Opened 12 years ago

Closed 12 years ago

#851 closed defect (fixed)

crash with grayscale jpegls

Reported by: ami_stuff Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: jpegls gray
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

(gdb) r -i gray.jls out.bmp
Starting program: F:\MinGW\msys\1.0\ffmpeg-HEAD-834f80d/ffmpeg_g.exe -i gray.jls
 out.bmp
[New Thread 3208.0x64c]
ffmpeg version 0.9.0.git-834f80d, Copyright (c) 2000-2011 the FFmpeg developers
  built on Dec 22 2011 14:07:40 with gcc 4.5.2
  configuration: --disable-ffplay --disable-ffserver --disable-asm --disable-yas
m --disable-shared --enable-static
  libavutil      51. 32.100 / 51. 32.100
  libavcodec     53. 47.100 / 53. 47.100
  libavformat    53. 28.100 / 53. 28.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 53.  0 /  2. 53.  0
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  5.100 /  0.  0.100
Input #0, image2, from 'gray.jls':
  Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: jpegls, gray, 1024x768 [SAR 72:72 DAR 4:3], 25 tbr, 25 t
bn, 25 tbc
[buffer @ 03d615d0] w:1024 h:768 pixfmt:gray tb:1/1000000 sar:72/72 sws_param:
Output #0, image2, to 'out.bmp':
  Metadata:
    encoder         : Lavf53.28.100
    Stream #0:0: Video: bmp, gray, 1024x768 [SAR 72:72 DAR 4:3], q=2-31, 200 kb/
s, 90k tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (jpegls -> bmp)
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x005bd688 in ls_decode_line (state=<value optimized out>, s=0x43a6008,
    last=0x43a7bb8, dst=0x4900020, last2=0, w=3072, stride=3, comp=0, bits=8)
    at libavcodec/jpeglsdec.c:169
169             Rd = (x >= w - stride) ? R(last, x) : R(last, x + stride);
(gdb) bt
#0  0x005bd688 in ls_decode_line (state=<value optimized out>, s=0x43a6008,
    last=0x43a7bb8, dst=0x4900020, last2=0, w=3072, stride=3, comp=0, bits=8)
    at libavcodec/jpeglsdec.c:169
#1  0x005be653 in ff_jpegls_decode_picture (s=0x43a6008, near=0,
    point_transform=0, ilv=1) at libavcodec/jpeglsdec.c:316
#2  0x007263ae in ff_mjpeg_decode_sos (avctx=0x3d5f038, data=0x3d61b00,
    data_size=0x22deac, avpkt=0x22de10) at libavcodec/mjpegdec.c:1077
#3  ff_mjpeg_decode_frame (avctx=0x3d5f038, data=0x3d61b00,
    data_size=0x22deac, avpkt=0x22de10) at libavcodec/mjpegdec.c:1549
#4  0x005091f2 in avcodec_decode_video2 (avctx=0x3d5f038, picture=0x3d61b00,
    got_picture_ptr=0x22deac, avpkt=0x22de10) at libavcodec/utils.c:953
#5  0x00405c17 in transcode_video (ist=0x3d611f0, ost_table=0x42be868,
    nb_ostreams=1, pkt=0x22fbb8) at ffmpeg.c:1880
#6  output_packet (ist=0x3d611f0, ost_table=0x42be868, nb_ostreams=1,
    pkt=0x22fbb8) at ffmpeg.c:2046
#7  0x0040a63e in transcode (output_files=<value optimized out>,
    nb_output_files=0, input_files=0x0, nb_input_files=4256952)
    at ffmpeg.c:2804
#8  0x0022ff48 in ?? ()
#9  0x00000000 in ?? ()

Attachments (1)

gray.jls (463.7 KB ) - added by ami_stuff 12 years ago.

Download all attachments as: .zip

Change History (3)

by ami_stuff, 12 years ago

Attachment: gray.jls added

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: undeterminedavcodec
Keywords: jpegls added
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master
==8319== Memcheck, a memory error detector
==8319== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==8319== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==8319== Command: ffmpeg_g -i gray.jls -f null -
==8319==
ffmpeg version N-36329-g03d7d8f, Copyright (c) 2000-2012 the FFmpeg developers
  built on Jan  1 2012 05:04:04 with gcc 4.5.3
  configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
  libavutil      51. 33.100 / 51. 33.100
  libavcodec     53. 49.101 / 53. 49.101
  libavformat    53. 29.100 / 53. 29.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 57.100 /  2. 57.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  5.100 /  0.  5.100
==8319== Invalid read of size 1
==8319==    at 0x83AC98B: ls_decode_line (jpeglsdec.c:169)
==8319==  Address 0x6ea12a0 is 0 bytes after a block of size 1,056 alloc'd
==8319==    at 0x6909E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x6909EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x86EA077: av_mallocz (mem.c:94)
==8319==
==8319== Invalid read of size 1
==8319==    at 0x83AC9BC: ls_decode_line (jpeglsdec.c:167)
==8319==  Address 0x6ea12a0 is 0 bytes after a block of size 1,056 alloc'd
==8319==    at 0x6909E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x6909EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x86EA077: av_mallocz (mem.c:94)
==8319==
==8319== Invalid read of size 1
==8319==    at 0x83AC9D3: ls_decode_line (jpeglsdec.c:168)
==8319==  Address 0x6ea12a0 is 0 bytes after a block of size 1,056 alloc'd
==8319==    at 0x6909E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x6909EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==8319==    by 0x86EA077: av_mallocz (mem.c:94)
==8319==

...

comment:2 by Michael Niedermayer, 12 years ago

Keywords: gray added
Resolution: fixed
Status: openclosed

fixed / patch on ML

Note: See TracTickets for help on using tickets.