Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#6459 closed defect (fixed)

Invalid write in ff_vp9_ipred_dr_16x16_16_avx2

Reported by: tsmith Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vp9 crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


How to reproduce:

% ffmpeg -f ivf -i test_case.ivf -frames 5 -f null -
ffmpeg version N-86447-gfeb13ae Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic
  libavutil      55. 63.100 / 55. 63.100
  libavcodec     57. 98.100 / 57. 98.100
  libavformat    57. 73.100 / 57. 73.100
  libavfilter     6. 92.100 /  6. 92.100
  libswresample   2.  8.100 /  2.  8.100

Invalid write of size 8
   at 0x60D0C8: ff_vp9_ipred_dr_16x16_16_avx2 (vp9intrapred_16bpp.asm:1224)
   by 0x4ED4DD: ff_vp9_decode_block (vp9block.c:1385)
   by 0x4EA038: decode_sb (vp9.c:953)
   by 0x4EA70F: decode_sb (vp9.c:969)
   by 0x4DF174: vp9_decode_frame (vp9.c:1314)
   by 0x4C0FAB: decode_simple_internal (decode.c:417)
   by 0x4C0FAB: decode_simple_receive_frame (decode.c:620)
   by 0x4C0FAB: decode_receive_frame_internal (decode.c:638)
   by 0x4C05D9: avcodec_send_packet (decode.c:678)
   by 0x4A8662: try_decode_frame (utils.c:3005)
   by 0x4A2FB3: avformat_find_stream_info (utils.c:3822)
   by 0x411F31: open_input_file (ffmpeg_opt.c:1013)
   by 0x41064B: open_files (ffmpeg_opt.c:3207)
   by 0x410213: ffmpeg_parse_options (ffmpeg_opt.c:3247)
 Address 0x5a30420 is 0 bytes after an unallocated block of size 16 in arena "client"

Attachments (1)

test_case.ivf (142 bytes) - added by tsmith 3 years ago.

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by tsmith

comment:1 Changed 3 years ago by tsmith

The stack trace was generated with Valgrind

comment:2 Changed 3 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords vp9 crash added
  • Priority changed from normal to important
  • Resolution set to fixed
  • Status changed from new to closed

comment:3 Changed 3 years ago by rbultje

Hi Carl, just checking, did you confirm that there's no other issues exposed by this particular test case? I'm asking because I wasn't able to reproduce the issue, I merely inspected the source code and found an issue that would lead to this. Just would like to double check that there's no other issue lurking around in addition to the one I fixed. Thanks!

comment:4 Changed 3 years ago by rbultje

Also, @msmith, I don't know how you guys do it, but it's pretty incredible that you found this issue only 47 hours after the commit that introduced it was pushed (81fc617c125734aa6f3b3d938af75fef6db750e7). Thanks so much!

Note: See TracTickets for help on using tickets.