Opened 3 years ago

Closed 3 years ago

#2903 closed defect (fixed)

png: invalid write

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: png regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description (last modified by richardpl)

http://www.datafilehost.com/d/6985a553

knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null -
==29921== Memcheck, a memory error detector
==29921== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==29921== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==29921== Command: ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null -
==29921== 
ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from './png_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x4346de0] inflate returned error -3
[png @ 0x4347f00] chunk too big
[png @ 0x434a120] inflate returned error -3
[null @ 0x42747e0] Encoder did not produce proper pts, making some up.
[png @ 0x4349000] inflate returned error -3
[png @ 0x4346480] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4346de0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4347f00] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x434a120] chunk too big
[png @ 0x4349000] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 1 times
[png @ 0x4346480] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4346de0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==29921== Thread 7:peated 3 times
==29921== Invalid write of size 4
==29921==    at 0x402ABFD: memset (mc_replace_strmem.c:966)
==29921==    by 0x85BF16A: decode_frame (pngdec.c:672)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921==  Address 0x4436c54 is 564 bytes inside a block of size 567 alloc'd
==29921==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==29921==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==29921==    by 0x886D047: av_malloc (mem.c:93)
==29921==    by 0x85C0014: decode_frame (pngdec.c:677)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921== 
==29921== Invalid read of size 1
==29921==    at 0x85C064C: ff_add_png_paeth_prediction (pngdec.c:170)
==29921==    by 0x85BE25A: png_filter_row (pngdec.c:260)
==29921==    by 0x85BF905: decode_frame (pngdec.c:297)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921==  Address 0x4436c57 is 0 bytes after a block of size 567 alloc'd
==29921==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==29921==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==29921==    by 0x886D047: av_malloc (mem.c:93)
==29921==    by 0x85C0014: decode_frame (pngdec.c:677)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921== 
==29921== Invalid read of size 1
==29921==    at 0x85C0660: ff_add_png_paeth_prediction (pngdec.c:171)
==29921==    by 0x85BE25A: png_filter_row (pngdec.c:260)
==29921==    by 0x85BF905: decode_frame (pngdec.c:297)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921==  Address 0x4436c57 is 0 bytes after a block of size 567 alloc'd
==29921==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==29921==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==29921==    by 0x886D047: av_malloc (mem.c:93)
==29921==    by 0x85C0014: decode_frame (pngdec.c:677)
==29921==    by 0x85CC6DD: frame_worker_thread (pthread.c:339)
==29921==    by 0x407B953: start_thread (pthread_create.c:304)
==29921==    by 0x416395D: clone (clone.S:130)
==29921== 
    Last message repeated 3 times
frame=   34 fps=0.0 q=0.0 size=N/A time=00:00:01.41 bitrate=N/A dup=11 drop=0   frame=   66 fps= 65 q=0.0 size=N/A time=00:00:02.75 bitrate=N/A dup=11 drop=0   frame=   97 fps= 64 q=0.0 size=N/A time=00:00:04.04 bitrate=N/A dup=11 drop=0   frame=  128 fps= 63 q=0.0 size=N/A time=00:00:05.33 bitrate=N/A dup=11 drop=0   frame=  143 fps= 63 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0    
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385%
==29921== 
==29921== HEAP SUMMARY:
==29921==     in use at exit: 0 bytes in 0 blocks
==29921==   total heap usage: 5,828 allocs, 5,828 frees, 13,536,240 bytes allocated
==29921== 
==29921== All heap blocks were freed -- no leaks are possible
==29921== 
==29921== For counts of detected and suppressed errors, rerun with: -v
==29921== ERROR SUMMARY: 11076 errors from 3 contexts (suppressed: 59 from 6
(gdb) r -i ./png_fuzz.mov -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from './png_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple
[New Thread 0xb7df8b70 (LWP 29911)]
[New Thread 0xb75f8b70 (LWP 29912)]
[New Thread 0xb6df8b70 (LWP 29913)]
[New Thread 0xb65f8b70 (LWP 29914)]
[New Thread 0xb5df8b70 (LWP 29915)]
[New Thread 0xb55f8b70 (LWP 29916)]
[New Thread 0xb4df8b70 (LWP 29917)]
[New Thread 0xb45f8b70 (LWP 29918)]
[New Thread 0xb3df8b70 (LWP 29919)]
[New Thread 0xb35f8b70 (LWP 29920)]
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x910cac0] inflate returned error -3
[png @ 0x910da20] chunk too big
[null @ 0x9108520] Encoder did not produce proper pts, making some up.
[png @ 0x90f46c0] inflate returned error -3
[png @ 0x90f5600] inflate returned error -3
[png @ 0x910ad40] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x910cac0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x910da20] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x90f46c0] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x90f5600] chunk too big
[png @ 0x910ad40] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x910cac0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
*** glibc detected *** /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g: free(): invalid pointer: 0x09148650 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x70a8a)[0xb7ea4a8a]
/lib/i386-linux-gnu/libc.so.6(+0x722e8)[0xb7ea62e8]
/lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xb7ea93ed]
/media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g[0x885fb43]
======= Memory map: ========
08048000-08ae4000 r-xp 00000000 08:11 7358       /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g
08ae4000-08b03000 rw-p 00a9b000 08:11 7358       /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g
08b03000-0926b000 rw-p 00000000 00:00 0          [heap]
41602000-41619000 r-xp 00000000 08:02 10056      /lib/i386-linux-gnu/libz.so.1.2.7
41619000-4161a000 r--p 00016000 08:02 10056      /lib/i386-linux-gnu/libz.so.1.2.7
4161a000-4161b000 rw-p 00017000 08:02 10056      /lib/i386-linux-gnu/libz.so.1.2.7
41628000-41659000 r-xp 00000000 08:02 10014      /lib/i386-linux-gnu/libncursesw.so.5.9
41659000-4165a000 r--p 00030000 08:02 10014      /lib/i386-linux-gnu/libncursesw.so.5.9
4165a000-4165b000 rw-p 00031000 08:02 10014      /lib/i386-linux-gnu/libncursesw.so.5.9
41673000-41676000 r-xp 00000000 08:02 24959      /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
41676000-41677000 r--p 00002000 08:02 24959      /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
41677000-41678000 rw-p 00003000 08:02 24959      /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
4178e000-418c2000 r-xp 00000000 08:02 24566      /usr/lib/i386-linux-gnu/libX11.so.6.3.0
418c2000-418c6000 rw-p 00133000 08:02 24566      /usr/lib/i386-linux-gnu/libX11.so.6.3.0
418c8000-418e9000 r-xp 00000000 08:02 25047      /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
418e9000-418ea000 r--p 00020000 08:02 25047      /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
418ea000-418eb000 rw-p 00021000 08:02 25047      /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
418ed000-418ef000 r-xp 00000000 08:02 24568      /usr/lib/i386-linux-gnu/libXau.so.6.0.0
418ef000-418f0000 rw-p 00001000 08:02 24568      /usr/lib/i386-linux-gnu/libXau.so.6.0.0
418f2000-418f7000 r-xp 00000000 08:02 24574      /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
418f7000-418f8000 rw-p 00004000 08:02 24574      /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
41913000-41924000 r-xp 00000000 08:02 24575      /usr/lib/i386-linux-gnu/libXext.so.6.4.0
41924000-41925000 rw-p 00010000 08:02 24575      /usr/lib/i386-linux-gnu/libXext.so.6.4.0
41cd1000-41cd3000 r-xp 00000000 08:02 25013      /usr/lib/i386-linux-gnu/libts-0.0.so.0.1.1
41cd3000-41cd4000 rw-p 00001000 08:02 25013      /usr/lib/i386-linux-gnu/libts-0.0.so.0.1.1
41cd6000-41ce4000 r-xp 00000000 08:02 24578      /usr/lib/i386-linux-gnu/libXi.so.6.1.0
41ce4000-41ce5000 rw-p 0000e000 08:02 24578      /usr/lib/i386-linux-gnu/libXi.so.6.1.0
41f58000-41f6e000 r-xp 00000000 08:02 24654      /usr/lib/i386-linux-gnu/libdirect-1.2.so.9.0.1
41f6e000-41f6f000 rw-p 00016000 08:02 24654      /usr/lib/i386-linux-gnu/libdirect-1.2.so.9.0.1
41f94000-41f98000 r-xp 00000000 08:02 9978       /lib/i386-linux-gnu/libattr.so.1.1.0
41f98000-41f99000 r--p 00003000 08:02 9978       /lib/i386-linux-gnu/libattr.so.1.1.0
41f99000-41f9a000 rw-p 00004000 08:02 9978       /lib/i386-linux-gnu/libattr.so.1.1.0
41f9c000-41fa0000 r-xp 00000000 08:02 9985       /lib/i386-linux-gnu/libcap.so.2.22
41fa0000-41fa1000 rw-p 00003000 08:02 9985       /lib/i386-linux-gnu/libcap.so.2.22
41fa3000-41fab000 r-xp 00000000 08:02 10054      /lib/i386-linux-gnu/libwrap.so.0.7.6
41fab000-41fac000 r--p 00007000 08:02 10054      /lib/i386-linux-gnu/libwrap.so.0.7.6
41fac000-41fad000 rw-p 00008000 08:02 10054      /lib/i386-linux-gnu/libwrap.so.0.7.6
41faf000-41fb4000 r-xp 00000000 08:02 24589      /usr/lib/i386-linux-gnu/libXtst.so.6.1.0
41fb4000-41fb5000 rw-p 00004000 08:02 24589      /usr/lib/i386-linux-gnu/libXtst.so.6.1.0
4244e000-42457000 r-xp 00000000 08:02 24707      /usr/lib/i386-linux-gnu/libfusion-1.2.so.9.0.1
42457000-42458000 rw-p 00008000 08:02 24707      /usr/lib/i386-linux-gnu/libfusion-1.2.so.9.0.1
42489000-42491000 r-xp 00000000 08:02 10005      /lib/i386-linux-gnu/libjson.so.0.1.0
42491000-42492000 r--p 00007000 08:02 10005      /lib/i386-linux-gnu/libjson.so.0.1.0
42492000-42493000 rw-p 00008000 08:02 10005      /lib/i386-linux-gnu/libjson.so.0.1.0
42495000-4249a000 r-xp 00000000 08:02 24603      /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1
4249a000-4249b000 rw-p 00004000 08:02 24603      /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1
424a1000-424a7000 r-xp 00000000 08:02 24920      /usr/lib/i386-linux-gnu/libogg.so.0.8.0
424a7000-424a8000 rw-p 00005000 08:02 24920      /usr/lib/i386-linux-gnu/libogg.so.0.8.0
424aa000-424d4000 r-xp 00000000 08:02 25032      /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
424d4000-424d5000 r--p 00029000 08:02 25032      /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
424d5000-424d6000 rw-p 0002a000 08:02 25032      /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
424d8000-42526000 r-xp 00000000 08:02 24551      /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
42526000-42527000 r--p 0004d000 08:02 24551      /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
42527000-42528000 rw-p 0004e000 08:02 24551      /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
42530000-42534000 r-xp 00000000 08:02 10053      /lib/i386-linux-gnu/libuuid.so.1.3.0
42534000-42535000 r--p 00003000 08:02 10053      /lib/i386-linux-gnu/libuuid.so.1.3.0
42535000-42536000 rw-p 00004000 08:02 10053      /lib/i386-linux-gnu/libuuid.so.1.3.0
4254b000-4263e000 r-xp 00000000 08:02 24600      /usr/lib/i386-linux-gnu/libasound.so.2.0.0
4263e000-42642000 r--p 000f2000 08:02 24600      /usr/lib/i386-linux-gnu/libasound.so.2.0.0
42642000-42643000 rw-p 000f6000 08:02 24600      /usr/lib/i386-linux-gnu/libasound.so.2.0.0
4266f000-426b8000 r-xp 00000000 08:02 9989       /lib/i386-linux-gnu/libdbus-1.so.3.7.2
426b8000-426b9000 ---p 00049000 08:02 9989       /lib/i386-linux-gnu/libdbus-1.so.3.7.2
426b9000-426ba000 r--p 00049000 08:02 9989       /lib/i386-linux-gnu/libdbus-1.so.3.7.2
426ba000-426bb000 rw-p 0004a000 08:02 9989       /lib/i386-linux-gnu/libdbus-1.so.3.7.2
426e9000-42705000 r-xp 00000000 08:02 9997       /lib/i386-linux-gnu/libgcc_s.so.1
42705000-42706000 rw-p 0001b000 08:02 9997       /lib/i386-linux-gnu/libgcc_s.so.1
427f8000-427ff000 r-xp 00000000 08:02 24562      /usr/lib/i386-linux-gnu/libSM.so.6.0.1
427ff000-42800000 rw-p 00006000 08:02 24562      /usr/lib/i386-linux-gnu/libSM.so.6.0.1
42802000-42818000 r-xp 00000000 08:02 24556      /usr/lib/i386-linux-gnu/libICE.so.6.3.0
42818000-4281a000 rw-p 00015000 08:02 24556      /usr/lib/i386-linux-gnu/libICE.so.6.3.0
4281a000-4281b000 rw-p 00000000 00:00 0 
428aa000-428c7000 r-xp 00000000 08:02 10046      /lib/i386-linux-gnu/libtinfo.so.5.9
428c7000-428c9000 r--p 0001c000 08:02 10046      /lib/i386-linux-gnu/libtinfo.so.5.9
428c9000-428ca000 rw-p 0001e000 08:02 10046      /lib/i386-linux-gnu/libtinfo.so.5.9
42af2000-42b75000 r-xp 00000000 08:02 24655      /usr/lib/i386-linux-gnu/libdirectfb-1.2.so.9.0.1
42b75000-42b78000 rw-p 00082000 08:02 24655      /usr/lib/i386-linux-gnu/libdirectfb-1.2.so.9.0.1
42bb9000-42bba000 r-xp 00000000 08:02 24565      /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0
42bba000-42bbb000 rw-p 00000000 08:02 24565      /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0
42bc5000-42c13000 r-xp 00000000 08:02 24960      /usr/lib/i386-linux-gnu/libpulse.so.0.14.2
42c13000-42c14000 r--p 0004d000 08:02 24960      /usr/lib/i386-linux-gnu/libpulse.so.0.14.2
42c14000-42c15000 rw-p 0004e000 08:02 24960      /usr/lib/i386-linux-gnu/libpulse.so.0.14.2
42e38000-42f9e000 r-xp 00000000 08:02 25033      /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
42f9e000-42faf000 r--p 00165000 08:02 25033      /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
42faf000-42fb0000 rw-p 00176000 08:02 25033      /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
42fb2000-43018000 r-xp 00000000 08:02 26819      /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so
43018000-43019000 r--p 00065000 08:02 26819      /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so
43019000-4301a000 rw-p 00066000 08:02 26819      /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so
4308c000-430f9000 r-xp 00000000 08:02 24984      /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
430f9000-430fb000 r--p 0006c000 08:02 24984      /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
430fb000-430fc000 rw-p 0006e000 08:02 24984      /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
430fc000-43100000 rw-p 00000000 00:00 0 
43102000-431ea000 r-xp 00000000 08:02 10042      /lib/i386-linux-gnu/libslang.so.2.2.4
431ea000-431ec000 r--p 000e8000 08:02 10042      /lib/i386-linux-gnu/libslang.so.2.2.4
431ec000-431fb000 rw-p 000ea000 08:02 10042      /lib/i386-linux-gnu/libslang.so.2.2.4
431fb000-43235000 rw-p 00000000 00:00 0 
44162000-441d4000 r-xp 00000000 08:02 24561      /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4
441d4000-441d5000 r--p 00071000 08:02 24561      /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4
441d5000-441d6000 rw-p 00072000 08:02 24561      /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4
441d6000-44200000 rw-p 00000000 00:00 0 
44202000-442c9000 r-xp 00000000 08:02 24627      /usr/lib/i386-linux-gnu/libcaca.so.0.99.18
442c9000-442ca000 rw-p 000c6000 08:02 24627      /usr/lib/i386-linux-gnu/libcaca.so.0.99.18
442ca000-442cf000 rw-p 00000000 00:00 0 
b2c00000-b2c21000 rw-p 00000000 00:00 0 
b2c21000-b2d00000 ---p 00000000 00:00 0 
b2df9000-b2dfa000 ---p 00000000 00:00 0 
b2dfa000-b35f9000 rw-p 00000000 00:00 0          [stack:29920]
b35f9000-b35fa000 ---p 00000000 00:00 0 
b35fa000-b3df9000 rw-p 00000000 00:00 0          [stack:29919]
b3df9000-b3dfa000 ---p 00000000 00:00 0 
b3dfa000-b45f9000 rw-p 00000000 00:00 0          [stack:29918]
b45f9000-b45fa000 ---p 00000000 00:00 0 
b45fa000-b4df9000 rw-p 00000000 00:00 0          [stack:29917]
b4df9000-b4dfa000 ---p 00000000 00:00 0 
b4dfa000-b55f9000 rw-p 00000000 00:00 0          [stack:29916]
b55f9000-b55fa000 ---p 00000000 00:00 0 
b55fa000-b5df9000 rw-p 00000000 00:00 0          [stack:29915]
b5df9000-b5dfa000 ---p 00000000 00:00 0 
b5dfa000-b65f9000 rw-p 00000000 00:00 0          [stack:29914]
b65f9000-b65fa000 ---p 00000000 00:00 0 
b65fa000-b6df9000 rw-p 00000000 00:00 0          [stack:29913]
b6df9000-b6dfa000 ---p 00000000 00:00 0 
b6dfa000-b75f9000 rw-p 00000000 00:00 0          [stack:29912]
b75f9000-b75fa000 ---p 00000000 00:00 0 
b75fa000-b7dfc000 rw-p 00000000 00:00 0          [stack:29911]
b7dfc000-b7e0d000 r-xp 00000000 08:02 29160      /lib/i386-linux-gnu/libresolv-2.13.so
b7e0d000-b7e0e000 r--p 00010000 08:02 29160      /lib/i386-linux-gnu/libresolv-2.13.so
b7e0e000-b7e0f000 rw-p 00011000 08:02 29160      /lib/i386-linux-gnu/libresolv-2.13.so
b7e0f000-b7e12000 rw-p 00000000 00:00 0 
b7e12000-b7e25000 r-xp 00000000 08:02 29162      /lib/i386-linux-gnu/libnsl-2.13.so
b7e25000-b7e26000 r--p 00012000 08:02 29162      /lib/i386-linux-gnu/libnsl-2.13.so
b7e26000-b7e27000 rw-p 00013000 08:02 29162      /lib/i386-linux-gnu/libnsl-2.13.so
b7e27000-b7e2f000 rw-p 00000000 00:00 0 
b7e2f000-b7e31000 r-xp 00000000 08:02 29151      /lib/i386-linux-gnu/libdl-2.13.so
b7e31000-b7e32000 r--p 00001000 08:02 29151      /lib/i386-linux-gnu/libdl-2.13.so
b7e32000-b7e33000 rw-p 00002000 08:02 29151      /lib/i386-linux-gnu/libdl-2.13.so
b7e33000-b7e34000 rw-p 00000000 00:00 0 
b7e34000-b7f7b000 r-xp 00000000 08:02 29158      /lib/i386-linux-gnu/libc-2.13.so
b7f7b000-b7f7c000 ---p 00147000 08:02 29158      /lib/i386-linux-gnu/libc-2.13.so
b7f7c000-b7f7e000 r--p 00147000 08:02 29158      /lib/i386-linux-gnu/libc-2.13.so
b7f7e000-b7f7f000 rw-p 00149000 08:02 29158      /lib/i386-linux-gnu/libc-2.13.so
b7f7f000-b7f82000 rw-p 00000000 00:00 0 
b7f82000-b7f97000 r-xp 00000000 08:02 29148      /lib/i386-linux-gnu/libpthread-2.13.so
b7f97000-b7f98000 r--p 00014000 08:02 29148      /lib/i386-linux-gnu/libpthread-2.13.so
b7f98000-b7f99000 rw-p 00015000 08:02 29148      /lib/i386-linux-gnu/libpthread-2.13.so
b7f99000-b7f9b000 rw-p 00000000 00:00 0 
b7f9b000-b7fa2000 r-xp 00000000 08:02 29153      /lib/i386-linux-gnu/librt-2.13.so
b7fa2000-b7fa3000 r--p 00006000 08:02 29153      /lib/i386-linux-gnu/librt-2.13.so
b7fa3000-b7fa4000 rw-p 00007000 08:02 29153      /lib/i386-linux-gnu/librt-2.13.so
b7fa4000-b7fc8000 r-xp 00000000 08:02 29155      /lib/i386-linux-gnu/libm-2.13.so
b7fc8000-b7fc9000 r--p 00023000 08:02 29155      /lib/i386-linux-gnu/libm-2.13.so
b7fc9000-b7fca000 rw-p 00024000 08:02 29155      /lib/i386-linux-gnu/libm-2.13.so
b7fca000-b7fcb000 rw-p 00000000 00:00 0 
b7fe0000-b7fe2000 rw-p 00000000 00:00 0 
b7fe2000-b7ffe000 r-xp 00000000 08:02 29161      /lib/i386-linux-gnu/ld-2.13.so
b7ffe000-b7fff000 r--p 0001b000 08:02 29161      /lib/i386-linux-gnu/ld-2.13.so
b7fff000-b8000000 rw-p 0001c000 08:02 29161      /lib/i386-linux-gnu/ld-2.13.so
bffdf000-c0000000 rw-p 00000000 00:00 0          [stack]
Program received signal SIGABRT, Aborted.
0xb7e5e667 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0xb7e5e667 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0xb7e61a52 in *__GI_abort () at abort.c:92
#2  0xb7e9a98d in __libc_message (do_abort=2, 
    fmt=0xb7f61330 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0xb7ea4a8a in malloc_printerr (action=<optimized out>, 
    str=0x6 <Address 0x6 out of bounds>, ptr=0x9148650) at malloc.c:6283
#4  0xb7ea62e8 in _int_free (av=<optimized out>, p=<optimized out>)
    at malloc.c:4795
#5  0xb7ea93ed in *__GI___libc_free (mem=0x9148650) at malloc.c:3738
#6  0x0885fb43 in av_buffer_unref (buf=buf@entry=0x910c5c0)
    at libavutil/buffer.c:115
#7  0x085cd0be in submit_packet (avpkt=0xbffff2a8, p=0x910c4f0)
    at libavcodec/pthread.c:526
#8  ff_thread_decode_frame (avctx=avctx@entry=0x91068e0, 
    picture=picture@entry=0x90f65e0, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff504, 
    avpkt=avpkt@entry=0xbffff2a8) at libavcodec/pthread.c:602
#9  0x086778c4 in avcodec_decode_video2 (avctx=0x91068e0, 
    picture=picture@entry=0x90f65e0, 
    got_picture_ptr=got_picture_ptr@entry=0xbffff504, 
    avpkt=avpkt@entry=0xbffff750) at libavcodec/utils.c:1979
---Type <return> to continue, or q <return> to quit---
#10 0x080b34ed in decode_video (ist=ist@entry=0x9108c80, 
    pkt=pkt@entry=0xbffff750, got_output=got_output@entry=0xbffff504)
    at ffmpeg.c:1668
#11 0x080b740a in output_packet (pkt=0xbffff6e8, ist=0x9108c80)
    at ffmpeg.c:1866
#12 process_input (file_index=1) at ffmpeg.c:3085
#13 0x080a2cb3 in transcode_step () at ffmpeg.c:3181
#14 transcode () at ffmpeg.c:3233
#15 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3411
(gdb) 

Change History (7)

comment:1 Changed 3 years ago by ami_stuff

hmm I see that Michael already reported something similar here:

http://article.gmane.org/gmane.comp.video.ffmpeg.cvs/67952

comment:2 follow-up: Changed 3 years ago by richardpl

  • Description modified (diff)

That is unrelated issue that have been fixed.
Does same happens with -threads 1?

comment:3 in reply to: ↑ 2 Changed 3 years ago by ami_stuff

Replying to richardpl:

That is unrelated issue that have been fixed.
Does same happens with -threads 1?

It crashes here with some win32 autobuild which I downloaded when ran with -threads 2 or 4, but not with 1 or 8.

{{{
C:\>ffmpeg -threads 4 -i png_fuzz.mov -f null -
ffmpeg version N-55763-g22fbc7f Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 26 2013 02:23:51 with gcc 4.5.0 (GCC) 20100414 (Fedora MinGW 4.5.
0-1.fc14)
  configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-pthreads --enable-memalign-hack --enable-runtime-cpudetect --
enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -lw
inmm -lpthread' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapsh
ots/build/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/sna
pshots/build/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 --
enable-nonfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-li
bvorbis --enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-li
bopencore-amrwb --enable-libmp3lame --enable-libfreetype --enable-libvpx --disab
le-decoder=libvpx
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:28
34 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs│ugi skrˇtˇw danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:
1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs│ugi skrˇtˇw danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x2127240] chunk too big
[png @ 0x216c000] inflate returned error -3
[null @ 0x2163020] [png @ 0x21284c0] Encoder did not produce proper pts, making
some up.
inflate returned error -3
[png @ 0x21255e0] Error while decoding stream #0:0: Invalid data found when proc
essing input
inflate returned error -3
[png @ 0x216c000] Error while decoding stream #0:0: Invalid data found when proc
essing input
inflate returned error -3
[png @ 0x2127240] Error while decoding stream #0:0: Invalid data found when proc
essing input
chunk too big
[png @ 0x21284c0] Error while decoding stream #0:0: Invalid data found when proc
essing input
Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x21255e0] inflate returned error -3
[png @ 0x216c000] Error while decoding stream #0:0: Invalid data found when proc
essing input
chunk too big
[png @ 0x2127240] Error while decoding stream #0:0: Invalid data found when proc
essing input
chunk too big
[png @ 0x21284c0] Error while decoding stream #0:0: Invalid data found when proc
essing input
chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 2 times
}}}

comment:4 Changed 3 years ago by ami_stuff

knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov -f null -
==11460== Memcheck, a memory error detector
==11460== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11460== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11460== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov -f null -
==11460== 
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
==11460== Invalid write of size 4
==11460==    at 0x402ABFD: memset (mc_replace_strmem.c:966)
==11460==    by 0x85BF4EA: decode_frame (pngdec.c:672)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==  Address 0x43e9d74 is 564 bytes inside a block of size 567 alloc'd
==11460==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460==    by 0x886D357: av_malloc (mem.c:93)
==11460==    by 0x85C0394: decode_frame (pngdec.c:677)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== 
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==11460== Invalid read of size 1
==11460==    at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170)
==11460==    by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11460==    by 0x85BFC85: decode_frame (pngdec.c:297)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==  Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd
==11460==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460==    by 0x886D357: av_malloc (mem.c:93)
==11460==    by 0x85C0394: decode_frame (pngdec.c:677)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== 
==11460== Invalid read of size 1
==11460==    at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171)
==11460==    by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11460==    by 0x85BFC85: decode_frame (pngdec.c:297)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==  Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd
==11460==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460==    by 0x886D357: av_malloc (mem.c:93)
==11460==    by 0x85C0394: decode_frame (pngdec.c:677)
==11460==    by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460==    by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460==    by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== 
frame=   40 fps=0.0 q=0.0 size=N/A time=00:00:01.66 bitrate=N/A dup=11 drop=0   frame=   74 fps= 73 q=0.0 size=N/A time=00:00:03.08 bitrate=N/A dup=11 drop=0   frame=  108 fps= 71 q=0.0 size=N/A time=00:00:04.50 bitrate=N/A dup=11 drop=0   frame=  140 fps= 69 q=0.0 size=N/A time=00:00:05.83 bitrate=N/A dup=11 drop=0   frame=  143 fps= 68 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0    
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385%
==11460== 
==11460== HEAP SUMMARY:
==11460==     in use at exit: 0 bytes in 0 blocks
==11460==   total heap usage: 4,639 allocs, 4,639 frees, 12,639,711 bytes allocated
==11460== 
==11460== All heap blocks were freed -- no leaks are possible
==11460== 
==11460== For counts of detected and suppressed errors, rerun with: -v
==11460== ERROR SUMMARY: 55858 errors from 3 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==11414== Memcheck, a memory error detector
==11414== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11414== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11414== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==11414== 
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x4347420] inflate returned error -3
[png @ 0x4348540] chunk too big
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4346ac0] inflate returned error -3
[png @ 0x4349640] inflate returned error -3
[png @ 0x4348540] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 1 times
[png @ 0x4349640] Missing png signature
[png @ 0x4347420] inflate returned error -3
[png @ 0x4346ac0] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 1 times
[png @ 0x4347420] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4348540] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4349640] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==11414== Thread 12:eated 1 times
==11414== Invalid write of size 4
==11414==    at 0x402ABFD: memset (mc_replace_strmem.c:966)
==11414==    by 0x85BF4EA: decode_frame (pngdec.c:672)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414==  Address 0x4435fb4 is 564 bytes inside a block of size 567 alloc'd
==11414==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414==    by 0x886D357: av_malloc (mem.c:93)
==11414==    by 0x85C0394: decode_frame (pngdec.c:677)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414== 
==11414== Invalid read of size 1
==11414==    at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170)
==11414==    by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11414==    by 0x85BFC85: decode_frame (pngdec.c:297)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414==  Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd
==11414==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414==    by 0x886D357: av_malloc (mem.c:93)
==11414==    by 0x85C0394: decode_frame (pngdec.c:677)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414== 
==11414== Invalid read of size 1
==11414==    at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171)
==11414==    by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11414==    by 0x85BFC85: decode_frame (pngdec.c:297)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414==  Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd
==11414==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414==    by 0x886D357: av_malloc (mem.c:93)
==11414==    by 0x85C0394: decode_frame (pngdec.c:677)
==11414==    by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414==    by 0x407B953: start_thread (pthread_create.c:304)
==11414==    by 0x416395D: clone (clone.S:130)
==11414== 
    Last message repeated 2 times
frame=   34 fps=0.0 q=0.0 size=N/A time=00:00:01.41 bitrate=N/A dup=11 drop=0   frame=   66 fps= 64 q=0.0 size=N/A time=00:00:02.75 bitrate=N/A dup=11 drop=0   frame=   97 fps= 63 q=0.0 size=N/A time=00:00:04.04 bitrate=N/A dup=11 drop=0   frame=  127 fps= 62 q=0.0 size=N/A time=00:00:05.29 bitrate=N/A dup=11 drop=0   frame=  143 fps= 62 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0    
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385%
==11414== 
==11414== HEAP SUMMARY:
==11414==     in use at exit: 0 bytes in 0 blocks
==11414==   total heap usage: 5,713 allocs, 5,713 frees, 13,386,225 bytes allocated
==11414== 
==11414== All heap blocks were freed -- no leaks are possible
==11414== 
==11414== For counts of detected and suppressed errors, rerun with: -v
==11414== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 59 from 6) 
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov -f null -
==11481== Memcheck, a memory error detector
==11481== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11481== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11481== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov -f null -
==11481== 
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 14.102 / 55. 14.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 537199360
    compatible_brands: qt  
    encoder         : Lavf55.14.102
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x4348040] inflate returned error -3
[png @ 0x4349140] chunk too big
[png @ 0x434a260] [png @ 0x434c480] inflate returned error -3
inflate returned error -3
[png @ 0x434d580] chunk too big
[png @ 0x434b360] inflate returned error -3
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
[png @ 0x434e6a0] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x43476e0] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4348040] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4349140] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x434a260] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 6 times
frame=   30 fps=0.0 q=0.0 size=N/A time=00:00:01.25 bitrate=N/A dup=11 drop=0   frame=   61 fps= 60 q=0.0 size=N/A time=00:00:02.54 bitrate=N/A dup=11 drop=0   frame=   92 fps= 61 q=0.0 size=N/A time=00:00:03.83 bitrate=N/A dup=11 drop=0   frame=  123 fps= 61 q=0.0 size=N/A time=00:00:05.12 bitrate=N/A dup=11 drop=0   frame=  143 fps= 62 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0    
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385%
==11481== 
==11481== HEAP SUMMARY:
==11481==     in use at exit: 0 bytes in 0 blocks
==11481==   total heap usage: 5,817 allocs, 5,817 frees, 13,983,600 bytes allocated
==11481== 
==11481== All heap blocks were freed -- no leaks are possible
==11481== 
==11481== For counts of detected and suppressed errors, rerun with: -v
==11481== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6) 

comment:5 Changed 3 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords png regression added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

Regression since dd1d29b

$ valgrind ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==26607== Memcheck, a memory error detector
==26607== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26607== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==26607== Command: ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==26607==
ffmpeg version N-55890-g259292f Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 30 2013 02:55:25 with gcc 4.7 (SUSE Linux)
  configuration: --disable-indev=jack --disable-asm --disable-optimizations
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 15.100 / 55. 15.100
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    creation_time   : 2012-03-24 20:33:27
  Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
    Stream #0:0(eng): Video: png (png  / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    encoder         : Lavf55.15.100
    Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
    Metadata:
      creation_time   : 2012-03-24 20:33:27
      handler_name    : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
  Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x735aa50] inflate returned error -3
[png @ 0x735bdf0] chunk too big
[null @ 0x7282200] Encoder did not produce proper pts, making some up.
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735bdf0] chunk too big
[png @ 0x735d190] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735aa50] inflate returned error -3
[png @ 0x7359f30] inflate returned error -3
[png @ 0x735d190] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
    Last message repeated 1 times
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735aa50] chunk too big
[png @ 0x7359f30] inflate returned error -3
[png @ 0x735bdf0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735d190] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==26607== Thread 12:eated 1 times
==26607== Invalid write of size 4
==26607==    at 0x4C2D4FF: memset (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0xA58420: av_fast_padded_mallocz (utils.c:125)
==26607==    by 0x98BC4A: decode_frame (pngdec.c:672)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==  Address 0x74478d4 is 564 bytes inside a block of size 567 alloc'd
==26607==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0xD1FBFD: av_malloc (mem.c:93)
==26607==    by 0x98BC89: decode_frame (pngdec.c:677)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
==26607== Invalid read of size 1
==26607==    at 0x9890C8: ff_add_png_paeth_prediction (pngdec.c:170)
==26607==    by 0x989B93: png_filter_row (pngdec.c:260)
==26607==    by 0x989DF0: png_handle_row (pngdec.c:297)
==26607==    by 0x98A35A: png_decode_idat (pngdec.c:381)
==26607==    by 0x98BD5C: decode_frame (pngdec.c:692)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==  Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd
==26607==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0xD1FBFD: av_malloc (mem.c:93)
==26607==    by 0x98BC89: decode_frame (pngdec.c:677)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
==26607== Invalid read of size 1
==26607==    at 0x9890E7: ff_add_png_paeth_prediction (pngdec.c:171)
==26607==    by 0x989B93: png_filter_row (pngdec.c:260)
==26607==    by 0x989DF0: png_handle_row (pngdec.c:297)
==26607==    by 0x98A35A: png_decode_idat (pngdec.c:381)
==26607==    by 0x98BD5C: decode_frame (pngdec.c:692)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==  Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd
==26607==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26607==    by 0xD1FBFD: av_malloc (mem.c:93)
==26607==    by 0x98BC89: decode_frame (pngdec.c:677)
==26607==    by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
    Last message repeated 2 times
frame=  143 fps= 31 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0
video:13kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.160256%
==26607==
==26607== HEAP SUMMARY:
==26607==     in use at exit: 0 bytes in 0 blocks
==26607==   total heap usage: 6,033 allocs, 6,033 frees, 13,476,472 bytes allocated
==26607==
==26607== All heap blocks were freed -- no leaks are possible
==26607==
==26607== For counts of detected and suppressed errors, rerun with: -v
==26607== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 2 from 2)

comment:6 Changed 3 years ago by richardpl

Are you really, really sure?

comment:7 Changed 3 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.