Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#2993 closed defect (duplicate)

swr ssse3: invalid read with forced mp3adu

Reported by: ami_stuff Owned by:
Priority: normal Component: swresample
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://www.datafilehost.com/d/ba6d93f1

knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-93439e8/ffmpeg_g -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null -
==13106== Memcheck, a memory error detector
==13106== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==13106== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==13106== Command: ffmpeg-HEAD-93439e8/ffmpeg_g -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null -
==13106== 
==13106== Invalid read of size 8
==13106==    at 0x881EE47: swri_resample_int16_ssse3 (resample_template.c:122)
==13106==    by 0x881F61F: multiple_resample (resample.c:321)
==13106==    by 0x8816544: resample (swresample.c:569)
==13106==    by 0xB2005BF: ???
==13106==  Address 0xb1fe1fa is 762 bytes inside a block of size 768 alloc'd
==13106==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==13106==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==13106==    by 0x8870187: av_malloc (mem.c:93)
==13106==    by 0x8862908: av_buffer_alloc (buffer.c:70)
==13106==    by 0x8863138: av_buffer_pool_get (buffer.c:305)
==13106==    by 0x86765E0: audio_get_buffer (utils.c:541)
==13106==    by 0x8678160: get_buffer_internal (utils.c:877)
==13106==    by 0x86786F3: ff_get_buffer (utils.c:889)
==13106==    by 0x85683B8: mp_decode_frame (mpegaudiodec.c:1633)
==13106==    by 0x85687B3: decode_frame_adu (mpegaudiodec.c:1783)
==13106==    by 0x867AA04: avcodec_decode_audio4 (utils.c:2137)
==13106==    by 0x80B5629: decode_audio (ffmpeg.c:1526)
==13106== 
==13106== 
==13106== HEAP SUMMARY:
==13106==     in use at exit: 0 bytes in 0 blocks
==13106==   total heap usage: 113,668 allocs, 113,668 frees, 72,354,488 bytes allocated
==13106== 
==13106== All heap blocks were freed -- no leaks are possible
==13106== 
==13106== For counts of detected and suppressed errors, rerun with: -v
==13106== ERROR SUMMARY: 8 errors from 1 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-93439e8/ffmpeg_g -cpuflags -ssse3 -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null - 
==18846== Memcheck, a memory error detector
==18846== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==18846== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==18846== Command: ffmpeg-HEAD-93439e8/ffmpeg_g -cpuflags -ssse3 -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null -
==18846== 
==18846== 
==18846== HEAP SUMMARY:
==18846==     in use at exit: 0 bytes in 0 blocks
==18846==   total heap usage: 113,669 allocs, 113,669 frees, 72,354,512 bytes allocated
==18846== 
==18846== All heap blocks were freed -- no leaks are possible
==18846== 
==18846== For counts of detected and suppressed errors, rerun with: -v
==18846== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6)

Change History (7)

comment:1 follow-up: Changed 6 years ago by cehoyos

Does this crash on Windows (or another OS)?

comment:2 in reply to: ↑ 1 Changed 6 years ago by ami_stuff

Replying to cehoyos:

Does this crash on Windows (or another OS)?

It crashes randomly on windows (currently can't reproduce under gdb).

comment:3 Changed 6 years ago by cehoyos

  • Component changed from undetermined to swresample
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

The invalid read is reproducible, I don't know if it can be triggered easily.

comment:4 Changed 6 years ago by ami_stuff

I was able to prepare a file to reproduce this.

http://www1.datafilehost.com/d/ad6be63f

knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-5dc6c0e/ffmpeg_g -i ./out.mov -loglevel 0 -f null -
==6738== Memcheck, a memory error detector
==6738== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==6738== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==6738== Command: ffmpeg-HEAD-5dc6c0e/ffmpeg_g -i ./out.mov -loglevel 0 -f null -
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0x437C69F: ???
==6738==  Address 0x4305b1c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0x456D15F: ???
==6738==  Address 0x449045c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xABF4DFF: ???
==6738==  Address 0xab84c9c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xAC6969F: ???
==6738==  Address 0xab84c9c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xAF0FABF: ???
==6738==  Address 0xae8c93c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xB162FFF: ???
==6738==  Address 0xb10ce9c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xB4CB01F: ???
==6738==  Address 0xb4477fc is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xB6E83BF: ???
==6738==  Address 0xb635f3c is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xB8249FF: ???
==6738==  Address 0xb7b17bc is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xB9F1FBF: ???
==6738==  Address 0xb9e6d9c is 2,300 bytes inside a block of size 2,304 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== Invalid read of size 8
==6738==    at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122)
==6738==    by 0x8824FDF: multiple_resample (resample.c:321)
==6738==    by 0x881BF04: resample (swresample.c:569)
==6738==    by 0xBB3025F: ???
==6738==  Address 0xbaaabdc is 764 bytes inside a block of size 768 alloc'd
==6738==    at 0x40268A4: memalign (vg_replace_malloc.c:694)
==6738==    by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==6738==    by 0x8875B97: av_malloc (mem.c:93)
==6738==    by 0x88682F8: av_buffer_alloc (buffer.c:70)
==6738==    by 0x8868B28: av_buffer_pool_get (buffer.c:305)
==6738==    by 0x8677CD0: audio_get_buffer (utils.c:540)
==6738==    by 0x8679850: get_buffer_internal (utils.c:876)
==6738==    by 0x8679DE3: ff_get_buffer (utils.c:888)
==6738==    by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633)
==6738==    by 0x856A050: decode_frame (mpegaudiodec.c:1709)
==6738==    by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136)
==6738==    by 0x80B5859: decode_audio (ffmpeg.c:1526)
==6738== 
==6738== 
==6738== HEAP SUMMARY:
==6738==     in use at exit: 0 bytes in 0 blocks
==6738==   total heap usage: 50,508 allocs, 50,508 frees, 19,762,456 bytes allocated
==6738== 
==6738== All heap blocks were freed -- no leaks are possible
==6738== 
==6738== For counts of detected and suppressed errors, rerun with: -v
==6738== ERROR SUMMARY: 136 errors from 11 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ 

comment:5 Changed 6 years ago by cehoyos

I can reproduce the invalid reads with valgrind (both 32- and 64bit), no crash here on Windows.

comment:6 Changed 6 years ago by michael

  • Resolution set to duplicate
  • Status changed from open to closed

Seems fixed and i suspect this was a duplicate of Ticket #3193

comment:7 Changed 6 years ago by cehoyos

Or rather #3193 was a duplicate of this ticket which both Ubitux and I missed...

Note: See TracTickets for help on using tickets.