Opened 3 years ago

Closed 2 years ago

#5128 closed defect (fixed)

null pointer passed as argument in av_packet_ref()

Reported by: tsmith Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
UBSan: libavcodec/avpacket.c:566:32: runtime error: null pointer passed as argument 2, which is declared to never be null

How to reproduce:

% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers
  built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv
  libavutil      55. 12.100 / 55. 12.100
  libavcodec     57. 22.100 / 57. 22.100
  libavformat    57. 21.101 / 57. 21.101
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 23.100 /  6. 23.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
[vp8 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation
Input #0, ivf, from '/home/user/Desktop/vpx/corpus/15d591cfc299e559f570fa445ba91fb768230159':
  Duration: 00:00:00.10, start: 0.000000, bitrate: 115 kb/s
    Stream #0:0: Video: vp8 (VP80 / 0x30385056), yuv420p, 5696x36, 30 tbr, 30 tbn, 30 tbc
[wrapped_avframe @ 0x619000003780] Warning: not compiled with thread support, using thread emulation
[vp8 @ 0x619000004180] Warning: not compiled with thread support, using thread emulation
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.21.101
    Stream #0:0: Video: wrapped_avframe, yuv420p, 5696x36, q=2-31, 200 kb/s, 30 fps, 30 tbn, 30 tbc
    Metadata:
      encoder         : Lavc57.22.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (vp8 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Input stream #0:0 frame changed from size:5696x36 fmt:yuv420p to size:64x36 fmt:yuv420p
DTS -212200375451618, next:33333 st:0 invalid dropping
PTS -212200375451618, next:33333 invalid dropping st:0
[vp8 @ 0x619000004180] Invalid partitions
Error while decoding stream #0:0: Invalid data found when processing input
libavcodec/avpacket.c:566:32: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0xd11745 in av_packet_ref /home/user/code/ffmpeg/libavcodec/avpacket.c:566:9
    #1 0xc0bb7f in ff_read_packet /home/user/code/ffmpeg/libavformat/utils.c:702:19
    #2 0xc112dc in read_frame_internal /home/user/code/ffmpeg/libavformat/utils.c:1343:15
    #3 0xc1079a in av_read_frame /home/user/code/ffmpeg/libavformat/utils.c:1504:17
    #4 0x594311 in process_input /home/user/code/ffmpeg/ffmpeg.c:3758:11
    #5 0x5726c6 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4068:11
    #6 0x5726c6 in transcode /home/user/code/ffmpeg/ffmpeg.c:4122
    #7 0x56f73c in main /home/user/code/ffmpeg/ffmpeg.c:4314:9
    #8 0x7fce5cfe2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #9 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)

Attachments (1)

test_case.vp8.ivf (1.4 KB) - added by tsmith 3 years ago.

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by tsmith

comment:1 Changed 2 years ago by richardpl

  • Resolution set to fixed
  • Status changed from new to closed

Looks to be fixed.

comment:2 Changed 2 years ago by cehoyos

  • Resolution fixed deleted
  • Status changed from closed to reopened

If there ever was an issue, it is still reproducible with a2c40931

comment:3 Changed 2 years ago by cehoyos

  • Reproduced by developer set
  • Status changed from reopened to open

comment:4 Changed 2 years ago by cehoyos

  • Keywords ubsan added
  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.