decimate filter crashes with ppsrc option

[Cigaes]

./ffmpeg_g -f lavfi -i testsrc=s=1024x768 \
           -f lavfi -i testsrc \
           -lavfi 'decimate=ppsrc=1' -f framecrc -

yields

ffmpeg version N-76264-g6bfc6d0 Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 5.2.1 (Debian 5.2.1-22) 20151010
  configuration: --enable-shared --disable-static --enable-gpl --enable-libx264 --enable-libopus --enable-libass --enable-libfreetype --enable-opengl --assert-level=2
  libavutil      55.  4.100 / 55.  4.100
  libavcodec     57.  9.100 / 57.  9.100
  libavformat    57. 11.100 / 57. 11.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 13.100 /  6. 13.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
Input #0, lavfi, from 'testsrc=s=1024x768':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 1024x768 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
Input #1, lavfi, from 'testsrc':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #1:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
#software: Lavf57.11.100
#tb 0: 1/20
Output #0, framecrc, to 'pipe:':
  Metadata:
    encoder         : Lavf57.11.100
    Stream #0:0: Video: rawvideo (444P / 0x50343434), yuv444p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 20 fps, 20 tbn, 20 tbc (default)
    Metadata:
      encoder         : Lavc57.9.100 rawvideo
Stream mapping:
  Stream #0:0 (rawvideo) -> decimate:main
  Stream #1:0 (rawvideo) -> decimate:clean_src
  decimate -> Stream #0:0 (rawvideo)
Press [q] to stop, [?] for help
zsh: segmentation fault  ./ffmpeg_g -f lavfi -i testsrc=s=1024x768 -f lavfi -i testsrc -lavfi  -f  -

==31113== Invalid read of size 1      0kB time=00:00:00.00 bitrate=N/A    
==31113==    at 0x50EB2A0: calc_diffs (vf_decimate.c:121)
==31113==    by 0x50EB2A0: filter_frame (vf_decimate.c:174)
==31113==    by 0x50C1C46: ff_filter_frame_framed (avfilter.c:1082)
==31113==    by 0x50C296C: ff_filter_frame (avfilter.c:1176)
==31113==    by 0x5134A12: filter_frame (vf_scale.c:583)
==31113==    by 0x50C1C46: ff_filter_frame_framed (avfilter.c:1082)
==31113==    by 0x50C296C: ff_filter_frame (avfilter.c:1176)
==31113==    by 0x50C6C11: request_frame (buffersrc.c:382)
==31113==    by 0x50C691A: av_buffersrc_add_frame_internal (buffersrc.c:180)
==31113==    by 0x50C6CAC: av_buffersrc_add_frame_flags (buffersrc.c:105)
==31113==    by 0x41FD21: decode_video (ffmpeg.c:2189)
==31113==    by 0x42626F: process_input_packet (ffmpeg.c:2333)
==31113==    by 0x42626F: process_input (ffmpeg.c:3946)
==31113==    by 0x42626F: transcode_step (ffmpeg.c:4034)
==31113==    by 0x42626F: transcode (ffmpeg.c:4088)
==31113==    by 0x407A33: main (ffmpeg.c:4281)
==31113==  Address 0x1697419f is 0 bytes after a block of size 81,951 alloc'd
==31113==    at 0x4C2B086: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31113==    by 0x4C2B191: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31113==    by 0x727E3E6: av_malloc (mem.c:97)
==31113==    by 0x726DD98: av_buffer_alloc (buffer.c:71)
==31113==    by 0x7278805: get_video_buffer (frame.c:193)
==31113==    by 0x7278805: av_frame_get_buffer (frame.c:277)
==31113==    by 0x5156F98: ff_default_get_video_buffer (video.c:55)
==31113==    by 0x5134713: filter_frame (vf_scale.c:516)
==31113==    by 0x50C1C46: ff_filter_frame_framed (avfilter.c:1082)
==31113==    by 0x50C296C: ff_filter_frame (avfilter.c:1176)
==31113==    by 0x50C6C11: request_frame (buffersrc.c:382)
==31113==    by 0x50C691A: av_buffersrc_add_frame_internal (buffersrc.c:180)
==31113==    by 0x50C6CAC: av_buffersrc_add_frame_flags (buffersrc.c:105)

A quick test seems to indicate that it using the resolution of the full frame to compute the difference. The problem does not happen with inputs at the same time.

[Michael Niedermayer]

Fixed in 30fe3fd52721c8c6566001192cd16be423ffc92b