#6459 closed defect (fixed)
Invalid write in ff_vp9_ipred_dr_16x16_16_avx2
| Reported by: | tsmith | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | vp9 crash |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
How to reproduce:
% ffmpeg -f ivf -i test_case.ivf -frames 5 -f null - ffmpeg version N-86447-gfeb13ae Copyright (c) 2000-2017 the FFmpeg developers built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final) configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic libavutil 55. 63.100 / 55. 63.100 libavcodec 57. 98.100 / 57. 98.100 libavformat 57. 73.100 / 57. 73.100 libavfilter 6. 92.100 / 6. 92.100 libswresample 2. 8.100 / 2. 8.100 Invalid write of size 8 at 0x60D0C8: ff_vp9_ipred_dr_16x16_16_avx2 (vp9intrapred_16bpp.asm:1224) by 0x4ED4DD: ff_vp9_decode_block (vp9block.c:1385) by 0x4EA038: decode_sb (vp9.c:953) by 0x4EA70F: decode_sb (vp9.c:969) by 0x4DF174: vp9_decode_frame (vp9.c:1314) by 0x4C0FAB: decode_simple_internal (decode.c:417) by 0x4C0FAB: decode_simple_receive_frame (decode.c:620) by 0x4C0FAB: decode_receive_frame_internal (decode.c:638) by 0x4C05D9: avcodec_send_packet (decode.c:678) by 0x4A8662: try_decode_frame (utils.c:3005) by 0x4A2FB3: avformat_find_stream_info (utils.c:3822) by 0x411F31: open_input_file (ffmpeg_opt.c:1013) by 0x41064B: open_files (ffmpeg_opt.c:3207) by 0x410213: ffmpeg_parse_options (ffmpeg_opt.c:3247) Address 0x5a30420 is 0 bytes after an unallocated block of size 16 in arena "client"
Attachments (1)
Change History (5)
by , 8 years ago
| Attachment: | test_case.ivf added |
|---|
comment:1 by , 8 years ago
comment:2 by , 8 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | vp9 crash added |
| Priority: | normal → important |
| Resolution: | → fixed |
| Status: | new → closed |
Fixed by Ronald in d35ff98e270d904481ab75d58d6cf6badf85e1b2
comment:3 by , 8 years ago
Hi Carl, just checking, did you confirm that there's no other issues exposed by this particular test case? I'm asking because I wasn't able to reproduce the issue, I merely inspected the source code and found an issue that would lead to this. Just would like to double check that there's no other issue lurking around in addition to the one I fixed. Thanks!
comment:4 by , 8 years ago
Also, @msmith, I don't know how you guys do it, but it's pretty incredible that you found this issue only 47 hours after the commit that introduced it was pushed (81fc617c125734aa6f3b3d938af75fef6db750e7). Thanks so much!
Note:
See TracTickets
for help on using tickets.
The stack trace was generated with Valgrind