Opened 16 months ago

Last modified 16 months ago

#10307 new defect

Segmentation Violation (dct_quantize_refine in libavcodec/mpegvideo_enc.c:4436)

Reported by: Youngseok Choi Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords: fuzzing, SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Our fuzzer found a new SEGV bug in FFmpeg.

Command Input

ffmpeg -lowres E -i poc_file -mbd 1 -alternate_scan true -s +6x580 -quantizer_noise_shaping 1 .mp4

poc_file is attached.

Command Output in gdb

[h263 @ 0x617000000080] Format h263 detected only with low score of 25, misdetection possible!
Input #0, h263, from '/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/ffmpeg/1_id:023624/poc_file':
  Duration: N/A, bitrate: N/A
  Stream #0:0: Video: h263, yuv420p, 128x96 [SAR 12:11 DAR 16:11], 29.97 fps, 29.97 tbr, 1200k tbn
Stream mapping:
  Stream #0:0 -> #0:0 (h263 (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
[New Thread 0x7ffff1cff700 (LWP 2506)]
[h263 @ 0x619000002380] warning: first frame is no keyframe
[h263 @ 0x619000002380] Error at MB: 2
[New Thread 0x7ffff14fe700 (LWP 2507)]
[New Thread 0x7ffff0cfd700 (LWP 2508)]
[New Thread 0x7ffff04fc700 (LWP 2509)]
[New Thread 0x7fffefcfb700 (LWP 2510)]
[New Thread 0x7fffef4fa700 (LWP 2511)]
[New Thread 0x7fffeecf9700 (LWP 2512)]
[New Thread 0x7fffee4f8700 (LWP 2513)]
[New Thread 0x7fffedcf7700 (LWP 2514)]
[New Thread 0x7fffed4f6700 (LWP 2515)]
[New Thread 0x7fffeccf5700 (LWP 2516)]
[New Thread 0x7fffec4f4700 (LWP 2517)]
[New Thread 0x7fffebcf3700 (LWP 2518)]
[New Thread 0x7fffeb4f2700 (LWP 2519)]
[New Thread 0x7fffeacf1700 (LWP 2520)]
[New Thread 0x7fffea4f0700 (LWP 2521)]
[New Thread 0x7fffe9cef700 (LWP 2522)]
[New Thread 0x7fffe94ee700 (LWP 2523)]
[New Thread 0x7fffe8ced700 (LWP 2524)]
[New Thread 0x7fffe84ec700 (LWP 2525)]
[New Thread 0x7fffe7ceb700 (LWP 2526)]
[New Thread 0x7fffe74ea700 (LWP 2527)]
[New Thread 0x7fffe6ce9700 (LWP 2528)]
[New Thread 0x7fffe64e8700 (LWP 2529)]
[New Thread 0x7fffe5ce7700 (LWP 2530)]
[New Thread 0x7fffe54e6700 (LWP 2531)]
[New Thread 0x7fffe4ce5700 (LWP 2532)]
[New Thread 0x7fffe44e4700 (LWP 2533)]
[New Thread 0x7fffe3ce3700 (LWP 2534)]
[New Thread 0x7fffe34e2700 (LWP 2535)]
[New Thread 0x7fffe2ce1700 (LWP 2536)]
[New Thread 0x7fffe24e0700 (LWP 2537)]
[New Thread 0x7fffe1cdf700 (LWP 2538)]
[New Thread 0x7fffe14de700 (LWP 2539)]
[New Thread 0x7fffe0cdd700 (LWP 2540)]
[New Thread 0x7fffe04dc700 (LWP 2541)]
[New Thread 0x7fffdfcdb700 (LWP 2542)]
[New Thread 0x7fffdf4da700 (LWP 2543)]
[New Thread 0x7fffdecd9700 (LWP 2544)]
[New Thread 0x7fffde4d8700 (LWP 2545)]
[New Thread 0x7fffddcd7700 (LWP 2546)]
[New Thread 0x7fffdd4d6700 (LWP 2547)]
[New Thread 0x7fffdccd5700 (LWP 2548)]
[New Thread 0x7fffdc4d4700 (LWP 2549)]
[New Thread 0x7fffdbcd3700 (LWP 2550)]
[New Thread 0x7fffdb4d2700 (LWP 2551)]
[mpeg4 @ 0x619000003780] Invalid pixel aspect ratio 4640/33, limit is 255/255 reducing
Output #0, mp4, to '.mp4':
  Metadata:
    encoder         : Lavf60.4.101
  Stream #0:0: Video: mpeg4 (mp4v / 0x7634706D), yuv420p(tv, progressive), 6x580 [SAR 141:1 DAR 423:290], q=2-31, 200 kb/s, SAR 4640:33 DAR 16:11, 29.97 fps, 30k tbn
    Metadata:
      encoder         : Lavc60.9.100 mpeg4
    Side data:
      cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: N/A
[New Thread 0x7fffdacd1700 (LWP 2552)]
[h263 @ 0x619000002380] Reverting picture dimensions change due to header decoding failure
[h263 @ 0x619000002380] header damaged
Error while decoding stream #0:0: Invalid data found when processing input
[Thread 0x7ffff1cff700 (LWP 2506) exited]
[h263 @ 0x619000002380] illegal ac vlc code at 6x1
[h263 @ 0x619000002380] Error at MB: 15

Thread 34 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe1cdf700 (LWP 2538)]
0x00005555574cabcf in dct_quantize_refine (s=0x62500008c100, block=0x61f000000280, weight=0x7fffe1cd2b40, orig=0x7fffe1cd3160, n=4, qscale=2)
    at libavcodec/mpegvideo_enc.c:4436
4436                            int next_level= block[ perm_scantable[next_i] ] + 64;

Backtrace

#0  0x00005555574cabcf in dct_quantize_refine (s=0x62500008c100, block=0x61f000000280, weight=0x7fffe1cd2b40, orig=0x7fffe1cd3160, n=4, qscale=2)
    at libavcodec/mpegvideo_enc.c:4436
#1  0x000055555749957f in encode_mb_internal (chroma_format=1, chroma_y_shift=1, chroma_x_shift=1, mb_block_count=6, mb_block_width=8,
    mb_block_height=8, motion_y=0, motion_x=0, s=0x62500008c100) at libavcodec/mpegvideo_enc.c:2405
#2  encode_mb (motion_y=0, motion_x=0, s=0x62500008c100) at libavcodec/mpegvideo_enc.c:2504
#3  encode_mb_hq (s=0x62500008c100, backup=0x7fffe1cdcbf0, best=0x7fffe1cdaa10, pb=0x7fffe1cd3c10, pb2=0x7fffe1cd3c90, tex_pb=0x7fffe1cd3d10,
    dmin=0x7fffe1cd3970, next_block=0x7fffe1cd39b0, motion_x=0, motion_y=0) at libavcodec/mpegvideo_enc.c:2602
#4  0x00005555574aad51 in encode_thread (c=0x619000003780, arg=0x6250000053e0) at libavcodec/mpegvideo_enc.c:3071
#5  0x0000555557629a3d in worker_func (priv=0x619000003780, jobnr=1, threadnr=1, nb_jobs=16, nb_threads=16) at libavcodec/pthread_slice.c:77
#6  0x0000555558d98052 in run_jobs (ctx=0x611000024080) at libavutil/slicethread.c:65
#7  0x0000555558d98224 in thread_worker (v=0x61c0000010f0) at libavutil/slicethread.c:89
#8  0x00007ffff59d86db in start_thread (arg=0x7fffe1cdf700) at pthread_create.c:463
#9  0x00007ffff570161f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Assembley code around pc

Dump of assembler code from 0x5555574cabaf to 0x5555574cabef:
   0x00005555574cabaf <dct_quantize_refine+6491>:       test   %dl,%dl
   0x00005555574cabb1 <dct_quantize_refine+6493>:       setne  %sil
   0x00005555574cabb5 <dct_quantize_refine+6497>:       mov    %rax,%rdi
   0x00005555574cabb8 <dct_quantize_refine+6500>:       and    $0x7,%edi
   0x00005555574cabbb <dct_quantize_refine+6503>:       cmp    %dl,%dil
   0x00005555574cabbe <dct_quantize_refine+6506>:       setge  %dl
   0x00005555574cabc1 <dct_quantize_refine+6509>:       and    %esi,%edx
   0x00005555574cabc3 <dct_quantize_refine+6511>:       test   %dl,%dl
   0x00005555574cabc5 <dct_quantize_refine+6513>:       je     0x5555574cabcf <dct_quantize_refine+6523>
   0x00005555574cabc7 <dct_quantize_refine+6515>:       mov    %rax,%rdi
   0x00005555574cabca <dct_quantize_refine+6518>:       callq  0x555555a83bd0 <__asan_report_load1@plt>
=> 0x00005555574cabcf <dct_quantize_refine+6523>:       movzbl (%rcx),%eax
   0x00005555574cabd2 <dct_quantize_refine+6526>:       movzbl %al,%eax
   0x00005555574cabd5 <dct_quantize_refine+6529>:       lea    (%rax,%rax,1),%rdx
   0x00005555574cabd9 <dct_quantize_refine+6533>:       mov    -0x3c0(%rbp),%rax
   0x00005555574cabe0 <dct_quantize_refine+6540>:       lea    (%rdx,%rax,1),%rcx
   0x00005555574cabe4 <dct_quantize_refine+6544>:       mov    %rcx,%rax
   0x00005555574cabe7 <dct_quantize_refine+6547>:       mov    %rax,%rdx
   0x00005555574cabea <dct_quantize_refine+6550>:       shr    $0x3,%rdx
   0x00005555574cabee <dct_quantize_refine+6554>:       add    $0x7fff8000,%rdx
End of assembler dump.

Register Info

rax            0x625058064814   108097213712404
rbx            0x7fffe1cd0bb0   140736981699504
rcx            0x625058064814   108097213712404
rdx            0x0      0
rsi            0x0      0
rdi            0x4      4
rbp            0x7fffe1cd0bd0   0x7fffe1cd0bd0
rsp            0x7fffe1cd07f0   0x7fffe1cd07f0
r8             0x555559cb4ea0   93825067077280
r9             0x2      2
r10            0x616000031280   107064944956032
r11            0x7fffe1cd3250   140736981709392
r12            0xffffc39a122    17592122712354
r13            0x7fffe1cd0910   140736981698832
r14            0x7fffe1cd0910   140736981698832
r15            0x8      8
rip            0x5555574cabcf   0x5555574cabcf <dct_quantize_refine+6523>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            <invalid float value>    (raw 0xffff0000253e000003b2)
st1            <invalid float value>    (raw 0xffff00009b0a00001f02)
st2            <invalid float value>    (raw 0xffff0000000000000094)
st3            <invalid float value>    (raw 0xffff0003010000060542)
st4            <invalid float value>    (raw 0xffff0000000000000000)
st5            <invalid float value>    (raw 0xffff00a000a000a000a0)
st6            <invalid float value>    (raw 0xffff2d7b2d7b0000e174)
st7            <invalid float value>    (raw 0xffff0b5f03bb000043bb)
fctrl          0x37f    895
fstat          0x0      0
ftag           0xaaaa   43690
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa8   [ OE PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 24 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0x0 <repeats 12 times>}, v8_int32 = {
    0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffffffffff, 0x0, 0x0, 0x0}, v2_int128 = {0xffffffffffffffff, 0x0}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x1, 0x0, 0x3, 0x0, 0x2,
    0x0 <repeats 27 times>}, v16_int16 = {0x1, 0x3, 0x2, 0x0 <repeats 13 times>}, v8_int32 = {0x30001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x200030001, 0x0, 0x0, 0x0}, v2_int128 = {0x200030001, 0x0}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x84, 0xec,
    0x0, 0x0, 0xe0, 0xf0, 0x2, 0x0, 0x5e, 0x47, 0x2, 0x0 <repeats 17 times>}, v16_int16 = {0x0, 0x0, 0xec84, 0x0, 0xf0e0, 0x2, 0x475e, 0x2, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xec84, 0x2f0e0, 0x2475e, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xec8400000000, 0x2475e0002f0e0, 0x0,
    0x0}, v2_int128 = {0x2475e0002f0e00000ec8400000000, 0x0}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm4           {v8_float = {0xc24b42, 0x88000000, 0x0, 0xfffff904, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x7fffffffffffffff, 0x8000000000000000, 0x0,
    0x0}, v32_int8 = {0x42, 0x4b, 0x42, 0x4b, 0x62, 0x68, 0x7e, 0x58, 0x46, 0xd7, 0xac, 0x9d, 0x9e, 0x97, 0xdf, 0xc4, 0x0 <repeats 16 times>},
  v16_int16 = {0x4b42, 0x4b42, 0x6862, 0x587e, 0xd746, 0x9dac, 0x979e, 0xc4df, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x4b424b42,
    0x587e6862, 0x9dacd746, 0xc4df979e, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x587e68624b424b42, 0xc4df979e9dacd746, 0x0, 0x0}, v2_int128 = {
    0xc4df979e9dacd746587e68624b424b42, 0x0}}
ymm5           {v8_float = {0xc24b42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x42, 0x4b,
    0x42, 0x4b, 0x21, 0x3b, 0xc3, 0x14, 0x54, 0x62, 0xba, 0x28, 0x7e, 0x58, 0x3d, 0xeb, 0x0 <repeats 16 times>}, v16_int16 = {0x4b42, 0x4b42, 0x3b21,
    0x14c3, 0x6254, 0x28ba, 0x587e, 0xeb3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x4b424b42, 0x14c33b21, 0x28ba6254, 0xeb3d587e, 0x0,
    0x0, 0x0, 0x0}, v4_int64 = {0x14c33b214b424b42, 0xeb3d587e28ba6254, 0x0, 0x0}, v2_int128 = {0xeb3d587e28ba625414c33b214b424b42, 0x0}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1,
    0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0 <repeats 17 times>}, v16_int16 = {0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v8_int32 = {0x10000, 0x10000, 0x10000, 0x10000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x1000000010000, 0x1000000010000, 0x0, 0x0},
  v2_int128 = {0x10000000100000001000000010000, 0x0}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0x84, 0x96, 0x0,
    0x0, 0xbc, 0x66, 0xff, 0xff, 0x1c, 0x16, 0x1, 0x0, 0xf8, 0x61, 0x1, 0x0 <repeats 17 times>}, v16_int16 = {0x9684, 0x0, 0x66bc, 0xffff, 0x161c,
    0x1, 0x61f8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x9684, 0xffff66bc, 0x1161c, 0x161f8, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xffff66bc00009684, 0x161f80001161c, 0x0, 0x0}, v2_int128 = {0x161f80001161cffff66bc00009684, 0x0}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x4, 0x0, 0xfd, 0xff, 0xfa, 0xff,
    0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xfd, 0xff, 0x0 <repeats 18 times>}, v16_int16 = {0x4, 0xfffd, 0xfffa, 0x0, 0x0, 0xffff, 0xfffd, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xfffd0004, 0xfffa, 0xffff0000, 0xfffd, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xfffafffd0004,
    0xfffdffff0000, 0x0, 0x0}, v2_int128 = {0xfffdffff00000000fffafffd0004, 0x0}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x51, 0x0, 0x9, 0x0, 0x9, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0 <repeats 19 times>}, v16_int16 = {0x51, 0x9, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v8_int32 = {0x90051, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x900090051, 0x200000000, 0x0, 0x0}, v2_int128 = {
    0x2000000000000000900090051, 0x0}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x5a, 0x4, 0x2, 0x0, 0x2, 0x0, 0x0,
    0x0, 0x5a, 0x3, 0x2, 0x0, 0x2, 0x0 <repeats 19 times>}, v16_int16 = {0x45a, 0x2, 0x2, 0x0, 0x35a, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0}, v8_int32 = {0x2045a, 0x2, 0x2035a, 0x2, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x20002045a, 0x20002035a, 0x0, 0x0}, v2_int128 = {
    0x20002035a000000020002045a, 0x0}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x5a, 0x0, 0x3, 0x0,
    0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfe, 0xff, 0x0, 0x0, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x5a, 0x3, 0x2, 0x0, 0x2, 0xfffe, 0x0,
    0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x3005a, 0x2, 0xfffe0002, 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x20003005a,
    0xffff0000fffe0002, 0x0, 0x0}, v2_int128 = {0xffff0000fffe0002000000020003005a, 0x0}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x56, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1,
    0x0, 0x55, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0 <repeats 17 times>}, v16_int16 = {0x156, 0x1, 0x2, 0x1, 0x155, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x10156, 0x10002, 0x10155, 0x10002, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x1000200010156, 0x1000200010155, 0x0, 0x0},
  v2_int128 = {0x10002000101550001000200010156, 0x0}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x57, 0x2, 0x1, 0x0, 0x2, 0x0, 0x1,
    0x0, 0x56, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0 <repeats 17 times>}, v16_int16 = {0x257, 0x1, 0x2, 0x1, 0x156, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x10257, 0x10002, 0x10156, 0x10002, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x1000200010257, 0x1000200010156, 0x0, 0x0},
  v2_int128 = {0x10002000101560001000200010257, 0x0}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x4d, 0x0, 0x6, 0x0, 0x8, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0 <repeats 19 times>}, v16_int16 = {0x4d, 0x6, 0x8, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v8_int32 = {0x6004d, 0x8, 0x20000, 0x3, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x80006004d, 0x300020000, 0x0, 0x0}, v2_int128 = {
    0x300020000000000080006004d, 0x0}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x4c, 0x0, 0x6, 0x0, 0x8, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0 <repeats 19 times>}, v16_int16 = {0x4c, 0x6, 0x8, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v8_int32 = {0x6004c, 0x8, 0x20000, 0x3, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x80006004c, 0x300020000, 0x0, 0x0}, v2_int128 = {
    0x300020000000000080006004c, 0x0}}

Environment

Note that we used address sanitizer.

ffmpeg version N-110167-g97c95961f0 Copyright (c) 2000-2023 the FFmpeg developers
  built with gcc 7 (Ubuntu 7.5.0-3ubuntu1~18.04)
  configuration: --prefix=/home/youngseok/subjects/latest_asan_install/ffmpeg --extra-cflags='-fsanitize=address -g -O0' --extra-cxxflags='-fsanitize=address -g -O0' --extra-ldflags='-fsanitize=address -g -O0' --disable-optimizations --disable-stripping

Attachments (1)

poc_file (111 bytes ) - added by Youngseok Choi 16 months ago.
poc_file used in command input

Download all attachments as: .zip

Change History (2)

by Youngseok Choi, 16 months ago

Attachment: poc_file added

poc_file used in command input

comment:1 by Youngseok Choi, 16 months ago

I think this can be a duplicate of https://trac.ffmpeg.org/ticket/10305.

Note: See TracTickets for help on using tickets.