#5527 closed defect (fixed)

Delogo crash with x=0 and/or y=0

Reported by: easyfab Owned by: khali
Priority: important Component: avfilter
Version: git-master Keywords: delogo crash fpe regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: yes

Description

Summary of the bug:Delogo crash with x=0 and/or y=0

How to reproduce:ffmpeg -i input -vf delogo=x=0:y=0:w=2:h=2 output

ffmpeg version : version N-79887-gca5ec2b

built on windows or linux

gdb output :

Thread 1 "ffmpeg_g" received signal SIGFPE, Arithmetic exception.
0x0000000000511fd7 in apply_delogo (direct=0, show=0, band=0,

logo_h=<optimized out>, logo_w=<optimized out>, logo_y=<optimized out>,
logo_x=-1, sar=..., h=<optimized out>, w=<optimized out>,
src_linesize=960,

src=0x7fffd812c320 "\206\206\206\206\206\206\206\207\207\210\210\210\207\207\207\207\207\207\207\207\205\205\205\205\205\205\205\205\207\207\207\207\210\210\210\210\210\210\210\210\206\206\206\206\205\205\205\205\203\203\203\203\205\205\205\205\205\203\177|{xtruy}\200\177\177\177\177\177\177\201\201\203\203\203\204\204\205\205\205\202\202\202\202\201\201\201\201xvtsutrpnsy}\177\177\177\177\201\202\205\207\207\206\202\177}\177\201\204\205\207\211\211\211\211\211\210\210\207\207\207\207\203|vmjhgwz\200\205\207\210\210\210\211\211\211\211", '\210' <se r\377\377\377\377\377\377\377\377p\377\377\377\377\377\377\377\377te 12 fois>, "\204\204\204\205\205\204\202\200ywuuwyz{wvtqg_gx\202\202\202\201\200\177}
~\200\201"..., dst_linesize=<optimized out>,

dst=0x2ca68a0 "\206\206\206\206\206\206\206\207\207\210\210\210\207\207\207\207\207\207\207\207\205\205\205\205\205\205\205\205\207\207\207\207\210\210\210\210\210\210\210\210\206\206\206\206\205\205\205\205\203\203\203\203\205\205\205\205\205\203\177|{xtruy}\200\177\177\177\177\177\177\201\201\203\203\203\204\204\---Type <return> to continue, or q <return> to quit---

Attachments (1)

delogo-check-parameters-2.patch (1.4 KB) - added by khali 19 months ago.
[PATCH] avfilter/delogo: Check that logo area is inside the picture

Download all attachments as: .zip

Change History (16)

comment:1 Changed 19 months ago by cehoyos

  • Priority changed from normal to important
  • Resolution set to worksforme
  • Status changed from new to closed
$ ffmpeg -f lavfi -i testsrc=d=1 -vf delogo=x=0:y=0:w=2:h=2 -f null -
ffmpeg version N-79887-gca5ec2b Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 40.100 / 57. 40.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, lavfi, from 'testsrc=d=1':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 1:1 DAR 4:3], 25 fps, 25 tbr, 25 tbn
[Parsed_delogo_0 @ 0x363a360] Note: default band value was changed from 4 to 1.
[null @ 0x3637700] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, yuv444p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn
    Metadata:
      encoder         : Lavc57.40.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
frame=   25 fps=0.0 q=-0.0 Lsize=N/A time=00:00:01.00 bitrate=N/A speed=90.5x
video:12kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown

comment:2 Changed 19 months ago by richardpl

  • Resolution worksforme deleted
  • Status changed from closed to reopened

comment:3 Changed 19 months ago by cehoyos

So how can the issue be reproduced?

comment:4 Changed 19 months ago by easyfab

Please retry with -vf delogo=x=0:y=0:w=20:h=20

comment:5 Changed 19 months ago by cehoyos

  • Resolution set to worksforme
  • Status changed from reopened to closed
$ ffmpeg -f lavfi -i testsrc=d=1 -vf delogo=x=0:y=0:w=20:h=20 -f null -
ffmpeg version N-79887-gca5ec2b Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 40.100 / 57. 40.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, lavfi, from 'testsrc=d=1':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 1:1 DAR 4:3], 25 fps, 25 tbr, 25 tbn
[Parsed_delogo_0 @ 0x366f3a0] Note: default band value was changed from 4 to 1.
[null @ 0x366c700] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, yuv444p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn
    Metadata:
      encoder         : Lavc57.40.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
frame=   25 fps=0.0 q=-0.0 Lsize=N/A time=00:00:01.00 bitrate=N/A speed=36.6x
video:12kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown

comment:6 follow-up: Changed 19 months ago by richardpl

  • Reproduced by developer set
  • Resolution worksforme deleted
  • Status changed from closed to reopened

Close this bug once more and I will call meeting to ban you from this community.

Hint for lazy: use color source instead.

comment:7 in reply to: ↑ 6 Changed 19 months ago by cehoyos

Replying to richardpl:

Close this bug once more and I will call meeting to ban you from this community.

Don't be ridiculous please;-)

Hint for lazy: use color source instead.

Why didn't you answer my question yesterday?

comment:8 Changed 19 months ago by richardpl

Why you wasn't on IRC yesterday?

comment:9 Changed 19 months ago by cehoyos

Sorry, I was travelling but more important: How would other developers know if you don't want to tell how to reproduce?

comment:10 Changed 19 months ago by cehoyos

  • Component changed from undetermined to avfilter
  • Keywords delogo crash fpe regression added
  • Version changed from unspecified to git-master

@easyfab: For future tickets, please always provide an actual command line that allows to reproduce the issue together with the complete, uncut console output for valid tickets.

Regression since 8bc708fcee137ead6d0773fad8e24ab471ab2122

$ valgrind ./ffmpeg_g -f lavfi -i color=d=1 -vf delogo=x=0:y=0:w=20:h=20 -f null -
==27586== Memcheck, a memory error detector
==27586== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==27586== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==27586== Command: ./ffmpeg_g -f lavfi -i color=d=1 -vf delogo=x=0:y=0:w=20:h=20 -f null -
==27586==
ffmpeg version N-79889-g9486de5 Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 40.100 / 57. 40.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, lavfi, from 'color=d=1':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240 [SAR 1:1 DAR 4:3], 25 fps, 25 tbr, 25 tbn
[Parsed_delogo_0 @ 0xb5a7c20] Note: default band value was changed from 4 to 1.
[null @ 0xb5a4240] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, yuv420p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn
    Metadata:
      encoder         : Lavc57.40.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
==27586==
==27586== Process terminating with default action of signal 8 (SIGFPE)
==27586==  Integer divide by zero at address 0x405BCDEB3
==27586==    at 0x4EF3A5: filter_frame (vf_delogo.c:147)
==27586==    by 0x4B6A70: ff_filter_frame_framed (avfilter.c:1125)
==27586==    by 0x4B7866: ff_filter_frame (avfilter.c:1223)
==27586==    by 0x4BB9E1: request_frame (buffersrc.c:450)
==27586==    by 0x4BBC7A: av_buffersrc_add_frame_internal (buffersrc.c:239)
==27586==    by 0x4BC12C: av_buffersrc_add_frame_flags (buffersrc.c:164)
==27586==    by 0x498C51: decode_video (ffmpeg.c:2196)
==27586==    by 0x49BE86: transcode (ffmpeg.c:2340)
==27586==    by 0x47DCDA: main (ffmpeg.c:4345)
==27586==
==27586== HEAP SUMMARY:
==27586==     in use at exit: 393,259 bytes in 191 blocks
==27586==   total heap usage: 1,929 allocs, 1,738 frees, 988,458 bytes allocated
==27586==
==27586== LEAK SUMMARY:
==27586==    definitely lost: 0 bytes in 0 blocks
==27586==    indirectly lost: 0 bytes in 0 blocks
==27586==      possibly lost: 5,472 bytes in 18 blocks
==27586==    still reachable: 387,787 bytes in 173 blocks
==27586==         suppressed: 0 bytes in 0 blocks
==27586== Rerun with --leak-check=full to see details of leaked memory
==27586==
==27586== For counts of detected and suppressed errors, rerun with: -v
==27586== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
Killed

comment:11 Changed 19 months ago by khali

  • Owner set to khali
  • Status changed from reopened to open

comment:12 Changed 19 months ago by khali

This isn't really a regression, given that you can get the exact same crash by passing option band=1 to the old code. Just like you can avoid the crash with the new code by passing option band=4. Simply the change in default made the bug more visible.

Additionally, even if you manage to avoid the crash, x=0 and/or y=0 will never give good results as the filter needs samples all around the logo area for interpolation.

Incidentally I wrote a patch to catch exactly this problem many months ago. No idea why I did not push it... I'll attach it shortly, please review and/or test.

Changed 19 months ago by khali

[PATCH] avfilter/delogo: Check that logo area is inside the picture

comment:13 Changed 19 months ago by khali

  • Analyzed by developer set
  • Keywords regression removed

comment:14 Changed 19 months ago by cehoyos

  • Keywords regression added

comment:15 Changed 19 months ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed

Fixed by Jean Delvare in aeefe018f847aa46c8d69d1d237a54ef89f58fee

Note: See TracTickets for help on using tickets.