Opened 5 years ago

Closed 5 years ago

#408 closed defect (fixed)

ffmpeg: Invalid read of size 1 in roq_decode_frame

Reported by: daw Owned by:
Priority: normal Component: undetermined
Version: git Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


The following file causes a Valgrind warning of out-of-bounds memory access:

$ valgrind ./ffmpeg -v 9 -loglevel 99 -i bug1/bad.roq -y  -target pal-vcd out
ffmpeg version N-32008-g13e9a0f, Copyright (c) 2000-2011 the FFmpeg developers
  built on Aug 19 2011 23:34:14 with gcc 4.5.1 20100924 (Red Hat 4.5.1-4)
==9808== Invalid read of size 1
==9808==    at 0x7406EE: roq_decode_frame (roqvideodec.c:78)
==9808==    by 0x7AAAB6: avcodec_decode_video2 (utils.c:769)
==9808==    by 0x435134: output_packet (ffmpeg.c:1627)
==9808==    by 0x4384AC: transcode.clone.11 (ffmpeg.c:2812)
==9808==    by 0x43CB4C: main (ffmpeg.c:4569)
==9808==  Address 0x4eec326 is 0 bytes after a block of size 18,982 alloc'd
==9808==    at 0x4A0473F: memalign (vg_replace_malloc.c:532)
==9808==    by 0x4A04798: posix_memalign (vg_replace_malloc.c:660)
==9808==    by 0x9574A4: av_malloc (mem.c:90)
==9808==    by 0x51793B: av_new_packet (avpacket.c:64)
==9808==    by 0x4E9474: av_get_packet (utils.c:270)
==9808==    by 0x4803AD: roq_read_packet (idroqdec.c:157)
==9808==    by 0x4EA183: av_read_packet (utils.c:732)
==9808==    by 0x4EA6C6: read_frame_internal (utils.c:1199)
==9808==    by 0x43820A: transcode.clone.11 (ffmpeg.c:2753)
==9808==    by 0x43CB4C: main (ffmpeg.c:4569)

The input file that triggers this (see attached file) differs by one byte from tests/data/vsynth2/roqav.roq. I'm using the latest from git.

Attachments (2)

bad.roq (90.6 KB) - added by daw 5 years ago.
input file triggering valgrind warning
valg.out (7.9 KB) - added by daw 5 years ago.
output from valgrind

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by daw

input file triggering valgrind warning

Changed 5 years ago by daw

output from valgrind

comment:1 Changed 5 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from new to closed

Fixed by Reimar

Note: See TracTickets for help on using tickets.