Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#6459 closed defect (fixed)

Invalid write in ff_vp9_ipred_dr_16x16_16_avx2

Reported by: tsmith Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: vp9 crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

How to reproduce:

% ffmpeg -f ivf -i test_case.ivf -frames 5 -f null -
ffmpeg version N-86447-gfeb13ae Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic
  libavutil      55. 63.100 / 55. 63.100
  libavcodec     57. 98.100 / 57. 98.100
  libavformat    57. 73.100 / 57. 73.100
  libavfilter     6. 92.100 /  6. 92.100
  libswresample   2.  8.100 /  2.  8.100

Invalid write of size 8
   at 0x60D0C8: ff_vp9_ipred_dr_16x16_16_avx2 (vp9intrapred_16bpp.asm:1224)
   by 0x4ED4DD: ff_vp9_decode_block (vp9block.c:1385)
   by 0x4EA038: decode_sb (vp9.c:953)
   by 0x4EA70F: decode_sb (vp9.c:969)
   by 0x4DF174: vp9_decode_frame (vp9.c:1314)
   by 0x4C0FAB: decode_simple_internal (decode.c:417)
   by 0x4C0FAB: decode_simple_receive_frame (decode.c:620)
   by 0x4C0FAB: decode_receive_frame_internal (decode.c:638)
   by 0x4C05D9: avcodec_send_packet (decode.c:678)
   by 0x4A8662: try_decode_frame (utils.c:3005)
   by 0x4A2FB3: avformat_find_stream_info (utils.c:3822)
   by 0x411F31: open_input_file (ffmpeg_opt.c:1013)
   by 0x41064B: open_files (ffmpeg_opt.c:3207)
   by 0x410213: ffmpeg_parse_options (ffmpeg_opt.c:3247)
 Address 0x5a30420 is 0 bytes after an unallocated block of size 16 in arena "client"

Attachments (1)

test_case.ivf (142 bytes ) - added by tsmith 5 years ago.

Download all attachments as: .zip

Change History (5)

by tsmith, 5 years ago

Attachment: test_case.ivf added

comment:1 by tsmith, 5 years ago

The stack trace was generated with Valgrind

comment:2 by Carl Eugen Hoyos, 5 years ago

Component: undeterminedavcodec
Keywords: vp9 crash added
Priority: normalimportant
Resolution: fixed
Status: newclosed

comment:3 by Ronald S. Bultje, 5 years ago

Hi Carl, just checking, did you confirm that there's no other issues exposed by this particular test case? I'm asking because I wasn't able to reproduce the issue, I merely inspected the source code and found an issue that would lead to this. Just would like to double check that there's no other issue lurking around in addition to the one I fixed. Thanks!

comment:4 by Ronald S. Bultje, 5 years ago

Also, @msmith, I don't know how you guys do it, but it's pretty incredible that you found this issue only 47 hours after the commit that introduced it was pushed (81fc617c125734aa6f3b3d938af75fef6db750e7). Thanks so much!

Note: See TracTickets for help on using tickets.