Opened 10 years ago

Closed 10 years ago

#3383 closed defect (fixed)

invalid read in compand filter

Reported by: Clément Bœsch Owned by:
Priority: normal Component: avfilter
Version: git-master Keywords: compand
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

☭ valgrind ./ffmpeg_g -i ~/samples/danse1.ogg -af compand="0.1:0.2:-2/-2:0.02:0.8:0.0:0.2" -f null -
==2125== Memcheck, a memory error detector
==2125== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2125== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==2125== Command: ./ffmpeg_g -i /home/ux/samples/danse1.ogg -af compand=0.1:0.2:-2/-2:0.02:0.8:0.0:0.2 -f null -
==2125== 
ffmpeg version N-60597-g1e5cb42 Copyright (c) 2000-2014 the FFmpeg developers
  built on Feb 14 2014 10:06:45 with gcc 4.8.2 (GCC) 20140206 (prerelease)
  configuration: --enable-nonfree --enable-gpl --enable-libx264 --enable-libmp3lame --enable-x11grab --enable-libvorbis --samples=/home/ux/fate-samples --enable-libvpx --cpu=native --enable-libfaac --cc='ccache cc'
  libavutil      52. 63.101 / 52. 63.101
  libavcodec     55. 52.101 / 55. 52.101
  libavformat    55. 32.101 / 55. 32.101
  libavdevice    55.  9.101 / 55.  9.101
  libavfilter     4.  1.102 /  4.  1.102
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
Input #0, ogg, from '/home/ux/samples/danse1.ogg':
  Duration: 00:00:05.08, start: 0.000000, bitrate: 138 kb/s
    Stream #0:0: Audio: vorbis, 44100 Hz, stereo, fltp, 160 kb/s
    Metadata:
      GENRE           : Classical
      DATE            : 2008-02-08T22:50
      ALBUM           : Danse Macabre
      TITLE           : Danse Macabre
      BPM (BEATS PER MINUTE): 185
      COMPOSER        : Camille Saint-Saëns
      INITIAL KEY     : C
      SOFTWARE        : Logic Pro 8.0.2
      ARTIST          : Kevin MacLeod
      COMMENTS        : null
      ENCODER         : Lavf55.4.0
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.32.101
    Stream #0:0: Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
    Metadata:
      GENRE           : Classical
      DATE            : 2008-02-08T22:50
      ALBUM           : Danse Macabre
      TITLE           : Danse Macabre
      BPM (BEATS PER MINUTE): 185
      COMPOSER        : Camille Saint-Saëns
      INITIAL KEY     : C
      SOFTWARE        : Logic Pro 8.0.2
      ARTIST          : Kevin MacLeod
      COMMENTS        : null
      ENCODER         : Lavf55.4.0
Stream mapping:
  Stream #0:0 -> #0:0 (vorbis -> pcm_s16le)
Press [q] to stop, [?] for help
==2125== Invalid read of size 8
==2125==    at 0x4E69C3: compand_delay (af_compand.c:164)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x4E0230: filter_frame (af_aresample.c:215)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x492F91: request_frame (buffersrc.c:500)
==2125==    by 0x492CB7: av_buffersrc_add_frame_internal (buffersrc.c:181)
==2125==    by 0x4931BC: av_buffersrc_add_frame_flags (buffersrc.c:106)
==2125==    by 0x47EBF5: decode_audio (ffmpeg.c:1718)
==2125==    by 0x468569: main (ffmpeg.c:1958)
==2125==  Address 0x92444e0 is 0 bytes after a block of size 320 alloc'd
==2125==    at 0x4C2ACC0: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0x4C2ADD7: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0xBDEF9F: av_mallocz (mem.c:94)
==2125==    by 0x4E5F0E: config_output (mem.h:232)
==2125==    by 0x48CC48: avfilter_config_links (avfilter.c:254)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x490C44: avfilter_graph_config (avfiltergraph.c:276)
==2125==    by 0x477E83: configure_filtergraph (ffmpeg_filter.c:901)
==2125==    by 0x4801FB: transcode_init (ffmpeg.c:2484)
==2125==    by 0x46606C: main (ffmpeg.c:3389)
==2125== 
==2125== Invalid read of size 8
==2125==    at 0x4E69E1: compand_delay (af_compand.c:169)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x4E0230: filter_frame (af_aresample.c:215)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x492F91: request_frame (buffersrc.c:500)
==2125==    by 0x492CB7: av_buffersrc_add_frame_internal (buffersrc.c:181)
==2125==    by 0x4931BC: av_buffersrc_add_frame_flags (buffersrc.c:106)
==2125==    by 0x47EBF5: decode_audio (ffmpeg.c:1718)
==2125==    by 0x468569: main (ffmpeg.c:1958)
==2125==  Address 0x9244610 is 16 bytes before a block of size 141,312 alloc'd
==2125==    at 0x4C2ACC0: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0x4C2ADD7: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0xBDECB9: av_malloc (mem.c:94)
==2125==    by 0xBEB94D: av_samples_alloc_array_and_samples (samplefmt.c:192)
==2125==    by 0x4E675A: config_output (af_compand.c:454)
==2125==    by 0x48CC48: avfilter_config_links (avfilter.c:254)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x490C44: avfilter_graph_config (avfiltergraph.c:276)
==2125==    by 0x477E83: configure_filtergraph (ffmpeg_filter.c:901)
==2125==    by 0x4801FB: transcode_init (ffmpeg.c:2484)
==2125==    by 0x46606C: main (ffmpeg.c:3389)
==2125== 
==2125== Invalid read of size 8
==2125==    at 0x4E69EA: compand_delay (af_compand.c:168)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x4E0230: filter_frame (af_aresample.c:215)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x492F91: request_frame (buffersrc.c:500)
==2125==    by 0x492CB7: av_buffersrc_add_frame_internal (buffersrc.c:181)
==2125==    by 0x4931BC: av_buffersrc_add_frame_flags (buffersrc.c:106)
==2125==    by 0x47EBF5: decode_audio (ffmpeg.c:1718)
==2125==    by 0x468569: main (ffmpeg.c:1958)
==2125==  Address 0x9244600 is not stack'd, malloc'd or (recently) free'd
==2125== 
==2125== Invalid read of size 8
==2125==    at 0x4E6A02: compand_delay (af_compand.c:169)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x4E0230: filter_frame (af_aresample.c:215)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x492F91: request_frame (buffersrc.c:500)
==2125==    by 0x492CB7: av_buffersrc_add_frame_internal (buffersrc.c:181)
==2125==    by 0x4931BC: av_buffersrc_add_frame_flags (buffersrc.c:106)
==2125==    by 0x47EBF5: decode_audio (ffmpeg.c:1718)
==2125==    by 0x468569: main (ffmpeg.c:1958)
==2125==  Address 0x9244618 is 8 bytes before a block of size 141,312 alloc'd
==2125==    at 0x4C2ACC0: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0x4C2ADD7: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0xBDECB9: av_malloc (mem.c:94)
==2125==    by 0xBEB94D: av_samples_alloc_array_and_samples (samplefmt.c:192)
==2125==    by 0x4E675A: config_output (af_compand.c:454)
==2125==    by 0x48CC48: avfilter_config_links (avfilter.c:254)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x490C44: avfilter_graph_config (avfiltergraph.c:276)
==2125==    by 0x477E83: configure_filtergraph (ffmpeg_filter.c:901)
==2125==    by 0x4801FB: transcode_init (ffmpeg.c:2484)
==2125==    by 0x46606C: main (ffmpeg.c:3389)
==2125== 
==2125== Invalid read of size 8
==2125==    at 0x4E6A0B: compand_delay (af_compand.c:169)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x4E0230: filter_frame (af_aresample.c:215)
==2125==    by 0x48D99D: ff_filter_frame_framed (avfilter.c:1081)
==2125==    by 0x48E818: ff_filter_frame (avfilter.c:1161)
==2125==    by 0x492F91: request_frame (buffersrc.c:500)
==2125==    by 0x492CB7: av_buffersrc_add_frame_internal (buffersrc.c:181)
==2125==    by 0x4931BC: av_buffersrc_add_frame_flags (buffersrc.c:106)
==2125==    by 0x47EBF5: decode_audio (ffmpeg.c:1718)
==2125==    by 0x468569: main (ffmpeg.c:1958)
==2125==  Address 0x9244608 is 24 bytes before a block of size 141,312 alloc'd
==2125==    at 0x4C2ACC0: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0x4C2ADD7: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2125==    by 0xBDECB9: av_malloc (mem.c:94)
==2125==    by 0xBEB94D: av_samples_alloc_array_and_samples (samplefmt.c:192)
==2125==    by 0x4E675A: config_output (af_compand.c:454)
==2125==    by 0x48CC48: avfilter_config_links (avfilter.c:254)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x48CC2E: avfilter_config_links (avfilter.c:243)
==2125==    by 0x490C44: avfilter_graph_config (avfiltergraph.c:276)
==2125==    by 0x477E83: configure_filtergraph (ffmpeg_filter.c:901)
==2125==    by 0x4801FB: transcode_init (ffmpeg.c:2484)
==2125==    by 0x46606C: main (ffmpeg.c:3389)
==2125== 
size=N/A time=00:00:05.08 bitrate=N/A    
video:0kB audio:876kB subtitle:0 data:0 global headers:0kB muxing overhead -100.002453%
==2125== 
==2125== HEAP SUMMARY:
==2125==     in use at exit: 80 bytes in 2 blocks
==2125==   total heap usage: 8,298 allocs, 8,296 frees, 12,382,131 bytes allocated
==2125== 
==2125== LEAK SUMMARY:
==2125==    definitely lost: 0 bytes in 0 blocks
==2125==    indirectly lost: 0 bytes in 0 blocks
==2125==      possibly lost: 0 bytes in 0 blocks
==2125==    still reachable: 80 bytes in 2 blocks
==2125==         suppressed: 0 bytes in 0 blocks
==2125== Rerun with --leak-check=full to see details of leaked memory
==2125== 
==2125== For counts of detected and suppressed errors, rerun with: -v
==2125== ERROR SUMMARY: 48 errors from 5 contexts (suppressed: 3 from 3)

Attachments (1)

danse1.ogg (85.8 KB ) - added by Clément Bœsch 10 years ago.

Download all attachments as: .zip

Change History (4)

by Clément Bœsch, 10 years ago

Attachment: danse1.ogg added

comment:1 by Andrew Kelley, 10 years ago

Here is a patch to fix it: http://patches.libav.org/patch/47615/

This is being committed to libav, but the devs had me squash it into a larger commit so that it will not merge cleanly against ffmpeg.

comment:2 by Carl Eugen Hoyos, 10 years ago

Could you send your patch to the ffmpeg-devel mailing list?

comment:3 by Carl Eugen Hoyos, 10 years ago

Keywords: compand added; campand removed
Resolution: fixed
Status: newclosed

Thank you for sending the patch!
Fixed in 9e329185

Note: See TracTickets for help on using tickets.