Opened 10 years ago

Closed 13 months ago

Last modified 13 months ago

#2981 closed defect (fixed)

ffplay cannot show 1pixel wide images

Reported by: cyril Owned by:
Priority: minor Component: ffplay
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug: It doesn't seem like FFmpeg handle safely jpeg with 1 pixel width. After a call to sws_scale(), the buffer passed as the "dst" parameter isn't safe anymore and cannot be freed thereafter.
FFplay seems to reproduce the same issue because it cannot even display the jpeg file.

How to reproduce:

% ffplay.exe root_banner.jpg
ffplay version N-56525-g5b153f8 Copyright (c) 2003-2013 the FFmpeg developers
  built on Sep 21 2013 00:42:32 with gcc 4.7.3 (GCC)
  configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av
isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab
le-iconv --enable-libass --enable-libbluray --enable-libcaca --enable-libfreetyp
e --enable-libgsm --enable-libilbc --enable-libmodplug --enable-libmp3lame --ena
ble-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-l
ibopus --enable-librtmp --enable-libschroedinger --enable-libsoxr --enable-libsp
eex --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-aa
cenc --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwavp
ack --enable-libx264 --enable-libxavs --enable-libxvid --enable-zlib
  libavutil      52. 45.100 / 52. 45.100
  libavcodec     55. 33.100 / 55. 33.100
  libavformat    55. 18.102 / 55. 18.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 86.102 /  3. 86.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, image2, from '..\root_banner.jpg':  0KB sq=    0B f=0/0
  Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: mjpeg, yuvj420p(pc), 1x60 [SAR 96:96 DAR 1:60], 25 tbr,
25 tbn, 25 tbc
[swscaler @ 0000000002864fe0] deprecated pixel format used, make sure you did se
t range correctly
[ffplay_crop @ 0000000002850e40] Invalid too big or non positive size for width
'0' or height '60'
[auto-inserted scaler 0 @ 00000000028452c0] Failed to configure input pad on ffp
lay_crop

Attachments (3)

root_banner.jpg (4.0 KB ) - added by cyril 10 years ago.
JpegTest.cpp (2.1 KB ) - added by cyril 10 years ago.
Win32 console application
inttypes.h (8.1 KB ) - added by cyril 10 years ago.

Download all attachments as: .zip

Change History (11)

by cyril, 10 years ago

Attachment: root_banner.jpg added

comment:1 by cyril, 10 years ago

Summary: No support for jpeg with 1pixel widthBad support for jpeg with 1pixel width with sws_scale()

comment:2 by cyril, 10 years ago

Summary: Bad support for jpeg with 1pixel width with sws_scale()Bad support for jpeg with 1pixel width using sws_scale()

comment:3 by Carl Eugen Hoyos, 10 years ago

Component: swscaleFFplay
Priority: normalminor
Reproduced by developer: set
Status: newopen
Summary: Bad support for jpeg with 1pixel width using sws_scale()ffplay cannot show 1pixel wide images

Why do you think there is a problem with swscale? It works fine here but ffplay does not support 1 pixel resolution.

comment:4 by cyril, 10 years ago

I have an application reading videos and pictures using FFmpeg. FFmpeg is compiled as dll using MSYS_MinGW and my app is compiled with VC++ 2010.

After calling av_read_frame() and avcodec_decode_video2() on the source file, I call sws_getCachedContext() and sws_scale() with target format being PIX_FMT_BGRA.

The destination buffer is only filled with data by sws_scale() and is then used as read only. It's allocated with avpicture_alloc() and at the end freed with avpicture_free().

In debug mode, if I call avpicture_free() on the destination buffer at anytime after sws_scale() (even just after the call), I get these errors:

Heap block at 000000000046FE60 modified at 000000000046FF88 past requested size of 118
Invalid address specified to RtlFreeHeap( 0000000000460000, 000000000046FE70 )

This error only happens with this jpeg file, everything is fine with wider jpeg or other video files.

comment:5 by Carl Eugen Hoyos, 10 years ago

Please test ffmpeg (the application), if the problem is not reproducible, please provide a test case.

by cyril, 10 years ago

Attachment: JpegTest.cpp added

Win32 console application

comment:6 by cyril, 10 years ago

I don't know how to reproduce the bug with FFmpeg but I've just attached a small VC++ 2010 console main source file that triggers the bug every time in debug mode.
Simply create a Win32 console application called JpegTest, use the file JpegTest.cpp attached, and configure the project for VS to find the FFmpeg headers, lib and dll files.

Last edited 10 years ago by cyril (previous) (diff)

by cyril, 10 years ago

Attachment: inttypes.h added

comment:7 by cyril, 10 years ago

VS also needs inttypes.h as it doesn't have one, contrary to gcc.

comment:8 by Balling, 13 months ago

Resolution: fixed
Status: openclosed

FFplay works now, was fixed even before 4a11a6f4ccc7c56ccc82adf0c3ab4054d4c22d1e.

After a call to sws_scale(), the buffer passed as the "dst" parameter isn't safe anymore and cannot be freed thereafter.

UBSAN needed here.

Last edited 13 months ago by Balling (previous) (diff)
Note: See TracTickets for help on using tickets.