Opened 10 years ago

Closed 10 years ago

#3193 closed defect (fixed)

swr/aresample: invalid read with MP3

Reported by: Clément Bœsch Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords: swr aresample
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

☭ ./ffmpeg -f lavfi -i aevalsrc=0 -t 5 silence.mp3
ffmpeg version N-58723-g0cc5011 Copyright (c) 2000-2013 the FFmpeg developers
  built on Dec  3 2013 07:47:03 with gcc 4.8.2 (GCC)
  configuration: --enable-gpl --enable-version3 --enable-fontconfig --enable-libfreetype --enable-libmp3lame --enable-libvorbis --enable-libxvid --enable-libx264 --enable-libvpx --enable-libtheora --enable-x11grab --enable-libopenjpeg --enable-libass --enable-libmodplug --enable-libv4l2 --cc=colorgcc --samples=/home/ubitux/fate-samples --prefix=/tmp/ffinstall --disable-runtime-cpudetect --enable-libcelt --enable-libopencv --enable-frei0r --enable-libcaca --enable-libiec61883 --enable-libopencore-amrwb --enable-libopencore-amrnb --enable-libopus --enable-libpulse --enable-libspeex --assert-level=2 --enable-libzmq --enable-libschroedinger
  libavutil      52. 56.100 / 52. 56.100
  libavcodec     55. 44.100 / 55. 44.100
  libavformat    55. 22.100 / 55. 22.100
  libavdevice    55.  5.102 / 55.  5.102
  libavfilter     3. 91.100 /  3. 91.100
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
Input #0, lavfi, from 'aevalsrc=0':
  Duration: N/A, start: 0.000000, bitrate: 2822 kb/s
    Stream #0:0: Audio: pcm_f64le, 44100 Hz, mono, dbl, 2822 kb/s
Output #0, mp3, to 'silence.mp3':
  Metadata:
    TSSE            : Lavf55.22.100
    Stream #0:0: Audio: mp3 (libmp3lame), 44100 Hz, mono, s32p
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_f64le -> libmp3lame)
Press [q] to stop, [?] for help
size=      40kB time=00:00:05.01 bitrate=  64.7kbits/s    
video:0kB audio:39kB subtitle:0 global headers:0kB muxing overhead 0.562815%
☭ valgrind ./ffmpeg_g -i silence.mp3 -ar 8000 -f null -
==1559== Memcheck, a memory error detector
==1559== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1559== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==1559== Command: ./ffmpeg_g -i silence.mp3 -ar 8000 -f null -
==1559== 
ffmpeg version N-58723-g0cc5011 Copyright (c) 2000-2013 the FFmpeg developers
  built on Dec  3 2013 07:47:03 with gcc 4.8.2 (GCC)
  configuration: --enable-gpl --enable-version3 --enable-fontconfig --enable-libfreetype --enable-libmp3lame --enable-libvorbis --enable-libxvid --enable-libx264 --enable-libvpx --enable-libtheora --enable-x11grab --enable-libopenjpeg --enable-libass --enable-libmodplug --enable-libv4l2 --cc=colorgcc --samples=/home/ubitux/fate-samples --prefix=/tmp/ffinstall --disable-runtime-cpudetect --enable-libcelt --enable-libopencv --enable-frei0r --enable-libcaca --enable-libiec61883 --enable-libopencore-amrwb --enable-libopencore-amrnb --enable-libopus --enable-libpulse --enable-libspeex --assert-level=2 --enable-libzmq --enable-libschroedinger
  libavutil      52. 56.100 / 52. 56.100
  libavcodec     55. 44.100 / 55. 44.100
  libavformat    55. 22.100 / 55. 22.100
  libavdevice    55.  5.102 / 55.  5.102
  libavfilter     3. 91.100 /  3. 91.100
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mp3, from 'silence.mp3':
  Metadata:
    encoder         : Lavf55.22.100
  Duration: 00:00:05.04, start: 0.000000, bitrate: 64 kb/s
    Stream #0:0: Audio: mp3, 44100 Hz, mono, s16p, 64 kb/s
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.22.100
    Stream #0:0: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (mp3 -> pcm_s16le)
Press [q] to stop, [?] for help
==1559== Invalid read of size 16
==1559==    at 0xB4408D: swri_resample_int16_ssse3 (resample_template.c:122)
==1559==    by 0xB446D9: multiple_resample (resample.c:321)
==1559==    by 0xB3BBC4: resample (swresample.c:569)
==1559==    by 0xB3C83F: swr_convert_internal.part.3 (swresample.c:681)
==1559==    by 0xB3D163: swr_convert (swresample.c:769)
==1559==    by 0x4EBD8C: filter_frame (af_aresample.c:202)
==1559==    by 0x497526: ff_filter_frame_framed (avfilter.c:1072)
==1559==    by 0x49968B: ff_filter_frame (avfilter.c:1147)
==1559==    by 0x497526: ff_filter_frame_framed (avfilter.c:1072)
==1559==    by 0x49968B: ff_filter_frame (avfilter.c:1147)
==1559==    by 0x49DE91: request_frame (buffersrc.c:491)
==1559==    by 0x49DBF4: av_buffersrc_add_frame_internal (buffersrc.c:170)
==1559==  Address 0x1313b772 is 2,290 bytes inside a block of size 2,304 alloc'd
==1559==    at 0x4C29D00: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1559==    by 0x4C29E17: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1559==    by 0xB9E8F9: av_malloc (mem.c:94)
==1559==    by 0xB90BA7: av_buffer_alloc (buffer.c:70)
==1559==    by 0xB914CB: av_buffer_pool_get (buffer.c:305)
==1559==    by 0x962A9E: avcodec_default_get_buffer2 (utils.c:597)
==1559==    by 0x96342E: ff_get_buffer (utils.c:933)
==1559==    by 0x86F6AA: mp_decode_frame (mpegaudiodec_template.c:1608)
==1559==    by 0x86FC2D: decode_frame (mpegaudiodec_template.c:1684)
==1559==    by 0x9652BE: avcodec_decode_audio4 (utils.c:2212)
==1559==    by 0x4882AA: decode_audio (ffmpeg.c:1554)
==1559==    by 0x472A92: main (ffmpeg.c:1905)
==1559== 
size=N/A time=00:00:05.04 bitrate=N/A    
video:0kB audio:78kB subtitle:0 global headers:0kB muxing overhead -100.027409%
==1559== 
==1559== HEAP SUMMARY:
==1559==     in use at exit: 6,169 bytes in 5 blocks
==1559==   total heap usage: 4,690 allocs, 4,685 frees, 245,319,293 bytes allocated
==1559== 
==1559== LEAK SUMMARY:
==1559==    definitely lost: 6,024 bytes in 1 blocks
==1559==    indirectly lost: 0 bytes in 0 blocks
==1559==      possibly lost: 0 bytes in 0 blocks
==1559==    still reachable: 145 bytes in 4 blocks
==1559==         suppressed: 0 bytes in 0 blocks
==1559== Rerun with --leak-check=full to see details of leaked memory
==1559== 
==1559== For counts of detected and suppressed errors, rerun with: -v
==1559== ERROR SUMMARY: 64 errors from 1 contexts (suppressed: 2 from 2)

Change History (3)

comment:1 by Clément Bœsch, 10 years ago

Also present in mmx2, no problem found with -ssse3 -mmx2.

comment:2 by Carl Eugen Hoyos, 10 years ago

Reproduced by developer: set
Status: newopen

comment:3 by Michael Niedermayer, 10 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.