Opened 5 years ago

Closed 5 years ago

#1888 closed defect (fixed)

asf: huge memory allocation after seeking

Reported by: ami_stuff Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: alloc
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

I can notice here a huge memory allocation after seeking, if reproducible maybe it's integer overflow?

http://samples.mplayerhq.hu/V-codecs/EM4A/XFMode.ASF

C:\>ffmpeg -ss 11 -i XFMode.ASF -an out.avi
ffmpeg version N-46283-g1475815 Copyright (c) 2000-2012 the FFmpeg developers
  built on Nov  2 2012 02:31:20 with gcc 4.5.0 (GCC) 20100414 (Fedora MinGW 4.5.
0-1.fc14)
  configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm -lpthread' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snap
shots/build/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/s
napshots/build/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3
--enable-nonfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-
libvorbis --enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-
libopencore-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
  libavutil      52.  1.100 / 52.  1.100
  libavcodec     54. 70.100 / 54. 70.100
  libavformat    54. 35.100 / 54. 35.100
  libavdevice    54.  3.100 / 54.  3.100
  libavfilter     3. 21.106 /  3. 21.106
  libswscale      2.  1.102 /  2.  1.102
  libswresample   0. 16.100 /  0. 16.100
  libpostproc    52.  1.100 / 52.  1.100
[asf @ 0x1edc360] ignoring invalid packet_obj_size (4068 3656 400 11759)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (573 2445 400 3018)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (2208 564 400 2772)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (712 2338 400 3050)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (1605 1354 400 2959)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (324 3274 400 3598)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (1495 1635 400 3130)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (3067 3656 400 16521)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (231 3394 400 3625)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (924 2793 400 3717)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (2024 1248 400 3272)
Guessed Channel Layout for  Input Stream #0.1 : mono
Input #0, asf, from 'XFMode.ASF':
  Metadata:
    title           :                                              (DV 0 0)

    comment         : DVD Recorder
  Duration: 00:00:12.43, start: 0.000000, bitrate: 1018 kb/s
    Stream #0:0: Video: mpeg4 (EM4A / 0x41344D45), yuv420p, 320x240, 100 tbr, 1k
 tbn, 1k tbc
    Stream #0:1: Audio: adpcm_g726 (E[0][0][0] / 0x0045), 8000 Hz, mono, s16, 32
 kb/s
Output #0, avi, to 'out.avi':
  Metadata:
    INAM            :                                              (DV 0 0)

    ICMT            : DVD Recorder
    ISFT            : Lavf54.35.100
    Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 320x240, q=2-31, 200
 kb/s, 100 tbn, 100 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> mpeg4)
Press [q] to stop, [?] for help
[asf @ 0x1edc360] packet fragment position invalid 2704,1315 not in 0
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] freeing incomplete packet size 0, new 400
[asf @ 0x1edc360] packet fragment position invalid 2741,3656 not in 400
[asf @ 0x1edc360] ff asf bad header 2c  at:1279859
[asf @ 0x1edc360] packet_replic_size 181 is invalid
[asf @ 0x1edc360] ff asf bad header 80  at:1284855
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] ff asf bad header 51  at:1290749
[asf @ 0x1edc360] invalid padsize 64268 at:1290752
[asf @ 0x1edc360] freeing incomplete packet size 400, new -634225517
[asf @ 0x1edc360] packet fragment position invalid 2781,876 not in 0
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] packet fragment position invalid 3180,838 not in 0
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] packet fragment position invalid 3218,657 not in 400
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] freeing incomplete packet size 400, new 822900288
[asf @ 0x1edc360] packet fragment position invalid 2982,794 not in 0
[asf @ 0x1edc360] packet_obj_size invalid
[asf @ 0x1edc360] ignoring invalid packet_obj_size (610 3446 4037 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (4056 591 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (4647 3048 4173 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (8820 2931 4384 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (13204 2603 4415 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (15807 1812 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (17619 1827 4398 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (22017 1485 4264 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (26281 1277 4006 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (27558 2729 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (30287 910 4139 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (34426 827 4033 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (38459 850 4077 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (39309 3227 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (42536 412 3993 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (46529 475 3359 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (49888 1172 3202 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (51060 2030 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (53090 1609 3246 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (56336 2419 3475 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (59811 3000 3741 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (62811 741 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (63552 2898 3500 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (67052 3454 3956 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (71008 3325 3325 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (74333 3337 3337 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (77670 294 3711 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (81381 639 3248 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (82020 2609 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (84629 1030 3878 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (88507 1208 3514 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (92021 1750 16062 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (93771 3656 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (108083 1552 2757 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (110840 2851 3815 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (114655 2860 2860 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (117515 2860 2860 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (120375 771 2829 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (123204 1998 3551 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (125202 1553 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (126755 2086 3219 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (129974 2923 3198 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (133172 3376 3376 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (136548 3648 3757 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (140305 3393 3393 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (143698 537 3214 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (144235 2677 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (146912 962 3311 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (150223 1707 3409 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (153632 2354 3388 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (155986 1034 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (157020 2605 3008 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (160028 3202 3202 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (163230 434 3437 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (163664 3003 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (166667 636 3210 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (169877 1482 3178 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (173055 2360 2921 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (175415 561 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (175976 2895 2895 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (178871 166 2797 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (181668 1425 2916 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (183093 1491 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (184584 2148 2917 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (187501 2862 2862 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (190363 408 3022 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (190771 2614 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (193385 1025 3051 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (196436 2030 3348 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (199784 2738 16557 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (202522 3656 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (216341 2045 2784 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (219125 3094 3094 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (222219 206 3280 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (222425 3074 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (225499 565 3520 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (229019 1101 3772 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (232791 1385 3679 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (234176 2294 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (236470 1345 3154 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (239624 2247 3406 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (243030 2897 3139 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (245927 242 400 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (246169 2976 2976 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (249145 404 3255 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (252400 1205 3009 433869906)
[asf @ 0x1edc360] ignoring invalid packet_obj_size (253605 1804 400 433869906)
frame=    0 fps=0.0 q=0.0 size=       6kB time=-577014:-32:-22.-77 bitrate=  -0.
frame=    0 fps=0.0 q=0.0 Lsize=       6kB time=00:00:00.00 bitrate=   0.0kbits/
s
video:0kB audio:0kB subtitle:0 global headers:0kB muxing overhead inf%
Output file is empty, nothing was encoded (check -ss / -t / -frames parameters i
f used)

Change History (3)

comment:1 Changed 5 years ago by cehoyos

  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master
$ valgrind ./ffmpeg_g -ss 11 -i XFMode.ASF -f null -
==18121== Memcheck, a memory error detector
==18121== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==18121== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==18121== Command: ./ffmpeg_g -ss 11 -i XFMode.ASF -f null -
==18121==
ffmpeg version N-46455-ge859339 Copyright (c) 2000-2012 the FFmpeg developers
  built on Nov  5 2012 22:54:17 with gcc 4.7 (SUSE Linux)
  configuration: --disable-indev=jack
  libavutil      52.  4.100 / 52.  4.100
  libavcodec     54. 71.100 / 54. 71.100
  libavformat    54. 36.100 / 54. 36.100
  libavdevice    54.  3.100 / 54.  3.100
  libavfilter     3. 21.106 /  3. 21.106
  libswscale      2.  1.102 /  2.  1.102
  libswresample   0. 16.100 /  0. 16.100
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (4068 3656 400 11759)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (573 2445 400 3018)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (2208 564 400 2772)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (712 2338 400 3050)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (1605 1354 400 2959)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (324 3274 400 3598)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (1495 1635 400 3130)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (3067 3656 400 16521)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (231 3394 400 3625)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (924 2793 400 3717)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (2024 1248 400 3272)
Input #0, asf, from 'XFMode.ASF':
  Metadata:
    title           :                                              (DV 0 0)
    comment         : DVD Recorder
  Duration: 00:00:12.43, start: 0.000000, bitrate: 1018 kb/s
    Stream #0:0: Video: mpeg4 (EM4A / 0x41344D45), yuv420p, 320x240, 100 tbr, 1k tbn, 1k tbc
    Stream #0:1: Audio: adpcm_g726 (E[0][0][0] / 0x0045), 8000 Hz, mono, s16, 32 kb/s
Output #0, null, to 'pipe:':
  Metadata:
    title           :                                              (DV 0 0)
    comment         : DVD Recorder
    encoder         : Lavf54.36.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 90k tbn, 100 tbc
    Stream #0:1: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
  Stream #0:1 -> #0:1 (g726 -> pcm_s16le)
Press [q] to stop, [?] for help
[asf @ 0x66b2c80] packet fragment position invalid 2704,1315 not in 0
[asf @ 0x66b2c80] packet_obj_size invalid
[asf @ 0x66b2c80] freeing incomplete packet size 0, new 400
[asf @ 0x66b2c80] packet fragment position invalid 2741,3656 not in 400
[asf @ 0x66b2c80] ff asf bad header 2c  at:1279859
[asf @ 0x66b2c80] packet_replic_size 181 is invalid
[asf @ 0x66b2c80] ff asf bad header 80  at:1284855
[asf @ 0x66b2c80] packet_obj_size invalid
[asf @ 0x66b2c80] ff asf bad header 51  at:1290749
[asf @ 0x66b2c80] invalid padsize 64268 at:1290752
[asf @ 0x66b2c80] freeing incomplete packet size 400, new -634225517
[asf @ 0x66b2c80] packet fragment position invalid 2781,876 not in 0
[asf @ 0x66b2c80] packet_obj_size invalid
==18121== Warning: set address range perms: large range [0x3943e080, 0xb834df50) (undefined)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (838 3218 3875 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (4056 657 400 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (4713 2982 3776 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (8489 3262 3872 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (12361 3446 4037 2129723072)

...

[asf @ 0x66b2c80] ignoring invalid packet_obj_size (257678 242 400 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (257920 2976 2976 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (260896 404 3255 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (264151 1205 3009 2129723072)
[asf @ 0x66b2c80] ignoring invalid packet_obj_size (265356 1804 400 2129723072)
frame=    0 fps=0.0 q=0.0 Lsize=       0kB time=00:00:01.50 bitrate=   0.0kbits/s    ^M
video:0kB audio:39kB subtitle:0 global headers:0kB muxing overhead -100.000000%
==18121== Warning: set address range perms: large range [0x3943e070, 0xb834df60) (noaccess)
==18121==
==18121== HEAP SUMMARY:
==18121==     in use at exit: 0 bytes in 0 blocks
==18121==   total heap usage: 2,157 allocs, 2,157 frees, 2,131,607,624 bytes allocated
==18121==
==18121== All heap blocks were freed -- no leaks are possible
==18121==
==18121== For counts of detected and suppressed errors, rerun with: -v
==18121== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

comment:2 Changed 5 years ago by richardpl

  • Component changed from undetermined to avformat

comment:3 Changed 5 years ago by cehoyos

  • Keywords alloc added
  • Resolution set to fixed
  • Status changed from open to closed

The huge memory allocation (~2G) should be fixed, thank you for the report!

Note: See TracTickets for help on using tickets.