Opened 12 years ago

Closed 12 years ago

#791 closed defect (fixed)

zzufed .dct file crashes ffmpeg

Reported by: Oana Stratulat Owned by:
Priority: important Component: ffmpeg
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

==12726== Memcheck, a memory error detector
==12726== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==12726== Using Valgrind-3.6.1-Debian and LibVEX; rerun with -h for copyright info
==12726== Command: ffmpeg -i corruptfile -f null -
==12726==
ffmpeg version N-35936-gaf3f2a8, Copyright (c) 2000-2011 the FFmpeg developers

built on Dec 19 2011 00:07:16 with gcc 4.6.1
configuration:
libavutil 51. 32. 0 / 51. 32. 0
libavcodec 53. 46. 0 / 53. 46. 0
libavformat 53. 26. 0 / 53. 26. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 53. 0 / 2. 53. 0
libswscale 2. 1. 0 / 2. 1. 0

[ea @ 0x5674820] Estimating duration from bitrate, this may be inaccurate
Input #0, ea, from 'corruptfile':

Duration: 00:03:10.21, start: 0.000000, bitrate: 88 kb/s

Stream #0:0: Video: mdec, yuvj420p, 304x224, 15 fps, 15 tbr, 15 tbn, 15 tbc
Stream #0:1: Audio: adpcm_ea, 22050 Hz, 1 channels, s16, 88 kb/s

[buffer @ 0x56c6f00] w:304 h:224 pixfmt:yuvj420p tb:1/1000000 sar:0/1 sws_param:
Output #0, null, to 'pipe:':

Metadata:

encoder : Lavf53.26.0
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuvj420p, 304x224, q=2-31, 200 kb/s, 90k tbn, 15 tbc
Stream #0:1: Audio: pcm_s16le, 22050 Hz, 1 channels, s16, 352 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (mdec -> rawvideo)
Stream #0:1 -> #0:1 (adpcm_ea -> pcm_s16le)

Press [q] to stop, ? for help
[mdec @ 0x568b8e0] ac-tex damaged at 0 4
Error while decoding stream #0:0
[mdec @ 0x568b8e0] ac-tex damaged at 0 8
Error while decoding stream #0:0
==12726== Invalid write of size 2
==12726== at 0x97E8F1: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x886A5D: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x43CFE8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x441230: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x438BB8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x52F130C: (below main) (libc-start.c:226)
==12726== Address 0x5767700 is 0 bytes after a block of size 2,976 alloc'd
==12726== at 0x4C2786E: memalign (vg_replace_malloc.c:581)
==12726== by 0x4C278C7: posix_memalign (vg_replace_malloc.c:709)
==12726== by 0xA4EEB1: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0xA53F51: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x88A0CB: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x97BBD0: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x886A5D: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x43CFE8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x441230: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x438BB8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x52F130C: (below main) (libc-start.c:226)
==12726==
==12726== Invalid write of size 2
==12726== at 0x97E8F5: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x886A5D: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x43CFE8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x441230: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x438BB8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x52F130C: (below main) (libc-start.c:226)
==12726== Address 0x5767702 is 2 bytes after a block of size 2,976 alloc'd
==12726== at 0x4C2786E: memalign (vg_replace_malloc.c:581)
==12726== by 0x4C278C7: posix_memalign (vg_replace_malloc.c:709)
==12726== by 0xA4EEB1: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0xA53F51: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x88A0CB: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x97BBD0: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x886A5D: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x43CFE8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x441230: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x438BB8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x52F130C: (below main) (libc-start.c:226)
==12726==
--12726-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--12726-- si_code=80; Faulting address: 0x0; sp: 0x403441d70

valgrind: the 'impossible' happened:

Killed by fatal signal

==12726== at 0x38034082: get_bszB_as_is (m_mallocfree.c:245)
==12726== by 0x380357BB: vgPlain_arena_malloc (m_mallocfree.c:256)
==12726== by 0x380366D9: vgPlain_arena_memalign (m_mallocfree.c:1614)
==12726== by 0x3806346D: vgPlain_cli_malloc (replacemalloc_core.c:86)
==12726== by 0x38001D2B: vgMemCheck_new_block (mc_malloc_wrappers.c:201)
==12726== by 0x3800200D: vgMemCheck_memalign (mc_malloc_wrappers.c:268)
==12726== by 0x3806528E: vgPlain_scheduler (scheduler.c:1402)
==12726== by 0x38074CFF: run_a_thread_NORETURN (syswrap-linux.c:94)

sched status:

running_tid=1

Thread 1: status = VgTs_Runnable
==12726== at 0x4C2786E: memalign (vg_replace_malloc.c:581)
==12726== by 0x4C278C7: posix_memalign (vg_replace_malloc.c:709)
==12726== by 0xA4ED3F: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x884D08: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x43DAE6: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x441230: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x438BB8: ??? (in /usr/local/bin/ffmpeg)
==12726== by 0x52F130C: (below main) (libc-start.c:226)

Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.

Attachments (2)

corruptfile (2.0 MB ) - added by Oana Stratulat 12 years ago.
use this file to reproduce the crash
valgrind (5.5 KB ) - added by Oana Stratulat 12 years ago.

Change History (3)

by Oana Stratulat, 12 years ago

Attachment: corruptfile added

use this file to reproduce the crash

by Oana Stratulat, 12 years ago

Attachment: valgrind added

comment:1 by Michael Niedermayer, 12 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.