Opened 4 years ago

Closed 4 years ago

#4597 closed defect (fixed)

exr crash

Reported by: cehoyos Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: exr crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Regression since 95582b5c

$ cp fate-suite/exr/rgb_slice_pxr24.exr test1.exr
$ cp fate-suite/exr/rgb_slice_pxr24.exr test2.exr
$ valgrind ./ffmpeg_g -threads 1 -i test%1d.exr -f null -
==2966== Memcheck, a memory error detector
==2966== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2966== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2966== Command: ./ffmpeg_g -threads 1 -i test%1d.exr -f null -
==2966==
ffmpeg version N-72695-g440fa77 Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      54. 27.100 / 54. 27.100
  libavcodec     56. 41.101 / 56. 41.101
  libavformat    56. 34.100 / 56. 34.100
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5. 16.101 /  5. 16.101
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  2.100 /  1.  2.100
  libpostproc    53.  3.100 / 53.  3.100
Input #0, image2, from 'test%1d.exr':
  Duration: 00:00:00.08, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: exr, rgb48le, 800x800 [SAR 1:1 DAR 1:1], 25 tbr, 25 tbn, 25 tbc
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf56.34.100
    Stream #0:0: Video: rawvideo (RGB0 / 0x30424752), rgb48le, 800x800 [SAR 1:1 DAR 1:1], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc56.41.101 rawvideo
Stream mapping:
  Stream #0:0 -> #0:0 (exr (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[null @ 0xbbc7780] Encoder did not produce proper pts, making some up.
[exr @ 0xbba7040] Found more than one compression attribute.
==2966== Invalid read of size 1
==2966==    at 0x70A71E: decode_block (exr.c:813)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==  Address 0xbc1aa60 is 640 bytes inside a block of size 7,152 free'd
==2966==    at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2966==    by 0x70DAD7A: inflateEnd (in /lib64/libz.so.1.2.7)
==2966==    by 0x70DD850: uncompress (in /lib64/libz.so.1.2.7)
==2966==    by 0x70938A: decode_block (exr.c:782)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==
==2966== Invalid write of size 2
==2966==    at 0x70A737: decode_block (bytestream.h:88)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==  Address 0x10ade922 is 0 bytes after a block of size 81,666 alloc'd
==2966==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2966==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2966==    by 0xF24401: av_mallocz (mem.c:95)
==2966==    by 0xAF78EB: av_fast_padded_malloc (utils.c:132)
==2966==    by 0x7092FE: decode_block (exr.c:871)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==
==2966== Invalid read of size 1
==2966==    at 0x70A71A: decode_block (exr.c:813)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==  Address 0xbc1a782 is 0 bytes after a block of size 81,666 alloc'd
==2966==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2966==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2966==    by 0xF24401: av_mallocz (mem.c:95)
==2966==    by 0xAF78EB: av_fast_padded_malloc (utils.c:132)
==2966==    by 0x709318: decode_block (exr.c:873)
==2966==    by 0xAF95FF: avcodec_default_execute2 (utils.c:1122)
==2966==    by 0x70879C: decode_frame (exr.c:1331)
==2966==    by 0xAFABD7: avcodec_decode_video2 (utils.c:2388)
==2966==    by 0x4896CC: decode_video (ffmpeg.c:1993)
==2966==    by 0x48F6AB: transcode (ffmpeg.c:2241)
==2966==    by 0x4728FA: main (ffmpeg.c:4091)
==2966==
frame=    2 fps=0.5 q=0.0 Lsize=N/A time=00:00:00.08 bitrate=N/A
video:0kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==2966==
==2966== HEAP SUMMARY:
==2966==     in use at exit: 88 bytes in 2 blocks
==2966==   total heap usage: 1,207 allocs, 1,205 frees, 13,641,498 bytes allocated
==2966==
==2966== LEAK SUMMARY:
==2966==    definitely lost: 0 bytes in 0 blocks
==2966==    indirectly lost: 0 bytes in 0 blocks
==2966==      possibly lost: 0 bytes in 0 blocks
==2966==    still reachable: 88 bytes in 2 blocks
==2966==         suppressed: 0 bytes in 0 blocks
==2966== Rerun with --leak-check=full to see details of leaked memory
==2966==
==2966== For counts of detected and suppressed errors, rerun with: -v
==2966== ERROR SUMMARY: 5395050 errors from 3 contexts (suppressed: 2 from 2)

Change History (1)

comment:1 Changed 4 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from new to closed

Fixed by Paul B Mahol in a03b69478b7f1c0c31e53acb0cf392917c0f967a

Note: See TracTickets for help on using tickets.