4a,3gp,3g2,mj2
probed with size=2048 and score=100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'ftyp' parent:'root' sz:
24 8 1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] ISO: File Type Major Brand:
mp42
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'free' parent:'root' sz: 8
32 1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'mdat' parent:'root' sz:
405 40 1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'moov' parent:'root' sz:
830 445 1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'mvhd' parent:'moov' sz:
108 8 822
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] time scale = 90000
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'trak' parent:'moov' sz:
714 116 822
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'tkhd' parent:'trak' sz:
92 8 706
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'mdia' parent:'trak' sz:
614 100 706
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'idhd' parent:'mdia' sz:
32 8 606
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'hdlr' parent:'mdia' sz:
52 40 606
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] ctype=[0][0][0][0]
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stype=vide
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'minf' parent:'mdia' sz:
522 92 606
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'vmhd' parent:'minf' sz:
20 8 514
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'dinf' parent:'minf' sz:
36 28 514
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'dref' parent:'dinf' sz:
28 8 28
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] Unknown dref type 0x206c7275
size 12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stbl' parent:'minf' sz:
458 64 514
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stsd' parent:'stbl' sz:
162 8 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] size=146 4CC=avc1 codec_type=0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'avcC' parent:'stsd' sz:
60 8 60
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stts' parent:'stbl' sz:
24 170 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] track[0].stts.entries = 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] sample_count=12,
sample_duration=1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'ctts' parent:'stbl' sz:
96 194 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] track[0].ctts.entries = 10
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=3
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=2, duration=0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=4
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=-1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=3
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=2, duration=0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] count=1, duration=-1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] dts shift 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stsc' parent:'stbl' sz:
52 290 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] track[0].stsc.entries = 3
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stsz' parent:'stbl' sz:
68 342 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] sample_size = 0 sample_count =
12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stco' parent:'stbl' sz:
28 410 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] type:'stss' parent:'stbl' sz:
20 438 450
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] keyframe_count = 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, timescale not set
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 0,
offset 28, dts -1, size 124, distance 0, keyframe 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 1,
offset a4, dts 0, size 64, distance 1, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 2,
offset e4, dts 1, size 25, distance 2, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 3,
offset fd, dts 2, size 25, distance 3, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 4,
offset 116, dts 3, size 24, distance 4, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 5,
offset 12e, dts 4, size 21, distance 5, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 6,
offset 143, dts 5, size 21, distance 6, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 7,
offset 158, dts 6, size 21, distance 7, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 8,
offset 16d, dts 7, size 25, distance 8, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 9,
offset 186, dts 8, size 21, distance 9, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 10,
offset 19b, dts 9, size 21, distance 10, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] AVIndex stream 0, sample 11,
offset 1b0, dts 10, size 5, distance 11, keyframe 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] Setting codecpar->delay to 2
for stream st: 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] on_parse_exit_offset=1267
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] Before
avformat_find_stream_info() pos: 1267 bytes read:1267 seeks:0 nb_streams:1
[h264 @ 0x619000000080] nal_unit_type: 7(SPS), nal_ref_idc: 3
[h264 @ 0x619000000080] Decoding VUI
[h264 @ 0x619000000080] nal_unit_type: 8(PPS), nal_ref_idc: 3
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 0, dts -11
[h264 @ 0x619000000080] nal_unit_type: 7(SPS), nal_ref_idc: 3
[h264 @ 0x619000000080] Decoding VUI
[h264 @ 0x619000000080] nal_unit_type: 8(PPS), nal_ref_idc: 3
[h264 @ 0x619000000080] nal_unit_type: 5(IDR), nal_ref_idc: 3
[h264 @ 0x619000000080] Format yuv420p chosen by get_format().
[h264 @ 0x619000000080] Reinit context to 48x144, pix_fmt: yuv420p
[h264 @ 0x619000000080] no picture
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] All info found
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0: start_time:
1.11111e-05 duration: NOPTS
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] format: start_time: 1.1e-05
duration: NOPTS (estimate from bit rate) bitrate=0 kb/s
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] After
avformat_find_stream_info() pos: 164 bytes read:1267 seeks:0 frames:1
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'input.mp4':
Metadata:
major_brand : mp42
minor_version : 19529854
compatible_brands: mp42isom
creation_time : 2014-11-14T07:34:24.000000Z
Duration: N/A, start: 0.000011, bitrate: N/A
Stream #0:0[0x1], 1, 1/90000: Video: h264 (High), 1 reference frame
(avc1 / 0x31637661), yuv420p(tv, smpte170m, progressive, left), 48x144
[SAR 1:1 DAR 1:3], 0/1, 90k fps, 90k tbr, 90k tbn (default)
Metadata:
handler_name : Video Media Handler
vendor_id : [0][0][0][0]
encoder : AVC Coding
Successfully opened the file.
Parsing a group of options: output url small_movie_out.mp4.
Applying option pass (select the pass number (1 to 3)) with argument 2.
Successfully parsed a group of options.
Opening an output file: small_movie_out.mp4.
[out#0/mp4 @ 0x611000000b80] No explicit maps, mapping streams
automatically...
[vost#0:0/mpeg4 @ 0x617000000780] Created video stream from input stream
0:0
[file @ 0x60d000001080] Setting default whitelist 'file,crypto,data'
[AVIOContext @ 0x612000000c40] Statistics: 666494 bytes read, 0 seeks
detected 4 logical cores
[h264 @ 0x619000001980] nal_unit_type: 7(SPS), nal_ref_idc: 3
[h264 @ 0x619000001980] Decoding VUI
[h264 @ 0x619000001980] nal_unit_type: 8(PPS), nal_ref_idc: 3
[file @ 0x60d000001700] Setting default whitelist 'file,crypto,data'
Successfully opened the file.
Stream mapping:
Stream #0:0 -> #0:0 (h264 (native) -> mpeg4 (native))
[vost#0:0/mpeg4 @ 0x617000000780] Starting thread...
[vf#0:0 @ 0x60e0000002e0] Starting thread...
[vist#0:0/h264 @ 0x613000000ac0] Starting thread...
[in#0/mov,mp4,m4a,3gp,3g2,mj2 @ 0x612000000040] Starting thread...
Press [q] to stop, [?] for help
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 1, dts 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 2, dts 11
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 3, dts 22
[h264 @ 0x619000001980] nal_unit_type: 5(IDR), nal_ref_idc: 3
[h264 @ 0x619000001980] Format yuv420p chosen by get_format().
[h264 @ 0x619000001980] Reinit context to 48x144, pix_fmt: yuv420p
[h264 @ 0x619000001980] no picture
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 4, dts 33
[h264 @ 0x619000001e80] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000001e80] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
[h264 @ 0x619000001e80] no picture
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 5, dts 44
[h264 @ 0x619000002380] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000002380] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
[h264 @ 0x619000002880] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000002880] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 6, dts 56
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 7, dts 67
[h264 @ 0x619000002d80] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000002d80] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
[h264 @ 0x619000001980] nal_unit_type: 15(Subset SPS), nal_ref_idc: 0
[h264 @ 0x619000001980] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
[h264 @ 0x619000001980] Unknown NAL code: 15 (11 bits)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 8, dts 78
[h264 @ 0x619000001e80] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000001e80] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 9, dts 89
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x617000000080] stream 0, sample 10, dts 100
[h264 @ 0x619000002380] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000002380] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
[h264 @ 0x619000002880] nal_unit_type: 9(AUD), nal_ref_idc: 0
[h264 @ 0x619000002880] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'video_size' to
value '48x144'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'pix_fmt' to
value '0'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'time_base' to
value '1/90000'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'pixel_aspect' to
value '1/1'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'colorspace' to
value 'smpte170m'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'range' to value
'tv'
[graph 0 input from stream 0:0 @ 0x610000038140] Setting 'frame_rate' to
value '90000/1'
[graph 0 input from stream 0:0 @ 0x610000038140] w:48 h:144 pixfmt:yuv420p
tb:1/90000 fr:90000/1 sar:1/1 csp:smpte170m range:tv
[format @ 0x610000038340] Setting 'pix_fmts' to value 'yuv420p'
[AVFilterGraph @ 0x609000024800] query_formats: 4 queried, 9 merged, 0
already done, 0 delayed
[vost#0:0/mpeg4 @ 0x617000000780] *** 5460 dup!
[mpeg4 @ 0x619000001480] intra_quant_bias = 0 inter_quant_bias = -64
[mpeg4 @ 0x619000001480] requested bitrate is too low
=================================================================
==4110427==ERROR: AddressSanitizer: heap-use-after-free on address
0x60800001c440 at pc 0x55acbc0fef0d bp 0x7f69c9024a20 sp 0x7f69c9024a10
READ of size 8 at 0x60800001c440 thread T7 (vf#0:0)
#0 0x55acbc0fef0c in av_expr_free libavutil/eval.c:361
#1 0x55acb9964d81 in ff_rate_control_uninit
libavcodec/ratecontrol.c:686
#2 0x55acb9950ba9 in ff_mpv_encode_end libavcodec/mpegvideo_enc.c:991
#3 0x55acb98fe2f0 in avcodec_close libavcodec/avcodec.c:452
#4 0x55acba612e63 in avcodec_open2 libavcodec/avcodec.c:380
#5 0x55acb9a3b132 in enc_open fftools/ffmpeg_enc.c:319
#6 0x55acb9a94f90 in enc_open fftools/ffmpeg_sched.c:1462
#7 0x55acb9a94f90 in send_to_enc fftools/ffmpeg_sched.c:1571
#8 0x55acb9a94f90 in sch_filter_send fftools/ffmpeg_sched.c:2154
#9 0x55acb9a4597c in fg_output_frame fftools/ffmpeg_filter.c:2303
#10 0x55acb9a4876c in fg_output_step fftools/ffmpeg_filter.c:2406
#11 0x55acb9a4876c in read_frames fftools/ffmpeg_filter.c:2467
#12 0x55acb9a512de in read_frames fftools/ffmpeg_filter.c:2423
#13 0x55acb9a512de in filter_thread fftools/ffmpeg_filter.c:2879
#14 0x55acb9a8adb8 in task_wrapper fftools/ffmpeg_sched.c:2200
#15 0x7f69cfb8eac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
#16 0x7f69cfc2084f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)
0x60800001c440 is located 32 bytes inside of 72-byte region
[0x60800001c420,0x60800001c468)
freed by thread T7 (vf#0:0) here:
#0 0x7f69cfeda537 in __interceptor_free
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x55acbc0fee0e in av_expr_free libavutil/eval.c:366
#2 0x55acbc792057 (/home/bb1222/ffmpeg-asan/ffmpeg_g+0x341c057)
previously allocated by thread T7 (vf#0:0) here:
#0 0x7f69cfedb57c in __interceptor_posix_memalign
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x55acbc12a78c in av_malloc libavutil/mem.c:105
Thread T7 (vf#0:0) created by T0 here:
#0 0x7f69cfe7e685 in __interceptor_pthread_create
../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x55acb9a88ad9 in task_start fftools/ffmpeg_sched.c:403
SUMMARY: AddressSanitizer: heap-use-after-free libavutil/eval.c:361 in
av_expr_free
Shadow bytes around the buggy address:
0x0c107fffb830: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
0x0c107fffb840: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
0x0c107fffb850: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
0x0c107fffb860: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c107fffb870: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
=>0x0c107fffb880: fa fa fa fa fd fd fd fd[fd]fd fd fd fd fa fa fa
0x0c107fffb890: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c107fffb8a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fffb8b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fffb8c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fffb8d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==4110427==ABORTING
}}}
==== Environment:
{{{
ffmpeg version N-113344-gbe4fcf027b
gcc 11.4.0
Ubuntu 22.04.2
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10806>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list