Opened 12 years ago

Closed 12 years ago

#1498 closed defect (fixed)

h264 crash 2

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: h264
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/download-6f8f3112.html

(gdb) r -vcodec h264 -i 1.mpg -an -f null -
Starting program: d:\mingw\msys\1.0\ffmpeg\ffmpeg_g.exe -vcodec h264 -i 1.mpg -a
n -f null -
[New Thread 1572.0x8c]
ffmpeg version 0.10.2.git Copyright (c) 2000-2012 the FFmpeg developers
  built on Jun 28 2012 19:36:59 with gcc 4.6.1
  configuration: --disable-ffprobe --disable-ffplay --disable-asm
  libavutil      51. 63.100 / 51. 63.100
  libavcodec     54. 29.101 / 54. 29.101
  libavformat    54. 11.100 / 54. 11.100
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     3.  0.100 /  3.  0.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
[mpeg @ 03992338] max_analyze_duration 5000000 reached at 5000000
Input #0, mpeg, from '1.mpg':
  Duration: 00:02:15.29, start: 0.642422, bitrate: 601 kb/s
    Stream #0:0[0x1e0]: Video: h264, yuv420p, 352x240 [SAR 200:219 DAR 880:657],
 480 kb/s, 24 fps, 24 tbr, 90k tbn, 24 tbc
    Stream #0:1[0x1c0]: Audio: mp2, 44100 Hz, stereo, s16, 96 kb/s
[graph 0 input from stream 0:0 @ 039bfd70] w:352 h:240 pixfmt:yuv420p tb:1/90000
 fr:24/1 sar:200/219 sws_param:flags=2
[output stream 0:0 @ 039bf1b0] No opaque field provided
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.11.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 352x240 [SAR 200:
219 DAR 880:657], q=2-31, 200 kb/s, 90k tbn, 24 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (h264 -> rawvideo)
Press [q] to stop, [?] for help
[h264 @ 03ef5b50] non-existing PPS referenced
[h264 @ 03ef5b50] non-existing PPS 0 referenced
[h264 @ 03ef5b50] decode_slice_header error
[h264 @ 03ef5b50] no frame!
Error while decoding stream #0:0: Error number -1 occurred
[cut]
[h264 @ 03ef5b50] FMO not supported
[h264 @ 03ef5b50] reference overflow (pps)
[h264 @ 03ef5b50] Missing reference picture
    Last message repeated 2 times
[h264 @ 03ef5b50] concealing 726 DC, 726 AC, 726 MV errors

Program received signal SIGSEGV, Segmentation fault.
0x008c0a82 in guess_mv (s=0x40046e0) at libavcodec/error_resilience.c:441
441                 s->current_picture.f.motion_val[0][mot_index][0]= s->last_pi
cture.f.motion_val[0][mot_index][0];
(gdb) bt
#0  0x008c0a82 in guess_mv (s=0x40046e0) at libavcodec/error_resilience.c:441
#1  ff_er_frame_end (s=0x40046e0) at libavcodec/error_resilience.c:1200
#2  0x006f0134 in field_end (h=0x40046e0, in_setup=<optimized out>)
    at libavcodec/h264.c:2787
#3  0x007a1d66 in decode_frame (avctx=0x3ef5b50, data=0x39a1df0,
    data_size=0x22eedc, avpkt=0x22ebd8) at libavcodec/h264.c:4602
#4  0x00513a6b in avcodec_decode_video2 (avctx=0x3ef5b50, picture=0x39a1df0,
    got_picture_ptr=0x22eedc, avpkt=0x22ee10) at libavcodec/utils.c:1485
#5  0x00407bc4 in decode_video (got_output=<optimized out>,
    pkt=<optimized out>, ist=<optimized out>) at ffmpeg.c:2456
#6  output_packet (ist=0x39bf440, pkt=0x22fbd0) at ffmpeg.c:2630
#7  0x0040d44b in transcode () at ffmpeg.c:3647
#8  0x00a3b587 in main (argc=9, argv=0x39a0dc0) at ffmpeg.c:5934
(gdb)

Attachments (1)

valgrind.log (2.1 MB ) - added by Carl Eugen Hoyos 12 years ago.

Change History (5)

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: undeterminedavcodec
Keywords: h264 added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

Shows invalid reads with valgrind.

comment:2 by Michael Niedermayer, 12 years ago

cant reproduce on linux 64/32 bit

by Carl Eugen Hoyos, 12 years ago

Attachment: valgrind.log added

comment:3 by Carl Eugen Hoyos, 12 years ago

I attached the 32bit valgrind output, the sample cannot be cut significantly.

==12409== Invalid read of size 2
==12409==    at 0x871DE6E: ff_er_frame_end (error_resilience.c:441)
==12409==  Address 0x7CF8330 is 16 bytes inside a block of size 6,400 free'd
==12409==    at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==12409==    by 0x8812DE1: av_freep (mem.c:180)
==12409==
==12409== Invalid read of size 2
==12409==    at 0x871DE7D: ff_er_frame_end (error_resilience.c:442)
==12409==  Address 0x7CF8332 is 18 bytes inside a block of size 6,400 free'd
==12409==    at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==12409==    by 0x8812DE1: av_freep (mem.c:180)
==12409==
==12409== Invalid read of size 1
==12409==    at 0x871DE9A: ff_er_frame_end (error_resilience.c:443)
==12409==  Address 0x4A04140 is 0 bytes inside a block of size 420 free'd
==12409==    at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==12409==    by 0x8812DE1: av_freep (mem.c:180)
==12409==
==12409== Invalid read of size 8
==12409==    at 0x8697C4A: ??? (h264_chromamc.asm:441)
==12409==  Address 0x5736CE0 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x8697C35: ??? (h264_chromamc.asm:441)
==12409==  Address 0x5736D20 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x8697C38: ??? (h264_chromamc.asm:441)
==12409==  Address 0x5736D60 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x8697C47: ??? (h264_chromamc.asm:441)
==12409==  Address 0x5736DA0 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x86745BC: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:464)
==12409==  Address 0x5736CC0 is 0 bytes after a block of size 86,944 alloc'd
==12409==    at 0x4021A50: memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==12409==    by 0x4021AAA: posix_memalign (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==12409==    by 0x8812FAF: av_malloc (mem.c:95)
==12409==
==12409== Invalid read of size 8
==12409==    at 0x86745AE: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:464)
==12409==  Address 0x5736D40 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x86745B2: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:464)
==12409==  Address 0x5736DC0 is not stack'd, malloc'd or (recently) free'd
==12409==
==12409== Invalid read of size 8
==12409==    at 0x86745B7: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:464)
==12409==  Address 0x5736E40 is not stack'd, malloc'd or (recently) free'd

comment:4 by Michael Niedermayer, 12 years ago

Resolution: fixed
Status: openclosed

fixed locally

Note: See TracTickets for help on using tickets.