Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#6459 closed defect (fixed)

Invalid write in ff_vp9_ipred_dr_16x16_16_avx2

Reported by: tsmith Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vp9 crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

How to reproduce:

% ffmpeg -f ivf -i test_case.ivf -frames 5 -f null -
ffmpeg version N-86447-gfeb13ae Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic
  libavutil      55. 63.100 / 55. 63.100
  libavcodec     57. 98.100 / 57. 98.100
  libavformat    57. 73.100 / 57. 73.100
  libavfilter     6. 92.100 /  6. 92.100
  libswresample   2.  8.100 /  2.  8.100

Invalid write of size 8
   at 0x60D0C8: ff_vp9_ipred_dr_16x16_16_avx2 (vp9intrapred_16bpp.asm:1224)
   by 0x4ED4DD: ff_vp9_decode_block (vp9block.c:1385)
   by 0x4EA038: decode_sb (vp9.c:953)
   by 0x4EA70F: decode_sb (vp9.c:969)
   by 0x4DF174: vp9_decode_frame (vp9.c:1314)
   by 0x4C0FAB: decode_simple_internal (decode.c:417)
   by 0x4C0FAB: decode_simple_receive_frame (decode.c:620)
   by 0x4C0FAB: decode_receive_frame_internal (decode.c:638)
   by 0x4C05D9: avcodec_send_packet (decode.c:678)
   by 0x4A8662: try_decode_frame (utils.c:3005)
   by 0x4A2FB3: avformat_find_stream_info (utils.c:3822)
   by 0x411F31: open_input_file (ffmpeg_opt.c:1013)
   by 0x41064B: open_files (ffmpeg_opt.c:3207)
   by 0x410213: ffmpeg_parse_options (ffmpeg_opt.c:3247)
 Address 0x5a30420 is 0 bytes after an unallocated block of size 16 in arena "client"

Attachments (1)

test_case.ivf (142 bytes) - added by tsmith 5 months ago.

Download all attachments as: .zip

Change History (5)

Changed 5 months ago by tsmith

comment:1 Changed 5 months ago by tsmith

The stack trace was generated with Valgrind

comment:2 Changed 5 months ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords vp9 crash added
  • Priority changed from normal to important
  • Resolution set to fixed
  • Status changed from new to closed

comment:3 Changed 5 months ago by rbultje

Hi Carl, just checking, did you confirm that there's no other issues exposed by this particular test case? I'm asking because I wasn't able to reproduce the issue, I merely inspected the source code and found an issue that would lead to this. Just would like to double check that there's no other issue lurking around in addition to the one I fixed. Thanks!

comment:4 Changed 5 months ago by rbultje

Also, @msmith, I don't know how you guys do it, but it's pretty incredible that you found this issue only 47 hours after the commit that introduced it was pushed (81fc617c125734aa6f3b3d938af75fef6db750e7). Thanks so much!

Note: See TracTickets for help on using tickets.