Opened 10 years ago
Closed 10 years ago
#3462 closed defect (fixed)
cinepakenc: invalid read
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | cinepak crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
(gdb) r -i 2.tif -vcodec cinepak out.avi
Starting program: /media/sdb1/ffmpeg-HEAD-7d7487e/ffmpeg_g -i 2.tif -vcodec cinepak out.avi
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.2.git-7d7487e Copyright (c) 2000-2014 the FFmpeg developers
built on Mar 13 2014 12:14:03 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver --enable-gpl
libavutil 52. 66.101 / 52. 66.101
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 34.101 / 55. 34.101
libavdevice 55. 11.100 / 55. 11.100
libavfilter 4. 3.100 / 4. 3.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Input #0, image2, from '2.tif':
Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
Stream #0:0: Video: tiff, monob, 2048x2048, 25 tbr, 25 tbn, 25 tbc
[New Thread 0xb7db5b70 (LWP 2937)]
[New Thread 0xb75b5b70 (LWP 2938)]
[New Thread 0xb6db5b70 (LWP 2939)]
[New Thread 0xb65b5b70 (LWP 2940)]
[New Thread 0xb5db5b70 (LWP 2941)]
[New Thread 0xb55b5b70 (LWP 2942)]
[New Thread 0xb4db5b70 (LWP 2943)]
[New Thread 0xb45b5b70 (LWP 2944)]
[New Thread 0xb3db5b70 (LWP 2945)]
[New Thread 0xb086bb70 (LWP 2946)]
[New Thread 0xb006bb70 (LWP 2947)]
[New Thread 0xaf86bb70 (LWP 2948)]
[New Thread 0xaf06bb70 (LWP 2949)]
[New Thread 0xae86bb70 (LWP 2950)]
[New Thread 0xae06bb70 (LWP 2951)]
[New Thread 0xad86bb70 (LWP 2952)]
[New Thread 0xad06bb70 (LWP 2953)]
[New Thread 0xac86bb70 (LWP 2954)]
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf55.34.101
Stream #0:0: Video: cinepak (cvid / 0x64697663), gray, 2048x2048, q=2-31, 200 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (tiff -> cinepak)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
get_high_utility_cell (elbg=<synthetic pointer>) at libavcodec/elbg.c:112
112 while (elbg->utility_inc[i] < r)
(gdb) bt
#0 get_high_utility_cell (elbg=<synthetic pointer>) at libavcodec/elbg.c:112
#1 do_shiftings (elbg=<optimized out>) at libavcodec/elbg.c:317
#2 avpriv_do_elbg (points=0xb25b5020, dim=4, numpoints=471444,
codebook=0xbfffda64, numCB=4, max_steps=1, closest_cb=0xb21b4020,
rand_state=0x92d0148) at libavcodec/elbg.c:411
#3 0x082b5196 in quantize (s=s@entry=0x92d0100, h=h@entry=1024,
pict=pict@entry=0xbffff340, info=info@entry=0xbfffc264, encoding=ENC_V4,
encoding@entry=16, v1mode=0) at libavcodec/cinepakenc.c:856
#4 0x082b6788 in rd_strip (s=s@entry=0x92d0100, h=1024,
keyframe=keyframe@entry=1, last_pict=last_pict@entry=0xbffff300,
pict=pict@entry=0xbffff340, scratch_pict=scratch_pict@entry=0xbffff380,
buf=0xb116d02a "\020\017\230\250", best_score=best_score@entry=0xbffff2f8,
y=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at libavcodec/cinepakenc.c:1015
#5 0x082b77c7 in rd_frame (buf=0xab87a020 "", isakeyframe=1, frame=0x9319940,
s=<optimized out>, buf_size=<optimized out>)
at libavcodec/cinepakenc.c:1205
#6 cinepak_encode_frame (avctx=0x92cfb40, pkt=0xbffff778, frame=0x9319940,
got_packet=0xbffff4f4) at libavcodec/cinepakenc.c:1278
#7 0x086f3575 in avcodec_encode_video2 (avctx=avctx@entry=0x92cfb40,
avpkt=avpkt@entry=0xbffff778, frame=frame@entry=0x9319940,
got_packet_ptr=got_packet_ptr@entry=0xbffff4f4) at libavcodec/utils.c:1892
#8 0x080c4725 in do_video_out (in_picture=0x9319940, ost=0x92cff40,
---Type <return> to continue, or q <return> to quit---
s=0x92cf380) at ffmpeg.c:997
#9 reap_filters () at ffmpeg.c:1157
#10 0x080ac17c in transcode_from_filter (best_ist=<synthetic pointer>,
graph=0x92ceae0) at ffmpeg.c:3330
#11 transcode_step () at ffmpeg.c:3381
#12 transcode () at ffmpeg.c:3442
#13 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3622
(gdb)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-7d7487e/ffmpeg_g -i 2.tif -vcodec cinepak out.avi
==2895== Memcheck, a memory error detector
==2895== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2895== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2895== Command: ffmpeg-HEAD-7d7487e/ffmpeg_g -i 2.tif -vcodec cinepak out.avi
==2895==
ffmpeg version 2.2.git-7d7487e Copyright (c) 2000-2014 the FFmpeg developers
built on Mar 13 2014 12:14:03 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffprobe --disable-ffserver --enable-gpl
libavutil 52. 66.101 / 52. 66.101
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 34.101 / 55. 34.101
libavdevice 55. 11.100 / 55. 11.100
libavfilter 4. 3.100 / 4. 3.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Input #0, image2, from '2.tif':
Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
Stream #0:0: Video: tiff, monob, 2048x2048, 25 tbr, 25 tbn, 25 tbc
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf55.34.101
Stream #0:0: Video: cinepak (cvid / 0x64697663), gray, 2048x2048, q=2-31, 200 kb/s, 25 tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (tiff -> cinepak)
Press [q] to stop, [?] for help
==2895== Invalid read of size 4
==2895== at 0x8342E6B: avpriv_do_elbg (elbg.c:112)
==2895== by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
==2895== Address 0x158b2210 is 0 bytes after a block of size 16 alloc'd
==2895== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==2895== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==2895== by 0x893B337: av_malloc (mem.c:94)
==2895== by 0x8342B63: avpriv_do_elbg (elbg.c:376)
==2895== by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
==2895==
==2895== Conditional jump or move depends on uninitialised value(s)
==2895== at 0x8342E75: avpriv_do_elbg (elbg.c:112)
==2895== by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
==2895==
==2895==
==2895== Process terminating with default action of signal 11 (SIGSEGV)
==2895== Access not within mapped region at address 0x158B3000
==2895== at 0x8342E6B: avpriv_do_elbg (elbg.c:112)
==2895== by 0x82B5195: quantize.constprop.15 (cinepakenc.c:856)
==2895== If you believe this happened as a result of a stack
==2895== overflow in your program's main thread (unlikely but
==2895== possible), you can try to increase the size of the
==2895== main thread stack using the --main-stacksize= flag.
==2895== The main thread stack size used in this run was 8388608.
==2895==
==2895== HEAP SUMMARY:
==2895== in use at exit: 69,016,706 bytes in 229 blocks
==2895== total heap usage: 3,193 allocs, 2,964 frees, 152,027,251 bytes allocated
==2895==
==2895== 1,296 bytes in 9 blocks are possibly lost in loss record 109 of 146
==2895== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==2895== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==2895== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==2895== by 0x80E5351: ff_graph_thread_init (pthread.c:187)
==2895== by 0x80D8B1F: avfilter_graph_alloc_filter (avfiltergraph.c:189)
==2895== by 0x422B3DF: ???
==2895==
==2895== 1,296 bytes in 9 blocks are possibly lost in loss record 110 of 146
==2895== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==2895== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==2895== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==2895== by 0x8648BC2: ff_frame_thread_init (pthread_frame.c:710)
==2895== by 0x86F816D: avcodec_open2 (utils.c:1315)
==2895== by 0x80CA721: transcode_init (ffmpeg.c:2145)
==2895== by 0x80AB2DE: main (ffmpeg.c:3413)
==2895==
==2895== LEAK SUMMARY:
==2895== definitely lost: 0 bytes in 0 blocks
==2895== indirectly lost: 0 bytes in 0 blocks
==2895== possibly lost: 2,592 bytes in 18 blocks
==2895== still reachable: 69,014,114 bytes in 211 blocks
==2895== suppressed: 0 bytes in 0 blocks
==2895== Reachable blocks (those to which a pointer was found) are not shown.
==2895== To see them, rerun with: --leak-check=full --show-reachable=yes
==2895==
==2895== For counts of detected and suppressed errors, rerun with: -v
==2895== Use --track-origins=yes to see where uninitialised values come from
==2895== ERROR SUMMARY: 895 errors from 4 contexts (suppressed: 59 from 6)
Killed
Attachments (1)
Change History (3)
by , 10 years ago
comment:1 by , 10 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | cinepak crash SIGSEGV added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in 87ecefdab0097537c5c30014e57b19113ab05eee