Opened 3 weeks ago

Closed 2 weeks ago

#6715 closed defect (invalid)

Uninitialized variable in ff_h264_hl_decode_mb

Reported by: jwatte Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

I am building a program that decodes H264 captured video, and then runs computer vision analysis on it.

When I ran my program through valgrind, it complained that I was depending on uninitialized data.

Turning on thorough source tracking, it turns out that the uninitialized data was created inside libavcodec:

==11510== Conditional jump or move depends on uninitialised value(s)
==11510==    at 0x76AF5B8: sqrt (w_sqrt.c:27)
==11510==    by 0x18FA43: compute_labels_cv(int, void const*, unsigned char const*, float*) (main.cpp:574)
==11510==    by 0x190B4D: database_frame(int, int, int, void const*, int, void const*, int, void const*, int, float, float) (main.cpp:786)
==11510==    by 0x192629: generate_dataset(char const*) (main.cpp:1074)
==11510==    by 0x193D7E: main (main.cpp:1421)
==11510==  Uninitialised value was created by a stack allocation
==11510==    at 0x5C6920: ff_h264_hl_decode_mb (h264_mb.c:798)

This is using version 12.1 of libav.

The line is:

    int is_complex    = CONFIG_SMALL || sl->is_complex ||                        IS_INTRA_PCM(mb_type) || sl->qscale == 0;

Presumably, sl->is_complex or sl->qscale aren't initialized at this point?

Change History (3)

comment:1 Changed 3 weeks ago by cehoyos

  • Resolution set to invalid
  • Status changed from new to closed

This is the FFmpeg bug tracker.

comment:2 Changed 2 weeks ago by jwatte

  • Resolution invalid deleted
  • Status changed from closed to reopened

I can't find a separate libavcodec bug tracker, and there are plenty of libavcodec bugs in this bug database.
If there's a better database for libavcodec bugs, please point me at it.

comment:3 Changed 2 weeks ago by jwatte

  • Resolution set to invalid
  • Status changed from reopened to closed

Oh, sorry -- I was not aware of the project split and name sharing. Might want to have a more verbose close message to un-confuse reporters.

Note: See TracTickets for help on using tickets.