Opened 2 years ago

Closed 2 years ago

#6461 closed defect (duplicate)

Invalid write in decode_coeffs_b_generic()

Reported by: tsmith Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

How to reproduce:

./ffmpeg -f ivf -i test_case.ivf -frames 5 -f null -
ffmpeg version N-86447-gfeb13ae Copyright (c) 2000-2017 the FFmpeg developers
  built with clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl2 --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-postproc --disable-securetransport --disable-iconv --disable-swscale --disable-avdevice --disable-videotoolbox --disable-everything --enable-encoder=wrapped_avframe --disable-lzma --enable-protocol='file,pipe' --enable-muxer=null --enable-demuxer=ivf --enable-parser=vp9 --enable-decoder=vp9 --disable-pic
  libavutil      55. 63.100 / 55. 63.100
  libavcodec     57. 98.100 / 57. 98.100
  libavformat    57. 73.100 / 57. 73.100
  libavfilter     6. 92.100 /  6. 92.100
  libswresample   2.  8.100 /  2.  8.100

Invalid write of size 4
   at 0x51B844: decode_coeffs_b_generic (vp9block.c:920)
   by 0x51B844: decode_coeffs_b_16bpp (vp9block.c:954)
   by 0x51B844: decode_coeffs (vp9block.c:1068)
   by 0x51B844: decode_coeffs_16bpp (vp9block.c:1142)
   by 0x4ECB2A: ff_vp9_decode_block (vp9block.c:1303)
   by 0x4EA478: decode_sb (vp9.c:990)
   by 0x4EA512: decode_sb (vp9.c:985)
   by 0x4EA4D5: decode_sb (vp9.c:984)
   by 0x4DF174: vp9_decode_frame (vp9.c:1314)
   by 0x4C0FAB: decode_simple_internal (decode.c:417)
   by 0x4C0FAB: decode_simple_receive_frame (decode.c:620)
   by 0x4C0FAB: decode_receive_frame_internal (decode.c:638)
   by 0x4C05D9: avcodec_send_packet (decode.c:678)
   by 0x4A8662: try_decode_frame (utils.c:3005)
   by 0x4A2FB3: avformat_find_stream_info (utils.c:3822)
   by 0x411F31: open_input_file (ffmpeg_opt.c:1013)
   by 0x41064B: open_files (ffmpeg_opt.c:3207)
 Address 0xd005b0200 is not stack'd, malloc'd or (recently) free'd


Process terminating with default action of signal 11 (SIGSEGV)
 Access not within mapped region at address 0xD005B0200
   at 0x51B844: decode_coeffs_b_generic (vp9block.c:920)
   by 0x51B844: decode_coeffs_b_16bpp (vp9block.c:954)
   by 0x51B844: decode_coeffs (vp9block.c:1068)
   by 0x51B844: decode_coeffs_16bpp (vp9block.c:1142)
   by 0x4ECB2A: ff_vp9_decode_block (vp9block.c:1303)
   by 0x4EA478: decode_sb (vp9.c:990)
   by 0x4EA512: decode_sb (vp9.c:985)
   by 0x4EA4D5: decode_sb (vp9.c:984)
   by 0x4DF174: vp9_decode_frame (vp9.c:1314)
   by 0x4C0FAB: decode_simple_internal (decode.c:417)
   by 0x4C0FAB: decode_simple_receive_frame (decode.c:620)
   by 0x4C0FAB: decode_receive_frame_internal (decode.c:638)
   by 0x4C05D9: avcodec_send_packet (decode.c:678)
   by 0x4A8662: try_decode_frame (utils.c:3005)
   by 0x4A2FB3: avformat_find_stream_info (utils.c:3822)
   by 0x411F31: open_input_file (ffmpeg_opt.c:1013)
   by 0x41064B: open_files (ffmpeg_opt.c:3207)
 If you believe this happened as a result of a stack
 overflow in your program's main thread (unlikely but
 possible), you can try to increase the size of the
 main thread stack using the --main-stacksize= flag.
 The main thread stack size used in this run was 8388608.

Attachments (1)

test_case.ivf (11.4 KB) - added by tsmith 2 years ago.

Download all attachments as: .zip

Change History (3)

Changed 2 years ago by tsmith

comment:1 Changed 2 years ago by tsmith

The stack trace was generated with Valgrind

comment:2 Changed 2 years ago by rbultje

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of 6459.

Note: See TracTickets for help on using tickets.