Opened 11 years ago
Closed 11 years ago
#2903 closed defect (fixed)
png: invalid write
Reported by: | ami_stuff | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | git-master | Keywords: | png regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description (last modified by )
http://www.datafilehost.com/d/6985a553
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null - ==29921== Memcheck, a memory error detector ==29921== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==29921== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==29921== Command: ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null - ==29921== ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5) configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from './png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x4346de0] inflate returned error -3 [png @ 0x4347f00] chunk too big [png @ 0x434a120] inflate returned error -3 [null @ 0x42747e0] Encoder did not produce proper pts, making some up. [png @ 0x4349000] inflate returned error -3 [png @ 0x4346480] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4346de0] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4347f00] Missing png signature Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x434a120] chunk too big [png @ 0x4349000] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 1 times [png @ 0x4346480] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4346de0] chunk too big Error while decoding stream #0:0: Invalid data found when processing input ==29921== Thread 7:peated 3 times ==29921== Invalid write of size 4 ==29921== at 0x402ABFD: memset (mc_replace_strmem.c:966) ==29921== by 0x85BF16A: decode_frame (pngdec.c:672) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== Address 0x4436c54 is 564 bytes inside a block of size 567 alloc'd ==29921== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==29921== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==29921== by 0x886D047: av_malloc (mem.c:93) ==29921== by 0x85C0014: decode_frame (pngdec.c:677) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== ==29921== Invalid read of size 1 ==29921== at 0x85C064C: ff_add_png_paeth_prediction (pngdec.c:170) ==29921== by 0x85BE25A: png_filter_row (pngdec.c:260) ==29921== by 0x85BF905: decode_frame (pngdec.c:297) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== Address 0x4436c57 is 0 bytes after a block of size 567 alloc'd ==29921== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==29921== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==29921== by 0x886D047: av_malloc (mem.c:93) ==29921== by 0x85C0014: decode_frame (pngdec.c:677) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== ==29921== Invalid read of size 1 ==29921== at 0x85C0660: ff_add_png_paeth_prediction (pngdec.c:171) ==29921== by 0x85BE25A: png_filter_row (pngdec.c:260) ==29921== by 0x85BF905: decode_frame (pngdec.c:297) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== Address 0x4436c57 is 0 bytes after a block of size 567 alloc'd ==29921== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==29921== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==29921== by 0x886D047: av_malloc (mem.c:93) ==29921== by 0x85C0014: decode_frame (pngdec.c:677) ==29921== by 0x85CC6DD: frame_worker_thread (pthread.c:339) ==29921== by 0x407B953: start_thread (pthread_create.c:304) ==29921== by 0x416395D: clone (clone.S:130) ==29921== Last message repeated 3 times frame= 34 fps=0.0 q=0.0 size=N/A time=00:00:01.41 bitrate=N/A dup=11 drop=0 frame= 66 fps= 65 q=0.0 size=N/A time=00:00:02.75 bitrate=N/A dup=11 drop=0 frame= 97 fps= 64 q=0.0 size=N/A time=00:00:04.04 bitrate=N/A dup=11 drop=0 frame= 128 fps= 63 q=0.0 size=N/A time=00:00:05.33 bitrate=N/A dup=11 drop=0 frame= 143 fps= 63 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0 video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385% ==29921== ==29921== HEAP SUMMARY: ==29921== in use at exit: 0 bytes in 0 blocks ==29921== total heap usage: 5,828 allocs, 5,828 frees, 13,536,240 bytes allocated ==29921== ==29921== All heap blocks were freed -- no leaks are possible ==29921== ==29921== For counts of detected and suppressed errors, rerun with: -v ==29921== ERROR SUMMARY: 11076 errors from 3 contexts (suppressed: 59 from 6
(gdb) r -i ./png_fuzz.mov -f null - Starting program: /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g -i ./png_fuzz.mov -f null - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". ffmpeg version 2.0-edf6fb6 Copyright (c) 2000-2013 the FFmpeg developers built on Aug 24 2013 11:50:43 with gcc 4.7 (Debian 4.7.2-5) configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from './png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple [New Thread 0xb7df8b70 (LWP 29911)] [New Thread 0xb75f8b70 (LWP 29912)] [New Thread 0xb6df8b70 (LWP 29913)] [New Thread 0xb65f8b70 (LWP 29914)] [New Thread 0xb5df8b70 (LWP 29915)] [New Thread 0xb55f8b70 (LWP 29916)] [New Thread 0xb4df8b70 (LWP 29917)] [New Thread 0xb45f8b70 (LWP 29918)] [New Thread 0xb3df8b70 (LWP 29919)] [New Thread 0xb35f8b70 (LWP 29920)] Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obsdz'"ugi skrdz'"tdz'"w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x910cac0] inflate returned error -3 [png @ 0x910da20] chunk too big [null @ 0x9108520] Encoder did not produce proper pts, making some up. [png @ 0x90f46c0] inflate returned error -3 [png @ 0x90f5600] inflate returned error -3 [png @ 0x910ad40] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x910cac0] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x910da20] Missing png signature Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x90f46c0] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x90f5600] chunk too big [png @ 0x910ad40] chunk too big Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x910cac0] chunk too big Error while decoding stream #0:0: Invalid data found when processing input *** glibc detected *** /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g: free(): invalid pointer: 0x09148650 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x70a8a)[0xb7ea4a8a] /lib/i386-linux-gnu/libc.so.6(+0x722e8)[0xb7ea62e8] /lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xb7ea93ed] /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g[0x885fb43] ======= Memory map: ======== 08048000-08ae4000 r-xp 00000000 08:11 7358 /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g 08ae4000-08b03000 rw-p 00a9b000 08:11 7358 /media/sdb1/ffmpeg-HEAD-edf6fb6/ffmpeg_g 08b03000-0926b000 rw-p 00000000 00:00 0 [heap] 41602000-41619000 r-xp 00000000 08:02 10056 /lib/i386-linux-gnu/libz.so.1.2.7 41619000-4161a000 r--p 00016000 08:02 10056 /lib/i386-linux-gnu/libz.so.1.2.7 4161a000-4161b000 rw-p 00017000 08:02 10056 /lib/i386-linux-gnu/libz.so.1.2.7 41628000-41659000 r-xp 00000000 08:02 10014 /lib/i386-linux-gnu/libncursesw.so.5.9 41659000-4165a000 r--p 00030000 08:02 10014 /lib/i386-linux-gnu/libncursesw.so.5.9 4165a000-4165b000 rw-p 00031000 08:02 10014 /lib/i386-linux-gnu/libncursesw.so.5.9 41673000-41676000 r-xp 00000000 08:02 24959 /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3 41676000-41677000 r--p 00002000 08:02 24959 /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3 41677000-41678000 rw-p 00003000 08:02 24959 /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3 4178e000-418c2000 r-xp 00000000 08:02 24566 /usr/lib/i386-linux-gnu/libX11.so.6.3.0 418c2000-418c6000 rw-p 00133000 08:02 24566 /usr/lib/i386-linux-gnu/libX11.so.6.3.0 418c8000-418e9000 r-xp 00000000 08:02 25047 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 418e9000-418ea000 r--p 00020000 08:02 25047 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 418ea000-418eb000 rw-p 00021000 08:02 25047 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 418ed000-418ef000 r-xp 00000000 08:02 24568 /usr/lib/i386-linux-gnu/libXau.so.6.0.0 418ef000-418f0000 rw-p 00001000 08:02 24568 /usr/lib/i386-linux-gnu/libXau.so.6.0.0 418f2000-418f7000 r-xp 00000000 08:02 24574 /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0 418f7000-418f8000 rw-p 00004000 08:02 24574 /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0 41913000-41924000 r-xp 00000000 08:02 24575 /usr/lib/i386-linux-gnu/libXext.so.6.4.0 41924000-41925000 rw-p 00010000 08:02 24575 /usr/lib/i386-linux-gnu/libXext.so.6.4.0 41cd1000-41cd3000 r-xp 00000000 08:02 25013 /usr/lib/i386-linux-gnu/libts-0.0.so.0.1.1 41cd3000-41cd4000 rw-p 00001000 08:02 25013 /usr/lib/i386-linux-gnu/libts-0.0.so.0.1.1 41cd6000-41ce4000 r-xp 00000000 08:02 24578 /usr/lib/i386-linux-gnu/libXi.so.6.1.0 41ce4000-41ce5000 rw-p 0000e000 08:02 24578 /usr/lib/i386-linux-gnu/libXi.so.6.1.0 41f58000-41f6e000 r-xp 00000000 08:02 24654 /usr/lib/i386-linux-gnu/libdirect-1.2.so.9.0.1 41f6e000-41f6f000 rw-p 00016000 08:02 24654 /usr/lib/i386-linux-gnu/libdirect-1.2.so.9.0.1 41f94000-41f98000 r-xp 00000000 08:02 9978 /lib/i386-linux-gnu/libattr.so.1.1.0 41f98000-41f99000 r--p 00003000 08:02 9978 /lib/i386-linux-gnu/libattr.so.1.1.0 41f99000-41f9a000 rw-p 00004000 08:02 9978 /lib/i386-linux-gnu/libattr.so.1.1.0 41f9c000-41fa0000 r-xp 00000000 08:02 9985 /lib/i386-linux-gnu/libcap.so.2.22 41fa0000-41fa1000 rw-p 00003000 08:02 9985 /lib/i386-linux-gnu/libcap.so.2.22 41fa3000-41fab000 r-xp 00000000 08:02 10054 /lib/i386-linux-gnu/libwrap.so.0.7.6 41fab000-41fac000 r--p 00007000 08:02 10054 /lib/i386-linux-gnu/libwrap.so.0.7.6 41fac000-41fad000 rw-p 00008000 08:02 10054 /lib/i386-linux-gnu/libwrap.so.0.7.6 41faf000-41fb4000 r-xp 00000000 08:02 24589 /usr/lib/i386-linux-gnu/libXtst.so.6.1.0 41fb4000-41fb5000 rw-p 00004000 08:02 24589 /usr/lib/i386-linux-gnu/libXtst.so.6.1.0 4244e000-42457000 r-xp 00000000 08:02 24707 /usr/lib/i386-linux-gnu/libfusion-1.2.so.9.0.1 42457000-42458000 rw-p 00008000 08:02 24707 /usr/lib/i386-linux-gnu/libfusion-1.2.so.9.0.1 42489000-42491000 r-xp 00000000 08:02 10005 /lib/i386-linux-gnu/libjson.so.0.1.0 42491000-42492000 r--p 00007000 08:02 10005 /lib/i386-linux-gnu/libjson.so.0.1.0 42492000-42493000 rw-p 00008000 08:02 10005 /lib/i386-linux-gnu/libjson.so.0.1.0 42495000-4249a000 r-xp 00000000 08:02 24603 /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1 4249a000-4249b000 rw-p 00004000 08:02 24603 /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1 424a1000-424a7000 r-xp 00000000 08:02 24920 /usr/lib/i386-linux-gnu/libogg.so.0.8.0 424a7000-424a8000 rw-p 00005000 08:02 24920 /usr/lib/i386-linux-gnu/libogg.so.0.8.0 424aa000-424d4000 r-xp 00000000 08:02 25032 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5 424d4000-424d5000 r--p 00029000 08:02 25032 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5 424d5000-424d6000 rw-p 0002a000 08:02 25032 /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5 424d8000-42526000 r-xp 00000000 08:02 24551 /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0 42526000-42527000 r--p 0004d000 08:02 24551 /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0 42527000-42528000 rw-p 0004e000 08:02 24551 /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0 42530000-42534000 r-xp 00000000 08:02 10053 /lib/i386-linux-gnu/libuuid.so.1.3.0 42534000-42535000 r--p 00003000 08:02 10053 /lib/i386-linux-gnu/libuuid.so.1.3.0 42535000-42536000 rw-p 00004000 08:02 10053 /lib/i386-linux-gnu/libuuid.so.1.3.0 4254b000-4263e000 r-xp 00000000 08:02 24600 /usr/lib/i386-linux-gnu/libasound.so.2.0.0 4263e000-42642000 r--p 000f2000 08:02 24600 /usr/lib/i386-linux-gnu/libasound.so.2.0.0 42642000-42643000 rw-p 000f6000 08:02 24600 /usr/lib/i386-linux-gnu/libasound.so.2.0.0 4266f000-426b8000 r-xp 00000000 08:02 9989 /lib/i386-linux-gnu/libdbus-1.so.3.7.2 426b8000-426b9000 ---p 00049000 08:02 9989 /lib/i386-linux-gnu/libdbus-1.so.3.7.2 426b9000-426ba000 r--p 00049000 08:02 9989 /lib/i386-linux-gnu/libdbus-1.so.3.7.2 426ba000-426bb000 rw-p 0004a000 08:02 9989 /lib/i386-linux-gnu/libdbus-1.so.3.7.2 426e9000-42705000 r-xp 00000000 08:02 9997 /lib/i386-linux-gnu/libgcc_s.so.1 42705000-42706000 rw-p 0001b000 08:02 9997 /lib/i386-linux-gnu/libgcc_s.so.1 427f8000-427ff000 r-xp 00000000 08:02 24562 /usr/lib/i386-linux-gnu/libSM.so.6.0.1 427ff000-42800000 rw-p 00006000 08:02 24562 /usr/lib/i386-linux-gnu/libSM.so.6.0.1 42802000-42818000 r-xp 00000000 08:02 24556 /usr/lib/i386-linux-gnu/libICE.so.6.3.0 42818000-4281a000 rw-p 00015000 08:02 24556 /usr/lib/i386-linux-gnu/libICE.so.6.3.0 4281a000-4281b000 rw-p 00000000 00:00 0 428aa000-428c7000 r-xp 00000000 08:02 10046 /lib/i386-linux-gnu/libtinfo.so.5.9 428c7000-428c9000 r--p 0001c000 08:02 10046 /lib/i386-linux-gnu/libtinfo.so.5.9 428c9000-428ca000 rw-p 0001e000 08:02 10046 /lib/i386-linux-gnu/libtinfo.so.5.9 42af2000-42b75000 r-xp 00000000 08:02 24655 /usr/lib/i386-linux-gnu/libdirectfb-1.2.so.9.0.1 42b75000-42b78000 rw-p 00082000 08:02 24655 /usr/lib/i386-linux-gnu/libdirectfb-1.2.so.9.0.1 42bb9000-42bba000 r-xp 00000000 08:02 24565 /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0 42bba000-42bbb000 rw-p 00000000 08:02 24565 /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0 42bc5000-42c13000 r-xp 00000000 08:02 24960 /usr/lib/i386-linux-gnu/libpulse.so.0.14.2 42c13000-42c14000 r--p 0004d000 08:02 24960 /usr/lib/i386-linux-gnu/libpulse.so.0.14.2 42c14000-42c15000 rw-p 0004e000 08:02 24960 /usr/lib/i386-linux-gnu/libpulse.so.0.14.2 42e38000-42f9e000 r-xp 00000000 08:02 25033 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8 42f9e000-42faf000 r--p 00165000 08:02 25033 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8 42faf000-42fb0000 rw-p 00176000 08:02 25033 /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8 42fb2000-43018000 r-xp 00000000 08:02 26819 /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so 43018000-43019000 r--p 00065000 08:02 26819 /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so 43019000-4301a000 rw-p 00066000 08:02 26819 /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-2.0.so 4308c000-430f9000 r-xp 00000000 08:02 24984 /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25 430f9000-430fb000 r--p 0006c000 08:02 24984 /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25 430fb000-430fc000 rw-p 0006e000 08:02 24984 /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25 430fc000-43100000 rw-p 00000000 00:00 0 43102000-431ea000 r-xp 00000000 08:02 10042 /lib/i386-linux-gnu/libslang.so.2.2.4 431ea000-431ec000 r--p 000e8000 08:02 10042 /lib/i386-linux-gnu/libslang.so.2.2.4 431ec000-431fb000 rw-p 000ea000 08:02 10042 /lib/i386-linux-gnu/libslang.so.2.2.4 431fb000-43235000 rw-p 00000000 00:00 0 44162000-441d4000 r-xp 00000000 08:02 24561 /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4 441d4000-441d5000 r--p 00071000 08:02 24561 /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4 441d5000-441d6000 rw-p 00072000 08:02 24561 /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4 441d6000-44200000 rw-p 00000000 00:00 0 44202000-442c9000 r-xp 00000000 08:02 24627 /usr/lib/i386-linux-gnu/libcaca.so.0.99.18 442c9000-442ca000 rw-p 000c6000 08:02 24627 /usr/lib/i386-linux-gnu/libcaca.so.0.99.18 442ca000-442cf000 rw-p 00000000 00:00 0 b2c00000-b2c21000 rw-p 00000000 00:00 0 b2c21000-b2d00000 ---p 00000000 00:00 0 b2df9000-b2dfa000 ---p 00000000 00:00 0 b2dfa000-b35f9000 rw-p 00000000 00:00 0 [stack:29920] b35f9000-b35fa000 ---p 00000000 00:00 0 b35fa000-b3df9000 rw-p 00000000 00:00 0 [stack:29919] b3df9000-b3dfa000 ---p 00000000 00:00 0 b3dfa000-b45f9000 rw-p 00000000 00:00 0 [stack:29918] b45f9000-b45fa000 ---p 00000000 00:00 0 b45fa000-b4df9000 rw-p 00000000 00:00 0 [stack:29917] b4df9000-b4dfa000 ---p 00000000 00:00 0 b4dfa000-b55f9000 rw-p 00000000 00:00 0 [stack:29916] b55f9000-b55fa000 ---p 00000000 00:00 0 b55fa000-b5df9000 rw-p 00000000 00:00 0 [stack:29915] b5df9000-b5dfa000 ---p 00000000 00:00 0 b5dfa000-b65f9000 rw-p 00000000 00:00 0 [stack:29914] b65f9000-b65fa000 ---p 00000000 00:00 0 b65fa000-b6df9000 rw-p 00000000 00:00 0 [stack:29913] b6df9000-b6dfa000 ---p 00000000 00:00 0 b6dfa000-b75f9000 rw-p 00000000 00:00 0 [stack:29912] b75f9000-b75fa000 ---p 00000000 00:00 0 b75fa000-b7dfc000 rw-p 00000000 00:00 0 [stack:29911] b7dfc000-b7e0d000 r-xp 00000000 08:02 29160 /lib/i386-linux-gnu/libresolv-2.13.so b7e0d000-b7e0e000 r--p 00010000 08:02 29160 /lib/i386-linux-gnu/libresolv-2.13.so b7e0e000-b7e0f000 rw-p 00011000 08:02 29160 /lib/i386-linux-gnu/libresolv-2.13.so b7e0f000-b7e12000 rw-p 00000000 00:00 0 b7e12000-b7e25000 r-xp 00000000 08:02 29162 /lib/i386-linux-gnu/libnsl-2.13.so b7e25000-b7e26000 r--p 00012000 08:02 29162 /lib/i386-linux-gnu/libnsl-2.13.so b7e26000-b7e27000 rw-p 00013000 08:02 29162 /lib/i386-linux-gnu/libnsl-2.13.so b7e27000-b7e2f000 rw-p 00000000 00:00 0 b7e2f000-b7e31000 r-xp 00000000 08:02 29151 /lib/i386-linux-gnu/libdl-2.13.so b7e31000-b7e32000 r--p 00001000 08:02 29151 /lib/i386-linux-gnu/libdl-2.13.so b7e32000-b7e33000 rw-p 00002000 08:02 29151 /lib/i386-linux-gnu/libdl-2.13.so b7e33000-b7e34000 rw-p 00000000 00:00 0 b7e34000-b7f7b000 r-xp 00000000 08:02 29158 /lib/i386-linux-gnu/libc-2.13.so b7f7b000-b7f7c000 ---p 00147000 08:02 29158 /lib/i386-linux-gnu/libc-2.13.so b7f7c000-b7f7e000 r--p 00147000 08:02 29158 /lib/i386-linux-gnu/libc-2.13.so b7f7e000-b7f7f000 rw-p 00149000 08:02 29158 /lib/i386-linux-gnu/libc-2.13.so b7f7f000-b7f82000 rw-p 00000000 00:00 0 b7f82000-b7f97000 r-xp 00000000 08:02 29148 /lib/i386-linux-gnu/libpthread-2.13.so b7f97000-b7f98000 r--p 00014000 08:02 29148 /lib/i386-linux-gnu/libpthread-2.13.so b7f98000-b7f99000 rw-p 00015000 08:02 29148 /lib/i386-linux-gnu/libpthread-2.13.so b7f99000-b7f9b000 rw-p 00000000 00:00 0 b7f9b000-b7fa2000 r-xp 00000000 08:02 29153 /lib/i386-linux-gnu/librt-2.13.so b7fa2000-b7fa3000 r--p 00006000 08:02 29153 /lib/i386-linux-gnu/librt-2.13.so b7fa3000-b7fa4000 rw-p 00007000 08:02 29153 /lib/i386-linux-gnu/librt-2.13.so b7fa4000-b7fc8000 r-xp 00000000 08:02 29155 /lib/i386-linux-gnu/libm-2.13.so b7fc8000-b7fc9000 r--p 00023000 08:02 29155 /lib/i386-linux-gnu/libm-2.13.so b7fc9000-b7fca000 rw-p 00024000 08:02 29155 /lib/i386-linux-gnu/libm-2.13.so b7fca000-b7fcb000 rw-p 00000000 00:00 0 b7fe0000-b7fe2000 rw-p 00000000 00:00 0 b7fe2000-b7ffe000 r-xp 00000000 08:02 29161 /lib/i386-linux-gnu/ld-2.13.so b7ffe000-b7fff000 r--p 0001b000 08:02 29161 /lib/i386-linux-gnu/ld-2.13.so b7fff000-b8000000 rw-p 0001c000 08:02 29161 /lib/i386-linux-gnu/ld-2.13.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0xb7e5e667 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0xb7e5e667 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0xb7e61a52 in *__GI_abort () at abort.c:92 #2 0xb7e9a98d in __libc_message (do_abort=2, fmt=0xb7f61330 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0xb7ea4a8a in malloc_printerr (action=<optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x9148650) at malloc.c:6283 #4 0xb7ea62e8 in _int_free (av=<optimized out>, p=<optimized out>) at malloc.c:4795 #5 0xb7ea93ed in *__GI___libc_free (mem=0x9148650) at malloc.c:3738 #6 0x0885fb43 in av_buffer_unref (buf=buf@entry=0x910c5c0) at libavutil/buffer.c:115 #7 0x085cd0be in submit_packet (avpkt=0xbffff2a8, p=0x910c4f0) at libavcodec/pthread.c:526 #8 ff_thread_decode_frame (avctx=avctx@entry=0x91068e0, picture=picture@entry=0x90f65e0, got_picture_ptr=got_picture_ptr@entry=0xbffff504, avpkt=avpkt@entry=0xbffff2a8) at libavcodec/pthread.c:602 #9 0x086778c4 in avcodec_decode_video2 (avctx=0x91068e0, picture=picture@entry=0x90f65e0, got_picture_ptr=got_picture_ptr@entry=0xbffff504, avpkt=avpkt@entry=0xbffff750) at libavcodec/utils.c:1979 ---Type <return> to continue, or q <return> to quit--- #10 0x080b34ed in decode_video (ist=ist@entry=0x9108c80, pkt=pkt@entry=0xbffff750, got_output=got_output@entry=0xbffff504) at ffmpeg.c:1668 #11 0x080b740a in output_packet (pkt=0xbffff6e8, ist=0x9108c80) at ffmpeg.c:1866 #12 process_input (file_index=1) at ffmpeg.c:3085 #13 0x080a2cb3 in transcode_step () at ffmpeg.c:3181 #14 transcode () at ffmpeg.c:3233 #15 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3411 (gdb)
Change History (7)
comment:1 by , 11 years ago
follow-up: 3 comment:2 by , 11 years ago
Description: | modified (diff) |
---|
That is unrelated issue that have been fixed.
Does same happens with -threads 1?
comment:3 by , 11 years ago
Replying to richardpl:
That is unrelated issue that have been fixed.
Does same happens with -threads 1?
It crashes here with some win32 autobuild which I downloaded when ran with -threads 2 or 4, but not with 1 or 8.
{{{ C:\>ffmpeg -threads 4 -i png_fuzz.mov -f null - ffmpeg version N-55763-g22fbc7f Copyright (c) 2000-2013 the FFmpeg developers built on Aug 26 2013 02:23:51 with gcc 4.5.0 (GCC) 20100414 (Fedora MinGW 4.5. 0-1.fc14) configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch= x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min gw32-gcc' --enable-pthreads --enable-memalign-hack --enable-runtime-cpudetect -- enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -lw inmm -lpthread' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snapsh ots/build/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/sna pshots/build/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3 -- enable-nonfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-li bvorbis --enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-li bopencore-amrwb --enable-libmp3lame --enable-libfreetype --enable-libvpx --disab le-decoder=libvpx libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:28 34 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs│ugi skrˇtˇw danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1: 1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs│ugi skrˇtˇw danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x2127240] chunk too big [png @ 0x216c000] inflate returned error -3 [null @ 0x2163020] [png @ 0x21284c0] Encoder did not produce proper pts, making some up. inflate returned error -3 [png @ 0x21255e0] Error while decoding stream #0:0: Invalid data found when proc essing input inflate returned error -3 [png @ 0x216c000] Error while decoding stream #0:0: Invalid data found when proc essing input inflate returned error -3 [png @ 0x2127240] Error while decoding stream #0:0: Invalid data found when proc essing input chunk too big [png @ 0x21284c0] Error while decoding stream #0:0: Invalid data found when proc essing input Missing png signature Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x21255e0] inflate returned error -3 [png @ 0x216c000] Error while decoding stream #0:0: Invalid data found when proc essing input chunk too big [png @ 0x2127240] Error while decoding stream #0:0: Invalid data found when proc essing input chunk too big [png @ 0x21284c0] Error while decoding stream #0:0: Invalid data found when proc essing input chunk too big Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 2 times }}}
comment:4 by , 11 years ago
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov -f null - ==11460== Memcheck, a memory error detector ==11460== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==11460== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==11460== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov -f null - ==11460== ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5) configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [null @ 0x4274dc0] Encoder did not produce proper pts, making some up. [png @ 0x423ae20] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] Missing png signature Error while decoding stream #0:0: Invalid data found when processing input ==11460== Invalid write of size 4 ==11460== at 0x402ABFD: memset (mc_replace_strmem.c:966) ==11460== by 0x85BF4EA: decode_frame (pngdec.c:672) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== Address 0x43e9d74 is 564 bytes inside a block of size 567 alloc'd ==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11460== by 0x886D357: av_malloc (mem.c:93) ==11460== by 0x85C0394: decode_frame (pngdec.c:677) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== [png @ 0x423ae20] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x423ae20] chunk too big Error while decoding stream #0:0: Invalid data found when processing input ==11460== Invalid read of size 1 ==11460== at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170) ==11460== by 0x85BE5DA: png_filter_row (pngdec.c:260) ==11460== by 0x85BFC85: decode_frame (pngdec.c:297) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd ==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11460== by 0x886D357: av_malloc (mem.c:93) ==11460== by 0x85C0394: decode_frame (pngdec.c:677) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== ==11460== Invalid read of size 1 ==11460== at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171) ==11460== by 0x85BE5DA: png_filter_row (pngdec.c:260) ==11460== by 0x85BFC85: decode_frame (pngdec.c:297) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd ==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11460== by 0x886D357: av_malloc (mem.c:93) ==11460== by 0x85C0394: decode_frame (pngdec.c:677) ==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982) ==11460== by 0x80B355C: decode_video (ffmpeg.c:1668) ==11460== by 0x40274AD: free (vg_replace_malloc.c:427) ==11460== frame= 40 fps=0.0 q=0.0 size=N/A time=00:00:01.66 bitrate=N/A dup=11 drop=0 frame= 74 fps= 73 q=0.0 size=N/A time=00:00:03.08 bitrate=N/A dup=11 drop=0 frame= 108 fps= 71 q=0.0 size=N/A time=00:00:04.50 bitrate=N/A dup=11 drop=0 frame= 140 fps= 69 q=0.0 size=N/A time=00:00:05.83 bitrate=N/A dup=11 drop=0 frame= 143 fps= 68 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0 video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385% ==11460== ==11460== HEAP SUMMARY: ==11460== in use at exit: 0 bytes in 0 blocks ==11460== total heap usage: 4,639 allocs, 4,639 frees, 12,639,711 bytes allocated ==11460== ==11460== All heap blocks were freed -- no leaks are possible ==11460== ==11460== For counts of detected and suppressed errors, rerun with: -v ==11460== ERROR SUMMARY: 55858 errors from 3 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov -f null - ==11414== Memcheck, a memory error detector ==11414== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==11414== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==11414== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov -f null - ==11414== ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5) configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x4347420] inflate returned error -3 [png @ 0x4348540] chunk too big [null @ 0x4274dc0] Encoder did not produce proper pts, making some up. Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4346ac0] inflate returned error -3 [png @ 0x4349640] inflate returned error -3 [png @ 0x4348540] chunk too big Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 1 times [png @ 0x4349640] Missing png signature [png @ 0x4347420] inflate returned error -3 [png @ 0x4346ac0] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 1 times [png @ 0x4347420] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4348540] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4349640] chunk too big Error while decoding stream #0:0: Invalid data found when processing input ==11414== Thread 12:eated 1 times ==11414== Invalid write of size 4 ==11414== at 0x402ABFD: memset (mc_replace_strmem.c:966) ==11414== by 0x85BF4EA: decode_frame (pngdec.c:672) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== Address 0x4435fb4 is 564 bytes inside a block of size 567 alloc'd ==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11414== by 0x886D357: av_malloc (mem.c:93) ==11414== by 0x85C0394: decode_frame (pngdec.c:677) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== ==11414== Invalid read of size 1 ==11414== at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170) ==11414== by 0x85BE5DA: png_filter_row (pngdec.c:260) ==11414== by 0x85BFC85: decode_frame (pngdec.c:297) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd ==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11414== by 0x886D357: av_malloc (mem.c:93) ==11414== by 0x85C0394: decode_frame (pngdec.c:677) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== ==11414== Invalid read of size 1 ==11414== at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171) ==11414== by 0x85BE5DA: png_filter_row (pngdec.c:260) ==11414== by 0x85BFC85: decode_frame (pngdec.c:297) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd ==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==11414== by 0x886D357: av_malloc (mem.c:93) ==11414== by 0x85C0394: decode_frame (pngdec.c:677) ==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339) ==11414== by 0x407B953: start_thread (pthread_create.c:304) ==11414== by 0x416395D: clone (clone.S:130) ==11414== Last message repeated 2 times frame= 34 fps=0.0 q=0.0 size=N/A time=00:00:01.41 bitrate=N/A dup=11 drop=0 frame= 66 fps= 64 q=0.0 size=N/A time=00:00:02.75 bitrate=N/A dup=11 drop=0 frame= 97 fps= 63 q=0.0 size=N/A time=00:00:04.04 bitrate=N/A dup=11 drop=0 frame= 127 fps= 62 q=0.0 size=N/A time=00:00:05.29 bitrate=N/A dup=11 drop=0 frame= 143 fps= 62 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0 video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385% ==11414== ==11414== HEAP SUMMARY: ==11414== in use at exit: 0 bytes in 0 blocks ==11414== total heap usage: 5,713 allocs, 5,713 frees, 13,386,225 bytes allocated ==11414== ==11414== All heap blocks were freed -- no leaks are possible ==11414== ==11414== For counts of detected and suppressed errors, rerun with: -v ==11414== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov -f null - ==11481== Memcheck, a memory error detector ==11481== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==11481== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==11481== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov -f null - ==11481== ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5) configuration: --disable-yasm --disable-ffserver --disable-ffprobe --enable-gpl libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 14.102 / 55. 14.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.14.102 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x4348040] inflate returned error -3 [png @ 0x4349140] chunk too big [png @ 0x434a260] [png @ 0x434c480] inflate returned error -3 inflate returned error -3 [png @ 0x434d580] chunk too big [png @ 0x434b360] inflate returned error -3 [null @ 0x4274dc0] Encoder did not produce proper pts, making some up. [png @ 0x434e6a0] Missing png signature Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x43476e0] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4348040] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x4349140] chunk too big Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x434a260] chunk too big Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 6 times frame= 30 fps=0.0 q=0.0 size=N/A time=00:00:01.25 bitrate=N/A dup=11 drop=0 frame= 61 fps= 60 q=0.0 size=N/A time=00:00:02.54 bitrate=N/A dup=11 drop=0 frame= 92 fps= 61 q=0.0 size=N/A time=00:00:03.83 bitrate=N/A dup=11 drop=0 frame= 123 fps= 61 q=0.0 size=N/A time=00:00:05.12 bitrate=N/A dup=11 drop=0 frame= 143 fps= 62 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0 video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.240385% ==11481== ==11481== HEAP SUMMARY: ==11481== in use at exit: 0 bytes in 0 blocks ==11481== total heap usage: 5,817 allocs, 5,817 frees, 13,983,600 bytes allocated ==11481== ==11481== All heap blocks were freed -- no leaks are possible ==11481== ==11481== For counts of detected and suppressed errors, rerun with: -v ==11481== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6)
comment:5 by , 11 years ago
Component: | undetermined → avcodec |
---|---|
Keywords: | png regression added |
Priority: | normal → important |
Reproduced by developer: | set |
Status: | new → open |
Version: | unspecified → git-master |
Regression since dd1d29b
$ valgrind ffmpeg_g -threads 4 -i png_fuzz.mov -f null - ==26607== Memcheck, a memory error detector ==26607== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==26607== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==26607== Command: ffmpeg_g -threads 4 -i png_fuzz.mov -f null - ==26607== ffmpeg version N-55890-g259292f Copyright (c) 2000-2013 the FFmpeg developers built on Aug 30 2013 02:55:25 with gcc 4.7 (SUSE Linux) configuration: --disable-indev=jack --disable-asm --disable-optimizations libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 15.100 / 55. 15.100 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2012-03-24 20:33:27 Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR 2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt encoder : Lavf55.15.100 Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127 [SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default) Metadata: creation_time : 2012-03-24 20:33:27 handler_name : Procedura obs�ugi skr�t�w danych Apple Stream mapping: Stream #0:0 -> #0:0 (png -> rawvideo) Press [q] to stop, [?] for help [png @ 0x735aa50] inflate returned error -3 [png @ 0x735bdf0] chunk too big [null @ 0x7282200] Encoder did not produce proper pts, making some up. Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x735bdf0] chunk too big [png @ 0x735d190] inflate returned error -3 Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x735aa50] inflate returned error -3 [png @ 0x7359f30] inflate returned error -3 [png @ 0x735d190] Missing png signature Error while decoding stream #0:0: Invalid data found when processing input Last message repeated 1 times Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x735aa50] chunk too big [png @ 0x7359f30] inflate returned error -3 [png @ 0x735bdf0] chunk too big Error while decoding stream #0:0: Invalid data found when processing input Error while decoding stream #0:0: Invalid data found when processing input [png @ 0x735d190] chunk too big Error while decoding stream #0:0: Invalid data found when processing input ==26607== Thread 12:eated 1 times ==26607== Invalid write of size 4 ==26607== at 0x4C2D4FF: memset (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0xA58420: av_fast_padded_mallocz (utils.c:125) ==26607== by 0x98BC4A: decode_frame (pngdec.c:672) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== Address 0x74478d4 is 564 bytes inside a block of size 567 alloc'd ==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0xD1FBFD: av_malloc (mem.c:93) ==26607== by 0x98BC89: decode_frame (pngdec.c:677) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== ==26607== Invalid read of size 1 ==26607== at 0x9890C8: ff_add_png_paeth_prediction (pngdec.c:170) ==26607== by 0x989B93: png_filter_row (pngdec.c:260) ==26607== by 0x989DF0: png_handle_row (pngdec.c:297) ==26607== by 0x98A35A: png_decode_idat (pngdec.c:381) ==26607== by 0x98BD5C: decode_frame (pngdec.c:692) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd ==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0xD1FBFD: av_malloc (mem.c:93) ==26607== by 0x98BC89: decode_frame (pngdec.c:677) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== ==26607== Invalid read of size 1 ==26607== at 0x9890E7: ff_add_png_paeth_prediction (pngdec.c:171) ==26607== by 0x989B93: png_filter_row (pngdec.c:260) ==26607== by 0x989DF0: png_handle_row (pngdec.c:297) ==26607== by 0x98A35A: png_decode_idat (pngdec.c:381) ==26607== by 0x98BD5C: decode_frame (pngdec.c:692) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd ==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26607== by 0xD1FBFD: av_malloc (mem.c:93) ==26607== by 0x98BC89: decode_frame (pngdec.c:677) ==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339) ==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so) ==26607== Last message repeated 2 times frame= 143 fps= 31 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0 video:13kB audio:0kB subtitle:0 global headers:0kB muxing overhead -100.160256% ==26607== ==26607== HEAP SUMMARY: ==26607== in use at exit: 0 bytes in 0 blocks ==26607== total heap usage: 6,033 allocs, 6,033 frees, 13,476,472 bytes allocated ==26607== ==26607== All heap blocks were freed -- no leaks are possible ==26607== ==26607== For counts of detected and suppressed errors, rerun with: -v ==26607== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 2 from 2)
comment:7 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
hmm I see that Michael already reported something similar here:
http://article.gmane.org/gmane.comp.video.ffmpeg.cvs/67952