Opened 12 years ago

Closed 12 years ago

#1359 closed defect (fixed)

cdgraphics: invalid write

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: cdg crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

ffmpeg crashes also with -vcodec xan_wc3/yop/iff_ilbm/motionpixels/jv/avui, hangs and eats all of the memory with -vcodec h264

http://www.datafilehost.com/download-c50dc2a3.html

(gdb) r -vcodec cdgraphics -i blox.avi -f null -
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: d:\mingw\msys\1.0\ffmpeg-head-307562b\ffmpeg_g.exe -vcodec cdg
raphics -i blox.avi -f null -
[New Thread 3008.0xb30]
ffmpeg version 0.10.2.git-307562b Copyright (c) 2000-2012 the FFmpeg developers
  built on May 21 2012 16:59:44 with gcc 4.6.1
  configuration: --disable-ffprobe --enable-gpl
  libavutil      51. 53.100 / 51. 53.100
  libavcodec     54. 21.101 / 54. 21.101
  libavformat    54.  5.101 / 54.  5.101
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 75.100 /  2. 75.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
Input #0, avi, from 'blox.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
    Stream #0:0: Video: cdgraphics (BLOX / 0x584F4C42), pal8, 300x216, 23.97 tbr
, 23.97 tbn, 23.97 tbc
[buffer @ 03bb19a0] w:300 h:216 pixfmt:pal8 tb:100/2397 sar:0/1 sws_param:flags=
2
[buffersink @ 03bb23c0] No opaque field provided
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.5.101
    Stream #0:0: Video: rawvideo, pal8, 300x216, q=2-31, 200 kb/s, 90k tbn, 23.9
7 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (cdgraphics -> rawvideo)
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x00623ef4 in cdg_decode_frame (avctx=0xe6cc99f3, data=0x6d4a1c73,
    data_size=0xb283639c, avpkt=0xd97a6c6c) at libavcodec/cdgraphics.c:352
352             *data_size = 0;
(gdb) bt
#0  0x00623ef4 in cdg_decode_frame (avctx=0xe6cc99f3, data=0x6d4a1c73,
    data_size=0xb283639c, avpkt=0xd97a6c6c) at libavcodec/cdgraphics.c:352
#1  0x7acc99f3 in ?? ()
#2  0xe6cc99f3 in ?? ()

#88 0xe738e67c in ?? ()
#89 0xe6cc9933 in ?? ()
#90 0xf936e738 in ?? ()
#91 0xe738becd in ?? ()
#92 0xe6cc9933 in ?? ()
#93 0x223ec438 in ?? ()
#94 0x7cfbf62f in SHGetIconOverlayIndexW ()
   from C:\WINDOWS\system32\shell32.dll
#95 0x3367ce71 in ?? ()

#464 0x1cdfe67c in ?? ()
#465 0xe6cc9973 in ?? ()
#466 0x99731c73 in ?? ()
#467 0x1c73e6cc in ?? ()
#468 0xe6cc9973 in ?? ()
#469 0x99731c73 in ?? ()
#470 0x1c73e6cc in ?? ()
#471 0xe6cc9973 in ?? ()
#472 0x99731c73 in ?? ()
#473 0x0024a9cc in ?? ()
Cannot access memory at address 0x2d22424d
(gdb)

Attachments (1)

blox.avi (1.2 MB ) - added by Carl Eugen Hoyos 12 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: undeterminedavcodec
Keywords: cdg added
Priority: normalimportant
Status: newopen
Version: unspecifiedgit-master
$ valgrind ./ffmpeg_g -vcodec cdgraphics -i blox.avi -f null -
==20150== Memcheck, a memory error detector.
==20150== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==20150== Using LibVEX rev 1732, a library for dynamic binary translation.
==20150== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==20150== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==20150== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==20150== For more details, rerun with: -v
==20150==
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg developers
  built on May 28 2012 14:04:27 with gcc 4.3.2
  configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
  libavutil      51. 55.100 / 51. 55.100
  libavcodec     54. 23.100 / 54. 23.100
  libavformat    54.  6.101 / 54.  6.101
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     2. 77.100 /  2. 77.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
Input #0, avi, from 'blox.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
    Stream #0:0: Video: cdgraphics (BLOX / 0x584F4C42), pal8, 300x216, 23.97 tbr, 23.97 tbn, 23.97 tbc
[buffer @ 0x46913e0] w:300 h:216 pixfmt:pal8 tb:100/2397 sar:0/1 sws_param:flags=2
[buffersink @ 0x4691940] No opaque field provided
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.6.101
    Stream #0:0: Video: rawvideo, pal8, 300x216, q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (cdgraphics -> rawvideo)
Press [q] to stop, [?] for help
==20150== Invalid write of size 4
==20150==    at 0x81EA4A2: cdg_decode_frame (cdgraphics.c:352)
==20150==  Address 0xB283639C is not stack'd, malloc'd or (recently) free'd
==20150==
==20150== Process terminating with default action of signal 11 (SIGSEGV)
==20150==  Access not within mapped region at address 0xB283639C
==20150==    at 0x81EA4A2: cdg_decode_frame (cdgraphics.c:352)

by Carl Eugen Hoyos, 12 years ago

Attachment: blox.avi added

comment:2 by Carl Eugen Hoyos, 12 years ago

Summary: some crasherscdgraphics: invalid write

comment:3 by Carl Eugen Hoyos, 12 years ago

Keywords: crash SIGSEGV added

comment:4 by Michael Niedermayer, 12 years ago

Reproduced by developer: set
Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.