ffplay cannot show 1pixel wide images

[cyril]

Summary of the bug: It doesn't seem like FFmpeg handle safely jpeg with 1 pixel width. After a call to sws_scale(), the buffer passed as the "dst" parameter isn't safe anymore and cannot be freed thereafter.
FFplay seems to reproduce the same issue because it cannot even display the jpeg file.

How to reproduce:

% ffplay.exe root_banner.jpg
ffplay version N-56525-g5b153f8 Copyright (c) 2003-2013 the FFmpeg developers
  built on Sep 21 2013 00:42:32 with gcc 4.7.3 (GCC)
  configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av
isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab
le-iconv --enable-libass --enable-libbluray --enable-libcaca --enable-libfreetyp
e --enable-libgsm --enable-libilbc --enable-libmodplug --enable-libmp3lame --ena
ble-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-l
ibopus --enable-librtmp --enable-libschroedinger --enable-libsoxr --enable-libsp
eex --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-aa
cenc --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwavp
ack --enable-libx264 --enable-libxavs --enable-libxvid --enable-zlib
  libavutil      52. 45.100 / 52. 45.100
  libavcodec     55. 33.100 / 55. 33.100
  libavformat    55. 18.102 / 55. 18.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 86.102 /  3. 86.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, image2, from '..\root_banner.jpg':  0KB sq=    0B f=0/0
  Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: mjpeg, yuvj420p(pc), 1x60 [SAR 96:96 DAR 1:60], 25 tbr,
25 tbn, 25 tbc
[swscaler @ 0000000002864fe0] deprecated pixel format used, make sure you did se
t range correctly
[ffplay_crop @ 0000000002850e40] Invalid too big or non positive size for width
'0' or height '60'
[auto-inserted scaler 0 @ 00000000028452c0] Failed to configure input pad on ffp
lay_crop

[Carl Eugen Hoyos]

Why do you think there is a problem with swscale? It works fine here but ffplay does not support 1 pixel resolution.

[cyril]

I have an application reading videos and pictures using FFmpeg. FFmpeg is compiled as dll using MSYS_MinGW and my app is compiled with VC++ 2010.

After calling av_read_frame() and avcodec_decode_video2() on the source file, I call sws_getCachedContext() and sws_scale() with target format being PIX_FMT_BGRA.

The destination buffer is only filled with data by sws_scale() and is then used as read only. It's allocated with avpicture_alloc() and at the end freed with avpicture_free().

In debug mode, if I call avpicture_free() on the destination buffer at anytime after sws_scale() (even just after the call), I get these errors:

Heap block at 000000000046FE60 modified at 000000000046FF88 past requested size of 118

Invalid address specified to RtlFreeHeap( 0000000000460000, 000000000046FE70 )

This error only happens with this jpeg file, everything is fine with wider jpeg or other video files.

[Carl Eugen Hoyos]

Please test ffmpeg (the application), if the problem is not reproducible, please provide a test case.

[cyril]

Win32 console application

[cyril]

I don't know how to reproduce the bug with FFmpeg but I've just attached a small VC++ 2010 console main source file that triggers the bug every time in debug mode.
Simply create a Win32 console application called JpegTest, use the file JpegTest.cpp attached, and configure the project for VS to find the FFmpeg headers, lib and dll files.

[cyril]

VS also needs inttypes.h as it doesn't have one, contrary to gcc.

[Balling]

FFplay works now, was fixed even before 4a11a6f4ccc7c56ccc82adf0c3ab4054d4c22d1e.

After a call to sws_scale(), the buffer passed as the "dst" parameter isn't safe anymore and cannot be freed thereafter.

UBSAN needed here.