IFF ANIM: crash with fuzzed ANIM-J

[ami_stuff]

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -i animj_ham6_fuzz.anim -f null -
==2493== Memcheck, a memory error detector
==2493== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2493== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==2493== Command: ffmpeg/ffmpeg_g -i animj_ham6_fuzz.anim -f null -
==2493== 
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, iff, from 'animj_ham6_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), rgb0, 160x100, SAR 6:7 DAR 48:35, 30 fps, 60 tbr, 60 tbn
[null @ 0x43aafa0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, rgb0, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
decode_byterun ended before plane size
==2493== Invalid write of size 1s
==2493==    at 0x8576A3C: bytestream_get_byte (bytestream.h:95)
==2493==    by 0x8576A3C: bytestream2_get_byteu (bytestream.h:95)
==2493==    by 0x8576A3C: bytestream2_get_byte (bytestream.h:95)
==2493==    by 0x8576A3C: decode_delta_j (iff.c:848)
==2493==    by 0x8576A3C: decode_frame (iff.c:1481)
==2493==    by 0x874014D: avcodec_decode_video2 (utils.c:2217)
==2493==    by 0x80DBF40: decode_video (ffmpeg.c:2087)
==2493==    by 0x80DE93F: process_input_packet (ffmpeg.c:2340)
==2493==    by 0x80BDE45: process_input (ffmpeg.c:4014)
==2493==    by 0x80BDE45: transcode_step (ffmpeg.c:4102)
==2493==    by 0x80BDE45: transcode (ffmpeg.c:4156)
==2493==    by 0x80BDE45: main (ffmpeg.c:4349)
==2493==  Address 0x43f4d77 is 9 bytes before a block of size 384,000 alloc'd
==2493==    at 0x402C580: memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2493==    by 0x402C6AE: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2493==    by 0x8BAED9F: av_malloc (mem.c:97)
==2493==    by 0x8BAED9F: av_mallocz (mem.c:254)
==2493==    by 0x8BAED9F: av_calloc (mem.c:264)
==2493==    by 0x8074545: decode_init (iff.c:419)
==2493==    by 0x8745B48: avcodec_open2 (utils.c:1564)
==2493==    by 0x80D63F8: init_input_stream (ffmpeg.c:2566)
==2493==    by 0x80D63F8: transcode_init (ffmpeg.c:3227)
==2493==    by 0x80BCD1F: transcode (ffmpeg.c:4127)
==2493==    by 0x80BCD1F: main (ffmpeg.c:4349)
==2493== 
    Last message repeated 4 times
frame=   18 fps=0.0 q=-0.0 Lsize=N/A time=00:00:00.71 bitrate=N/A speed=1.22x    
video:7kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==2493== 
==2493== HEAP SUMMARY:
==2493==     in use at exit: 24 bytes in 1 blocks
==2493==   total heap usage: 1,368 allocs, 1,367 frees, 2,138,915 bytes allocated
==2493== 
==2493== LEAK SUMMARY:
==2493==    definitely lost: 0 bytes in 0 blocks
==2493==    indirectly lost: 0 bytes in 0 blocks
==2493==      possibly lost: 0 bytes in 0 blocks
==2493==    still reachable: 24 bytes in 1 blocks
==2493==         suppressed: 0 bytes in 0 blocks
==2493== Reachable blocks (those to which a pointer was found) are not shown.
==2493== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2493== 
==2493== For counts of detected and suppressed errors, rerun with: -v
==2493== ERROR SUMMARY: 16 errors from 1 contexts (suppressed: 0 from 0)

(gdb) r -i animJ_ham6_fuzz.anim -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i animJ_ham6_fuzz.anim -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --disable-ffprobe --disable-ffserver --enable-gpl
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Input #0, iff, from 'animJ_ham6_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), rgb0, 160x100, SAR 6:7 DAR 48:35, 30 fps, 60 tbr, 60 tbn
[null @ 0x9858480] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, rgb0, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
decode_byterun ended before plane size
*** Error in `/media/sdb1/ffmpeg/ffmpeg_g': double free or corruption (!prev): 0x098791a0 ***

Program received signal SIGABRT, Aborted.
0xb7fdccb0 in ?? ()
(gdb) bt
#0  0xb7fdccb0 in ?? ()
#1  0xb7dd233a in malloc_printerr (action=<optimized out>, 
    str=0xb7ec4fd0 "double free or corruption (!prev)", ptr=0x98791a0)
    at malloc.c:4996
#2  0xb7dd2fad in _int_free (av=0xb7f09420 <main_arena>, p=<optimized out>, 
    have_lock=0) at malloc.c:3840
#3  0x083180b2 in read_from_packet_buffer (pkt=<optimized out>, 
    pkt_buffer_end=<optimized out>, pkt_buffer=<optimized out>)
    at libavformat/utils.c:1436
#4  av_read_frame (s=<optimized out>, pkt=0xbfffed44)
    at libavformat/utils.c:1688
#5  0x080d2f1f in get_input_packet (f=f@entry=0x9857cc0, 
    pkt=pkt@entry=0xbfffed44) at ffmpeg.c:3672
#6  0x080bd447 in process_input (file_index=0) at ffmpeg.c:3792
#7  transcode_step () at ffmpeg.c:4102
#8  transcode () at ffmpeg.c:4156
#9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4349
(gdb) 

[Elon Musk]

Can not reproduce here, could you compile your ffmpeg with debug symbols on?

[ami_stuff]

It's a 32bit build, maybe it's not reproducible on 64bit? I'm compiling now ffmpeg with --enable-debug.

[ami_stuff]

so I get the same backtrace with the git head

maybe someone can test if this is reproducible on linux 32bit

(gdb) r -i '/media/sdb1/animj_ham6_fuzz.anim' -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i '/media/sdb1/animj_ham6_fuzz.anim' -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-debug --disable-ffprobe --disable-ffserver
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Input #0, iff, from '/media/sdb1/animj_ham6_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), rgb0, 160x100, SAR 6:7 DAR 48:35, 30 fps, 60 tbr, 60 tbn
[null @ 0x9803580] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, rgb0, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
decode_byterun ended before plane size
*** Error in `/media/sdb1/ffmpeg/ffmpeg_g': double free or corruption (!prev): 0x09824200 ***

Program received signal SIGABRT, Aborted.
0xb7fdccb0 in ?? ()
(gdb) bt
#0  0xb7fdccb0 in ?? ()
#1  0xb7dd233a in malloc_printerr (action=<optimized out>, 
    str=0xb7ec4fd0 "double free or corruption (!prev)", ptr=0x9824200)
    at malloc.c:4996
#2  0xb7dd2fad in _int_free (av=0xb7f09420 <main_arena>, p=<optimized out>, 
    have_lock=0) at malloc.c:3840
#3  0x082ef5c2 in read_from_packet_buffer (pkt=<optimized out>, 
    pkt_buffer_end=<optimized out>, pkt_buffer=<optimized out>)
    at libavformat/utils.c:1436
#4  av_read_frame (s=<optimized out>, pkt=0xbfffed34)
    at libavformat/utils.c:1688
#5  0x080d059f in get_input_packet (f=f@entry=0x9803000, 
    pkt=pkt@entry=0xbfffed34) at ffmpeg.c:3672
#6  0x080bab97 in process_input (file_index=0) at ffmpeg.c:3792
#7  transcode_step () at ffmpeg.c:4102
#8  transcode () at ffmpeg.c:4156
#9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4349
(gdb) 

[ami_stuff]

with attached I get this, it's of cource still possible that something is wrong only on my side:

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -i '/media/sdb1/f/old_animj_5bpp_2_fuzz.anim'  -f null -
==2340== Memcheck, a memory error detector
==2340== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2340== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==2340== Command: ffmpeg/ffmpeg_g -i /media/sdb1/f/old_animj_5bpp_2_fuzz.anim -f null -
==2340== 
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-debug --disable-ffprobe --disable-ffserver
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Input #0, iff, from '/media/sdb1/f/old_animj_5bpp_2_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), pal8, 160x100, SAR 6:7 DAR 48:35, 10 fps, 60 tbr, 60 tbn
[null @ 0x43145e0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, pal8, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
==2340== Invalid write of size 1
==2340==    at 0x854F276: bytestream_get_byte (bytestream.h:95)
==2340==    by 0x854F276: bytestream2_get_byteu (bytestream.h:95)
==2340==    by 0x854F276: bytestream2_get_byte (bytestream.h:95)
==2340==    by 0x854F276: decode_delta_j (iff.c:864)
==2340==    by 0x854F276: decode_frame (iff.c:1538)
==2340==    by 0x87171AD: avcodec_decode_video2 (utils.c:2217)
==2340==    by 0x80D95C0: decode_video (ffmpeg.c:2087)
==2340==    by 0x80DBFBF: process_input_packet (ffmpeg.c:2340)
==2340==    by 0x80BB595: process_input (ffmpeg.c:4014)
==2340==    by 0x80BB595: transcode_step (ffmpeg.c:4102)
==2340==    by 0x80BB595: transcode (ffmpeg.c:4156)
==2340==    by 0x80BB595: main (ffmpeg.c:4349)
==2340==  Address 0x4371cd6 is 10 bytes before a block of size 80,000 alloc'd
==2340==    at 0x402C580: memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2340==    by 0x402C6AE: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2340==    by 0x8B6F89F: av_malloc (mem.c:97)
==2340==    by 0x8B6F89F: av_mallocz (mem.c:254)
==2340==    by 0x8B6F89F: av_calloc (mem.c:264)
==2340==    by 0x8071E6F: decode_init (iff.c:420)
==2340==    by 0x871CBA8: avcodec_open2 (utils.c:1564)
==2340==    by 0x80D3A78: init_input_stream (ffmpeg.c:2566)
==2340==    by 0x80D3A78: transcode_init (ffmpeg.c:3227)
==2340==    by 0x80BA46F: transcode (ffmpeg.c:4127)
==2340==    by 0x80BA46F: main (ffmpeg.c:4349)
==2340== 
frame=   50 fps=0.0 q=-0.0 Lsize=N/A time=00:00:04.98 bitrate=N/A speed=20.5x    
video:18kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==2340== 
==2340== HEAP SUMMARY:
==2340==     in use at exit: 24 bytes in 1 blocks
==2340==   total heap usage: 2,144 allocs, 2,143 frees, 848,735 bytes allocated
==2340== 
==2340== LEAK SUMMARY:
==2340==    definitely lost: 0 bytes in 0 blocks
==2340==    indirectly lost: 0 bytes in 0 blocks
==2340==      possibly lost: 0 bytes in 0 blocks
==2340==    still reachable: 24 bytes in 1 blocks
==2340==         suppressed: 0 bytes in 0 blocks
==2340== Reachable blocks (those to which a pointer was found) are not shown.
==2340== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2340== 
==2340== For counts of detected and suppressed errors, rerun with: -v
==2340== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)

(gdb) r -i '/media/sdb1/f/old_animj_5bpp_2_fuzz.anim'  -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i '/media/sdb1/f/old_animj_5bpp_2_fuzz.anim'  -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-debug --disable-ffprobe --disable-ffserver
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Input #0, iff, from '/media/sdb1/f/old_animj_5bpp_2_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), pal8, 160x100, SAR 6:7 DAR 48:35, 10 fps, 60 tbr, 60 tbn
[null @ 0x98042a0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, pal8, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
*** Error in `/media/sdb1/ffmpeg/ffmpeg_g': corrupted double-linked list: 0x09842e88 ***

Program received signal SIGABRT, Aborted.
0xb7fdccb0 in ?? ()
(gdb) bt
#0  0xb7fdccb0 in ?? ()
#1  0xb7dd233a in malloc_printerr (action=<optimized out>, 
    str=0xb7ec09b3 "corrupted double-linked list", ptr=0x9842e88)
    at malloc.c:4996
#2  0xb7dd31d7 in _int_free (av=0xb7f09420 <main_arena>, p=<optimized out>, 
    have_lock=0) at malloc.c:3996
#3  0x082ef5c2 in read_from_packet_buffer (pkt=<optimized out>, 
    pkt_buffer_end=<optimized out>, pkt_buffer=<optimized out>)
    at libavformat/utils.c:1436
#4  av_read_frame (s=<optimized out>, pkt=0xbfffed34)
    at libavformat/utils.c:1688
#5  0x080d059f in get_input_packet (f=f@entry=0x9803880, 
    pkt=pkt@entry=0xbfffed34) at ffmpeg.c:3672
#6  0x080bab97 in process_input (file_index=0) at ffmpeg.c:3792
#7  transcode_step () at ffmpeg.c:4102
#8  transcode () at ffmpeg.c:4156
#9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4349
(gdb)

aaa@aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -i '/media/sdb1/f/old_animj_ham6_fuzz.anim' -f null -
==2351== Memcheck, a memory error detector
==2351== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2351== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==2351== Command: ffmpeg/ffmpeg_g -i /media/sdb1/f/old_animj_ham6_fuzz.anim -f null -
==2351== 
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-debug --disable-ffprobe --disable-ffserver
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Input #0, iff, from '/media/sdb1/f/old_animj_ham6_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), rgb0, 160x100, SAR 6:7 DAR 48:35, 30 fps, 60 tbr, 60 tbn
[null @ 0x43aafa0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, rgb0, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
==2351== Invalid write of size 1
==2351==    at 0x854E6C2: bytestream_get_byte (bytestream.h:95)
==2351==    by 0x854E6C2: bytestream2_get_byteu (bytestream.h:95)
==2351==    by 0x854E6C2: bytestream2_get_byte (bytestream.h:95)
==2351==    by 0x854E6C2: decode_delta_j (iff.c:901)
==2351==    by 0x854E6C2: decode_frame (iff.c:1538)
==2351==    by 0x87171AD: avcodec_decode_video2 (utils.c:2217)
==2351==    by 0x80D95C0: decode_video (ffmpeg.c:2087)
==2351==    by 0x80DBFBF: process_input_packet (ffmpeg.c:2340)
==2351==    by 0x80BB595: process_input (ffmpeg.c:4014)
==2351==    by 0x80BB595: transcode_step (ffmpeg.c:4102)
==2351==    by 0x80BB595: transcode (ffmpeg.c:4156)
==2351==    by 0x80BB595: main (ffmpeg.c:4349)
==2351==  Address 0x4452a18 is 8 bytes before a block of size 384,000 alloc'd
==2351==    at 0x402C580: memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2351==    by 0x402C6AE: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2351==    by 0x8B6F89F: av_malloc (mem.c:97)
==2351==    by 0x8B6F89F: av_mallocz (mem.c:254)
==2351==    by 0x8B6F89F: av_calloc (mem.c:264)
==2351==    by 0x8071E6F: decode_init (iff.c:420)
==2351==    by 0x871CBA8: avcodec_open2 (utils.c:1564)
==2351==    by 0x80D3A78: init_input_stream (ffmpeg.c:2566)
==2351==    by 0x80D3A78: transcode_init (ffmpeg.c:3227)
==2351==    by 0x80BA46F: transcode (ffmpeg.c:4127)
==2351==    by 0x80BA46F: main (ffmpeg.c:4349)
==2351== 
frame=   18 fps=0.0 q=-0.0 Lsize=N/A time=00:00:00.71 bitrate=N/A speed=3.03x    
video:7kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==2351== 
==2351== HEAP SUMMARY:
==2351==     in use at exit: 24 bytes in 1 blocks
==2351==   total heap usage: 1,368 allocs, 1,367 frees, 2,138,933 bytes allocated
==2351== 
==2351== LEAK SUMMARY:
==2351==    definitely lost: 0 bytes in 0 blocks
==2351==    indirectly lost: 0 bytes in 0 blocks
==2351==      possibly lost: 0 bytes in 0 blocks
==2351==    still reachable: 24 bytes in 1 blocks
==2351==         suppressed: 0 bytes in 0 blocks
==2351== Reachable blocks (those to which a pointer was found) are not shown.
==2351== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2351== 
==2351== For counts of detected and suppressed errors, rerun with: -v
==2351== ERROR SUMMARY: 32 errors from 1 contexts (suppressed: 0 from 0)

(gdb) r -i '/media/sdb1/f/old_animj_ham6_fuzz.anim'  -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -i '/media/sdb1/f/old_animj_ham6_fuzz.anim'  -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 3.0.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.0 (Ubuntu 5.3.0-3ubuntu1~14.04) 20151204
  configuration: --enable-debug --disable-ffprobe --disable-ffserver
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 41.102 / 57. 41.102
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Input #0, iff, from '/media/sdb1/f/old_animj_ham6_fuzz.anim':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: iff_ilbm (ANIM / 0x4D494E41), rgb0, 160x100, SAR 6:7 DAR 48:35, 30 fps, 60 tbr, 60 tbn
[null @ 0x9803460] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.36.100
    Stream #0:0: Video: wrapped_avframe, rgb0, 160x100 [SAR 6:7 DAR 48:35], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc57.41.102 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (iff_ilbm (iff) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
frame=   18 fps=0.0 q=-0.0 Lsize=N/A time=00:00:00.71 bitrate=N/A speed=7.17e+05x    
video:7kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
*** Error in `/media/sdb1/ffmpeg/ffmpeg_g': munmap_chunk(): invalid pointer: 0x09881e40 ***

Program received signal SIGABRT, Aborted.
0xb7fdccb0 in ?? ()
(gdb) bt
#0  0xb7fdccb0 in ?? ()
#1  0xb7dd233a in malloc_printerr (action=<optimized out>, 
    str=0xb7ec4f00 "munmap_chunk(): invalid pointer", ptr=0x9881e40)
    at malloc.c:4996
#2  0xb7dd2408 in munmap_chunk (p=<optimized out>) at malloc.c:2816
#3  0x08071ce6 in decode_end (avctx=0x9803080) at libavcodec/iff.c:368
#4  0x08089176 in avcodec_close (avctx=0x9803080) at libavcodec/utils.c:2967
#5  0x080bbd01 in transcode () at ffmpeg.c:4214
#6  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4349
(gdb) 

[Elon Musk]

If this crash happens only under valgrind than its issue on your side.

[ami_stuff]

Could you try to reproduce the crash with this binary?

​http://johnvansickle.com/ffmpeg/builds/ffmpeg-git-32bit-static.tar.xz

​http://johnvansickle.com/ffmpeg/

[Elon Musk]

Does it still happens with latest master?

[ami_stuff]

no

fixed in 5350e0fc97a50de7cb387d1d5f07fe25c9c4a935