#1063 closed defect (fixed)
invalid reads with very high resolution video
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://ffmpeg.org/trac/ffmpeg/attachment/ticket/1059/599.png
$ ffmpeg -i 599.png -s 4000x4000 -vcodec h263p out.avi
(gdb) r -i out.avi out2.avi
Starting program: d:\mingw\msys\1.0\ffmpeg\ffmpeg_g.exe -i out.avi out2.avi
[New Thread 2888.0x80c]
ffmpeg version 0.9.1.git Copyright (c) 2000-2012 the FFmpeg developers
built on Mar 10 2012 16:15:15 with gcc 4.6.1
configuration: --disable-yasm --disable-ffprobe
libavutil 51. 42.100 / 51. 42.100
libavcodec 54. 10.100 / 54. 10.100
libavformat 54. 2.100 / 54. 2.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 63.100 / 2. 63.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 7.100 / 0. 7.100
Input #0, avi, from 'out.avi':
Metadata:
encoder : Lavf54.2.100
Duration: 00:00:00.04, start: 0.000000, bitrate: 83956 kb/s
Stream #0:0: Video: h263 (H263 / 0x33363248), yuv420p, 4000x4000, 25 tbr, 25
tbn, 25 tbc
[buffer @ 03871c60] w:4000 h:4000 pixfmt:yuv420p tb:1/1000000 sar:0/1 sws_param:
Output #0, avi, to 'out2.avi':
Metadata:
ISFT : Lavf54.2.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 4000x4000, q=2-31, 2
00 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (h263 -> mpeg4)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x00739e7a in load_input_picture (pic_arg=0x22d9d8, s=0x3e363a0)
at libavcodec/mpegvideo_enc.c:1036
1036 memcpy(dst, src, w);
(gdb) bt
#0 0x00739e7a in load_input_picture (pic_arg=0x22d9d8, s=0x3e363a0)
at libavcodec/mpegvideo_enc.c:1036
#1 ff_MPV_encode_picture (avctx=0x386f8e0, pkt=0x22db40, pic_arg=0x22d9d8,
got_packet=0x22dc0c) at libavcodec/mpegvideo_enc.c:1429
#2 0x004f945d in avcodec_encode_video2 (avctx=0x386f8e0, avpkt=0x22db40,
frame=0x22d9d8, got_packet_ptr=0x22dc0c) at libavcodec/utils.c:1219
#3 0x00405de0 in do_video_out (s=0x3863320, ost=0x386fcc0,
in_picture=0x3873120, ist=<optimized out>) at ffmpeg.c:1619
#4 0x00407d6c in transcode_video (pkt_pts=<optimized out>,
got_output=<optimized out>, pkt=<optimized out>, ist=<optimized out>)
at ffmpeg.c:2178
#5 output_packet (ist=0x3871f40, ost_table=0x386fcc0, nb_ostreams=1,
pkt=0x22fb28) at ffmpeg.c:2270
#6 0x0040bf3b in transcode (output_files=0x3871940, nb_output_files=1,
input_files=0x38712e0, nb_input_files=1) at ffmpeg.c:3082
#7 0x0022ff48 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further
Attachments (1)
Change History (9)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
still crashes for me
C:\>ffmpeg -i out.avi out2.avi
ffmpeg version N-38862-g967bdb8 Copyright (c) 2000-2012 the FFmpeg developers
built on Mar 18 2012 02:23:57 with gcc 4.5.0 20100414 (Fedora MinGW 4.5.0-1.fc
14)
configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapshots/buil
d/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/snapshots/b
uild/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 --enable-n
onfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-libvorbis
--enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-libopencor
e-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
libavutil 51. 42.100 / 51. 42.100
libavcodec 54. 10.100 / 54. 10.100
libavformat 54. 2.100 / 54. 2.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 65.100 / 2. 65.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 7.100 / 0. 7.100
libpostproc 52. 0.100 / 52. 0.100
Input #0, avi, from 'out.avi':
Metadata:
encoder : Lavf54.2.100
Duration: 00:00:00.04, start: 0.000000, bitrate: 83956 kb/s
Stream #0:0: Video: h263 (H263 / 0x33363248), yuv420p, 4000x4000, 25 tbr, 25
tbn, 25 tbc
w:4000 h:4000 pixfmt:yuv420p tb:1/1000000 sar:0/1 sws_param:
Output #0, avi, to 'out2.avi':
Metadata:
ISFT : Lavf54.2.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 4000x4000, q=2-31, 2
00 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (h263 -> mpeg4)
Press [q] to stop, [?] for help
C:\>
by , 13 years ago
comment:4 by , 13 years ago
| Reproduced by developer: | set |
|---|---|
| Status: | new → open |
| Summary: | h263p: crash with high resolution video → invalid reads with very high resolution video |
| Version: | unspecified → git-master |
$ valgrind ffmpeg_g -i out.avi out2.avi
ffmpeg version N-38873-gd19d52d Copyright (c) 2000-2012 the FFmpeg developers
built on Mar 18 2012 21:52:27 with gcc 4.3.2
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libspeex
libavutil 51. 42.100 / 51. 42.100
libavcodec 54. 10.100 / 54. 10.100
libavformat 54. 2.100 / 54. 2.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 65.101 / 2. 65.101
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 7.100 / 0. 7.100
libpostproc 52. 0.100 / 52. 0.100
Input #0, avi, from 'out.avi':
Metadata:
encoder : Lavf54.2.100
Duration: 00:00:00.04, start: 0.000000, bitrate: 83956 kb/s
Stream #0:0: Video: h263 (H263 / 0x33363248), yuv420p, 4000x4000, 25 tbr, 25 tbn, 25 tbc
[buffer @ 0x44bef40] w:4000 h:4000 pixfmt:yuv420p tb:1/1000000 sar:0/1 sws_param:
Output #0, avi, to 'out2.avi':
Metadata:
ISFT : Lavf54.2.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 4000x4000, q=2-31, 200 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (h263 -> mpeg4)
Press [q] to stop, [?] for help
==16526== Invalid read of size 1
==16526== at 0x40245A1: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x849E214: ff_MPV_encode_picture (mpegvideo_enc.c:1036)
==16526== Address 0x6462CBF is 1 bytes before a block of size 239,136 alloc'd
==16526== at 0x4021A50: memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x4021AAA: posix_memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x87BDC7F: av_mallocz (mem.c:94)
==16526==
==16526== Invalid read of size 1
==16526== at 0x40245A9: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x849E214: ff_MPV_encode_picture (mpegvideo_enc.c:1036)
==16526== Address 0x6462CBE is 2 bytes before a block of size 239,136 alloc'd
==16526== at 0x4021A50: memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x4021AAA: posix_memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x87BDC7F: av_mallocz (mem.c:94)
==16526==
==16526== Invalid read of size 1
==16526== at 0x40245B0: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x849E214: ff_MPV_encode_picture (mpegvideo_enc.c:1036)
==16526== Address 0x6462CBD is 3 bytes before a block of size 239,136 alloc'd
==16526== at 0x4021A50: memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x4021AAA: posix_memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x87BDC7F: av_mallocz (mem.c:94)
==16526==
==16526== Invalid read of size 1
==16526== at 0x40245B7: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x849E214: ff_MPV_encode_picture (mpegvideo_enc.c:1036)
==16526== Address 0x6462CBC is 4 bytes before a block of size 239,136 alloc'd
==16526== at 0x4021A50: memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x4021AAA: posix_memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==16526== by 0x87BDC7F: av_mallocz (mem.c:94)
==16526== Warning: set address range perms: large range 193760016 (undefined)
...
==16526==
==16526== ERROR SUMMARY: 1058532 errors from 136 contexts (suppressed: 3 from 1)
==16526== malloc/free: in use at exit: 0 bytes in 0 blocks.
==16526== malloc/free: 253 allocs, 253 frees, 267,903,354 bytes allocated.
==16526== For counts of detected errors, rerun with: -v
==16526== All heap blocks were freed -- no leaks are possible.
comment:5 by , 13 years ago
ffmpeg doesn't crash here anymore, but ffplay still does.
maybe the problem is related to these mpeg errors?:
C:\>ffmpeg -i 599.png -s 4000x4000 -vcodec mpeg1video out.mpg
ffmpeg version N-40584-g0159032 Copyright (c) 2000-2012 the FFmpeg developers
built on May 11 2012 02:38:34 with gcc 4.5.0 20100414 (Fedora MinGW 4.5.0-1.fc
14)
configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapshots/buil
d/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/snapshots/b
uild/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 --enable-n
onfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-libvorbis
--enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-libopencor
e-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
libavutil 51. 50.100 / 51. 50.100
libavcodec 54. 21.101 / 54. 21.101
libavformat 54. 4.100 / 54. 4.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 72.105 / 2. 72.105
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 11.100 / 0. 11.100
libpostproc 52. 0.100 / 52. 0.100
Input #0, image2, from '599.png':
Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
Stream #0:0: Video: png, rgb24, 599x412, 25 tbr, 25 tbn, 25 tbc
w:599 h:412 pixfmt:rgb24 tb:1/1000000 sar:0/1 sws_param:flags=2
[buffersink @ 0x1dd23c0] No opaque field provided
[scale @ 0x1dd2580] w:599 h:412 fmt:rgb24 sar:0/1 -> w:4000 h:4000 fmt:yuv420p s
ar:0/1 flags:0x4
[mpeg @ 0x1dcb020] VBV buffer size not set, muxing may fail
Output #0, mpeg, to 'out.mpg':
Metadata:
encoder : Lavf54.4.100
Stream #0:0: Video: mpeg1video, yuv420p, 4000x4000, q=2-31, 200 kb/s, 90k tb
n, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (png -> mpeg1video)
Press [q] to stop, [?] for help
frame= 1 fps=0.1 q=3.7 Lsize= 230kB time=00:00:00.04 bitrate=47104.0kbits
/s
video:229kB audio:0kB global headers:0kB muxing overhead 0.472672%
C:\>ffmpeg -i out.mpg out.avi
ffmpeg version N-40584-g0159032 Copyright (c) 2000-2012 the FFmpeg developers
built on May 11 2012 02:38:34 with gcc 4.5.0 20100414 (Fedora MinGW 4.5.0-1.fc
14)
configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapshots/buil
d/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/snapshots/b
uild/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 --enable-n
onfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-libvorbis
--enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-libopencor
e-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
libavutil 51. 50.100 / 51. 50.100
libavcodec 54. 21.101 / 54. 21.101
libavformat 54. 4.100 / 54. 4.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 72.105 / 2. 72.105
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 11.100 / 0. 11.100
libpostproc 52. 0.100 / 52. 0.100
[mpeg @ 0x1dcc5a0] Format mpeg detected only with low score of 25, misdetection
possible!
[mpeg1video @ 0x1dc2320] qscale == 0
[mpeg1video @ 0x1dc2320] Warning MVs not available
[mpeg1video @ 0x1dc2320] concealing 62500 DC, 62500 AC, 62500 MV errors
Input #0, mpeg, from 'out.mpg':
Duration: N/A, start: 1.000000, bitrate: N/A
Stream #0:0[0x1e0]: Video: mpeg1video, yuv420p, 4000x4000 [SAR 1:1 DAR 1:1],
104857 kb/s, 25 tbr, 90k tbn, 25 tbc
w:4000 h:4000 pixfmt:yuv420p tb:1/1000000 sar:1/1 sws_param:flags=2
[buffersink @ 0x1dd4e40] No opaque field provided
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf54.4.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 4000x4000 [SAR 1:1 D
AR 1:1], q=2-31, 200 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (mpeg1video -> mpeg4)
Press [q] to stop, [?] for help
[mpeg1video @ 0x1dc2320] qscale == 0
[mpeg1video @ 0x1dc2320] Warning MVs not available
[mpeg1video @ 0x1dc2320] concealing 62500 DC, 62500 AC, 62500 MV errors
frame= 1 fps=0.1 q=3.7 Lsize= 174kB time=00:00:00.04 bitrate=35543.6kbits
/s
video:168kB audio:0kB global headers:0kB muxing overhead 3.362879%
C:\>ffmpeg -i 599.png -s 4000x4000 -vcodec mpeg2video out.mpg
ffmpeg version N-40584-g0159032 Copyright (c) 2000-2012 the FFmpeg developers
built on May 11 2012 02:38:34 with gcc 4.5.0 20100414 (Fedora MinGW 4.5.0-1.fc
14)
configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapshots/buil
d/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/snapshots/b
uild/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 --enable-n
onfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-libvorbis
--enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-libopencor
e-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
libavutil 51. 50.100 / 51. 50.100
libavcodec 54. 21.101 / 54. 21.101
libavformat 54. 4.100 / 54. 4.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 72.105 / 2. 72.105
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 11.100 / 0. 11.100
libpostproc 52. 0.100 / 52. 0.100
Input #0, image2, from '599.png':
Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
Stream #0:0: Video: png, rgb24, 599x412, 25 tbr, 25 tbn, 25 tbc
w:599 h:412 pixfmt:rgb24 tb:1/1000000 sar:0/1 sws_param:flags=2
[buffersink @ 0x1dd23c0] No opaque field provided
[scale @ 0x1dd2580] w:599 h:412 fmt:rgb24 sar:0/1 -> w:4000 h:4000 fmt:yuv420p s
ar:0/1 flags:0x4
[mpeg @ 0x1dcb020] VBV buffer size not set, muxing may fail
Output #0, mpeg, to 'out.mpg':
Metadata:
encoder : Lavf54.4.100
Stream #0:0: Video: mpeg2video, yuv420p, 4000x4000, q=2-31, 200 kb/s, 90k tb
n, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (png -> mpeg2video)
Press [q] to stop, [?] for help
[mpeg @ 0x1dcb020] buffer underflow i=0 bufi=234684 size=236797
[mpeg @ 0x1dcb020] packet too large, ignoring buffer limits to mux it
[mpeg @ 0x1dcb020] buffer underflow i=0 bufi=234684 size=236797
[mpeg @ 0x1dcb020] buffer underflow i=0 bufi=236713 size=236797
packet too large, ignoring buffer limits to mux it
[mpeg @ 0x1dcb020] buffer underflow i=0 bufi=236713 size=236797
frame= 1 fps=0.2 q=3.7 Lsize= 234kB time=00:00:00.04 bitrate=47923.2kbits
/s
video:231kB audio:0kB global headers:0kB muxing overhead 1.190471%
comment:6 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
follow-up: 8 comment:7 by , 13 years ago
Thanks, but it looks like a check that the resoultion is multiply of 4 should be added as well.
In addition to the multiples of CIF, H.263+ permits
any frame size from 4x4 to 2048x1152 pixels in
increments of 4.
ffmpeg -i 599.png -s 162x160 -vcodec h263p out.avi
ffmpeg -i out.avi out.bmp
mpeg1 should probably support resolutions up to 4095x4095
http://stason.org/TULARC/software/mpeg-mp3/64-MPEG-Myths.html
comment:8 by , 13 years ago
Replying to ami_stuff:
Thanks, but it looks like a check that the resoultion is multiply of 4 should be added as well.
added, thanks
In addition to the multiples of CIF, H.263+ permits
any frame size from 4x4 to 2048x1152 pixels in
increments of 4.
ffmpeg -i 599.png -s 162x160 -vcodec h263p out.avi
ffmpeg -i out.avi out.bmp
mpeg1 should probably support resolutions up to 4095x4095
yes, will be fixed in my next push together with mpeg2
thanks
Note:
See TracTickets
for help on using tickets.
cant reproduce, have you tried latest git ?