Opened 9 months ago

Last modified 7 months ago

#9063 new defect

Segmentation fault when encoding with dnxhd with yuv444p10le

Reported by: Diego Felix de Souza Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: dnxhd crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug: I am trying to encode an 8K video file with yuv444p10le pixel format by using the dnxhd encoder. Every time, I receive a 'segmentation fault' error. I have managed to reproduce the error without using the large YUV file.

How to reproduce:

~/ffmpeg_sources/ffmpeg$ valgrind --max-threads=1000 ./ffmpeg_g -f lavfi -i nullsrc=size=7680x4320:rate=60 -vf "geq=random(1)*255:128:128" -pix_fmt yuv444p10le -c:v dnxhd -profile:v 5 -f null -
==208942== Memcheck, a memory error detector
==208942== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==208942== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==208942== Command: ./ffmpeg_g -f lavfi -i nullsrc=size=7680x4320:rate=60 -vf geq=random(1)*255:128:128 -pix_fmt yuv444p10le -c:v dnxhd -profile:v 5 -f null -
==208942== 
ffmpeg version N-100607-g9219ed213d Copyright (c) 2000-2021 the FFmpeg developers
  built with gcc 9 (Ubuntu 9.2.1-17ubuntu1~18.04.1)
  configuration: --prefix=/home/difs/ffmpeg_build --pkg-config-flags=--static --extra-cflags=-I/home/difs/ffmpeg_build/include --extra-ldflags=-L/home/difs/ffmpeg_build/lib --extra-libs='-lpthread -lm' --bindir=/home/difs/bin --enable-gpl --enable-gnutls --enable-libass --enable-libfdk-aac --enable-libfreetype --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-nonfree --enable-debug
  libavutil      56. 63.100 / 56. 63.100
  libavcodec     58.115.102 / 58.115.102
  libavformat    58. 65.101 / 58. 65.101
  libavdevice    58. 11.103 / 58. 11.103
  libavfilter     7. 95.100 /  7. 95.100
  libswscale      5.  8.100 /  5.  8.100
  libswresample   3.  8.100 /  3.  8.100
  libpostproc    55.  8.100 / 55.  8.100
Input #0, lavfi, from 'nullsrc=size=7680x4320:rate=60':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 7680x4320 [SAR 1:1 DAR 16:9], 60 tbr, 60 tbn, 60 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> dnxhd (native))
Press [q] to stop, [?] for help
==208942== Warning: set address range perms: large range [0x108fbb080, 0x148538280) (undefined)
==208942== Warning: set address range perms: large range [0x148539080, 0x187ab6280) (undefined)
==208942== Warning: set address range perms: large range [0x187ab7080, 0x1c7034280) (undefined)
==208942== Warning: set address range perms: large range [0x1c7035080, 0x2065b2280) (undefined)
==208942== Warning: set address range perms: large range [0x2065b3080, 0x245b30280) (undefined)
==208942== Warning: set address range perms: large range [0x246732080, 0x285caf280) (undefined)
==208942== Warning: set address range perms: large range [0x2868b1080, 0x2c5e2e280) (undefined)
==208942== Warning: set address range perms: large range [0x2c6a30080, 0x305fad280) (undefined)
==208942== Warning: set address range perms: large range [0x306baf080, 0x34612c280) (undefined)
==208942== Warning: set address range perms: large range [0x346d2e080, 0x3862ab280) (undefined)
==208942== Warning: set address range perms: large range [0x386ead080, 0x3c642a280) (undefined)
==208942== Warning: set address range perms: large range [0x3c6c2c080, 0x4061a9280) (undefined)
==208942== Warning: set address range perms: large range [0x406dab080, 0x446328280) (undefined)
==208942== Warning: set address range perms: large range [0x446f2a080, 0x4864a7280) (undefined)
==208942== Warning: set address range perms: large range [0x4870a9080, 0x4c6626280) (undefined)
==208942== Warning: set address range perms: large range [0x4c7228080, 0x5067a5280) (undefined)
==208942== Warning: set address range perms: large range [0x5073a7080, 0x546924280) (undefined)
==208942== Warning: set address range perms: large range [0x547526080, 0x586aa3280) (undefined)
==208942== Warning: set address range perms: large range [0x5872a5080, 0x5c6822280) (undefined)
==208942== Warning: set address range perms: large range [0x5c7424080, 0x6069a1280) (undefined)
==208942== Warning: set address range perms: large range [0x6075a3080, 0x646b20280) (undefined)
==208942== Warning: set address range perms: large range [0x647722080, 0x686c9f280) (undefined)
==208942== Warning: set address range perms: large range [0x6878a1080, 0x6c6e1e280) (undefined)
==208942== Warning: set address range perms: large range [0x6c7a20080, 0x706f9d280) (undefined)
==208942== Warning: set address range perms: large range [0x707b9f080, 0x74711c280) (undefined)
==208942== Warning: set address range perms: large range [0x74791e080, 0x786e9b280) (undefined)
==208942== Warning: set address range perms: large range [0x787a9d080, 0x7c701a280) (undefined)
==208942== Warning: set address range perms: large range [0x7c7c1c080, 0x807199280) (undefined)
==208942== Warning: set address range perms: large range [0x807d9b080, 0x847318280) (undefined)
==208942== Warning: set address range perms: large range [0x847f1a080, 0x887497280) (undefined)
==208942== Warning: set address range perms: large range [0x888099080, 0x8c7616280) (undefined)
==208942== Warning: set address range perms: large range [0x8c8218080, 0x907795280) (undefined)
==208942== Warning: set address range perms: large range [0x908397080, 0x947914280) (undefined)
==208942== Warning: set address range perms: large range [0x948116080, 0x987693280) (undefined)
==208942== Warning: set address range perms: large range [0x988295080, 0x9c7812280) (undefined)
==208942== Warning: set address range perms: large range [0x9c8414080, 0xa07991280) (undefined)
==208942== Warning: set address range perms: large range [0xa08593080, 0xa47b10280) (undefined)
==208942== Warning: set address range perms: large range [0xa48712080, 0xa87c8f280) (undefined)
==208942== Warning: set address range perms: large range [0xa88891080, 0xac7e0e280) (undefined)
==208942== Warning: set address range perms: large range [0xac8a10080, 0xb07f8d280) (undefined)
==208942== Warning: set address range perms: large range [0xb0878f080, 0xb47d0c280) (undefined)
==208942== Warning: set address range perms: large range [0xb4890e080, 0xb87e8b280) (undefined)
==208942== Warning: set address range perms: large range [0xb88a8d080, 0xbc800a280) (undefined)
==208942== Warning: set address range perms: large range [0xbc8c0c080, 0xc08189280) (undefined)
==208942== Warning: set address range perms: large range [0xc08d8b080, 0xc48308280) (undefined)
==208942== Warning: set address range perms: large range [0xc48f0a080, 0xc88487280) (undefined)
==208942== Warning: set address range perms: large range [0xc89089080, 0xcc8606280) (undefined)
==208942== Warning: set address range perms: large range [0xcc8e08080, 0xd08385280) (undefined)
==208942== Warning: set address range perms: large range [0xd08f87080, 0xd48504280) (undefined)
==208942== Warning: set address range perms: large range [0xd49106080, 0xd88683280) (undefined)
==208942== Warning: set address range perms: large range [0xd89285080, 0xdc8802280) (undefined)
==208942== Warning: set address range perms: large range [0xdc9404080, 0xe08981280) (undefined)
==208942== Warning: set address range perms: large range [0xe09583080, 0xe48b00280) (undefined)
==208942== Warning: set address range perms: large range [0xe49702080, 0xe88c7f280) (undefined)
==208942== Warning: set address range perms: large range [0xe89881080, 0xec8dfe280) (undefined)
==208942== Warning: set address range perms: large range [0xec9600080, 0xf08b7d280) (undefined)
==208942== Warning: set address range perms: large range [0xf0977f080, 0xf48cfc280) (undefined)
==208942== Warning: set address range perms: large range [0xf498fe080, 0xf88e7b280) (undefined)
==208942== Warning: set address range perms: large range [0xf89a7d080, 0xfc8ffa280) (undefined)
==208942== Warning: set address range perms: large range [0x1415dc7080, 0x1455344280) (undefined)
==208942== Warning: set address range perms: large range [0x1465485080, 0x14a4a02280) (undefined)
==208942== Warning: set address range perms: large range [0x14b4b4b080, 0x14f40c8280) (undefined)
==208942== Warning: set address range perms: large range [0x1504211080, 0x154378e280) (undefined)
==208942== Warning: set address range perms: large range [0x15538cb080, 0x1592e48280) (undefined)
==208942== Warning: set address range perms: large range [0x15a2f91080, 0x15e250e280) (undefined)
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf58.65.101
    Stream #0:0: Video: dnxhd (DNXHR 444) (AVdh / 0x68645641), yuv444p10le(tv, progressive), 7680x4320 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc58.115.102 dnxhd
==208942== Thread 451:0.0 size=N/A time=00:00:00.00 bitrate=N/A speed=   0x    
==208942== Invalid write of size 8
==208942==    at 0x4C3865E: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x74F369: memset (string_fortified.h:71)
==208942==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942==  Address 0xfcf588be0 is 30,964,576 bytes inside a block of size 30,964,580 alloc'd
==208942==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x1074A34: av_malloc (mem.c:86)
==208942==    by 0x1074C59: av_mallocz (mem.c:239)
==208942==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==208942==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==208942==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==208942==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942== 
==208942== Invalid write of size 8
==208942==    at 0x4C38662: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x74F369: memset (string_fortified.h:71)
==208942==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942==  Address 0xfcf588be8 is 4 bytes after a block of size 30,964,580 alloc'd
==208942==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x1074A34: av_malloc (mem.c:86)
==208942==    by 0x1074C59: av_mallocz (mem.c:239)
==208942==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==208942==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==208942==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==208942==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942== 
==208942== Invalid write of size 8
==208942==    at 0x4C38657: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x74F369: memset (string_fortified.h:71)
==208942==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942==  Address 0xfcf588bf0 is 12 bytes after a block of size 30,964,580 alloc'd
==208942==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x1074A34: av_malloc (mem.c:86)
==208942==    by 0x1074C59: av_mallocz (mem.c:239)
==208942==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==208942==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==208942==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==208942==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942== 
==208942== Invalid write of size 8
==208942==    at 0x4C3865A: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x74F369: memset (string_fortified.h:71)
==208942==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942==  Address 0xfcf588bf8 is 20 bytes after a block of size 30,964,580 alloc'd
==208942==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x1074A34: av_malloc (mem.c:86)
==208942==    by 0x1074C59: av_mallocz (mem.c:239)
==208942==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==208942==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==208942==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==208942==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942== 
==208942== 
==208942== Process terminating with default action of signal 11 (SIGSEGV)
==208942==  Access not within mapped region at address 0xFCF589000
==208942==    at 0x4C3865E: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==208942==    by 0x74F369: memset (string_fortified.h:71)
==208942==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==208942==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==208942==    by 0x5D216DA: start_thread (pthread_create.c:463)
==208942==    by 0xA24A71E: clone (clone.S:95)
==208942==  If you believe this happened as a result of a stack
==208942==  overflow in your program's main thread (unlikely but
==208942==  possible), you can try to increase the size of the
==208942==  main thread stack using the --main-stacksize= flag.
==208942==  The main thread stack size used in this run was 8388608.
==208942== 
==208942== HEAP SUMMARY:
==208942==     in use at exit: 69,642,898,675 bytes in 3,668 blocks
==208942==   total heap usage: 8,753 allocs, 5,085 frees, 69,695,508,041 bytes allocated
==208942== 
==208942== LEAK SUMMARY:
==208942==    definitely lost: 0 bytes in 0 blocks
==208942==    indirectly lost: 0 bytes in 0 blocks
==208942==      possibly lost: 172,032 bytes in 512 blocks
==208942==    still reachable: 69,642,726,643 bytes in 3,156 blocks
==208942==         suppressed: 0 bytes in 0 blocks
==208942== Rerun with --leak-check=full to see details of leaked memory
==208942== 
==208942== For counts of detected and suppressed errors, rerun with: -v
==208942== ERROR SUMMARY: 133 errors from 4 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)

Original problem with large 8K YUV file:

~/ffmpeg_sources/ffmpeg$ valgrind ./ffmpeg_g -f rawvideo -s:v 7680x4320 -r 60 -pix_fmt yuv444p10le -i /file0/video/codeccomp/8K_444/FollowCar_7680x4320_bt709l_444p_10b_60.yuv -c:v dnxhd -profile:v 5 -nitris_compat 1 -y FollowCar_7680x4320_bt709l_444p_10b_60_dnxhd.mxf
==57691== Memcheck, a memory error detector
==57691== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==57691== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==57691== Command: ./ffmpeg_g -f rawvideo -s:v 7680x4320 -r 60 -pix_fmt yuv444p10le -i /file0/video/codeccomp/8K_444/FollowCar_7680x4320_bt709l_444p_10b_60.yuv -c:v dnxhd -profile:v 5 -nitris_compat 1 -y FollowCar_7680x4320_bt709l_444p_10b_60_dnxhd.mxf
==57691== 
ffmpeg version N-100607-g9219ed213d Copyright (c) 2000-2021 the FFmpeg developers
  built with gcc 9 (Ubuntu 9.2.1-17ubuntu1~18.04.1)
  configuration: --prefix=/home/difs/ffmpeg_build --pkg-config-flags=--static --extra-cflags=-I/home/difs/ffmpeg_build/include --extra-ldflags=-L/home/difs/ffmpeg_build/lib --extra-libs='-lpthread -lm' --bindir=/home/difs/bin --enable-gpl --enable-gnutls --enable-libass --enable-libfdk-aac --enable-libfreetype --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-nonfree --enable-debug
  libavutil      56. 63.100 / 56. 63.100
  libavcodec     58.115.102 / 58.115.102
  libavformat    58. 65.101 / 58. 65.101
  libavdevice    58. 11.103 / 58. 11.103
  libavfilter     7. 95.100 /  7. 95.100
  libswscale      5.  8.100 /  5.  8.100
  libswresample   3.  8.100 /  3.  8.100
  libpostproc    55.  8.100 / 55.  8.100
[rawvideo @ 0x11b890c0] Estimating duration from bitrate, this may be inaccurate
Input #0, rawvideo, from '/file0/video/codeccomp/8K_444/FollowCar_7680x4320_bt709l_444p_10b_60.yuv':
  Duration: 00:01:00.00, start: 0.000000, bitrate: 95551488 kb/s
    Stream #0:0: Video: rawvideo (Y3[0][10] / 0xA003359), yuv444p10le, 7680x4320, 95551488 kb/s, 60 tbr, 60 tbn, 60 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> dnxhd (native))
Press [q] to stop, [?] for help
==57691== Warning: set address range perms: large range [0x8feaf080, 0xcf42c280) (undefined)
==57691== Warning: set address range perms: large range [0xd002e080, 0x10f5ab280) (undefined)
==57691== Warning: set address range perms: large range [0x1101ad080, 0x14f72a280) (undefined)
==57691== Warning: set address range perms: large range [0x15032c080, 0x18f8a9280) (undefined)
==57691== Warning: set address range perms: large range [0x1904ab080, 0x1cfa28280) (undefined)
==57691== Warning: set address range perms: large range [0x1d022a080, 0x20f7a7280) (undefined)
==57691== Warning: set address range perms: large range [0x2103a9080, 0x24f926280) (undefined)
==57691== Warning: set address range perms: large range [0x250528080, 0x28faa5280) (undefined)
==57691== Warning: set address range perms: large range [0x2906a7080, 0x2cfc24280) (undefined)
==57691== Warning: set address range perms: large range [0x2d0826080, 0x30fda3280) (undefined)
==57691== Warning: set address range perms: large range [0x3109a5080, 0x34ff22280) (undefined)
==57691== Warning: set address range perms: large range [0x350b24080, 0x3900a1280) (undefined)
==57691== Warning: set address range perms: large range [0x3908a3080, 0x3cfe20280) (undefined)
==57691== Warning: set address range perms: large range [0x3d0a22080, 0x40ff9f280) (undefined)
==57691== Warning: set address range perms: large range [0x410ba1080, 0x45011e280) (undefined)
==57691== Warning: set address range perms: large range [0x450d20080, 0x49029d280) (undefined)
==57691== Warning: set address range perms: large range [0x490e9f080, 0x4d041c280) (undefined)
==57691== Warning: set address range perms: large range [0x4d101e080, 0x51059b280) (undefined)
==57691== Warning: set address range perms: large range [0x51119d080, 0x55071a280) (undefined)
==57691== Warning: set address range perms: large range [0x55131c080, 0x590899280) (undefined)
==57691== Warning: set address range perms: large range [0x59109b080, 0x5d0618280) (undefined)
==57691== Warning: set address range perms: large range [0x5d121a080, 0x610797280) (undefined)
==57691== Warning: set address range perms: large range [0x611399080, 0x650916280) (undefined)
==57691== Warning: set address range perms: large range [0x651518080, 0x690a95280) (undefined)
==57691== Warning: set address range perms: large range [0x691697080, 0x6d0c14280) (undefined)
==57691== Warning: set address range perms: large range [0x6d1816080, 0x710d93280) (undefined)
==57691== Warning: set address range perms: large range [0x711995080, 0x750f12280) (undefined)
==57691== Warning: set address range perms: large range [0x751714080, 0x790c91280) (undefined)
==57691== Warning: set address range perms: large range [0x791893080, 0x7d0e10280) (undefined)
==57691== Warning: set address range perms: large range [0x7d1a12080, 0x810f8f280) (undefined)
==57691== Warning: set address range perms: large range [0x811b91080, 0x85110e280) (undefined)
==57691== Warning: set address range perms: large range [0x851d10080, 0x89128d280) (undefined)
==57691== Warning: set address range perms: large range [0x891e8f080, 0x8d140c280) (undefined)
==57691== Warning: set address range perms: large range [0x8d200e080, 0x91158b280) (undefined)
==57691== Warning: set address range perms: large range [0x911d8d080, 0x95130a280) (undefined)
==57691== Warning: set address range perms: large range [0x951f0c080, 0x991489280) (undefined)
==57691== Warning: set address range perms: large range [0x99208b080, 0x9d1608280) (undefined)
==57691== Warning: set address range perms: large range [0x9d220a080, 0xa11787280) (undefined)
==57691== Warning: set address range perms: large range [0xa12389080, 0xa51906280) (undefined)
==57691== Warning: set address range perms: large range [0xa52508080, 0xa91a85280) (undefined)
==57691== Warning: set address range perms: large range [0xa92687080, 0xad1c04280) (undefined)
==57691== Warning: set address range perms: large range [0xad2406080, 0xb11983280) (undefined)
==57691== Warning: set address range perms: large range [0xb12585080, 0xb51b02280) (undefined)
==57691== Warning: set address range perms: large range [0xb52704080, 0xb91c81280) (undefined)
==57691== Warning: set address range perms: large range [0xb92883080, 0xbd1e00280) (undefined)
==57691== Warning: set address range perms: large range [0xbd2a02080, 0xc11f7f280) (undefined)
==57691== Warning: set address range perms: large range [0xc12b81080, 0xc520fe280) (undefined)
==57691== Warning: set address range perms: large range [0xc52d00080, 0xc9227d280) (undefined)
==57691== Warning: set address range perms: large range [0xc92e7f080, 0xcd23fc280) (undefined)
==57691== Warning: set address range perms: large range [0xcd2bfe080, 0xd1217b280) (undefined)
==57691== Warning: set address range perms: large range [0xd12d7d080, 0xd522fa280) (undefined)
==57691== Warning: set address range perms: large range [0xd52efc080, 0xd92479280) (undefined)
==57691== Warning: set address range perms: large range [0xd9307b080, 0xdd25f8280) (undefined)
==57691== Warning: set address range perms: large range [0xdd31fa080, 0xe12777280) (undefined)
==57691== Warning: set address range perms: large range [0xe13379080, 0xe528f6280) (undefined)
==57691== Warning: set address range perms: large range [0xe534f8080, 0xe92a75280) (undefined)
==57691== Warning: set address range perms: large range [0xe93277080, 0xed27f4280) (undefined)
==57691== Warning: set address range perms: large range [0xed33f6080, 0xf12973280) (undefined)
==57691== Warning: set address range perms: large range [0xf13575080, 0xf52af2280) (undefined)
==57691== Warning: set address range perms: large range [0xf536f4080, 0xf92c71280) (undefined)
==57691== Warning: set address range perms: large range [0xf93873080, 0xfd2df0280) (undefined)
==57691== Warning: set address range perms: large range [0x1406df3080, 0x1446370280) (undefined)
==57691== Warning: set address range perms: large range [0x14564b5080, 0x1495a32280) (undefined)
==57691== Warning: set address range perms: large range [0x14a5b7b080, 0x14e50f8280) (undefined)
==57691== Warning: set address range perms: large range [0x14f523d080, 0x15347ba280) (undefined)
Output #0, mxf, to 'FollowCar_7680x4320_bt709l_444p_10b_60_dnxhd.mxf':
  Metadata:
    encoder         : Lavf58.65.101
    Stream #0:0: Video: dnxhd (DNXHR 444) (AVdh / 0x68645641), yuv444p10le(progressive), 7680x4320, q=2-31, 200 kb/s, 60 fps, 60 tbn
    Metadata:
      encoder         : Lavc58.115.102 dnxhd
==57691== Thread 285:=1.0 size=12579584kB time=00:00:07.36 bitrate=13988952.1kbits/s speed=0.00138x     
==57691== Invalid write of size 8
==57691==    at 0x4C3865E: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x74F369: memset (string_fortified.h:71)
==57691==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691==  Address 0x15b3d36be0 is 30,964,576 bytes inside a block of size 30,964,580 alloc'd
==57691==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x1074A34: av_malloc (mem.c:86)
==57691==    by 0x1074C59: av_mallocz (mem.c:239)
==57691==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==57691==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==57691==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==57691==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691== 
==57691== Invalid write of size 8
==57691==    at 0x4C38662: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x74F369: memset (string_fortified.h:71)
==57691==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691==  Address 0x15b3d36be8 is 4 bytes after a block of size 30,964,580 alloc'd
==57691==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x1074A34: av_malloc (mem.c:86)
==57691==    by 0x1074C59: av_mallocz (mem.c:239)
==57691==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==57691==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==57691==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==57691==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691== 
==57691== Invalid write of size 8
==57691==    at 0x4C38657: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x74F369: memset (string_fortified.h:71)
==57691==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691==  Address 0x15b3d36bf0 is 12 bytes after a block of size 30,964,580 alloc'd
==57691==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x1074A34: av_malloc (mem.c:86)
==57691==    by 0x1074C59: av_mallocz (mem.c:239)
==57691==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==57691==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==57691==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==57691==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691== 
==57691== Invalid write of size 8
==57691==    at 0x4C3865A: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x74F369: memset (string_fortified.h:71)
==57691==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691==  Address 0x15b3d36bf8 is 20 bytes after a block of size 30,964,580 alloc'd
==57691==    at 0x4C33E76: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x4C33F91: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x1074A34: av_malloc (mem.c:86)
==57691==    by 0x1074C59: av_mallocz (mem.c:239)
==57691==    by 0xAACB5F: ff_fast_malloc (mem_internal.h:150)
==57691==    by 0xAACB5F: av_fast_padded_malloc (utils.c:80)
==57691==    by 0x785880: ff_alloc_packet2 (encode.c:44)
==57691==    by 0x74EB95: dnxhd_encode_picture (dnxhdenc.c:1273)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691== 
==57691== 
==57691== More than 10000000 total errors detected.  I'm not reporting any more.
==57691== Final error counts will be inaccurate.  Go fix your program!
==57691== Rerun with --error-limit=no to disable this cutoff.  Note
==57691== that errors may occur in your program without prior warning from
==57691== Valgrind, because errors are no longer being displayed.
==57691== 
==57691== 
==57691== Process terminating with default action of signal 11 (SIGSEGV)
==57691==  Access not within mapped region at address 0x15BD19F000
==57691==    at 0x4C3865E: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==57691==    by 0x74F369: memset (string_fortified.h:71)
==57691==    by 0x74F369: dnxhd_encode_picture (dnxhdenc.c:1310)
==57691==    by 0x7D9D7D: worker (frame_thread_encoder.c:89)
==57691==    by 0x5D216DA: start_thread (pthread_create.c:463)
==57691==    by 0xA24A71E: clone (clone.S:95)
==57691==  If you believe this happened as a result of a stack
==57691==  overflow in your program's main thread (unlikely but
==57691==  possible), you can try to increase the size of the
==57691==  main thread stack using the --main-stacksize= flag.
==57691==  The main thread stack size used in this run was 8388608.
==57691== 
==57691== HEAP SUMMARY:
==57691==     in use at exit: 71,721,373,916 bytes in 3,048 blocks
==57691==   total heap usage: 15,276 allocs, 12,228 frees, 172,591,158,975 bytes allocated
==57691== 
==57691== LEAK SUMMARY:
==57691==    definitely lost: 216 bytes in 5 blocks
==57691==    indirectly lost: 0 bytes in 0 blocks
==57691==      possibly lost: 96,768 bytes in 288 blocks
==57691==    still reachable: 71,721,276,932 bytes in 2,755 blocks
==57691==         suppressed: 0 bytes in 0 blocks
==57691== Rerun with --leak-check=full to see details of leaked memory
==57691== 
==57691== For counts of detected and suppressed errors, rerun with: -v
==57691== ERROR SUMMARY: 10000000 errors from 4 contexts (suppressed: 0 from 0)

System:

4x Intel(R) Xeon(R) Platinum 8176 CPU @ 2.10GHz

~/ffmpeg_sources/ffmpeg$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.3 LTS
Release:	18.04
Codename:	bionic

~/ffmpeg_sources/ffmpeg$ free -m
              total        used        free      shared  buff/cache   available
Mem:         385380        3066       88597          19      293715      379040
Swap:          8191           7        8184

Change History (1)

comment:1 by Carl Eugen Hoyos, 7 months ago

Component: undeterminedavcodec
Keywords: dnxhd crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set

This command line also allows to reproduce but needs less memory (I was unable to reproduce with 4k input):

$ ffmpeg -f lavfi -i nullsrc=size=5760x3240:rate=60 -vf "geq=random(1)*255:128:128" -threads 1 -pix_fmt yuv444p10le -c:v dnxhd -profile:v 5 -f null -

The following patch illustrates the issue, sum of slize_size[] is bigger than coding_unit_size:

diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c
index 2461c51727..2b3170c56a 100644
--- a/libavcodec/dnxhdenc.c
+++ b/libavcodec/dnxhdenc.c
@@ -1304,7 +1304,7 @@ encode_coding_unit:
 
     avctx->execute2(avctx, dnxhd_encode_thread, buf, NULL, ctx->m.mb_height);
 
-    av_assert1(ctx->data_offset + offset + 4 <= ctx->coding_unit_size);
+    av_assert0(ctx->data_offset + offset + 4 <= ctx->coding_unit_size);
     memset(buf + ctx->data_offset + offset, 0,
            ctx->coding_unit_size - 4 - offset - ctx->data_offset);
 
Note: See TracTickets for help on using tickets.