Assertion mem != 0x80008000U failed at libavcodec/vp9mvs.c:149

[tsmith]

Summary of the bug:
How to reproduce:

$ ASAN_OPTIONS=handle_abort=1 ./ffmpeg -f ivf -i ~/Desktop/testcase.ivf -an -threads 1 -frames 15 -f null -
ffmpeg version N-89982-g81d6501 Copyright (c) 2000-2018 the FFmpeg developers
  built with clang version 4.0.0-1ubuntu1~16.04.2 (tags/RELEASE_400/rc1)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-dxva2 --disable-vaapi --disable-vdpau --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser='vp8,vp9' --enable-decoder='vp8,vp9' --disable-pic --disable-alsa --disable-cuda --disable-cuvid --disable-nvenc --disable-nvdec --disable-v4l2_m2m --disable-zlib --assert-level=2 --disable-x86asm
  libavutil      56.  7.100 / 56.  7.100
  libavcodec     58. 10.100 / 58. 10.100
  libavformat    58.  9.100 / 58.  9.100
  libavdevice    58.  1.100 / 58.  1.100
  libavfilter     7. 11.101 /  7. 11.101
  libswresample   3.  0.101 /  3.  0.101
[vp9 @ 0xf4f03280] Warning: not compiled with thread support, using thread emulation
Input #0, ivf, from '/home/user/Desktop/testcase.ivf':
  Duration: 00:00:00.00, start: 0.000000, bitrate: 87549333 kb/s
    Stream #0:0: Video: vp9 (Profile 2) (VP90 / 0x30395056), yuv420p12le(pc, smpte240m/unknown/unknown), 3457x2067, 1 tbr, 1612188.10 tbn, 1612188.10 tbc
[vp9 @ 0xf4f02d80] Warning: not compiled with thread support, using thread emulation
Stream mapping:
  Stream #0:0 -> #0:0 (vp9 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[vp9 @ 0xf4f02d80] Invalid frame marker
Error while decoding stream #0:0: Invalid data found when processing input
[vp9 @ 0xf4f02d80] Invalid ref frame dimensions 3457x2067 for frame size 8x53249
Error while decoding stream #0:0: Invalid data found when processing input
Assertion mem != 0x80008000U failed at libavcodec/vp9mvs.c:149
ASAN:DEADLYSIGNAL
=================================================================
==87843==ERROR: AddressSanitizer: ABRT on unknown address 0x00015723 (pc 0xf7f1bdc9 bp 0x00000002 sp 0xffca89d8 T0)
    #0 0xf7f1bdc8  (<unknown module>)
    #1 0xf7cccea8 in gsignal /build/glibc-mUak1Y/glibc-2.23/signal/../sysdeps/unix/sysv/linux/raise.c:54
    #2 0xf7cce406 in abort /build/glibc-mUak1Y/glibc-2.23/stdlib/abort.c:89
    #3 0x8520eab in find_ref_mvs /FFmpeg/libavcodec/vp9mvs.c
    #4 0x850ed90 in ff_vp9_fill_mv /FFmpeg/libavcodec/vp9mvs.c:302:9
    #5 0x835de5f in decode_mode /FFmpeg/libavcodec/vp9block.c:648:17
    #6 0x834e814 in ff_vp9_decode_block /FFmpeg/libavcodec/vp9block.c:1289:9
    #7 0x834bdde in decode_sb /FFmpeg/libavcodec/vp9.c:1068:9
    #8 0x834c2cc in decode_sb /FFmpeg/libavcodec/vp9.c:1106:13
    #9 0x834c5d3 in decode_sb /FFmpeg/libavcodec/vp9.c:1095:17
    #10 0x834c277 in decode_sb /FFmpeg/libavcodec/vp9.c:1105:13
    #11 0x832bc77 in decode_tiles /FFmpeg/libavcodec/vp9.c:1309:25
    #12 0x832bc77 in vp9_decode_frame /FFmpeg/libavcodec/vp9.c:1646
    #13 0x82a1c80 in decode_simple_internal /FFmpeg/libavcodec/decode.c:398:15
    #14 0x82a1c80 in decode_simple_receive_frame /FFmpeg/libavcodec/decode.c:594
    #15 0x82a1c80 in decode_receive_frame_internal /FFmpeg/libavcodec/decode.c:612
    #16 0x82a0a4f in avcodec_send_packet /FFmpeg/libavcodec/decode.c:674:15
    #17 0x81b9d20 in decode /FFmpeg/fftools/ffmpeg.c:2241:15
    #18 0x81b9d20 in decode_video /FFmpeg/fftools/ffmpeg.c:2385
    #19 0x81b9d20 in process_input_packet /FFmpeg/fftools/ffmpeg.c:2626
    #20 0x81aecaa in process_input /FFmpeg/fftools/ffmpeg.c:4463:5
    #21 0x81aecaa in transcode_step /FFmpeg/fftools/ffmpeg.c:4583
    #22 0x81aecaa in transcode /FFmpeg/fftools/ffmpeg.c:4632
    #23 0x81a4fa0 in main /FFmpeg/fftools/ffmpeg.c:4812:5
    #24 0xf7cb9636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
    #25 0x806e4f7 in _start (/FFmpeg/ffmpeg+0x806e4f7)

git commit 81d6501be77b273053a66eeced94d78e2021f1d1

[Carl Eugen Hoyos]

Also reproducible with 900e3af8

$ ffmpeg_g -f ivf -i testcase.ivf -f null -
ffmpeg version N-89989-g10bcc41 Copyright (c) 2000-2018 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --disable-pthreads --assert-level=2
  libavutil      56.  7.100 / 56.  7.100
  libavcodec     58. 10.100 / 58. 10.100
  libavformat    58.  9.100 / 58.  9.100
  libavdevice    58.  1.100 / 58.  1.100
  libavfilter     7. 11.101 /  7. 11.101
  libswscale      5.  0.101 /  5.  0.101
  libswresample   3.  0.101 /  3.  0.101
[vp9 @ 0x2bdeb00] Warning: not compiled with thread support, using thread emulation
Input #0, ivf, from 'testcase.ivf':
  Duration: 00:00:00.00, start: 0.000000, bitrate: 87549333 kb/s
    Stream #0:0: Video: vp9 (Profile 2) (VP90 / 0x30395056), yuv420p12le(pc, smpte240m/unknown/unknown), 3457x2067, 1 tbr, 1612188.10 tbn, 1612188.10 tbc
[vp9 @ 0x2c0dc80] Warning: not compiled with thread support, using thread emulation
Stream mapping:
  Stream #0:0 -> #0:0 (vp9 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[vp9 @ 0x2c0dc80] Invalid frame marker
Error while decoding stream #0:0: Invalid data found when processing input
[vp9 @ 0x2c0dc80] Invalid ref frame dimensions 3457x2067 for frame size 8x53249
Error while decoding stream #0:0: Invalid data found when processing input
Assertion mem != 0x80008000U failed at libavcodec/vp9mvs.c:149
Aborted

[Carl Eugen Hoyos]

Fixed by Michael in 78862488f85207633f29f5a66e42364024a14c3f