[FFmpeg-devel] Fuzzing ffmpeg (demuxers/codecs)
Laurent Aimar
fenrir at elivagar.org
Mon Sep 12 00:33:59 CEST 2011
Hi,
I have started playing a bit with fuzzing on ffmpeg (as it is used in
VLC).
I have used the fate-suite samples (make fate-rsync SAMPLES=fate-suite/)
(this way they are available to everyone)
I have used zuff as a fuzzing tool, the attached path to ffmpeg
(ffmpeg-fuzz.patch) and my get_bits.h overread checks patch.
ffmpeg-fuzz.patch is in now way intented to be commited but I provide
it for allowing to reproduce my tests.
The result are stored in the attached log.txt files which should be self
explaining. There is a backtrace and sometime a valgrind log for each
file having an issue.
The command line used is: ffmpeg -i "$FILE" -f null -
While I have done my tests using ffmpeg they probably also apply to libav
fork.
Regards,
--
fenrir
-------------- next part --------------
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/bink/binkaudio_rdft.bik" | zzuf -r0.0001:0.02 -b8- -s0
# Valgrind
==31343== Invalid read of size 8
==31343== at 0x9D8380: put_pixels8_mmx (dsputil_mmx.c:393)
==31343== by 0x57C33D: bink_decode_plane (bink.c:995)
==31343== by 0x57D2DC: decode_frame (bink.c:1188)
==31343== by 0x927948: avcodec_decode_video2 (utils.c:769)
==31343== by 0x409FC6: output_packet (ffmpeg.c:1715)
==31343== by 0x40D8D2: transcode (ffmpeg.c:2580)
==31343== by 0x413AE0: main (ffmpeg.c:4533)
==31343== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009d7f40 in put_pixels8_mmx (
#0 0x00000000009d7f40 in put_pixels8_mmx (
#1 0x000000000057c2c6 in bink_decode_plane (c=0x3018c60, gb=0x7fffc24d0fd0, plane_idx=0, is_chroma=0) at libavcodec/bink.c:995
#2 0x000000000057d265 in decode_frame (avctx=0x30046c0, data=0x7fffc24d1350, data_size=0x7fffc24d14cc, pkt=0x7fffc24d12c0) at libavcodec/bink.c:1188
#3 0x0000000000927809 in avcodec_decode_video2 (avctx=0x30046c0, picture=0x7fffc24d1350, got_picture_ptr=0x7fffc24d14cc, avpkt=0x7fffc24d12c0) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x300a3b0, ist_index=0, ost_table=0x3017d30, nb_ostreams=2, pkt=0x7fffc24d2820) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x3002d10, nb_output_files=1, input_files=0x300a2f0, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffc24d2b98) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/bink/hol2br.bik" | zzuf -r0.0001:0.02 -b8- -s0
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/bink/hol2br.bik" | zzuf -r0.0001:0.02 -b8- -s2
# Valgrind
==31445== Invalid read of size 8
==31445== at 0x9D8380: put_pixels8_mmx (dsputil_mmx.c:393)
==31445== by 0x57C33D: bink_decode_plane (bink.c:995)
==31445== by 0x57D2DC: decode_frame (bink.c:1188)
==31445== by 0x927948: avcodec_decode_video2 (utils.c:769)
==31445== by 0x409FC6: output_packet (ffmpeg.c:1715)
==31445== by 0x40D8D2: transcode (ffmpeg.c:2580)
==31445== by 0x413AE0: main (ffmpeg.c:4533)
==31445== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009d7f40 in put_pixels8_mmx (
#0 0x00000000009d7f40 in put_pixels8_mmx (
#1 0x000000000057c2c6 in bink_decode_plane (c=0x1fb9b80, gb=0x7fffa50dca30, plane_idx=0, is_chroma=0) at libavcodec/bink.c:995
#2 0x000000000057d265 in decode_frame (avctx=0x1fb76c0, data=0x7fffa50dcdb0, data_size=0x7fffa50dcf2c, pkt=0x7fffa50dcd20) at libavcodec/bink.c:1188
#3 0x0000000000927809 in avcodec_decode_video2 (avctx=0x1fb76c0, picture=0x7fffa50dcdb0, got_picture_ptr=0x7fffa50dcf2c, avpkt=0x7fffa50dcd20) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1fb5f70, ist_index=0, ost_table=0x1fb67b0, nb_ostreams=1, pkt=0x7fffa50de280) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x1fb6bf0, nb_output_files=1, input_files=0x1fb5fd0, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffa50de5f8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/real/spygames-2MB.rmvb" | zzuf -r0.0001:0.02 -b8- -s2
# Valgrind
==31595== Invalid read of size 8
==31595== at 0x8B25A0: rv34_mc (rv34.c:759)
==31595== by 0x8B2FC3: rv34_mc_2mv (rv34.c:844)
==31595== by 0x8B3734: rv34_decode_mv (rv34.c:923)
==31595== by 0x8B06C4: rv34_decode_mb_header (rv34.c:457)
==31595== by 0x8B586B: rv34_decode_macroblock (rv34.c:1212)
==31595== by 0x8B686B: rv34_decode_slice (rv34.c:1363)
==31595== by 0x8B72C9: ff_rv34_decode_frame (rv34.c:1523)
==31595== by 0x927948: avcodec_decode_video2 (utils.c:769)
==31595== by 0x409FC6: output_packet (ffmpeg.c:1715)
==31595== by 0x40D8D2: transcode (ffmpeg.c:2580)
==31595== by 0x413AE0: main (ffmpeg.c:4533)
==31595== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000008b2514 in rv34_mc (r=0x2669aa0, block_type=6, xoff=0, yoff=0, mv_off=0, width=2, height=2, dir=0, thirdpel=0, weighted=1, qpel_mc=0x266d080, chroma_mc=0x266d480) at libavcodec/rv34.c:759
#0 0x00000000008b2514 in rv34_mc (r=0x2669aa0, block_type=6, xoff=0, yoff=0, mv_off=0, width=2, height=2, dir=0, thirdpel=0, weighted=1, qpel_mc=0x266d080, chroma_mc=0x266d480) at libavcodec/rv34.c:759
#1 0x00000000008b2f38 in rv34_mc_2mv (r=0x2669aa0, block_type=6) at libavcodec/rv34.c:844
#2 0x00000000008b36a9 in rv34_decode_mv (r=0x2669aa0, block_type=6) at libavcodec/rv34.c:923
#3 0x00000000008b0639 in rv34_decode_mb_header (r=0x2669aa0,
#4 0x00000000008b57e0 in rv34_decode_macroblock (r=0x2669aa0,
#5 0x00000000008b67e0 in rv34_decode_slice (r=0x2669aa0, end=360, buf=0x269b5d1 "J )", <incomplete sequence \340>, buf_size=7) at libavcodec/rv34.c:1363
#6 0x00000000008b723e in ff_rv34_decode_frame (avctx=0x263f340, data=0x7ffff418caf0, data_size=0x7ffff418cc6c, avpkt=0x7ffff418ca60) at libavcodec/rv34.c:1523
#7 0x0000000000927809 in avcodec_decode_video2 (avctx=0x263f340, picture=0x7ffff418caf0, got_picture_ptr=0x7ffff418cc6c, avpkt=0x7ffff418ca60) at libavcodec/utils.c:769
#8 0x000000000040a00c in output_packet (ist=0x263dc40, ist_index=1, ost_table=0x263e880, nb_ostreams=2, pkt=0x7ffff418dfc0) at ffmpeg.c:1711
#9 0x000000000040d918 in transcode (output_files=0x262dd80, nb_output_files=1, input_files=0x262cfc0, nb_input_files=1) at ffmpeg.c:2576
#10 0x0000000000413b26 in main (argc=8, argv=0x7ffff418e338) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/tiertex-seq/Gameover.seq" | zzuf -r0.0001:0.02 -b8- -s0
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/tiertex-seq/Gameover.seq" | zzuf -r0.0001:0.02 -b8- -s2
# Valgrind
==408== Invalid read of size 1
==408== at 0x90D36D: seq_decode_op1 (tiertexseqv.c:101)
==408== by 0x90D63A: seqvideo_decode (tiertexseqv.c:163)
==408== by 0x90D7C5: seqvideo_decode_frame (tiertexseqv.c:205)
==408== by 0x927948: avcodec_decode_video2 (utils.c:769)
==408== by 0x409FC6: output_packet (ffmpeg.c:1715)
==408== by 0x40D8D2: transcode (ffmpeg.c:2580)
==408== by 0x413AE0: main (ffmpeg.c:4533)
==408== Address 0x775f3cb is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x000000000090d22d in seq_decode_op1 (seq=0x19070a0,
#0 0x000000000090d22d in seq_decode_op1 (seq=0x19070a0,
#1 0x000000000090d4fb in seqvideo_decode (seq=0x19070a0, data=0x1936e49 "", data_size=10966) at libavcodec/tiertexseqv.c:163
#2 0x000000000090d686 in seqvideo_decode_frame (avctx=0x1931240, data=0x7fff717a7eb0, data_size=0x7fff717a802c, avpkt=0x7fff717a7e20) at libavcodec/tiertexseqv.c:205
#3 0x0000000000927809 in avcodec_decode_video2 (avctx=0x1931240, picture=0x7fff717a7eb0, got_picture_ptr=0x7fff717a802c, avpkt=0x7fff717a7e20) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1931fa0, ist_index=0, ost_table=0x1906450, nb_ostreams=2, pkt=0x7fff717a9380) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x18fe520, nb_output_files=1, input_files=0x1932050, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff717a96f8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVPA1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s1
# Valgrind
==698== Invalid free() / delete / delete[]
==698== at 0x4C240FD: free (vg_replace_malloc.c:366)
==698== by 0xBB2A95: av_free (mem.c:152)
==698== by 0xBB2ABD: av_freep (mem.c:159)
==698== by 0x81DBF7: free_picture (mpegvideo.c:350)
==698== by 0x820CC4: MPV_common_end (mpegvideo.c:859)
==698== by 0x698EF9: ff_h264_decode_end (h264.c:4035)
==698== by 0x927EB5: avcodec_close (utils.c:884)
==698== by 0x40DBC0: transcode (ffmpeg.c:2634)
==698== by 0x413AE0: main (ffmpeg.c:4533)
==698== Address 0x3600000036 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 *__GI___libc_free (mem=0x3600000036) at malloc.c:3710
#0 *__GI___libc_free (mem=0x3600000036) at malloc.c:3710
#1 0x0000000000bb2696 in av_free (ptr=0x3600000036) at libavutil/mem.c:152
#2 0x0000000000bb26be in av_freep (arg=0x2f985f8) at libavutil/mem.c:159
#3 0x000000000081db6c in free_picture (s=0x2f4c8e0, pic=0x2f98310) at libavcodec/mpegvideo.c:350
#4 0x0000000000820c39 in MPV_common_end (s=0x2f4c8e0) at libavcodec/mpegvideo.c:859
#5 0x0000000000698e6e in ff_h264_decode_end (avctx=0x2e6ab60) at libavcodec/h264.c:4035
#6 0x0000000000927d76 in avcodec_close (avctx=0x2e6ab60) at libavcodec/utils.c:884
#7 0x000000000040dc06 in transcode (output_files=0x30eb990, nb_output_files=1, input_files=0x2e3d550, nb_input_files=1) at ffmpeg.c:2630
#8 0x0000000000413b26 in main (argc=8, argv=0x7ffff570ec98) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAMANL1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s3
# Valgrind
==707== Invalid read of size 8
==707== at 0x692FD0: decode_slice_header (h264.c:3028)
==707== by 0x6982A9: decode_nal_units (h264.c:3694)
==707== by 0x698C8C: decode_frame (h264.c:3881)
==707== by 0x927948: avcodec_decode_video2 (utils.c:769)
==707== by 0x409FC6: output_packet (ffmpeg.c:1715)
==707== by 0x40D8D2: transcode (ffmpeg.c:2580)
==707== by 0x413AE0: main (ffmpeg.c:4533)
==707== Address 0x30 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000692f44 in decode_slice_header (h=0x279bc80, h0=0x279bc80) at libavcodec/h264.c:3028
#0 0x0000000000692f44 in decode_slice_header (h=0x279bc80, h0=0x279bc80) at libavcodec/h264.c:3028
#1 0x000000000069821e in decode_nal_units (h=0x279bc80, buf=0x287a5a0 "", buf_size=15792) at libavcodec/h264.c:3694
#2 0x0000000000698c01 in decode_frame (avctx=0x26a2ea0, data=0x7fff923424a0, data_size=0x7fff9234261c, avpkt=0x7fff92342410) at libavcodec/h264.c:3881
#3 0x0000000000927809 in avcodec_decode_video2 (avctx=0x26a2ea0, picture=0x7fff923424a0, got_picture_ptr=0x7fff9234261c, avpkt=0x7fff92342410) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x26a3c30, ist_index=0, ost_table=0x26ba3d0, nb_ostreams=1, pkt=0x7fff92343970) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x28996d0, nb_output_files=1, input_files=0x26a0870, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff92343ce8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVMA1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s2
# Backtrace
#0 0x0000000000692f44 in decode_slice_header (h=0x24d5500, h0=0x24d5500) at libavcodec/h264.c:3028
#0 0x0000000000692f44 in decode_slice_header (h=0x24d5500, h0=0x24d5500) at libavcodec/h264.c:3028
#1 0x000000000069821e in decode_nal_units (h=0x24d5500, buf=0x268f320 "", buf_size=14898) at libavcodec/h264.c:3694
#2 0x0000000000698c01 in decode_frame (avctx=0x24b3b60, data=0x7fffba2af6b0, data_size=0x7fffba2af82c, avpkt=0x7fffba2af620) at libavcodec/h264.c:3881
#3 0x0000000000927809 in avcodec_decode_video2 (avctx=0x24b3b60, picture=0x7fffba2af6b0, got_picture_ptr=0x7fffba2af82c, avpkt=0x7fffba2af620) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x257de30, ist_index=0, ost_table=0x25cf550, nb_ostreams=1, pkt=0x7fffba2b0b80) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x247f590, nb_output_files=1, input_files=0x2486550, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffba2b0ef8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/fli/jj00c2.fli" | zzuf -r0.0001:0.02 -b8- -s0
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/fli/jj00c2.fli" | zzuf -r0.0001:0.02 -b8- -s1
# Valgrind
==712== Invalid read of size 1
==712== at 0x64319C: flic_decode_frame_8BPP (flicvideo.c:358)
==712== by 0x644164: flic_decode_frame (flicvideo.c:718)
==712== by 0x927948: avcodec_decode_video2 (utils.c:769)
==712== by 0x409FC6: output_packet (ffmpeg.c:1715)
==712== by 0x40D8D2: transcode (ffmpeg.c:2580)
==712== by 0x413AE0: main (ffmpeg.c:4533)
==712== Address 0x7144692 is 0 bytes after a block of size 34,130 alloc'd
==712== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==712== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==712== by 0xBB2A02: av_malloc (mem.c:90)
==712== by 0x574580: av_new_packet (avpacket.c:64)
==712== by 0x49B89F: flic_read_packet (flic.c:220)
==712== by 0x532E16: av_read_packet (utils.c:738)
==712== by 0x534A12: read_frame_internal (utils.c:1208)
==712== by 0x538621: avformat_find_stream_info (utils.c:2385)
==712== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==712== by 0x414402: parse_option (cmdutils.c:265)
==712== by 0x41457F: parse_options (cmdutils.c:298)
==712== by 0x413A0A: main (ffmpeg.c:4513)
==712==
==712== Invalid read of size 1
==712== at 0x64331D: flic_decode_frame_8BPP (flicvideo.c:373)
==712== by 0x644164: flic_decode_frame (flicvideo.c:718)
==712== by 0x927948: avcodec_decode_video2 (utils.c:769)
==712== by 0x409FC6: output_packet (ffmpeg.c:1715)
==712== by 0x40D8D2: transcode (ffmpeg.c:2580)
==712== by 0x413AE0: main (ffmpeg.c:4533)
==712== Address 0x71446d9 is not stack'd, malloc'd or (recently) free'd
==712==
==712== Invalid read of size 1
==712== at 0x6431C7: flic_decode_frame_8BPP (flicvideo.c:360)
==712== by 0x644164: flic_decode_frame (flicvideo.c:718)
==712== by 0x927948: avcodec_decode_video2 (utils.c:769)
==712== by 0x409FC6: output_packet (ffmpeg.c:1715)
==712== by 0x40D8D2: transcode (ffmpeg.c:2580)
==712== by 0x413AE0: main (ffmpeg.c:4533)
==712== Address 0x7144775 is 53 bytes inside a block of size 96 free'd
==712== at 0x4C240FD: free (vg_replace_malloc.c:366)
==712== by 0xBB2A95: av_free (mem.c:152)
==712== by 0x5351C1: av_read_frame (utils.c:1313)
==712== by 0x40D2B6: transcode (ffmpeg.c:2520)
==712== by 0x413AE0: main (ffmpeg.c:4533)
# Backtrace
#0 0x0000000000643110 in flic_decode_frame_8BPP (avctx=0x291b500, data=0x7fff869b9d20, data_size=0x7fff869b9e9c, buf=0x2929c00 "B\205", buf_size=34114) at libavcodec/flicvideo.c:358
#0 0x0000000000643110 in flic_decode_frame_8BPP (avctx=0x291b500, data=0x7fff869b9d20, data_size=0x7fff869b9e9c, buf=0x2929c00 "B\205", buf_size=34114) at libavcodec/flicvideo.c:358
#1 0x00000000006440d9 in flic_decode_frame (avctx=0x291b500, data=0x7fff869b9d20, data_size=0x7fff869b9e9c, avpkt=0x7fff869b9c90) at libavcodec/flicvideo.c:718
#2 0x0000000000927809 in avcodec_decode_video2 (avctx=0x291b500, picture=0x7fff869b9d20, got_picture_ptr=0x7fff869b9e9c, avpkt=0x7fff869b9c90) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x291bac0, ist_index=0, ost_table=0x291bd30, nb_ostreams=1, pkt=0x7fff869bb1f0) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x291a9f0, nb_output_files=1, input_files=0x291c050, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fff869bb568) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/wc3movie/SC_32-part.MVE" | zzuf -r0.0001:0.02 -b8- -s0
# Valgrind
==717== Invalid read of size 1
==717== at 0x4C25F98: memcpy (mc_replace_strmem.c:497)
==717== by 0xA31255: xan_wc3_copy_pixel_run (xan.c:230)
==717== by 0xA3157B: xan_wc3_decode_frame (xan.c:338)
==717== by 0xA31C04: xan_decode_frame (xan.c:522)
==717== by 0x927948: avcodec_decode_video2 (utils.c:769)
==717== by 0x409FC6: output_packet (ffmpeg.c:1715)
==717== by 0x40D8D2: transcode (ffmpeg.c:2580)
==717== by 0x413AE0: main (ffmpeg.c:4533)
==717== Address 0xcd is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:191
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:191
#1 0x0000000000a30e56 in r (s=) at libavcodec/xan.c:230
#2 0x0000000000a3117c in x (s=) at libavcodec/xan.c:338
#3 0x0000000000a31805 in x (g=) at libavcodec/xan.c:522
#4 0x0000000000927809 in e (g=) at libavcodec/utils.c:769
#5 0x000000000040a00c in O (ist=) at ffmpeg.c:1711
#6 0x000000000040d918 in S (b_output_files=) at ffmpeg.c:2576
#7 0x0000000000413b26 in t_main (t=) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/flash-vp6/300x180-Scr-f8-056alpha.flv" | zzuf -r0.0001:0.02 -b8- -s2
# Valgrind
==722== Invalid read of size 8= -0kB time=00:00:00.00 bitrate= 0.0kbits/s
==722== at 0x9D8380: put_pixels8_mmx (dsputil_mmx.c:393)
==722== by 0x980AC4: vp56_decode_mb (vp56.c:422)
==722== by 0x9816B9: ff_vp56_decode_frame (vp56.c:592)
==722== by 0x927948: avcodec_decode_video2 (utils.c:769)
==722== by 0x409FC6: output_packet (ffmpeg.c:1715)
==722== by 0x40D8D2: transcode (ffmpeg.c:2580)
==722== by 0x413AE0: main (ffmpeg.c:4533)
==722== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009d7f60 in put_pixels8_mmx (block=0x2182668 "", pixels=0x0, line_size=352, h=8) at libavcodec/x86/dsputil_mmx.c:393
#0 0x00000000009d7f60 in put_pixels8_mmx (block=0x2182668 "", pixels=0x0, line_size=352, h=8) at libavcodec/x86/dsputil_mmx.c:393
#1 0x00000000009806a1 in vp56_decode_mb (s=0x2098b20, row=0, col=0, is_alpha=1) at libavcodec/vp56.c:422
#2 0x0000000000981296 in ff_vp56_decode_frame (avctx=0x20c6460, data=0x7fff50517ef0, data_size=0x7fff5051806c, avpkt=0x7fff50517e60) at libavcodec/vp56.c:592
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x20c6460, picture=0x7fff50517ef0, got_picture_ptr=0x7fff5051806c, avpkt=0x7fff50517e60) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x20c7340, ist_index=0, ost_table=0x20c59e0, nb_ostreams=1, pkt=0x7fff505193c0) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x20c6be0, nb_output_files=1, input_files=0x2098620, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff50519738) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-raw.sun" | zzuf -r0.0001:0.02 -b8- -s1
# Valgrind
==729== Invalid read of size 1
==729== at 0x4C25F98: memcpy (mc_replace_strmem.c:497)
==729== by 0x8F7BCE: sunrast_decode_frame (sunrast.c:166)
==729== by 0x927948: avcodec_decode_video2 (utils.c:769)
==729== by 0x409FC6: output_packet (ffmpeg.c:1715)
==729== by 0x40D8D2: transcode (ffmpeg.c:2580)
==729== by 0x413AE0: main (ffmpeg.c:4533)
==729== Address 0x71f40ff is 1,087 bytes inside a block of size 3,536 free'd
==729== at 0x4C240FD: free (vg_replace_malloc.c:366)
==729== by 0xBB2A95: av_free (mem.c:152)
==729== by 0xBB2ABD: av_freep (mem.c:159)
==729== by 0x92A7D7: avcodec_default_free_buffers (utils.c:1180)
==729== by 0x927EC2: avcodec_close (utils.c:885)
==729== by 0x538D7B: avformat_find_stream_info (utils.c:2474)
==729== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==729== by 0x414402: parse_option (cmdutils.c:265)
==729== by 0x41457F: parse_options (cmdutils.c:298)
==729== by 0x413A0A: main (ffmpeg.c:4513)
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:267
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:267
#1 0x00000000008f7aab in sunrast_decode_frame (avctx=0x31e17c0, data=0x7fff1bb6b8d0, data_size=0x7fff1bb6ba44, avpkt=0x3205940) at libavcodec/sunrast.c:166
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x31e17c0, picture=0x7fff1bb6b8d0, got_picture_ptr=0x7fff1bb6ba44, avpkt=0x3205940) at libavcodec/utils.c:769
#3 0x0000000000537a15 in try_decode_frame (st=0x31d68e0, avpkt=0x3205940, options=0x31d5620) at libavformat/utils.c:2161
#4 0x0000000000538c96 in avformat_find_stream_info (ic=0x31d5ee0, options=0x31d5620) at libavformat/utils.c:2464
#5 0x000000000040fc73 in opt_input_file (o=0x7fff1bb6beb0, opt=0x7fff1bb6ca24 "i", filename=0x7fff1bb6ca26 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-raw.sun") at ffmpeg.c:3235
#6 0x0000000000414447 in parse_option (optctx=0x7fff1bb6beb0, opt=0x7fff1bb6ca24 "i", arg=0x7fff1bb6ca26 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-raw.sun", options=0xbbd660) at cmdutils.c:265
#7 0x00000000004145c4 in parse_options (optctx=0x7fff1bb6beb0, argc=8, argv=0x7fff1bb6c068, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#8 0x0000000000413a50 in main (argc=8, argv=0x7fff1bb6c068) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-raw.sun" | zzuf -r0.0001:0.02 -b8- -s1
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:208
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:208
#1 0x00000000008f7aab in sunrast_decode_frame (avctx=0x2900720, data=0x7fff185fad60, data_size=0x7fff185faed4, avpkt=0x2923fc0) at libavcodec/sunrast.c:166
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2900720, picture=0x7fff185fad60, got_picture_ptr=0x7fff185faed4, avpkt=0x2923fc0) at libavcodec/utils.c:769
#3 0x0000000000537a15 in try_decode_frame (st=0x28f5920, avpkt=0x2923fc0, options=0x28f8ce0) at libavformat/utils.c:2161
#4 0x0000000000538c96 in avformat_find_stream_info (ic=0x28f4f00, options=0x28f8ce0) at libavformat/utils.c:2464
#5 0x000000000040fc73 in opt_input_file (o=0x7fff185fb340, opt=0x7fff185fca26 "i", filename=0x7fff185fca28 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-raw.sun") at ffmpeg.c:3235
#6 0x0000000000414447 in parse_option (optctx=0x7fff185fb340, opt=0x7fff185fca26 "i", arg=0x7fff185fca28 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-raw.sun", options=0xbbd660) at cmdutils.c:265
#7 0x00000000004145c4 in parse_options (optctx=0x7fff185fb340, argc=8, argv=0x7fff185fb4f8, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#8 0x0000000000413a50 in main (argc=8, argv=0x7fff185fb4f8) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-rle.sun" | zzuf -r0.0001:0.02 -b8- -s1
# Valgrind
==737== Invalid read of size 1
==737== at 0x8F7AAC: sunrast_decode_frame (sunrast.c:148)
==737== by 0x927948: avcodec_decode_video2 (utils.c:769)
==737== by 0x537A70: try_decode_frame (utils.c:2161)
==737== by 0x538CF1: avformat_find_stream_info (utils.c:2464)
==737== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==737== by 0x414402: parse_option (cmdutils.c:265)
==737== by 0x41457F: parse_options (cmdutils.c:298)
==737== by 0x413A0A: main (ffmpeg.c:4513)
==737== Address 0x7171048 is 0 bytes after a block of size 251,240 alloc'd
==737== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==737== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==737== by 0xBB2A02: av_malloc (mem.c:90)
==737== by 0x574580: av_new_packet (avpacket.c:64)
==737== by 0x4A9B7A: read_packet (img2.c:336)
==737== by 0x532E16: av_read_packet (utils.c:738)
==737== by 0x534A12: read_frame_internal (utils.c:1208)
==737== by 0x538621: avformat_find_stream_info (utils.c:2385)
==737== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==737== by 0x414402: parse_option (cmdutils.c:265)
==737== by 0x41457F: parse_options (cmdutils.c:298)
==737== by 0x413A0A: main (ffmpeg.c:4513)
# Backtrace
#0 0x00000000008f7988 in sunrast_decode_frame (avctx=0x319e720, data=0x7fffb3980110, data_size=0x7fffb3980284, avpkt=0x31c1fc0) at libavcodec/sunrast.c:148
#0 0x00000000008f7988 in sunrast_decode_frame (avctx=0x319e720, data=0x7fffb3980110, data_size=0x7fffb3980284, avpkt=0x31c1fc0) at libavcodec/sunrast.c:148
#1 0x0000000000927825 in avcodec_decode_video2 (avctx=0x319e720, picture=0x7fffb3980110, got_picture_ptr=0x7fffb3980284, avpkt=0x31c1fc0) at libavcodec/utils.c:769
#2 0x0000000000537a15 in try_decode_frame (st=0x3193920, avpkt=0x31c1fc0, options=0x3196ce0) at libavformat/utils.c:2161
#3 0x0000000000538c96 in avformat_find_stream_info (ic=0x3192f00, options=0x3196ce0) at libavformat/utils.c:2464
#4 0x000000000040fc73 in opt_input_file (o=0x7fffb39806f0, opt=0x7fffb3981a26 "i", filename=0x7fffb3981a28 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-rle.sun") at ffmpeg.c:3235
#5 0x0000000000414447 in parse_option (optctx=0x7fffb39806f0, opt=0x7fffb3981a26 "i", arg=0x7fffb3981a28 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-8bit-rle.sun", options=0xbbd660) at cmdutils.c:265
#6 0x00000000004145c4 in parse_options (optctx=0x7fffb39806f0, argc=8, argv=0x7fffb39808a8, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#7 0x0000000000413a50 in main (argc=8, argv=0x7fffb39808a8) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-rle.sun" | zzuf -r0.0001:0.02 -b8- -s1
# Backtrace
#0 0x00000000008f7988 in sunrast_decode_frame (avctx=0x33357c0, data=0x7fff85d40d10, data_size=0x7fff85d40e84, avpkt=0x3359940) at libavcodec/sunrast.c:148
#0 0x00000000008f7988 in sunrast_decode_frame (avctx=0x33357c0, data=0x7fff85d40d10, data_size=0x7fff85d40e84, avpkt=0x3359940) at libavcodec/sunrast.c:148
#1 0x0000000000927825 in avcodec_decode_video2 (avctx=0x33357c0, picture=0x7fff85d40d10, got_picture_ptr=0x7fff85d40e84, avpkt=0x3359940) at libavcodec/utils.c:769
#2 0x0000000000537a15 in try_decode_frame (st=0x332a8e0, avpkt=0x3359940, options=0x3329620) at libavformat/utils.c:2161
#3 0x0000000000538c96 in avformat_find_stream_info (ic=0x3329ee0, options=0x3329620) at libavformat/utils.c:2464
#4 0x000000000040fc73 in opt_input_file (o=0x7fff85d412f0, opt=0x7fff85d42a24 "i", filename=0x7fff85d42a26 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-rle.sun") at ffmpeg.c:3235
#5 0x0000000000414447 in parse_option (optctx=0x7fff85d412f0, opt=0x7fff85d42a24 "i", arg=0x7fff85d42a26 "/mnt/linux/src/lib/ffmpeg/fate-suite/sunraster/lena-24bit-rle.sun", options=0xbbd660) at cmdutils.c:265
#6 0x00000000004145c4 in parse_options (optctx=0x7fff85d412f0, argc=8, argv=0x7fff85d414a8, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#7 0x0000000000413a50 in main (argc=8, argv=0x7fff85d414a8) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ansi/TRE-IOM5.ANS" | zzuf -r0.0001:0.02 -b8- -s3
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ansi/TRE-IOM5.ANS" | zzuf -r0.0001:0.02 -b8- -s2
# Valgrind
[swscaler @ 0x738b3a0] pal8 is not supported as output pixel format
[swscaler @ 0x73917c0] pal8 is not supported as output pixel format
[swscaler @ 0x7397c00] pal8 is not supported as output pixel format
==742== Invalid read of size 4
==742== at 0xB27BAE: sws_scale (swscale_unscaled.c:714)
==742== by 0x43602F: scale_slice (vf_scale.c:303)
==742== by 0x4361AE: draw_slice (vf_scale.c:320)
==742== by 0x420DC2: avfilter_draw_slice (avfilter.c:633)
==742== by 0x43C0BB: request_frame (vsrc_buffer.c:191)
==742== by 0x4206C6: avfilter_request_frame (avfilter.c:515)
==742== by 0x4206F3: avfilter_request_frame (avfilter.c:517)
==742== by 0x424FDC: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==742== by 0x40A7F6: output_packet (ffmpeg.c:1829)
==742== by 0x40D8D2: transcode (ffmpeg.c:2580)
==742== by 0x413AE0: main (ffmpeg.c:4533)
==742== Address 0x40 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff0afa6350, srcStride=0x7fff0afa6320, srcSliceY=0, srcSliceH=200, dst=0x7fff0afa6330, dstStride=0x7fff0afa6310) at libswscale/swscale_unscaled.c:714
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff0afa6350, srcStride=0x7fff0afa6320, srcSliceY=0, srcSliceH=200, dst=0x7fff0afa6330, dstStride=0x7fff0afa6310) at libswscale/swscale_unscaled.c:714
#1 0x0000000000436074 in scale_slice (link=0x28daa40, sws=0x0, y=0, h=200, mul=1, field=0) at libavfilter/vf_scale.c:303
#2 0x00000000004361f3 in draw_slice (link=0x28daa40, y=0, h=200, slice_dir=1) at libavfilter/vf_scale.c:320
#3 0x0000000000420e07 in avfilter_draw_slice (link=0x28daa40, y=0, h=200, slice_dir=1) at libavfilter/avfilter.c:633
#4 0x000000000043c100 in request_frame (link=0x28daa40) at libavfilter/vsrc_buffer.c:191
#5 0x000000000042070b in avfilter_request_frame (link=0x28daa40) at libavfilter/avfilter.c:515
#6 0x0000000000420738 in avfilter_request_frame (link=0x28dc500) at libavfilter/avfilter.c:517
#7 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x28fc180, bufref=0x28fb7f8, flags=0) at libavfilter/sink_buffer.c:128
#8 0x000000000040a83c in output_packet (ist=0x28fcee0, ist_index=0, ost_table=0x28fb5c0, nb_ostreams=1, pkt=0x7fff0afa7d10) at ffmpeg.c:1825
#9 0x000000000040d918 in transcode (output_files=0x28fba00, nb_output_files=1, input_files=0x2915450, nb_input_files=1) at ffmpeg.c:2576
#10 0x0000000000413b26 in main (argc=8, argv=0x7fff0afa8088) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-tgv/INTEL_S.TGV" | zzuf -r0.0001:0.02 -b8- -s3
# Valgrind
==747== Invalid read of size 1
==747== at 0x616007: tgv_decode_inter (eatgv.c:230)
==747== by 0x61661C: tgv_decode_frame (eatgv.c:317)
==747== by 0x927948: avcodec_decode_video2 (utils.c:769)
==747== by 0x409FC6: output_packet (ffmpeg.c:1715)
==747== by 0x40D8D2: transcode (ffmpeg.c:2580)
==747== by 0x413AE0: main (ffmpeg.c:4533)
==747== Address 0x720c39a is 1,690 bytes inside a block of size 3,032 free'd
==747== at 0x4C245E2: realloc (vg_replace_malloc.c:525)
==747== by 0xBB2A7A: av_realloc (mem.c:142)
==747== by 0x615B58: tgv_decode_inter (eatgv.c:162)
==747== by 0x61661C: tgv_decode_frame (eatgv.c:317)
==747== by 0x927948: avcodec_decode_video2 (utils.c:769)
==747== by 0x409FC6: output_packet (ffmpeg.c:1715)
==747== by 0x40D8D2: transcode (ffmpeg.c:2580)
==747== by 0x413AE0: main (ffmpeg.c:4533)
# Backtrace
#0 0x0000000000615f97 in tgv_decode_inter (s=0x2b90ca0,
#0 0x0000000000615f97 in tgv_decode_inter (s=0x2b90ca0,
#1 0x00000000006165ad in tgv_decode_frame (avctx=0x2bb3ec0, data=0x7fffd0643e30, data_size=0x7fffd0643fac, avpkt=0x7fffd0643da0) at libavcodec/eatgv.c:317
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2bb3ec0, picture=0x7fffd0643e30, got_picture_ptr=0x7fffd0643fac, avpkt=0x7fffd0643da0) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x2bb4b70, ist_index=0, ost_table=0x2bba0c0, nb_ostreams=1, pkt=0x7fffd0645300) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x2bba330, nb_output_files=1, input_files=0x2bb4bd0, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fffd0645678) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/musepack/inside-mp8.mpc" | zzuf -r0.0001:0.02 -b8- -s4
# Valgrind
==755== Invalid write of size 4
==755== at 0xAD8A4C: ff_mpc_dequantize_and_synth (mpc.c:89)
==755== by 0x7C300C: mpc8_decode_frame (mpc8.c:396)
==755== by 0x927B97: avcodec_decode_audio3 (utils.c:822)
==755== by 0x409E03: output_packet (ffmpeg.c:1689)
==755== by 0x40D8D2: transcode (ffmpeg.c:2580)
==755== by 0x413AE0: main (ffmpeg.c:4533)
==755== Address 0x71a5960 is 0 bytes after a block of size 34,528 alloc'd
==755== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==755== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==755== by 0xBB2A02: av_malloc (mem.c:90)
==755== by 0xBB2AE4: av_mallocz (mem.c:165)
==755== by 0x926C70: avcodec_open2 (utils.c:524)
==755== by 0x40B29A: init_input_stream (ffmpeg.c:1981)
==755== by 0x40C9D6: transcode_init (ffmpeg.c:2292)
==755== by 0x40CEA4: transcode (ffmpeg.c:2372)
==755== by 0x413AE0: main (ffmpeg.c:4533)
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/delphine-cin/LOGO-partial.CIN" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind
==760== Invalid read of size 1
==760== at 0x5A752E: cin_decode_lzss (dsicinav.c:169)
==760== by 0x5A7B12: cinvideo_decode_frame (dsicinav.c:266)
==760== by 0x927948: avcodec_decode_video2 (utils.c:769)
==760== by 0x409FC6: output_packet (ffmpeg.c:1715)
==760== by 0x40D8D2: transcode (ffmpeg.c:2580)
==760== by 0x413AE0: main (ffmpeg.c:4533)
==760== Address 0x71d8c21 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000005a7445 in cin_decode_lzss (
#0 0x00000000005a7445 in cin_decode_lzss (
#1 0x00000000005a7aa3 in cinvideo_decode_frame (avctx=0x1e9d7e0, data=0x7fff9902e540, data_size=0x7fff9902e6bc, avpkt=0x7fff9902e4b0) at libavcodec/dsicinav.c:266
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1e9d7e0, picture=0x7fff9902e540, got_picture_ptr=0x7fff9902e6bc, avpkt=0x7fff9902e4b0) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x1e9fae0, ist_index=0, ost_table=0x1e9ed50, nb_ostreams=2, pkt=0x7fff9902fa10) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x1ea1ce0, nb_output_files=1, input_files=0x1e9fb90, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fff9902fd88) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/bink/Snd0a7d9b58.dee" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind
==765== Conditional jump or move depends on uninitialised value(s)
==765== at 0x57C2F7: bink_decode_plane (bink.c:993)
==765== by 0x57D2DC: decode_frame (bink.c:1188)
==765== by 0x927948: avcodec_decode_video2 (utils.c:769)
==765== by 0x409FC6: output_packet (ffmpeg.c:1715)
==765== by 0x40D8D2: transcode (ffmpeg.c:2580)
==765== by 0x413AE0: main (ffmpeg.c:4533)
==765==
==765== Use of uninitialised value of size 8
==765== at 0x57C304: bink_decode_plane (bink.c:993)
==765== by 0x57D2DC: decode_frame (bink.c:1188)
==765== by 0x927948: avcodec_decode_video2 (utils.c:769)
==765== by 0x409FC6: output_packet (ffmpeg.c:1715)
==765== by 0x40D8D2: transcode (ffmpeg.c:2580)
==765== by 0x413AE0: main (ffmpeg.c:4533)
==765==
==765== Invalid read of size 8
==765== at 0x9D8380: put_pixels8_mmx (dsputil_mmx.c:393)
==765== by 0x57C33D: bink_decode_plane (bink.c:995)
==765== by 0x57D2DC: decode_frame (bink.c:1188)
==765== by 0x927948: avcodec_decode_video2 (utils.c:769)
==765== by 0x409FC6: output_packet (ffmpeg.c:1715)
==765== by 0x40D8D2: transcode (ffmpeg.c:2580)
==765== by 0x413AE0: main (ffmpeg.c:4533)
==765== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009d7f60 in put_pixels8_mmx (
#0 0x00000000009d7f60 in put_pixels8_mmx (
#1 0x000000000057c2e2 in bink_decode_plane (c=0x1e210c0, gb=0x7fff5354ed20, plane_idx=0, is_chroma=0) at libavcodec/bink.c:995
#2 0x000000000057d281 in decode_frame (avctx=0x1e0da20, data=0x7fff5354f0a0, data_size=0x7fff5354f21c, pkt=0x7fff5354f010) at libavcodec/bink.c:1188
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1e0da20, picture=0x7fff5354f0a0, got_picture_ptr=0x7fff5354f21c, avpkt=0x7fff5354f010) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1e125f0, ist_index=0, ost_table=0x1e11a80, nb_ostreams=2, pkt=0x7fff53550570) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x1de2500, nb_output_files=1, input_files=0x1e12530, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff535508e8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/real/rv30.rm" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind: There is awful lot of unitialized variables used and an overlapped # memcpy
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0x533539: compute_frame_duration (utils.c:872)
==783== by 0x533BD3: compute_pkt_fields (utils.c:1016)
==783== by 0x5345AE: read_frame_internal (utils.c:1153)
==783== by 0x538621: avformat_find_stream_info (utils.c:2385)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0x533BE6: compute_pkt_fields (utils.c:1017)
==783== by 0x5345AE: read_frame_internal (utils.c:1153)
==783== by 0x538621: avformat_find_stream_info (utils.c:2385)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0xBB0E2F: av_rescale_rnd (mathematics.c:89)
==783== by 0x533C23: compute_pkt_fields (utils.c:1018)
==783== by 0x5345AE: read_frame_internal (utils.c:1153)
==783== by 0x538621: avformat_find_stream_info (utils.c:2385)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0xBB0FC7: av_rescale_rnd (mathematics.c:113)
==783== by 0x533C23: compute_pkt_fields (utils.c:1018)
==783== by 0x5345AE: read_frame_internal (utils.c:1153)
==783== by 0x538621: avformat_find_stream_info (utils.c:2385)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0x5747B8: av_dup_packet (avpacket.c:125)
==783== by 0x538759: avformat_find_stream_info (utils.c:2406)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0x5747B8: av_dup_packet (avpacket.c:125)
==783== by 0x538759: avformat_find_stream_info (utils.c:2406)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Conditional jump or move depends on uninitialised value(s)
==783== at 0x4C25F28: memcpy (mc_replace_strmem.c:497)
==783== by 0x5748A1: av_dup_packet (avpacket.c:130)
==783== by 0x538759: avformat_find_stream_info (utils.c:2406)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
==783== Source and destination overlap in memcpy(0x7523080, 0x713e4a0, 118745312)
==783== at 0x4C25F6A: memcpy (mc_replace_strmem.c:497)
==783== by 0x5748A1: av_dup_packet (avpacket.c:130)
==783== by 0x538759: avformat_find_stream_info (utils.c:2406)
==783== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==783== by 0x414402: parse_option (cmdutils.c:265)
==783== by 0x41457F: parse_options (cmdutils.c:298)
==783== by 0x413A0A: main (ffmpeg.c:4513)
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:392
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:392
#1 0x0000000000574846 in av_dup_packet (pkt=0x2a6c080) at libavcodec/avpacket.c:130
#2 0x00000000005386fe in avformat_find_stream_info (ic=0x2a439e0, options=0x2a6bb40) at libavformat/utils.c:2406
#3 0x000000000040fc73 in opt_input_file (o=0x7fffc81720f0, opt=0x7fffc8172a44 "i", filename=0x7fffc8172a46 "/mnt/linux/src/lib/ffmpeg/fate-suite/real/rv30.rm") at ffmpeg.c:3235
#4 0x0000000000414447 in parse_option (optctx=0x7fffc81720f0, opt=0x7fffc8172a44 "i", arg=0x7fffc8172a46 "/mnt/linux/src/lib/ffmpeg/fate-suite/real/rv30.rm", options=0xbbd660) at cmdutils.c:265
#5 0x00000000004145c4 in parse_options (optctx=0x7fffc81720f0, argc=8, argv=0x7fffc81722a8, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#6 0x0000000000413a50 in main (argc=8, argv=0x7fffc81722a8) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/quickdraw/Airplane.mov" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind
==30979== Invalid read of size 2
==30979== at 0x89166C: decode_frame (qdrw.c:101)
==30979== by 0x927948: avcodec_decode_video2 (utils.c:769)
==30979== by 0x409FC6: output_packet (ffmpeg.c:1715)
==30979== by 0x40D8D2: transcode (ffmpeg.c:2580)
==30979== by 0x413AE0: main (ffmpeg.c:4533)
==30979== Address 0x742d04a is not stack'd, malloc'd or (recently) free'd
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/quickdraw/Airplane.mov" | zzuf -r0.0001:0.02 -b8- -s7
# Valgrind
==31060== Invalid read of size 1
==31060== at 0x4C25F98: memcpy (mc_replace_strmem.c:497)
==31060== by 0x8917BA: decode_frame (qdrw.c:118)
==31060== by 0x927948: avcodec_decode_video2 (utils.c:769)
==31060== by 0x409FC6: output_packet (ffmpeg.c:1715)
==31060== by 0x40D8D2: transcode (ffmpeg.c:2580)
==31060== by 0x413AE0: main (ffmpeg.c:4533)
==31060== Address 0x71c646f is 15 bytes after a block of size 512 alloc'd
==31060== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==31060== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==31060== by 0xBB2A02: av_malloc (mem.c:90)
==31060== by 0xBB2AE4: av_mallocz (mem.c:165)
==31060== by 0x539D17: av_new_stream (utils.c:2742)
==31060== by 0x410156: new_output_stream (ffmpeg.c:3317)
==31060== by 0x410542: new_video_stream (ffmpeg.c:3373)
==31060== by 0x41164B: opt_output_file (ffmpeg.c:3721)
==31060== by 0x4145BD: parse_options (cmdutils.c:303)
==31060== by 0x413A0A: main (ffmpeg.c:4513)
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAPA1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s6
# Valgrind
==10418== Invalid read of size 8
==10418== at 0x92439C: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:453)
==10418== by 0x692312: mc_part (h264.c:477)
==10418== by 0x6A14A6: hl_decode_mb_simple_8 (h264.c:700)
==10418== by 0x9B61E5: guess_mv (error_resilience.c:414)
==10418== by 0x9B9136: ff_er_frame_end (error_resilience.c:1066)
==10418== by 0x68B727: field_end (h264.c:2422)
==10418== by 0x6A3A59: decode_frame (h264.c:3905)
==10418== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10418== by 0x437195: output_packet (ffmpeg.c:1707)
==10418== by 0x43D6C6: main (ffmpeg.c:2572)
==10418== Address 0x7bf91f0 is 25,360 bytes inside a block of size 155,248 free'd
==10418== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10418== by 0xA80F4B: av_freep (mem.c:152)
==10418== by 0x867726: avcodec_default_free_buffers (utils.c:1176)
==10418== by 0x68CE7C: decode_slice_header (h264.c:2596)
==10418== by 0x6A30AF: decode_nal_units (h264.c:3698)
==10418== by 0x6A3971: decode_frame (h264.c:3885)
==10418== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10418== by 0x437195: output_packet (ffmpeg.c:1707)
==10418== by 0x43D6C6: main (ffmpeg.c:2572)
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVMANL2_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s4
# Valgrind
==10436== Conditional jump or move depends on uninitialised value(s)
==10436== at 0x6D4140: h264_parse (h264_parser.c:53)
==10436== by 0x7DF108: av_parser_parse2 (parser.c:149)
==10436== by 0x5321A8: read_frame_internal (utils.c:1162)
==10436== by 0x5331EA: avformat_find_stream_info (utils.c:2385)
==10436== by 0x43951B: opt_input_file (ffmpeg.c:3207)
==10436== by 0x43F952: parse_option (cmdutils.c:265)
==10436== by 0x43FACF: parse_options (cmdutils.c:298)
==10436== by 0x43D140: main (ffmpeg.c:4466)
==10436== Invalid read of size 8es
==10436== at 0x68DB29: decode_slice_header (h264.c:3032)
==10436== by 0x6A30AF: decode_nal_units (h264.c:3698)
==10436== by 0x6A3971: decode_frame (h264.c:3885)
==10436== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10436== by 0x437195: output_packet (ffmpeg.c:1707)
==10436== by 0x43D6C6: main (ffmpeg.c:2572)
==10436== Address 0x200000030 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000692f60 in decode_slice_header (h=0x2c96c80, h0=0x2c96c80) at libavcodec/h264.c:3028
#0 0x0000000000692f60 in decode_slice_header (h=0x2c96c80, h0=0x2c96c80) at libavcodec/h264.c:3028
#1 0x000000000069823a in decode_nal_units (h=0x2c96c80, buf=0x2ec2e00 "", buf_size=11242) at libavcodec/h264.c:3694
#2 0x0000000000698c1d in decode_frame (avctx=0x2c74ea0, data=0x7fffb3dd8c60, data_size=0x7fffb3dd8ddc, avpkt=0x7fffb3dd8bd0) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2c74ea0, picture=0x7fffb3dd8c60, got_picture_ptr=0x7fffb3dd8ddc, avpkt=0x7fffb3dd8bd0) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x2d3f670, ist_index=0, ost_table=0x2c75f10, nb_ostreams=1, pkt=0x7fffb3dda130) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x2c7b3d0, nb_output_files=1, input_files=0x2c72870, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffb3dda4a8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVFI1_Sony_D.jsv" | zzuf -r0.0001:0.02 -b8- -s4
# Valgrind
==10441== Invalid read of size 8
==10441== at 0x92BCC1: put_h264_qpel8_h_lowpass_ssse3
(h264_qpel_mmx.c:1186)
==10441== by 0x932951: put_h264_qpel16_mc20_ssse3 (h264_qpel_mmx.c:1186)
==10441== by 0x692312: mc_part (h264.c:477)
==10441== by 0x69D961: hl_decode_mb_complex (h264.c:700)
==10441== by 0x9B60F4: guess_mv (error_resilience.c:584)
==10441== by 0x9B9136: ff_er_frame_end (error_resilience.c:1066)
==10441== by 0x68B727: field_end (h264.c:2422)
==10441== by 0x6A3A59: decode_frame (h264.c:3905)
==10441== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10441== by 0x437195: output_packet (ffmpeg.c:1707)
==10441== by 0x43D6C6: main (ffmpeg.c:2572)
==10441== Address 0x2364e is not stack'd, malloc'd or (recently) free'd
==10441==
==10441==
==10441== Process terminating with default action of signal 11 (SIGSEGV)
==10441== Access not within mapped region at address 0x23656
==10441== at 0x92BCC1: put_h264_qpel8_h_lowpass_ssse3
(h264_qpel_mmx.c:1186)
==10441== by 0x932951: put_h264_qpel16_mc20_ssse3 (h264_qpel_mmx.c:1186)
==10441== by 0x692312: mc_part (h264.c:477)
==10441== by 0x69D961: hl_decode_mb_complex (h264.c:700)
==10441== by 0x9B60F4: guess_mv (error_resilience.c:584)
==10441== by 0x9B9136: ff_er_frame_end (error_resilience.c:1066)
==10441== by 0x68B727: field_end (h264.c:2422)
==10441== by 0x6A3A59: decode_frame (h264.c:3905)
==10441== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10441== by 0x437195: output_packet (ffmpeg.c:1707)
==10441== by 0x43D6C6: main (ffmpeg.c:2572)
# Backtrace
#0 0x00000000009f0fd4 in put_h264_qpel8_h_lowpass_ssse3 (
#0 0x00000000009f0fd4 in put_h264_qpel8_h_lowpass_ssse3 (
#1 0x00000000009f1093 in put_h264_qpel16_h_lowpass_ssse3 (
#2 0x00000000009f8791 in put_h264_qpel16_mc20_ssse3 (
#3 0x000000000065e62e in mc_dir_part (h=0x174c660, pic=0x1775220, n=0, square=1, chroma_height=8, delta=0, list=0,
#4 0x000000000065eeec in mc_part_std (h=0x174c660, n=0, square=1, chroma_height=8, delta=0,
#5 0x000000000065fd36 in mc_part (h=0x174c660, n=0, square=1, chroma_height=8, delta=0,
#6 0x000000000067c763 in hl_motion (h=0x174c660) at libavcodec/h264.c:696
#7 hl_decode_mb_internal (h=0x174c660) at libavcodec/h264.c:1900
#8 hl_decode_mb_complex (h=0x174c660) at libavcodec/h264.c:2076
#9 0x000000000068f03d in ff_h264_hl_decode_mb (h=0x174c660) at libavcodec/h264.c:2099
#10 0x0000000000a940f0 in decode_mb (s=0x174c660, ref=5) at libavcodec/error_resilience.c:59
#11 0x0000000000a96be7 in guess_mv (s=0x174c660) at libavcodec/error_resilience.c:584
#12 0x0000000000a98d5d in ff_er_frame_end (s=0x174c660) at libavcodec/error_resilience.c:1066
#13 0x00000000006903d4 in field_end (h=0x174c660, in_setup=0) at libavcodec/h264.c:2418
#14 0x0000000000698d39 in decode_frame (avctx=0x1725f60, data=0x7fffd86a75d0, data_size=0x7fffd86a774c, avpkt=0x7fffd86a7540) at libavcodec/h264.c:3901
#15 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1725f60, picture=0x7fffd86a75d0, got_picture_ptr=0x7fffd86a774c, avpkt=0x7fffd86a7540) at libavcodec/utils.c:769
#16 0x000000000040a00c in output_packet (ist=0x1726420, ist_index=0, ost_table=0x1a434d0, nb_ostreams=1, pkt=0x7fffd86a8aa0) at ffmpeg.c:1711
#17 0x000000000040d918 in transcode (output_files=0x1724f60, nb_output_files=1, input_files=0x16fa7f0, nb_input_files=1) at ffmpeg.c:2576
#18 0x0000000000413b26 in main (argc=8, argv=0x7fffd86a8e18) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAMA1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s6
# Backtrace
#0 0x0000000000692f60 in decode_slice_header (h=0x27c3ea0, h0=0x27c3ea0) at libavcodec/h264.c:3028
#0 0x0000000000692f60 in decode_slice_header (h=0x27c3ea0, h0=0x27c3ea0) at libavcodec/h264.c:3028
#1 0x000000000069823a in decode_nal_units (h=0x27c3ea0, buf=0x28bec40 "", buf_size=15540) at libavcodec/h264.c:3694
#2 0x0000000000698c1d in decode_frame (avctx=0x2627b60, data=0x7fff06581930, data_size=0x7fff06581aac, avpkt=0x7fff065818a0) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2627b60, picture=0x7fff06581930, got_picture_ptr=0x7fff06581aac, avpkt=0x7fff065818a0) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x26848f0, ist_index=0, ost_table=0x2628a30, nb_ostreams=1, pkt=0x7fff06582e00) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x25f3590, nb_output_files=1, input_files=0x25fa550, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff06583178) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVWP2_TOSHIBA_E.264" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind
==10446== Conditional jump or move depends on uninitialised value(s)
==10446== at 0x9B3ED2: h_block_filter (error_resilience.c:275)
==10446== by 0x9B9022: ff_er_frame_end (error_resilience.c:1147)
==10446== by 0x68B727: field_end (h264.c:2422)
==10446== by 0x6A3A59: decode_frame (h264.c:3905)
==10446== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10446== by 0x437195: output_packet (ffmpeg.c:1707)
==10446== by 0x43D6C6: main (ffmpeg.c:2572)
[ ... ]
==10446==
==10446== Use of uninitialised value of size 8
==10446== at 0x9B4021: h_block_filter (error_resilience.c:281)
==10446== by 0x9B9022: ff_er_frame_end (error_resilience.c:1147)
==10446== by 0x68B727: field_end (h264.c:2422)
==10446== by 0x6A3A59: decode_frame (h264.c:3905)
==10446== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10446== by 0x437195: output_packet (ffmpeg.c:1707)
==10446== by 0x43D6C6: main (ffmpeg.c:2572)
==10446== Invalid read of size 8
==10446== at 0x92439C: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:453)
==10446== by 0x692312: mc_part (h264.c:477)
==10446== by 0x6A14A6: hl_decode_mb_simple_8 (h264.c:700)
==10446== by 0x9B61E5: guess_mv (error_resilience.c:414)
==10446== by 0x9B9136: ff_er_frame_end (error_resilience.c:1066)
==10446== by 0x68B727: field_end (h264.c:2422)
==10446== by 0x6A3A59: decode_frame (h264.c:3905)
==10446== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10446== by 0x437195: output_packet (ffmpeg.c:1707)
==10446== by 0x43D6C6: main (ffmpeg.c:2572)
==10446== Address 0x7b5c770 is 6,160 bytes inside a block of size 123,664
free'd
==10446== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10446== by 0xA80F4B: av_freep (mem.c:152)
==10446== by 0x867726: avcodec_default_free_buffers (utils.c:1176)
==10446== by 0x68CE7C: decode_slice_header (h264.c:2596)
==10446== by 0x6A30AF: decode_nal_units (h264.c:3698)
==10446== by 0x6A3971: decode_frame (h264.c:3885)
==10446== by 0x867C57: avcodec_decode_video2 (utils.c:769)
==10446== by 0x437195: output_packet (ffmpeg.c:1707)
==10446== by 0x43D6C6: main (ffmpeg.c:2572)
# Backtrace
#0 0x00000000009d8064 in put_pixels16_sse2 (
#0 0x00000000009d8064 in put_pixels16_sse2 (
#1 0x00000000009e9a0f in put_h264_qpel16_mc00_sse2 (
#2 0x000000000065e62e in mc_dir_part (h=0x1f38260, pic=0x1f5fea8, n=0, square=1, chroma_height=8, delta=0, list=0,
#3 0x000000000065eeec in mc_part_std (h=0x1f38260, n=0, square=1, chroma_height=8, delta=0,
#4 0x000000000065fd36 in mc_part (h=0x1f38260, n=0, square=1, chroma_height=8, delta=0,
#5 0x000000000066a325 in hl_motion (h=0x1f38260) at libavcodec/h264.c:696
#6 hl_decode_mb_internal (h=0x1f38260) at libavcodec/h264.c:1900
#7 hl_decode_mb_simple_8 (h=0x1f38260) at libavcodec/h264.c:2069
#8 0x000000000068f06a in ff_h264_hl_decode_mb (h=0x1f38260) at libavcodec/h264.c:2103
#9 0x0000000000a940f0 in decode_mb (s=0x1f38260, ref=0) at libavcodec/error_resilience.c:59
#10 0x0000000000a95fe5 in guess_mv (s=0x1f38260) at libavcodec/error_resilience.c:414
#11 0x0000000000a98d5d in ff_er_frame_end (s=0x1f38260) at libavcodec/error_resilience.c:1066
#12 0x00000000006903d4 in field_end (h=0x1f38260, in_setup=0) at libavcodec/h264.c:2418
#13 0x0000000000698d39 in decode_frame (avctx=0x1f18b60, data=0x7fff63c38850, data_size=0x7fff63c389cc, avpkt=0x7fff63c387c0) at libavcodec/h264.c:3901
#14 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1f18b60, picture=0x7fff63c38850, got_picture_ptr=0x7fff63c389cc, avpkt=0x7fff63c387c0) at libavcodec/utils.c:769
#15 0x000000000040a00c in output_packet (ist=0x1feeb50, ist_index=0, ost_table=0x2034fe0, nb_ostreams=1, pkt=0x7fff63c39d20) at ffmpeg.c:1711
#16 0x000000000040d918 in transcode (output_files=0x1f2f9c0, nb_output_files=1, input_files=0x1f2f990, nb_input_files=1) at ffmpeg.c:2576
#17 0x0000000000413b26 in main (argc=8, argv=0x7fff63c3a098) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAMANL2_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s5
# Backtrace
#0 0x0000000000692f60 in decode_slice_header (h=0x2ba0ba0, h0=0x2ba0ba0) at libavcodec/h264.c:3028
#0 0x0000000000692f60 in decode_slice_header (h=0x2ba0ba0, h0=0x2ba0ba0) at libavcodec/h264.c:3028
#1 0x000000000069823a in decode_nal_units (h=0x2ba0ba0, buf=0x2cf0240 "", buf_size=14397) at libavcodec/h264.c:3694
#2 0x0000000000698c1d in decode_frame (avctx=0x2b7fea0, data=0x7fff60db01a0, data_size=0x7fff60db031c, avpkt=0x7fff60db0110) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2b7fea0, picture=0x7fff60db01a0, got_picture_ptr=0x7fff60db031c, avpkt=0x7fff60db0110) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x2c49190, ist_index=0, ost_table=0x2b96f10, nb_ostreams=1, pkt=0x7fff60db1670) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x2b863d0, nb_output_files=1, input_files=0x2b7d870, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff60db19e8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/duck/vf2end-partial.avi" | zzuf -r0.0001:0.02 -b8- -s5
# Valgrind
[truemotion1 @ 0x713b480] help! truemotion1 decoder went out of bounds
[buffer @ 0x71754e0] Buffer video input changed from size:288x144 fmt:rgb555le
to size:288x16592 fmt:rgb555le
[scale @ 0x77bc280] w:288 h:16592 fmt:rgb555le -> w:288 h:144 fmt:rgb555le
flags:0x2
==10451== Invalid read of size 2
==10451== at 0xA5D5AC: yuv2rgb15_X_c (swscale.c:1251)
==10451== by 0xA661AE: swScale (swscale.c:2756)
==10451== by 0xA45A5C: sws_scale (swscale_unscaled.c:807)
==10451== by 0x4582B4: draw_slice (vf_scale.c:303)
==10451== by 0x448AB7: avfilter_draw_slice (avfilter.c:633)
==10451== by 0x45B66F: request_frame (vsrc_buffer.c:191)
==10451== by 0x4487A0: avfilter_request_frame (avfilter.c:515)
==10451== by 0x4487E8: avfilter_request_frame (avfilter.c:517)
==10451== by 0x44CDF3: av_buffersink_get_buffer_ref (sink_buffer.c:128)
==10451== by 0x435D73: output_packet (ffmpeg.c:1821)
==10451== by 0x43D6C6: main (ffmpeg.c:2572)
==10451== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000b6be64 in yuv2rgb_X_c_template (c=0x1c8e260, lumFilter=0x1ced8f2, lumSrc=0x1cce370, lumFilterSize=231, chrFilter=0x1c607b2, chrUSrc=0x1ccf1f0, chrVSrc=0x1cd0070, chrFilterSize=231, alpSrc=0x0,
#0 0x0000000000b6be64 in yuv2rgb_X_c_template (c=0x1c8e260, lumFilter=0x1ced8f2, lumSrc=0x1cce370, lumFilterSize=231, chrFilter=0x1c607b2, chrUSrc=0x1ccf1f0, chrVSrc=0x1cd0070, chrFilterSize=231, alpSrc=0x0,
#1 yuv2rgb15_X_c (c=0x1c8e260, lumFilter=0x1ced8f2, lumSrc=0x1cce370, lumFilterSize=231, chrFilter=0x1c607b2, chrUSrc=0x1ccf1f0, chrVSrc=0x1cd0070, chrFilterSize=231, alpSrc=0x0,
#2 0x0000000000b91f8c in swScale (c=0x1c8e260, src=0x7fff84698340, srcStride=0x7fff84698310, srcSliceY=0, srcSliceH=16592, dst=0x7fff84698320, dstStride=0x7fff84698300) at libswscale/swscale.c:2756
#3 0x0000000000b27f4c in sws_scale (c=0x1c8e260, srcSlice=0x7fff84698420, srcStride=0x7fff846983f0, srcSliceY=0, srcSliceH=16592, dst=0x7fff84698400, dstStride=0x7fff846983e0) at libswscale/swscale_unscaled.c:807
#4 0x0000000000436074 in scale_slice (link=0x1c2f220, sws=0x1c8e260, y=0, h=16592, mul=1, field=0) at libavfilter/vf_scale.c:303
#5 0x00000000004361f3 in draw_slice (link=0x1c2f220, y=0, h=16592, slice_dir=1) at libavfilter/vf_scale.c:320
#6 0x0000000000420e07 in avfilter_draw_slice (link=0x1c2f220, y=0, h=16592, slice_dir=1) at libavfilter/avfilter.c:633
#7 0x000000000043c100 in request_frame (link=0x1c2f220) at libavfilter/vsrc_buffer.c:191
#8 0x000000000042070b in avfilter_request_frame (link=0x1c2f220) at libavfilter/avfilter.c:515
#9 0x0000000000420738 in avfilter_request_frame (link=0x1c24d60) at libavfilter/avfilter.c:517
#10 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x1c22480, bufref=0x1c2ef48, flags=0) at libavfilter/sink_buffer.c:128
#11 0x000000000040a83c in output_packet (ist=0x1c21c60, ist_index=0, ost_table=0x1c2ed10, nb_ostreams=2, pkt=0x7fff84699de0) at ffmpeg.c:1825
#12 0x000000000040d918 in transcode (output_files=0x1c25500, nb_output_files=1, input_files=0x1c254d0, nb_input_files=1) at ffmpeg.c:2576
#13 0x0000000000413b26 in main (argc=8, argv=0x7fff8469a158) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-cmv/TITLE.CMV" | zzuf -r0.0001:0.02 -b8- -s6
# Valgrind
==11845== Invalid read of size 1
==11845== at 0x65E0D2: cmv_decode_frame (eacmv.c:78)
==11845== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==11845== by 0x437542: output_packet (ffmpeg.c:1711)
==11845== by 0x43AE4E: transcode (ffmpeg.c:2576)
==11845== by 0x4410DC: main (ffmpeg.c:4490)
==11845== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000006114c1 in cmv_motcomp (
#0 0x00000000006114c1 in cmv_motcomp (
#1 0x0000000000611815 in cmv_decode_inter (s=0x1f0d140,
#2 0x0000000000611d6b in cmv_decode_frame (avctx=0x1f09800, data=0x7fff8e2e82d0, data_size=0x7fff8e2e844c, avpkt=0x7fff8e2e8240) at libavcodec/eacmv.c:185
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1f09800, picture=0x7fff8e2e82d0, got_picture_ptr=0x7fff8e2e844c, avpkt=0x7fff8e2e8240) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1f07e20, ist_index=0, ost_table=0x1f0c340, nb_ostreams=1, pkt=0x7fff8e2e97a0) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x1f0c780, nb_output_files=1, input_files=0x1f0a8b0, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff8e2e9b18) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/nellymoser/nellymoser.flv" | zzuf -r0.0001:0.02 -b8- -s10
# Backtrace
#0 0x0000000000a0823c in float_to_int16_sse2 (dst=0x7fe3c8a58e40, src=0x2ff5e40, len=256) at libavcodec/x86/fmtconvert_mmx.c:122
#1 0x0000000000873539 in decode_tag (avctx=0x301d180, data=0x7fe3c89e0040, data_size=0x7ffffd7c1d1c, avpkt=0x7ffffd7c1d20) at libavcodec/nellymoserdec.c:182
#2 0x0000000000927a74 in avcodec_decode_audio3 (avctx=0x301d180, samples=0x7fe3c89e0040, frame_size_ptr=0x7ffffd7c1d1c, avpkt=0x7ffffd7c1d20) at libavcodec/utils.c:822
#3 0x0000000000409e49 in output_packet (ist=0x301db00, ist_index=0, ost_table=0x301c700, nb_ostreams=1, pkt=0x7ffffd7c3280) at ffmpeg.c:1685
#4 0x000000000040d918 in transcode (output_files=0x301d900, nb_output_files=1, input_files=0x3032170, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7ffffd7c35f8) at ffmpeg.c:4529
# Valgrind
==23929== Invalid write of size 8
==23929== at 0xA0823C: float_to_int16_sse2 (fmtconvert_mmx.c:122)
==23929== by 0x873538: decode_tag (nellymoserdec.c:182)
==23929== by 0x927A73: avcodec_decode_audio3 (utils.c:822)
==23929== by 0x409E48: output_packet (ffmpeg.c:1685)
==23929== by 0x40D917: transcode (ffmpeg.c:2576)
==23929== by 0x413B25: main (ffmpeg.c:4529)
==23929== Address 0x71c8600 is 0 bytes after a block of size 192,000 alloc'd
==23929== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==23929== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==23929== by 0xBB2602: av_malloc (mem.c:90)
==23929== by 0x409E05: output_packet (ffmpeg.c:1680)
==23929== by 0x40D917: transcode (ffmpeg.c:2576)
==23929== by 0x413B25: main (ffmpeg.c:4529)
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/iv50/Educ_Movie_DeadlyForce.avi" | zzuf -r0.0001:0.02 -b8- -s10
# Valgrind
==12650== Conditional jump or move depends on uninitialised value(s)
==12650== at 0x738E17: ff_ivi_output_plane (common.h:126)
==12650== by 0x72A24E: decode_frame (indeo5.c:791)
==12650== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==12650== by 0x437542: output_packet (ffmpeg.c:1711)
==12650== by 0x43AE4E: transcode (ffmpeg.c:2576)
==12650== by 0x4410DC: main (ffmpeg.c:4490)
==12650==
==12650== Invalid read of size 2
==12650== at 0x738E08: ff_ivi_output_plane (ivi_common.c:616)
==12650== by 0x729CA0: decode_frame (indeo5.c:794)
==12650== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==12650== by 0x437542: output_packet (ffmpeg.c:1711)
==12650== by 0x43AE4E: transcode (ffmpeg.c:2576)
==12650== by 0x4410DC: main (ffmpeg.c:4490)
==12650== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000788d80 in ff_ivi_output_plane (plane=0x17a5980,
#0 0x0000000000788d80 in ff_ivi_output_plane (plane=0x17a5980,
#1 0x00000000007790ed in decode_frame (avctx=0x17cdb40, data=0x7fffa4cb3440, data_size=0x7fffa4cb35bc, avpkt=0x7fffa4cb33b0) at libavcodec/indeo5.c:794
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x17cdb40, picture=0x7fffa4cb3440, got_picture_ptr=0x7fffa4cb35bc, avpkt=0x7fffa4cb33b0) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x17ce710, ist_index=0, ost_table=0x17a3680, nb_ostreams=2, pkt=0x7fffa4cb4910) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x17d07d0, nb_output_files=1, input_files=0x17a1090, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fffa4cb4c88) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVFI2_Sony_H.jsv" | zzuf -r0.0001:0.02 -b8- -s8
# Backtrace
#0 0x00000000009d7f60 in put_pixels8_mmx (
#0 0x00000000009d7f60 in put_pixels8_mmx (
#1 0x00000000009f510b in put_h264_qpel8_mc00_mmx2 (
#2 0x000000000065e62e in mc_dir_part (h=0x3036ec0, pic=0x305e7f0, n=0, square=1, chroma_height=4, delta=0, list=0,
#3 0x000000000065eeec in mc_part_std (h=0x3036ec0, n=0, square=1, chroma_height=4, delta=0,
#4 0x000000000065fd36 in mc_part (h=0x3036ec0, n=0, square=1, chroma_height=4, delta=0,
#5 0x000000000066a95d in hl_motion (h=0x3036ec0) at libavcodec/h264.c:735
#6 hl_decode_mb_internal (h=0x3036ec0) at libavcodec/h264.c:1900
#7 hl_decode_mb_simple_8 (h=0x3036ec0) at libavcodec/h264.c:2069
#8 0x000000000068f06a in ff_h264_hl_decode_mb (h=0x3036ec0) at libavcodec/h264.c:2103
#9 0x00000000006975b2 in decode_slice (avctx=0x2f4bf60, arg=0x7ffffabdae08) at libavcodec/h264.c:3477
#10 0x0000000000697a8f in execute_decode_slices (h=0x3036ec0, context_count=1) at libavcodec/h264.c:3551
#11 0x000000000069890d in decode_nal_units (h=0x3036ec0, buf=0x3158800 "", buf_size=13847) at libavcodec/h264.c:3806
#12 0x0000000000698c1d in decode_frame (avctx=0x2f4bf60, data=0x7ffffabdb290, data_size=0x7ffffabdb40c, avpkt=0x7ffffabdb200) at libavcodec/h264.c:3881
#13 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2f4bf60, picture=0x7ffffabdb290, got_picture_ptr=0x7ffffabdb40c, avpkt=0x7ffffabdb200) at libavcodec/utils.c:769
#14 0x000000000040a00c in output_packet (ist=0x2f4c420, ist_index=0, ost_table=0x2f51890, nb_ostreams=1, pkt=0x7ffffabdc760) at ffmpeg.c:1711
#15 0x000000000040d918 in transcode (output_files=0x2f51cd0, nb_output_files=1, input_files=0x2f207f0, nb_input_files=1) at ffmpeg.c:2576
#16 0x0000000000413b26 in main (argc=8, argv=0x7ffffabdcad8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVNLFI1_Sony_C.jsv" | zzuf -r0.0001:0.02 -b8- -s9
# Backtrace
#0 0x00000000009ef348 in put_h264_qpel8or16_v_lowpass_sse2 (dst=0x7fffadf7f4c0 ">", src=0x84c0 <Address 0x84c0 out of bounds>, dstStride=16, srcStride=752, h=16) at libavcodec/x86/h264_qpel_mmx.c:1181
#0 0x00000000009ef348 in put_h264_qpel8or16_v_lowpass_sse2 (dst=0x7fffadf7f4c0 ">", src=0x84c0 <Address 0x84c0 out of bounds>, dstStride=16, srcStride=752, h=16) at libavcodec/x86/h264_qpel_mmx.c:1181
#1 0x00000000009ef8af in put_h264_qpel16_v_lowpass_sse2 (dst=0x7fffadf7f4c0 ">", src=0x8aa0 <Address 0x8aa0 out of bounds>, dstStride=16, srcStride=752) at libavcodec/x86/h264_qpel_mmx.c:1181
#2 0x00000000009f71e5 in put_h264_qpel16_mc01_sse2 (
#3 0x000000000065e62e in mc_dir_part (h=0x2f94800, pic=0x2fbe020, n=0, square=1, chroma_height=8, delta=0, list=0,
#4 0x000000000065eeec in mc_part_std (h=0x2f94800, n=0, square=1, chroma_height=8, delta=0,
#5 0x000000000065fd36 in mc_part (h=0x2f94800, n=0, square=1, chroma_height=8, delta=0,
#6 0x000000000067c763 in hl_motion (h=0x2f94800) at libavcodec/h264.c:696
#7 hl_decode_mb_internal (h=0x2f94800) at libavcodec/h264.c:1900
#8 hl_decode_mb_complex (h=0x2f94800) at libavcodec/h264.c:2076
#9 0x000000000068f03d in ff_h264_hl_decode_mb (h=0x2f94800) at libavcodec/h264.c:2099
#10 0x0000000000a940f0 in decode_mb (s=0x2f94800, ref=9) at libavcodec/error_resilience.c:59
#11 0x0000000000a96be7 in guess_mv (s=0x2f94800) at libavcodec/error_resilience.c:584
#12 0x0000000000a98d5d in ff_er_frame_end (s=0x2f94800) at libavcodec/error_resilience.c:1066
#13 0x00000000006903d4 in field_end (h=0x2f94800, in_setup=0) at libavcodec/h264.c:2418
#14 0x0000000000698d39 in decode_frame (avctx=0x2ea9280, data=0x7fffadf810b0, data_size=0x7fffadf8122c, avpkt=0x7fffadf81020) at libavcodec/h264.c:3901
#15 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2ea9280, picture=0x7fffadf810b0, got_picture_ptr=0x7fffadf8122c, avpkt=0x7fffadf81020) at libavcodec/utils.c:769
#16 0x000000000040a00c in output_packet (ist=0x2ea9d50, ist_index=0, ost_table=0x31b8900, nb_ostreams=1, pkt=0x7fffadf82580) at ffmpeg.c:1711
#17 0x000000000040d918 in transcode (output_files=0x31bc850, nb_output_files=1, input_files=0x2eaac50, nb_input_files=1) at ffmpeg.c:2576
#18 0x0000000000413b26 in main (argc=8, argv=0x7fffadf828f8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/PPH422I5_Panasonic_A.264" | zzuf -r0.0001:0.02 -b8- -s9
# Backtrace
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7ffff9f5a990, srcStride=0x7ffff9f5a960, srcSliceY=0, srcSliceH=1080, dst=0x7ffff9f5a970, dstStride=0x7ffff9f5a950) at libswscale/swscale_unscaled.c:714
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7ffff9f5a990, srcStride=0x7ffff9f5a960, srcSliceY=0, srcSliceH=1080, dst=0x7ffff9f5a970, dstStride=0x7ffff9f5a950) at libswscale/swscale_unscaled.c:714
#1 0x0000000000436074 in scale_slice (link=0x1c7d640, sws=0x0, y=0, h=1080, mul=1, field=0) at libavfilter/vf_scale.c:303
#2 0x00000000004361f3 in draw_slice (link=0x1c7d640, y=0, h=1080, slice_dir=1) at libavfilter/vf_scale.c:320
#3 0x0000000000420e07 in avfilter_draw_slice (link=0x1c7d640, y=0, h=1080, slice_dir=1) at libavfilter/avfilter.c:633
#4 0x000000000043c100 in request_frame (link=0x1c7d640) at libavfilter/vsrc_buffer.c:191
#5 0x000000000042070b in avfilter_request_frame (link=0x1c7d640) at libavfilter/avfilter.c:515
#6 0x0000000000420738 in avfilter_request_frame (link=0x1cfd020) at libavfilter/avfilter.c:517
#7 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x1c7d1e0, bufref=0x1c814e8, flags=0) at libavfilter/sink_buffer.c:128
#8 0x000000000040a83c in output_packet (ist=0x1c7b8c0, ist_index=0, ost_table=0x1c812b0, nb_ostreams=1, pkt=0x7ffff9f5c350) at ffmpeg.c:1825
#9 0x000000000040d918 in transcode (output_files=0x1c7cef0, nb_output_files=1, input_files=0x1c78e80, nb_input_files=1) at ffmpeg.c:2576
#10 0x0000000000413b26 in main (argc=8, argv=0x7ffff9f5c6c8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/duck/phant2-940.duk" | zzuf -r0.0001:0.02 -b8- -s8
# Backtrace
#0 0x0000000000ba2834 in yuv2rgb555_X_MMX2 (c=0x343acc0, lumFilter=0x348a09e, lumSrc=0x33dea38, lumFilterSize=3, chrFilter=0x33bcbbe, chrUSrc=0x348d198, chrVSrc=0x33c08b8, chrFilterSize=3, alpSrc=0x0,
#0 0x0000000000ba2834 in yuv2rgb555_X_MMX2 (c=0x343acc0, lumFilter=0x348a09e, lumSrc=0x33dea38, lumFilterSize=3, chrFilter=0x33bcbbe, chrUSrc=0x348d198, chrVSrc=0x33c08b8, chrFilterSize=3, alpSrc=0x0,
#1 0x0000000000b91f8c in swScale (c=0x343acc0, src=0x7ffff6a88e90, srcStride=0x7ffff6a88e60, srcSliceY=0, srcSliceH=32808, dst=0x7ffff6a88e70, dstStride=0x7ffff6a88e50) at libswscale/swscale.c:2756
#2 0x0000000000b27f4c in sws_scale (c=0x343acc0, srcSlice=0x7ffff6a88f70, srcStride=0x7ffff6a88f40, srcSliceY=0, srcSliceH=32808, dst=0x7ffff6a88f50, dstStride=0x7ffff6a88f30) at libswscale/swscale_unscaled.c:807
#3 0x0000000000436074 in scale_slice (link=0x33de460, sws=0x343acc0, y=0, h=32808, mul=1, field=0) at libavfilter/vf_scale.c:303
#4 0x00000000004361f3 in draw_slice (link=0x33de460, y=0, h=32808, slice_dir=1) at libavfilter/vf_scale.c:320
#5 0x0000000000420e07 in avfilter_draw_slice (link=0x33de460, y=0, h=32808, slice_dir=1) at libavfilter/avfilter.c:633
#6 0x000000000043c100 in request_frame (link=0x33de460) at libavfilter/vsrc_buffer.c:191
#7 0x000000000042070b in avfilter_request_frame (link=0x33de460) at libavfilter/avfilter.c:515
#8 0x0000000000420738 in avfilter_request_frame (link=0x33df520) at libavfilter/avfilter.c:517
#9 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x33e5b80, bufref=0x33e5678, flags=0) at libavfilter/sink_buffer.c:128
#10 0x000000000040a83c in output_packet (ist=0x33fa5d0, ist_index=0, ost_table=0x33e5440, nb_ostreams=1, pkt=0x7ffff6a8a930) at ffmpeg.c:1825
#11 0x000000000040d918 in transcode (output_files=0x33fee00, nb_output_files=1, input_files=0x33fedd0, nb_input_files=1) at ffmpeg.c:2576
#12 0x0000000000413b26 in main (argc=8, argv=0x7ffff6a8aca8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/fraps/fraps-v5-bouncing-balls-partial.avi" | zzuf -r0.0001:0.02 -b8- -s15
# Valgrind
==13447== Invalid write of size 1
==13447== at 0x67FA5D: fraps2_decode_plane (fraps.c:109)
==13447== by 0x680030: decode_frame (fraps.c:279)
==13447== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==13447== by 0x437542: output_packet (ffmpeg.c:1711)
==13447== by 0x43AE4E: transcode (ffmpeg.c:2576)
==13447== by 0x4410DC: main (ffmpeg.c:4490)
==13447== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 fraps2_decode_plane (s=0x2f9c2c0, dst=0x0, stride=0, w=144, h=84,
#0 fraps2_decode_plane (s=0x2f9c2c0, dst=0x0, stride=0, w=144, h=84,
#1 0x0000000000646893 in decode_frame (avctx=0x2f99a40, data=0x7ffffd41d740, data_size=0x7ffffd41d8bc, avpkt=0x7ffffd41d6b0) at libavcodec/fraps.c:279
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2f99a40, picture=0x7ffffd41d740, got_picture_ptr=0x7ffffd41d8bc, avpkt=0x7ffffd41d6b0) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x2f9a620, ist_index=0, ost_table=0x2f98fc0, nb_ostreams=1, pkt=0x7ffffd41ec10) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x2f99400, nb_output_files=1, input_files=0x2f97520, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7ffffd41ef88) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/CCITT_fax/G31DS.TIF" | zzuf -r0.0001:0.02 -b8- -s15
# Valgrind
==13692== Invalid read of size 1s
==13692== at 0x8624C0: decode_frame (tiff.c:182)
==13692== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==13692== by 0x437542: output_packet (ffmpeg.c:1711)
==13692== by 0x43AE4E: transcode (ffmpeg.c:2576)
==13692== by 0x4410DC: main (ffmpeg.c:4490)
==13692== Address 0x717ec95 is 157,525 bytes inside a block of size 1,023,376
free'd
==13692== at 0x4C240FD: free (vg_replace_malloc.c:366)
==13692== by 0xA8CE4B: av_freep (mem.c:152)
==13692== by 0x873656: avcodec_default_free_buffers (utils.c:1176)
==13692== by 0x4223D5: avcodec_close (utils.c:885)
==13692== by 0x535B92: avformat_find_stream_info (utils.c:2474)
==13692== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==13692== by 0x4419FE: parse_option (cmdutils.c:265)
==13692== by 0x441B7B: parse_options (cmdutils.c:298)
==13692== by 0x441006: main (ffmpeg.c:4470)
# Backtrace
#0 0x000000000090dc86 in tiff_unpack_strip (s=0x1c84100,
#0 0x000000000090dc86 in tiff_unpack_strip (s=0x1c84100,
#1 0x000000000090fb1d in decode_frame (avctx=0x1c83b00, data=0x7fff7f9de280, data_size=0x7fff7f9de3f4, avpkt=0x1cb1880) at libavcodec/tiff.c:596
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1c83b00, picture=0x7fff7f9de280, got_picture_ptr=0x7fff7f9de3f4, avpkt=0x1cb1880) at libavcodec/utils.c:769
#3 0x0000000000537a15 in try_decode_frame (st=0x1c838a0, avpkt=0x1cb1880, options=0x1c840c0) at libavformat/utils.c:2161
#4 0x0000000000538c96 in avformat_find_stream_info (ic=0x1c82e80, options=0x1c840c0) at libavformat/utils.c:2464
#5 0x000000000040fc73 in opt_input_file (o=0x7fff7f9de860, opt=0x7fff7f9dfa35 "i", filename=0x7fff7f9dfa37 "/mnt/linux/src/lib/ffmpeg/fate-suite/CCITT_fax/G31DS.TIF") at ffmpeg.c:3235
#6 0x0000000000414447 in parse_option (optctx=0x7fff7f9de860, opt=0x7fff7f9dfa35 "i", arg=0x7fff7f9dfa37 "/mnt/linux/src/lib/ffmpeg/fate-suite/CCITT_fax/G31DS.TIF", options=0xbbd660) at cmdutils.c:265
#7 0x00000000004145c4 in parse_options (optctx=0x7fff7f9de860, argc=8, argv=0x7fff7f9dea18, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#8 0x0000000000413a50 in main (argc=8, argv=0x7fff7f9dea18) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/real/ra_288.rm" | zzuf -r0.0001:0.02 -b8- -s14
# Valgrind
==14415== Invalid write of size 1
==14415== at 0x4C26044: memcpy (mc_replace_strmem.c:497)
==14415== by 0x4AEA70: avio_read (aviobuf.c:663)
==14415== by 0x50BFE7: ff_rm_parse_packet (rmdec.c:748)
==14415== by 0x50C414: rm_read_packet (rmdec.c:869)
==14415== by 0x5323B3: av_read_packet (utils.c:738)
==14415== by 0x5340A8: read_frame_internal (utils.c:1208)
==14415== by 0x53529A: avformat_find_stream_info (utils.c:2385)
==14415== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==14415== by 0x4419FE: parse_option (cmdutils.c:265)
==14415== by 0x441B7B: parse_options (cmdutils.c:298)
==14415== by 0x441006: main (ffmpeg.c:4470)
==14415== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==14415==
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:162
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:162
#1 0x0000000000489990 in avio_read (s=0x2844b20, buf=0x0, size=38) at libavformat/aviobuf.c:663
#2 0x00000000005063aa in ff_rm_parse_packet (s=0x2817a00, pb=0x2844b20, st=0x283cfa0, ast=0x283edc0, len=100, pkt=0x7fff288dd8f0, seq=0x7fff288dd820, flags=10, timestamp=0) at libavformat/rmdec.c:748
#3 0x0000000000506a99 in rm_read_packet (s=0x2817a00, pkt=0x7fff288dd8f0) at libavformat/rmdec.c:869
#4 0x0000000000532dbb in av_read_packet (s=0x2817a00, pkt=0x7fff288dd8f0) at libavformat/utils.c:738
#5 0x00000000005349b7 in read_frame_internal (s=0x2817a00, pkt=0x7fff288ddad0) at libavformat/utils.c:1208
#6 0x00000000005385c6 in avformat_find_stream_info (ic=0x2817a00, options=0x283ef20) at libavformat/utils.c:2385
#7 0x000000000040fc73 in opt_input_file (o=0x7fff288dddd0, opt=0x7fff288dea3f "i", filename=0x7fff288dea41 "/mnt/linux/src/lib/ffmpeg/fate-suite/real/ra_288.rm") at ffmpeg.c:3235
#8 0x0000000000414447 in parse_option (optctx=0x7fff288dddd0, opt=0x7fff288dea3f "i", arg=0x7fff288dea41 "/mnt/linux/src/lib/ffmpeg/fate-suite/real/ra_288.rm", options=0xbbd660) at cmdutils.c:265
#9 0x00000000004145c4 in parse_options (optctx=0x7fff288dddd0, argc=8, argv=0x7fff288ddf88, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#10 0x0000000000413a50 in main (argc=8, argv=0x7fff288ddf88) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAMACI3_Sony_C.jsv" | zzuf -r0.0001:0.02 -b8- -s12
# Valgrind
==14906== Conditional jump or move depends on uninitialised value(s)
==14906== at 0x9C03F5: v_block_filter (error_resilience.c:336)
==14906== by 0x9C4F98: ff_er_frame_end (error_resilience.c:1152)
==14906== by 0x68D7D7: field_end (h264.c:2422)
==14906== by 0x6A5B09: decode_frame (h264.c:3905)
==14906== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==14906== by 0x535668: avformat_find_stream_info (utils.c:2161)
==14906== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==14906== by 0x4419FE: parse_option (cmdutils.c:265)
==14906== by 0x441B7B: parse_options (cmdutils.c:298)
==14906== by 0x441006: main (ffmpeg.c:4470)
[ ... ]
==14906== Jump to the invalid address stated on the next line
==14906== at 0x0: ???
==14906== by 0x69E413: hl_decode_mb_complex (h264.c:1713)
==14906== by 0x6A4993: decode_slice (h264.c:2103)
==14906== by 0x6A5929: decode_nal_units (h264.c:3555)
==14906== by 0x6A5A21: decode_frame (h264.c:3885)
==14906== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==14906== by 0x437542: output_packet (ffmpeg.c:1711)
==14906== by 0x43AE4E: transcode (ffmpeg.c:2576)
==14906== by 0x4410DC: main (ffmpeg.c:4490)
==14906== Address 0x0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000000000 in ?? ()
#0 0x0000000000000000 in ?? ()
#1 0x000000000067999b in hl_decode_mb_predict_luma (h=0x17d9f00) at libavcodec/h264.c:1709
#2 hl_decode_mb_internal (h=0x17d9f00) at libavcodec/h264.c:1895
#3 hl_decode_mb_complex (h=0x17d9f00) at libavcodec/h264.c:2076
#4 0x000000000068f03d in ff_h264_hl_decode_mb (h=0x17d9f00) at libavcodec/h264.c:2099
#5 0x00000000006971b8 in decode_slice (avctx=0x1709280, arg=0x7fffd5ea38d8) at libavcodec/h264.c:3430
#6 0x0000000000697a8f in execute_decode_slices (h=0x17d9f00, context_count=1) at libavcodec/h264.c:3551
#7 0x000000000069890d in decode_nal_units (h=0x17d9f00, buf=0x178ffa0 "", buf_size=4846) at libavcodec/h264.c:3806
#8 0x0000000000698c1d in decode_frame (avctx=0x1709280, data=0x7fffd5ea3d60, data_size=0x7fffd5ea3edc, avpkt=0x7fffd5ea3cd0) at libavcodec/h264.c:3881
#9 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1709280, picture=0x7fffd5ea3d60, got_picture_ptr=0x7fffd5ea3edc, avpkt=0x7fffd5ea3cd0) at libavcodec/utils.c:769
#10 0x000000000040a00c in output_packet (ist=0x177b110, ist_index=0, ost_table=0x170a310, nb_ostreams=1, pkt=0x7fffd5ea5230) at ffmpeg.c:1711
#11 0x000000000040d918 in transcode (output_files=0x1709ca0, nb_output_files=1, input_files=0x1709c70, nb_input_files=1) at ffmpeg.c:2576
#12 0x0000000000413b26 in main (argc=8, argv=0x7fffd5ea55a8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVWP1_TOSHIBA_E.264" | zzuf -r0.0001:0.02 -b8- -s14
# Backtrace
#0 0x00000000009d8064 in put_pixels16_sse2 (
#0 0x00000000009d8064 in put_pixels16_sse2 (
#1 0x00000000009e9a0f in put_h264_qpel16_mc00_sse2 (
#2 0x000000000065e62e in mc_dir_part (h=0x1872160, pic=0x1899da8, n=0, square=1, chroma_height=8, delta=0, list=0,
#3 0x000000000065eeec in mc_part_std (h=0x1872160, n=0, square=1, chroma_height=8, delta=0,
#4 0x000000000065fd36 in mc_part (h=0x1872160, n=0, square=1, chroma_height=8, delta=0,
#5 0x000000000066a325 in hl_motion (h=0x1872160) at libavcodec/h264.c:696
#6 hl_decode_mb_internal (h=0x1872160) at libavcodec/h264.c:1900
#7 hl_decode_mb_simple_8 (h=0x1872160) at libavcodec/h264.c:2069
#8 0x000000000068f06a in ff_h264_hl_decode_mb (h=0x1872160) at libavcodec/h264.c:2103
#9 0x0000000000a940f0 in decode_mb (s=0x1872160, ref=0) at libavcodec/error_resilience.c:59
#10 0x0000000000a95fe5 in guess_mv (s=0x1872160) at libavcodec/error_resilience.c:414
#11 0x0000000000a98d5d in ff_er_frame_end (s=0x1872160) at libavcodec/error_resilience.c:1066
#12 0x00000000006903d4 in field_end (h=0x1872160, in_setup=0) at libavcodec/h264.c:2418
#13 0x0000000000698d39 in decode_frame (avctx=0x1852b60, data=0x7fff08e6f580, data_size=0x7fff08e6f6fc, avpkt=0x7fff08e6f4f0) at libavcodec/h264.c:3901
#14 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1852b60, picture=0x7fff08e6f580, got_picture_ptr=0x7fff08e6f6fc, avpkt=0x7fff08e6f4f0) at libavcodec/utils.c:769
#15 0x000000000040a00c in output_packet (ist=0x191dc30, ist_index=0, ost_table=0x1af3ed0, nb_ostreams=1, pkt=0x7fff08e70a50) at ffmpeg.c:1711
#16 0x000000000040d918 in transcode (output_files=0x195ef00, nb_output_files=1, input_files=0x195eed0, nb_input_files=1) at ffmpeg.c:2576
#17 0x0000000000413b26 in main (argc=8, argv=0x7fff08e70dc8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVMANL1_TOSHIBA_B.264" | zzuf -r0.0001:0.02 -b8- -s15
# Backtrace
#0 0x0000000000692f60 in decode_slice_header (h=0x18c0c80, h0=0x18c0c80) at libavcodec/h264.c:3028
#0 0x0000000000692f60 in decode_slice_header (h=0x18c0c80, h0=0x18c0c80) at libavcodec/h264.c:3028
#1 0x000000000069823a in decode_nal_units (h=0x18c0c80, buf=0x1a29340 "", buf_size=14644) at libavcodec/h264.c:3694
#2 0x0000000000698c1d in decode_frame (avctx=0x189eea0, data=0x7fff227f9bc0, data_size=0x7fff227f9d3c, avpkt=0x7fff227f9b30) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x189eea0, picture=0x7fff227f9bc0, got_picture_ptr=0x7fff227f9d3c, avpkt=0x7fff227f9b30) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1969670, ist_index=0, ost_table=0x1b00720, nb_ostreams=1, pkt=0x7fff227fb090) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x18a53d0, nb_output_files=1, input_files=0x189c870, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff227fb408) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/fli/fli-engines.fli" | zzuf -r0.0001:0.02 -b8- -s13
# Valgrind
==32455== Invalid read of size 8
==32455== at 0x692F60: decode_slice_header (h264.c:3028)
==32455== by 0x698239: decode_nal_units (h264.c:3694)
==32455== by 0x698C1C: decode_frame (h264.c:3881)
==32455== by 0x927824: avcodec_decode_video2 (utils.c:769)
==32455== by 0x40A00B: output_packet (ffmpeg.c:1711)
==32455== by 0x40D917: transcode (ffmpeg.c:2576)
==32455== by 0x413B25: main (ffmpeg.c:4529)
==32455== Address 0x100000030 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000006428cc in flic_decode_frame_8BPP (avctx=0x1790880, data=0x7fff53be34b0, data_size=0x7fff53be362c, buf=0x17916c0 "Z\f", buf_size=3162) at libavcodec/flicvideo.c:230
#0 0x00000000006428cc in flic_decode_frame_8BPP (avctx=0x1790880, data=0x7fff53be34b0, data_size=0x7fff53be362c, buf=0x17916c0 "Z\f", buf_size=3162) at libavcodec/flicvideo.c:230
#1 0x00000000006440f5 in flic_decode_frame (avctx=0x1790880, data=0x7fff53be34b0, data_size=0x7fff53be362c, avpkt=0x7fff53be3420) at libavcodec/flicvideo.c:718
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1790880, picture=0x7fff53be34b0, got_picture_ptr=0x7fff53be362c, avpkt=0x7fff53be3420) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x1790e40, ist_index=0, ost_table=0x17910b0, nb_ostreams=1, pkt=0x7fff53be4980) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x1796610, nb_output_files=1, input_files=0x17913d0, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fff53be4cf8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/SIFF/INTRO_B.VB" | zzuf -r0.0001:0.02 -b8- -s15
# Valgrind
==16317== Use of uninitialised value of size 8
==16317== at 0x878FF7: decode_frame (bytestream.h:45)
==16317== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==16317== by 0x437542: output_packet (ffmpeg.c:1711)
==16317== by 0x43AE4E: transcode (ffmpeg.c:2576)
==16317== by 0x4410DC: main (ffmpeg.c:4490)
==16317==
==16317== Invalid read of size 4
==16317== at 0x878FF7: decode_frame (bytestream.h:45)
==16317== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==16317== by 0x437542: output_packet (ffmpeg.c:1711)
==16317== by 0x43AE4E: transcode (ffmpeg.c:2576)
==16317== by 0x4410DC: main (ffmpeg.c:4490)
==16317== Address 0x12880f086 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000931363 in bytestream_get_le32 (avctx=0x274ae80, data=0x7fffddfb5610, data_size=0x7fffddfb578c, avpkt=0x7fffddfb5580) at libavcodec/bytestream.h:45
#0 0x0000000000931363 in bytestream_get_le32 (avctx=0x274ae80, data=0x7fffddfb5610, data_size=0x7fffddfb578c, avpkt=0x7fffddfb5580) at libavcodec/bytestream.h:45
#1 decode_frame (avctx=0x274ae80, data=0x7fffddfb5610, data_size=0x7fffddfb578c, avpkt=0x7fffddfb5580) at libavcodec/vb.c:235
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x274ae80, picture=0x7fffddfb5610, got_picture_ptr=0x7fffddfb578c, avpkt=0x7fffddfb5580) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x274d180, ist_index=0, ost_table=0x272aaa0, nb_ostreams=2, pkt=0x7fffddfb6ae0) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x274d280, nb_output_files=1, input_files=0x274d230, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fffddfb6e58) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/creatureshock-avs/OUTATIME.AVS" | zzuf -r0.0001:0.02 -b8- -s13
# Valgrind
==31238== Invalid write of size 1
==31238== at 0x4C25F9D: memcpy (mc_replace_strmem.c:497)
==31238== by 0x48994F: avio_read (aviobuf.c:663)
==31238== by 0x48B782: avs_read_packet (avs.c:170)
==31238== by 0x532E16: av_read_packet (utils.c:738)
==31238== by 0x534A12: read_frame_internal (utils.c:1208)
==31238== by 0x538621: avformat_find_stream_info (utils.c:2385)
==31238== by 0x40FC2D: opt_input_file (ffmpeg.c:3239)
==31238== by 0x414402: parse_option (cmdutils.c:265)
==31238== by 0x41457F: parse_options (cmdutils.c:298)
==31238== by 0x413A0A: main (ffmpeg.c:4513)
==31238== Address 0x7ff002236 is not stack'd, malloc'd or (recently) free'd
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ptx/_113kw_pic.ptx" | zzuf -r0.0001:0.02 -b8- -s19
# Valgrind
==17022== Invalid read of size 1
==17022== at 0x4C25F98: memcpy (mc_replace_strmem.c:497)
==17022== by 0x7F47EC: ptx_decode_frame (ptx.c:88)
==17022== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==17022== by 0x535668: avformat_find_stream_info (utils.c:2161)
==17022== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==17022== by 0x4419FE: parse_option (cmdutils.c:265)
==17022== by 0x441B7B: parse_options (cmdutils.c:298)
==17022== by 0x441006: main (ffmpeg.c:4470)
==17022== Address 0x7173c9f is 1 bytes before a block of size 3,536 alloc'd
==17022== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==17022== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==17022== by 0xA8D021: av_mallocz (mem.c:90)
==17022== by 0x8748D1: avcodec_default_get_buffer (utils.c:247)
==17022== by 0x7F4798: ptx_decode_frame (ptx.c:72)
==17022== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==17022== by 0x535668: avformat_find_stream_info (utils.c:2161)
==17022== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==17022== by 0x4419FE: parse_option (cmdutils.c:265)
==17022== by 0x441B7B: parse_options (cmdutils.c:298)
==17022== by 0x441006: main (ffmpeg.c:4470)
# Backtrace
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:267
#0 memcpy () at ../sysdeps/x86_64/memcpy.S:267
#1 0x0000000000886e58 in ptx_decode_frame (avctx=0x30d7840, data=0x7fff5cf173c0, data_size=0x7fff5cf17534, avpkt=0x30d7f00) at libavcodec/ptx.c:88
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x30d7840, picture=0x7fff5cf173c0, got_picture_ptr=0x7fff5cf17534, avpkt=0x30d7f00) at libavcodec/utils.c:769
#3 0x0000000000537a15 in try_decode_frame (st=0x30d9740, avpkt=0x30d7f00, options=0x30d65a0) at libavformat/utils.c:2161
#4 0x0000000000538c96 in avformat_find_stream_info (ic=0x30d6e40, options=0x30d65a0) at libavformat/utils.c:2464
#5 0x000000000040fc73 in opt_input_file (o=0x7fff5cf179a0, opt=0x7fff5cf19a37 "i", filename=0x7fff5cf19a39 "/mnt/linux/src/lib/ffmpeg/fate-suite/ptx/_113kw_pic.ptx") at ffmpeg.c:3235
#6 0x0000000000414447 in parse_option (optctx=0x7fff5cf179a0, opt=0x7fff5cf19a37 "i", arg=0x7fff5cf19a39 "/mnt/linux/src/lib/ffmpeg/fate-suite/ptx/_113kw_pic.ptx", options=0xbbd660) at cmdutils.c:265
#7 0x00000000004145c4 in parse_options (optctx=0x7fff5cf179a0, argc=8, argv=0x7fff5cf17b58, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#8 0x0000000000413a50 in main (argc=8, argv=0x7fff5cf17b58) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CVWP3_TOSHIBA_E.264" | zzuf -r0.0001:0.02 -b8- -s19
# Valgrind
==17526== Conditional jump or move depends on uninitialised value(s)
==17526== at 0x6D61F0: h264_parse (h264_parser.c:53)
==17526== by 0x7EB038: av_parser_parse2 (parser.c:149)
==17526== by 0x534258: read_frame_internal (utils.c:1162)
==17526== by 0x53529A: avformat_find_stream_info (utils.c:2385)
==17526== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==17526== by 0x4419FE: parse_option (cmdutils.c:265)
==17526== by 0x441B7B: parse_options (cmdutils.c:298)
==17526== by 0x441006: main (ffmpeg.c:4470)
==17526== Invalid read of size 8
==17526== at 0x9302CC: put_h264_qpel16_mc00_sse2 (dsputil_mmx.c:453)
==17526== by 0x6943C2: mc_part (h264.c:477)
==17526== by 0x6A3556: hl_decode_mb_simple_8 (h264.c:700)
==17526== by 0x9C20E5: guess_mv (error_resilience.c:414)
==17526== by 0x9C5036: ff_er_frame_end (error_resilience.c:1066)
==17526== by 0x68D7D7: field_end (h264.c:2422)
==17526== by 0x6A5B09: decode_frame (h264.c:3905)
==17526== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==17526== by 0x437542: output_packet (ffmpeg.c:1711)
==17526== by 0x43AE4E: transcode (ffmpeg.c:2576)
==17526== by 0x4410DC: main (ffmpeg.c:4490)
==17526== Address 0x7a114b0 is 6,160 bytes inside a block of size 172,816
free'd
==17526== at 0x4C240FD: free (vg_replace_malloc.c:366)
==17526== by 0xA8CE4B: av_freep (mem.c:152)
==17526== by 0x873656: avcodec_default_free_buffers (utils.c:1176)
==17526== by 0x68EF2C: decode_slice_header (h264.c:2596)
==17526== by 0x6A515F: decode_nal_units (h264.c:3698)
==17526== by 0x6A5A21: decode_frame (h264.c:3885)
==17526== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==17526== by 0x437542: output_packet (ffmpeg.c:1711)
==17526== by 0x43AE4E: transcode (ffmpeg.c:2576)
==17526== by 0x4410DC: main (ffmpeg.c:4490)
# Backtrace
#0 ff_put_h264_chroma_mc8_ssse3_rnd.next4rows () at libavcodec/x86/h264_chromamc.asm:656
#0 ff_put_h264_chroma_mc8_ssse3_rnd.next4rows () at libavcodec/x86/h264_chromamc.asm:656
#1 0x000000000065eb75 in mc_dir_part (h=0x2e40260, pic=0x2e67ea8, n=0, square=1, chroma_height=8, delta=0, list=0, dest_y=0x30dd950 "",
#2 0x000000000065eeec in mc_part_std (h=0x2e40260, n=0, square=1, chroma_height=8, delta=0, dest_y=0x30dd950 "",
#3 0x000000000065fd36 in mc_part (h=0x2e40260, n=0, square=1, chroma_height=8, delta=0, dest_y=0x30dd950 "",
#4 0x000000000066a325 in hl_motion (h=0x2e40260) at libavcodec/h264.c:696
#5 hl_decode_mb_internal (h=0x2e40260) at libavcodec/h264.c:1900
#6 hl_decode_mb_simple_8 (h=0x2e40260) at libavcodec/h264.c:2069
#7 0x000000000068f06a in ff_h264_hl_decode_mb (h=0x2e40260) at libavcodec/h264.c:2103
#8 0x0000000000a940f0 in decode_mb (s=0x2e40260, ref=0) at libavcodec/error_resilience.c:59
#9 0x0000000000a95fe5 in guess_mv (s=0x2e40260) at libavcodec/error_resilience.c:414
#10 0x0000000000a98d5d in ff_er_frame_end (s=0x2e40260) at libavcodec/error_resilience.c:1066
#11 0x00000000006903d4 in field_end (h=0x2e40260, in_setup=0) at libavcodec/h264.c:2418
#12 0x0000000000698d39 in decode_frame (avctx=0x2e20b60, data=0x7fff26cdae50, data_size=0x7fff26cdafcc, avpkt=0x7fff26cdadc0) at libavcodec/h264.c:3901
#13 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2e20b60, picture=0x7fff26cdae50, got_picture_ptr=0x7fff26cdafcc, avpkt=0x7fff26cdadc0) at libavcodec/utils.c:769
#14 0x000000000040a00c in output_packet (ist=0x2e27070, ist_index=0, ost_table=0x2f258b0, nb_ostreams=1, pkt=0x7fff26cdc320) at ffmpeg.c:1711
#15 0x000000000040d918 in transcode (output_files=0x2f081d0, nb_output_files=1, input_files=0x2df3550, nb_input_files=1) at ffmpeg.c:2576
#16 0x0000000000413b26 in main (argc=8, argv=0x7fff26cdc698) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/HPCAMAPALQ_BRCM_B.264" | zzuf -r0.0001:0.02 -b8- -s19
# Valgrind
==18730== Invalid write of size 8
==18730== at 0x6D9850: build_def_list (h264_refs.c:55)
==18730== by 0x6D9E4B: ff_h264_fill_default_ref_list (h264_refs.c:127)
==18730== by 0x6904BF: decode_slice_header (h264.c:2890)
==18730== by 0x6A515F: decode_nal_units (h264.c:3698)
==18730== by 0x6A5A21: decode_frame (h264.c:3885)
==18730== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==18730== by 0x437542: output_packet (ffmpeg.c:1711)
==18730== by 0x43AE4E: transcode (ffmpeg.c:2576)
==18730== by 0x4410DC: main (ffmpeg.c:4490)
==18730== Address 0x75f7940 is 0 bytes after a block of size 308,128 alloc'd
==18730== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==18730== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==18730== by 0xA8D021: av_mallocz (mem.c:90)
==18730== by 0x874285: avcodec_open2 (utils.c:524)
==18730== by 0x438816: init_input_stream (ffmpeg.c:1977)
==18730== by 0x439F52: transcode_init (ffmpeg.c:2288)
==18730== by 0x43A420: transcode (ffmpeg.c:2368)
==18730== by 0x4410DC: main (ffmpeg.c:4490)
==18730==
[h264 @ 0x713b5a0] cabac_init_idc overflow
==18730== Invalid read of size 4
==18730== at 0x6A5991: decode_nal_units (h264.c:3569)
==18730== by 0x6A5A21: decode_frame (h264.c:3885)
==18730== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==18730== by 0x437542: output_packet (ffmpeg.c:1711)
==18730== by 0x43AE4E: transcode (ffmpeg.c:2576)
==18730== by 0x4410DC: main (ffmpeg.c:4490)
==18730== Address 0x2cae is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000697b63 in execute_decode_slices (h=0x326c420, context_count=0) at libavcodec/h264.c:3565
#0 0x0000000000697b63 in execute_decode_slices (h=0x326c420, context_count=0) at libavcodec/h264.c:3565
#1 0x000000000069890d in decode_nal_units (h=0x326c420, buf=0x3120e40 "", buf_size=3628) at libavcodec/h264.c:3806
#2 0x0000000000698c1d in decode_frame (avctx=0x30a97a0, data=0x7fffa54c5f90, data_size=0x7fffa54c610c, avpkt=0x7fffa54c5f00) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x30a97a0, picture=0x7fffa54c5f90, got_picture_ptr=0x7fffa54c610c, avpkt=0x7fffa54c5f00) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x310b9a0, ist_index=0, ost_table=0x30af680, nb_ostreams=1, pkt=0x7fffa54c7460) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x30afac0, nb_output_files=1, input_files=0x310ed00, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffa54c77d8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/freh5.264" | zzuf -r0.0001:0.02 -b8- -s19
# Backtrace
#0 0x0000000000697b63 in execute_decode_slices (h=0x7f05ede92040, context_count=0) at libavcodec/h264.c:3565
#0 0x0000000000697b63 in execute_decode_slices (h=0x7f05ede92040, context_count=0) at libavcodec/h264.c:3565
#1 0x000000000069890d in decode_nal_units (h=0x7f05ede92040, buf=0x1a5df00 "", buf_size=1699) at libavcodec/h264.c:3806
#2 0x0000000000698c1d in decode_frame (avctx=0x19f8540, data=0x7fffbe80b3a0, data_size=0x7fffbe80b514, avpkt=0x1a5de60) at libavcodec/h264.c:3881
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x19f8540, picture=0x7fffbe80b3a0, got_picture_ptr=0x7fffbe80b514, avpkt=0x1a5de60) at libavcodec/utils.c:769
#4 0x0000000000537a15 in try_decode_frame (st=0x19f6be0, avpkt=0x1a5de60, options=0x19f8a80) at libavformat/utils.c:2161
#5 0x0000000000538c96 in avformat_find_stream_info (ic=0x19c6f20, options=0x19f8a80) at libavformat/utils.c:2464
#6 0x000000000040fc73 in opt_input_file (o=0x7fffbe80b980, opt=0x7fffbe80ca1b "i", filename=0x7fffbe80ca1d "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/freh5.264") at ffmpeg.c:3235
#7 0x0000000000414447 in parse_option (optctx=0x7fffbe80b980, opt=0x7fffbe80ca1b "i", arg=0x7fffbe80ca1d "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/freh5.264", options=0xbbd660) at cmdutils.c:265
#8 0x00000000004145c4 in parse_options (optctx=0x7fffbe80b980, argc=8, argv=0x7fffbe80bb38, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#9 0x0000000000413a50 in main (argc=8, argv=0x7fffbe80bb38) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/txd/misc.txd" | zzuf -r0.0001:0.02 -b8- -s16
# Valgrind
==19655== Invalid read of size 4
==19655== at 0x8701F0: txd_decode_frame (txd.c:137)
==19655== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==19655== by 0x437542: output_packet (ffmpeg.c:1711)
==19655== by 0x43AE4E: transcode (ffmpeg.c:2576)
==19655== by 0x4410DC: main (ffmpeg.c:4490)
==19655== Address 0x714d67c is 2,972 bytes inside a block of size 22,248
free'd
==19655== at 0x4C240FD: free (vg_replace_malloc.c:366)
==19655== by 0x4411D9: uninit_opts (cmdutils.c:67)
==19655== by 0x4328AB: reset_options (ffmpeg.c:405)
==19655== by 0x43FD5C: opt_output_file (ffmpeg.c:3904)
==19655== by 0x441BB9: parse_options (cmdutils.c:303)
==19655== by 0x441006: main (ffmpeg.c:4470)
==19655==
==19655== Invalid read of size 4
==19655== at 0x8701FF: txd_decode_frame (txd.c:136)
==19655== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==19655== by 0x437542: output_packet (ffmpeg.c:1711)
==19655== by 0x43AE4E: transcode (ffmpeg.c:2576)
==19655== by 0x4410DC: main (ffmpeg.c:4490)
==19655== Address 0x714d680 is 2,976 bytes inside a block of size 22,248
free'd
==19655== at 0x4C240FD: free (vg_replace_malloc.c:366)
==19655== by 0x4411D9: uninit_opts (cmdutils.c:67)
==19655== by 0x4328AB: reset_options (ffmpeg.c:405)
==19655== by 0x43FD5C: opt_output_file (ffmpeg.c:3904)
==19655== by 0x441BB9: parse_options (cmdutils.c:303)
==19655== by 0x441006: main (ffmpeg.c:4470)
# Backtrace
#0 0x0000000000923b12 in txd_decode_frame (avctx=0x1966160, data=0x7fff819c8800, data_size=0x7fff819c897c, avpkt=0x7fff819c8770) at libavcodec/txd.c:137
#0 0x0000000000923b12 in txd_decode_frame (avctx=0x1966160, data=0x7fff819c8800, data_size=0x7fff819c897c, avpkt=0x7fff819c8770) at libavcodec/txd.c:137
#1 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1966160, picture=0x7fff819c8800, got_picture_ptr=0x7fff819c897c, avpkt=0x7fff819c8770) at libavcodec/utils.c:769
#2 0x000000000040a00c in output_packet (ist=0x19670e0, ist_index=0, ost_table=0x196c5d0, nb_ostreams=1, pkt=0x7fff819c9cd0) at ffmpeg.c:1711
#3 0x000000000040d918 in transcode (output_files=0x19667f0, nb_output_files=1, input_files=0x196c2b0, nb_input_files=1) at ffmpeg.c:2576
#4 0x0000000000413b26 in main (argc=8, argv=0x7fff819ca048) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/r3d/4MB-sample.r3d" | zzuf -r0.0001:0.02 -b8- -s17
# Valgrind
==20120== Invalid read of size 4
==20120== at 0x7419C0: decode_frame (bswap.h:42)
==20120== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==20120== by 0x535668: avformat_find_stream_info (utils.c:2161)
==20120== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==20120== by 0x4419FE: parse_option (cmdutils.c:265)
==20120== by 0x441B7B: parse_options (cmdutils.c:298)
==20120== by 0x441006: main (ffmpeg.c:4470)
==20120== Address 0x733e5a0 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000790625 in jp2_find_codestream (s=0x325f320) at libavcodec/j2kdec.c:971
#0 0x0000000000790625 in jp2_find_codestream (s=0x325f320) at libavcodec/j2kdec.c:971
#1 0x000000000079085c in decode_frame (avctx=0x325cea0, data=0x7fff244dccf0, data_size=0x7fff244dce64, avpkt=0x325fcc0) at libavcodec/j2kdec.c:1010
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x325cea0, picture=0x7fff244dccf0, got_picture_ptr=0x7fff244dce64, avpkt=0x325fcc0) at libavcodec/utils.c:769
#3 0x0000000000537a15 in try_decode_frame (st=0x325b540, avpkt=0x325fcc0, options=0x325f300) at libavformat/utils.c:2161
#4 0x0000000000538c96 in avformat_find_stream_info (ic=0x3233e40, options=0x325f300) at libavformat/utils.c:2464
#5 0x000000000040fc73 in opt_input_file (o=0x7fff244dd2d0, opt=0x7fff244dda37 "i", filename=0x7fff244dda39 "/mnt/linux/src/lib/ffmpeg/fate-suite/r3d/4MB-sample.r3d") at ffmpeg.c:3235
#6 0x0000000000414447 in parse_option (optctx=0x7fff244dd2d0, opt=0x7fff244dda37 "i", arg=0x7fff244dda39 "/mnt/linux/src/lib/ffmpeg/fate-suite/r3d/4MB-sample.r3d", options=0xbbd660) at cmdutils.c:265
#7 0x00000000004145c4 in parse_options (optctx=0x7fff244dd2d0, argc=8, argv=0x7fff244dd488, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#8 0x0000000000413a50 in main (argc=8, argv=0x7fff244dd488) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-mad/NFS4T0_00.mad" | zzuf -r0.0001:0.02 -b8- -s16
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-mad/NFS4T0_00.mad" | zzuf -r0.0001:0.02 -b8- -s19
# Backtrace
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff667bef50, srcStride=0x7fff667bef20, srcSliceY=0, srcSliceH=32864, dst=0x7fff667bef30, dstStride=0x7fff667bef10) at libswscale/swscale_unscaled.c:714
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff667bef50, srcStride=0x7fff667bef20, srcSliceY=0, srcSliceH=32864, dst=0x7fff667bef30, dstStride=0x7fff667bef10) at libswscale/swscale_unscaled.c:714
#1 0x0000000000436074 in scale_slice (link=0x3172aa0, sws=0x0, y=0, h=32864, mul=1, field=0) at libavfilter/vf_scale.c:303
#2 0x00000000004361f3 in draw_slice (link=0x3172aa0, y=0, h=32864, slice_dir=1) at libavfilter/vf_scale.c:320
#3 0x0000000000420e07 in avfilter_draw_slice (link=0x3172aa0, y=0, h=32864, slice_dir=1) at libavfilter/avfilter.c:633
#4 0x000000000043c100 in request_frame (link=0x3172aa0) at libavfilter/vsrc_buffer.c:191
#5 0x000000000042070b in avfilter_request_frame (link=0x3172aa0) at libavfilter/avfilter.c:515
#6 0x0000000000420738 in avfilter_request_frame (link=0x3153640) at libavfilter/avfilter.c:517
#7 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x3172740, bufref=0x31724c8, flags=0) at libavfilter/sink_buffer.c:128
#8 0x000000000040a83c in output_packet (ist=0x3179820, ist_index=0, ost_table=0x3172290, nb_ostreams=1, pkt=0x7fff667c0910) at ffmpeg.c:1825
#9 0x000000000040d918 in transcode (output_files=0x31726d0, nb_output_files=1, input_files=0x318a310, nb_input_files=1) at ffmpeg.c:2576
#10 0x0000000000413b26 in main (argc=8, argv=0x7fff667c0c88) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/motion-pixels/INTRO-partial.MVI" | zzuf -r0.0001:0.02 -b8- -s21
# Valgrind
==21311== Use of uninitialised value of size 8
==21311== at 0x769500: mp_decode_frame (get_bits.h:540)
==21311== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==21311== by 0x437542: output_packet (ffmpeg.c:1711)
==21311== by 0x43AE4E: transcode (ffmpeg.c:2576)
==21311== by 0x4410DC: main (ffmpeg.c:4490)
==21311==
[motionpixels @ 0x713d3a0] invalid code size 1/0
==21311== Invalid write of size 2
==21311== at 0x5688EF: build_table (bitstream.c:216)
==21311== by 0x568DFB: init_vlc_sparse (bitstream.c:308)
==21311== by 0x768EE5: mp_decode_frame (motionpixels.c:282)
==21311== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==21311== by 0x437542: output_packet (ffmpeg.c:1711)
==21311== by 0x43AE4E: transcode (ffmpeg.c:2576)
==21311== by 0x4410DC: main (ffmpeg.c:4490)
==21311== Address 0x12f15ded2 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000005806b2 in build_table (vlc=0x224a048, table_nb_bits=0, nb_codes=7, codes=0x2273900, flags=0) at libavcodec/bitstream.c:216
#0 0x00000000005806b2 in build_table (vlc=0x224a048, table_nb_bits=0, nb_codes=7, codes=0x2273900, flags=0) at libavcodec/bitstream.c:216
#1 0x0000000000580e59 in init_vlc_sparse (vlc=0x224a048, nb_bits=0, nb_codes=7, bits=0x2249fcc, bits_wrap=8, bits_size=1, codes=0x2249fc8, codes_wrap=8, codes_size=4, symbols=0x0, symbols_wrap=0, symbols_size=0, flags=0)
#2 0x00000000007baf92 in mp_decode_frame (avctx=0x2273980, data=0x7fffc24aa480, data_size=0x7fffc24aa5fc, avpkt=0x7fffc24aa3f0) at libavcodec/motionpixels.c:282
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2273980, picture=0x7fffc24aa480, got_picture_ptr=0x7fffc24aa5fc, avpkt=0x7fffc24aa3f0) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x2272280, ist_index=1, ost_table=0x2247680, nb_ostreams=2, pkt=0x7fffc24ab950) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x23855d0, nb_output_files=1, input_files=0x2245090, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fffc24abcc8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/PPH422I4_Panasonic_A.264" | zzuf -r0.0001:0.02 -b8- -s20
# Valgrind
==21773== Source and destination overlap in memcpy(0x71d3290, 0x71d3350, 384)
==21773== at 0x4C25F6A: memcpy (mc_replace_strmem.c:497)
==21773== by 0x5A8D83: draw_edges_10_c (dsputil_template.c:110)
==21773== by 0x7B053B: MPV_frame_end (mpegvideo.c:1207)
==21773== by 0x68D727: field_end (h264.c:2424)
==21773== by 0x6A5B09: decode_frame (h264.c:3905)
==21773== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==21773== by 0x535668: avformat_find_stream_info (utils.c:2161)
==21773== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==21773== by 0x4419FE: parse_option (cmdutils.c:265)
==21773== by 0x441B7B: parse_options (cmdutils.c:298)
==21773== by 0x441006: main (ffmpeg.c:4470)
==21773==
==21773== Invalid write of size 1
==21773== at 0x4C26044: memcpy (mc_replace_strmem.c:497)
==21773== by 0x5A8D83: draw_edges_10_c (dsputil_template.c:110)
==21773== by 0x7B053B: MPV_frame_end (mpegvideo.c:1207)
==21773== by 0x68D727: field_end (h264.c:2424)
==21773== by 0x6A5B09: decode_frame (h264.c:3905)
==21773== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==21773== by 0x535668: avformat_find_stream_info (utils.c:2161)
==21773== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==21773== by 0x4419FE: parse_option (cmdutils.c:265)
==21773== by 0x441B7B: parse_options (cmdutils.c:298)
==21773== by 0x441006: main (ffmpeg.c:4470)
==21773== Address 0x71d2750 is 16 bytes before a block of size 80,272 alloc'd
==21773== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==21773== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==21773== by 0xA8CF94: av_malloc (mem.c:90)
==21773== by 0x874B7B: avcodec_default_get_buffer (utils.c:325)
==21773== by 0x7AE323: ff_alloc_picture (mpegvideo.c:239)
==21773== by 0x7B0D7B: MPV_frame_start (mpegvideo.c:1085)
==21773== by 0x68D831: ff_h264_frame_start (h264.c:1221)
==21773== by 0x68F097: decode_slice_header (h264.c:2734)
==21773== by 0x6A515F: decode_nal_units (h264.c:3698)
==21773== by 0x6A5A21: decode_frame (h264.c:3885)
==21773== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==21773== by 0x535668: avformat_find_stream_info (utils.c:2161)
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/fli/intel.dat" | zzuf -r0.0001:0.02 -b8- -s20
# Backtrace
#0 0x00000000006428a6 in flic_decode_frame_8BPP (avctx=0x3098ae0, data=0x7fff655635c0, data_size=0x7fff6556373c, buf=0x7f9dfd4f7040 "\230\b\002", buf_size=133272) at libavcodec/flicvideo.c:229
#0 0x00000000006428a6 in flic_decode_frame_8BPP (avctx=0x3098ae0, data=0x7fff655635c0, data_size=0x7fff6556373c, buf=0x7f9dfd4f7040 "\230\b\002", buf_size=133272) at libavcodec/flicvideo.c:229
#1 0x00000000006440f5 in flic_decode_frame (avctx=0x3098ae0, data=0x7fff655635c0, data_size=0x7fff6556373c, avpkt=0x7fff65563530) at libavcodec/flicvideo.c:718
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x3098ae0, picture=0x7fff655635c0, got_picture_ptr=0x7fff6556373c, avpkt=0x7fff65563530) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x3097390, ist_index=0, ost_table=0x3097910, nb_ostreams=1, pkt=0x7fff65564a90) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x3097d50, nb_output_files=1, input_files=0x30973f0, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fff65564e08) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/deluxepaint-anm/INTRO1.ANM" | zzuf -r0.0001:0.02 -b8- -s24
# Valgrind
[anm @ 0x7128820] If you want to help, upload a sample of this file to
ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing
list.
==22727== Invalid read of size 8
==22727== at 0x532D71: avformat_open_input (utils.c:693)
==22727== by 0x43CE09: opt_input_file (ffmpeg.c:3170)
==22727== by 0x4419FE: parse_option (cmdutils.c:265)
==22727== by 0x441B7B: parse_options (cmdutils.c:298)
==22727== by 0x441006: main (ffmpeg.c:4470)
==22727== Address 0x7128840 is 32 bytes inside a block of size 1,320 free'd
==22727== at 0x4C240FD: free (vg_replace_malloc.c:366)
==22727== by 0x49C984: read_header (anm.c:172)
==22727== by 0x532D00: avformat_open_input (utils.c:676)
==22727== by 0x43CE09: opt_input_file (ffmpeg.c:3170)
==22727== by 0x4419FE: parse_option (cmdutils.c:265)
==22727== by 0x441B7B: parse_options (cmdutils.c:298)
==22727== by 0x441006: main (ffmpeg.c:4470)
# Backtrace
#0 0x0000000000539967 in avformat_free_context (s=0x299fec0) at libavformat/utils.c:2689
#0 0x0000000000539967 in avformat_free_context (s=0x299fec0) at libavformat/utils.c:2689
#1 0x0000000000532b9e in avformat_open_input (ps=0x7fffb5413500, filename=0x7fffb5414a29 "/mnt/linux/src/lib/ffmpeg/fate-suite/deluxepaint-anm/INTRO1.ANM", fmt=0x0, options=0x14875d0) at libavformat/utils.c:695
#2 0x000000000040f9bc in opt_input_file (o=0x7fffb5413630, opt=0x7fffb5414a27 "i", filename=0x7fffb5414a29 "/mnt/linux/src/lib/ffmpeg/fate-suite/deluxepaint-anm/INTRO1.ANM") at ffmpeg.c:3194
#3 0x0000000000414447 in parse_option (optctx=0x7fffb5413630, opt=0x7fffb5414a27 "i", arg=0x7fffb5414a29 "/mnt/linux/src/lib/ffmpeg/fate-suite/deluxepaint-anm/INTRO1.ANM", options=0xbbd660) at cmdutils.c:265
#4 0x00000000004145c4 in parse_options (optctx=0x7fffb5413630, argc=8, argv=0x7fffb54137e8, options=0xbbd660, parse_arg_function=0x411460 <opt_output_file>) at cmdutils.c:298
#5 0x0000000000413a50 in main (argc=8, argv=0x7fffb54137e8) at ffmpeg.c:4509
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/MR9_BT_B.h264" | zzuf -r0.0001:0.02 -b8- -s25
# Valgrind
==23419== Invalid read of size 1
==23419== at 0x6E3137: h264_h_loop_filter_chroma422_8_c
(h264dsp_template.c:248)
==23419== by 0x6CBEF0: ff_h264_filter_mb (h264_loopfilter.c:133)
==23419== by 0x68C39C: loop_filter (h264.c:3346)
==23419== by 0x6A4639: decode_slice (h264.c:3458)
==23419== by 0x6A5929: decode_nal_units (h264.c:3555)
==23419== by 0x6A5A21: decode_frame (h264.c:3885)
==23419== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==23419== by 0x437542: output_packet (ffmpeg.c:1711)
==23419== by 0x43AE4E: transcode (ffmpeg.c:2576)
==23419== by 0x4410DC: main (ffmpeg.c:4490)
==23419== Address 0x74c3a07 is 7 bytes after a block of size 9,088 alloc'd
==23419== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==23419== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==23419== by 0xA8CF94: av_malloc (mem.c:90)
==23419== by 0x874B7B: avcodec_default_get_buffer (utils.c:325)
==23419== by 0x7AE323: ff_alloc_picture (mpegvideo.c:239)
==23419== by 0x7B0D7B: MPV_frame_start (mpegvideo.c:1085)
==23419== by 0x68D831: ff_h264_frame_start (h264.c:1221)
==23419== by 0x69021D: decode_slice_header (h264.c:2803)
==23419== by 0x6A515F: decode_nal_units (h264.c:3698)
==23419== by 0x6A5A21: decode_frame (h264.c:3885)
==23419== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==23419== by 0x437542: output_packet (ffmpeg.c:1711)
[ ... ]
==23419== Invalid write of size 1
==23419== at 0x6E343D: h264_h_loop_filter_chroma422_8_c
(h264dsp_template.c:259)
==23419== by 0x6CBEF0: ff_h264_filter_mb (h264_loopfilter.c:133)
==23419== by 0x68C39C: loop_filter (h264.c:3346)
==23419== by 0x6A4639: decode_slice (h264.c:3458)
==23419== by 0x6A5929: decode_nal_units (h264.c:3555)
==23419== by 0x6A5A21: decode_frame (h264.c:3885)
==23419== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==23419== by 0x437542: output_packet (ffmpeg.c:1711)
==23419== by 0x43AE4E: transcode (ffmpeg.c:2576)
==23419== by 0x4410DC: main (ffmpeg.c:4490)
==23419== Address 0x74c3a07 is 7 bytes after a block of size 9,088 alloc'd
==23419== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==23419== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==23419== by 0xA8CF94: av_malloc (mem.c:90)
==23419== by 0x874B7B: avcodec_default_get_buffer (utils.c:325)
==23419== by 0x7AE323: ff_alloc_picture (mpegvideo.c:239)
==23419== by 0x7B0D7B: MPV_frame_start (mpegvideo.c:1085)
==23419== by 0x68D831: ff_h264_frame_start (h264.c:1221)
==23419== by 0x69021D: decode_slice_header (h264.c:2803)
==23419== by 0x6A515F: decode_nal_units (h264.c:3698)
==23419== by 0x6A5A21: decode_frame (h264.c:3885)
==23419== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==23419== by 0x437542: output_packet (ffmpeg.c:1711)
# Backtrace
#0 0x00007fa3e569df59 in _int_free (av=0x7fa3e5987e40, p=0x3470e20) at malloc.c:4948
#0 0x00007fa3e569df59 in _int_free (av=0x7fa3e5987e40, p=0x3470e20) at malloc.c:4948
#1 0x00007fa3e56a184c in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3739
#2 0x0000000000bb2696 in av_free (ptr=0x3470e60) at libavutil/mem.c:152
#3 0x0000000000bb26be in av_freep (arg=0x3452920) at libavutil/mem.c:159
#4 0x000000000081dbe2 in free_picture (s=0x33eb060, pic=0x3452780) at libavcodec/mpegvideo.c:355
#5 0x0000000000820c55 in MPV_common_end (s=0x33eb060) at libavcodec/mpegvideo.c:859
#6 0x0000000000698e8a in ff_h264_decode_end (avctx=0x3397240) at libavcodec/h264.c:4035
#7 0x0000000000927d92 in avcodec_close (avctx=0x3397240) at libavcodec/utils.c:884
#8 0x000000000040dc06 in transcode (output_files=0x33969a0, nb_output_files=1, input_files=0x3394c10, nb_input_files=1) at ffmpeg.c:2630
#9 0x0000000000413b26 in main (argc=8, argv=0x7fffbc68d168) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/qt-surge-suite/surge-2-16-B-QDM2.mov" | zzuf -r0.0001:0.02 -b8- -s28
# Valgrind
==24566== Invalid read of size 4es
==24566== at 0x7F93F1: qdm2_fft_decode_tones (qdm2.c:1368)
==24566== by 0x7FD018: qdm2_decode_frame (qdm2.c:1443)
==24566== by 0x873245: avcodec_decode_audio3 (utils.c:822)
==24566== by 0x43737F: output_packet (ffmpeg.c:1685)
==24566== by 0x43AE4E: transcode (ffmpeg.c:2576)
==24566== by 0x4410DC: main (ffmpeg.c:4490)
==24566== Address 0x71d2e84 is not stack'd, malloc'd or (recently) free'd
==24566==
==24566== Invalid read of size 2
==24566== at 0x7F93E8: qdm2_fft_decode_tones (qdm2.c:1367)
==24566== by 0x7FD018: qdm2_decode_frame (qdm2.c:1443)
==24566== by 0x873245: avcodec_decode_audio3 (utils.c:822)
==24566== by 0x43737F: output_packet (ffmpeg.c:1685)
==24566== by 0x43AE4E: transcode (ffmpeg.c:2576)
==24566== by 0x4410DC: main (ffmpeg.c:4490)
==24566== Address 0xc33004 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x000000000088f016 in qdm2_fft_decode_tones (q=0x30198e0, duration=3, gb=0x7fff6436ef00, b=0) at libavcodec/qdm2.c:1367
#0 0x000000000088f016 in qdm2_fft_decode_tones (q=0x30198e0, duration=3, gb=0x7fff6436ef00, b=0) at libavcodec/qdm2.c:1367
#1 0x000000000088f3a9 in qdm2_decode_fft_packets (q=0x30198e0) at libavcodec/qdm2.c:1443
#2 0x000000000089102a in qdm2_decode (q=0x30198e0,
#3 0x00000000008912e0 in qdm2_decode_frame (avctx=0x30064a0, data=0x7f75fda31040, data_size=0x7fff6436f2bc, avpkt=0x7fff6436f2c0) at libavcodec/qdm2.c:1967
#4 0x0000000000927a74 in avcodec_decode_audio3 (avctx=0x30064a0, samples=0x7f75fda31040, frame_size_ptr=0x7fff6436f2bc, avpkt=0x7fff6436f2c0) at libavcodec/utils.c:822
#5 0x0000000000409e49 in output_packet (ist=0x3007fc0, ist_index=0, ost_table=0x3007650, nb_ostreams=1, pkt=0x7fff64370820) at ffmpeg.c:1685
#6 0x000000000040d918 in transcode (output_files=0x30078c0, nb_output_files=1, input_files=0x3008ab0, nb_input_files=1) at ffmpeg.c:2576
#7 0x0000000000413b26 in main (argc=8, argv=0x7fff64370b98) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-vp6/g36.vp6" | zzuf -r0.0001:0.02 -b8- -s31
# Valgrind
==25073== Invalid write of size 4
==25073== at 0x8ADBF2: ff_vp56_decode_frame (vp56.c:549)
==25073== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25073== by 0x437542: output_packet (ffmpeg.c:1711)
==25073== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25073== by 0x4410DC: main (ffmpeg.c:4490)
==25073== Address 0x4 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x0000000000980efd in ff_vp56_decode_frame (avctx=0x33ce520, data=0x7fff734faca0, data_size=0x7fff734fae1c, avpkt=0x7fff734fac10) at libavcodec/vp56.c:549
#0 0x0000000000980efd in ff_vp56_decode_frame (avctx=0x33ce520, data=0x7fff734faca0, data_size=0x7fff734fae1c, avpkt=0x7fff734fac10) at libavcodec/vp56.c:549
#1 0x0000000000927825 in avcodec_decode_video2 (avctx=0x33ce520, picture=0x7fff734faca0, got_picture_ptr=0x7fff734fae1c, avpkt=0x7fff734fac10) at libavcodec/utils.c:769
#2 0x000000000040a00c in output_packet (ist=0x33cea00, ist_index=0, ost_table=0x33cdaa0, nb_ostreams=1, pkt=0x7fff734fc170) at ffmpeg.c:1711
#3 0x000000000040d918 in transcode (output_files=0x33cdee0, nb_output_files=1, input_files=0x33e34d0, nb_input_files=1) at ffmpeg.c:2576
#4 0x0000000000413b26 in main (argc=8, argv=0x7fff734fc4e8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/CAMANL3_Sand_E.264" | zzuf -r0.0001:0.02 -b8- -s32
# Backtrace
#0 0x00000000009f159b in put_h264_qpel8or16_hv1_lowpass_sse2 (
#0 0x00000000009f159b in put_h264_qpel8or16_hv1_lowpass_sse2 (
#1 put_h264_qpel8or16_hv_lowpass_ssse3 (
#2 0x00000000009f1cba in put_h264_qpel16_hv_lowpass_ssse3 (
#3 0x00000000009f8f8e in put_h264_qpel16_mc22_ssse3 (
#4 0x000000000065e62e in mc_dir_part (h=0x17ceec0, pic=0x17f7768, n=0, square=1, chroma_height=8, delta=0, list=0,
#5 0x000000000065eeec in mc_part_std (h=0x17ceec0, n=0, square=1, chroma_height=8, delta=0,
#6 0x000000000065fd36 in mc_part (h=0x17ceec0, n=0, square=1, chroma_height=8, delta=0,
#7 0x000000000067c763 in hl_motion (h=0x17ceec0) at libavcodec/h264.c:696
#8 hl_decode_mb_internal (h=0x17ceec0) at libavcodec/h264.c:1900
#9 hl_decode_mb_complex (h=0x17ceec0) at libavcodec/h264.c:2076
#10 0x000000000068f03d in ff_h264_hl_decode_mb (h=0x17ceec0) at libavcodec/h264.c:2099
#11 0x0000000000a940f0 in decode_mb (s=0x17ceec0, ref=4) at libavcodec/error_resilience.c:59
#12 0x0000000000a96be7 in guess_mv (s=0x17ceec0) at libavcodec/error_resilience.c:584
#13 0x0000000000a98d5d in ff_er_frame_end (s=0x17ceec0) at libavcodec/error_resilience.c:1066
#14 0x00000000006903d4 in field_end (h=0x17ceec0, in_setup=0) at libavcodec/h264.c:2418
#15 0x0000000000698d39 in decode_frame (avctx=0x17bd280, data=0x7fff24b7dc80, data_size=0x7fff24b7ddfc, avpkt=0x7fff24b7dbf0) at libavcodec/h264.c:3901
#16 0x0000000000927825 in avcodec_decode_video2 (avctx=0x17bd280, picture=0x7fff24b7dc80, got_picture_ptr=0x7fff24b7ddfc, avpkt=0x7fff24b7dbf0) at libavcodec/utils.c:769
#17 0x000000000040a00c in output_packet (ist=0x17bd7b0, ist_index=0, ost_table=0x17c34f0, nb_ostreams=1, pkt=0x7fff24b7f150) at ffmpeg.c:1711
#18 0x000000000040d918 in transcode (output_files=0x178e2d0, nb_output_files=1, input_files=0x17bda50, nb_input_files=1) at ffmpeg.c:2576
#19 0x0000000000413b26 in main (argc=8, argv=0x7fff24b7f4c8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264-conformance/FRext/FRExt2_Panasonic.avc" | zzuf -r0.0001:0.02 -b8- -s33
# Backtrace
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff4f573680, srcStride=0x7fff4f573650, srcSliceY=0, srcSliceH=288, dst=0x7fff4f573660, dstStride=0x7fff4f573640) at libswscale/swscale_unscaled.c:714
#0 0x0000000000b277ae in sws_scale (c=0x0, srcSlice=0x7fff4f573680, srcStride=0x7fff4f573650, srcSliceY=0, srcSliceH=288, dst=0x7fff4f573660, dstStride=0x7fff4f573640) at libswscale/swscale_unscaled.c:714
#1 0x0000000000436074 in scale_slice (link=0x1980240, sws=0x0, y=0, h=288, mul=1, field=0) at libavfilter/vf_scale.c:303
#2 0x00000000004361f3 in draw_slice (link=0x1980240, y=0, h=288, slice_dir=1) at libavfilter/vf_scale.c:320
#3 0x0000000000420e07 in avfilter_draw_slice (link=0x1980240, y=0, h=288, slice_dir=1) at libavfilter/avfilter.c:633
#4 0x000000000043c100 in request_frame (link=0x1980240) at libavfilter/vsrc_buffer.c:191
#5 0x000000000042070b in avfilter_request_frame (link=0x1980240) at libavfilter/avfilter.c:515
#6 0x0000000000420738 in avfilter_request_frame (link=0x197c640) at libavfilter/avfilter.c:517
#7 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x1995d20, bufref=0x197b9c8, flags=0) at libavfilter/sink_buffer.c:128
#8 0x000000000040a83c in output_packet (ist=0x197b180, ist_index=0, ost_table=0x197b790, nb_ostreams=1, pkt=0x7fff4f575040) at ffmpeg.c:1825
#9 0x000000000040d918 in transcode (output_files=0x1980200, nb_output_files=1, input_files=0x197fa80, nb_input_files=1) at ffmpeg.c:2576
#10 0x0000000000413b26 in main (argc=8, argv=0x7fff4f5753b8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/vqa/cc-demo1-partial.vqa" | zzuf -r0.0001:0.02 -b8- -s39
# Valgrind
==25533== Invalid write of size 1
==25533== at 0x8DDED8: vqa_decode_frame (vqavideo.c:493)
==25533== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25533== by 0x437542: output_packet (ffmpeg.c:1711)
==25533== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25533== by 0x4410DC: main (ffmpeg.c:4490)
==25533== Address 0x7685ca4 is not stack'd, malloc'd or (recently) free'd
==25533==
==25533== Invalid write of size 1
==25533== at 0x8DDEF0: vqa_decode_frame (vqavideo.c:494)
==25533== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25533== by 0x437542: output_packet (ffmpeg.c:1711)
==25533== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25533== by 0x4410DC: main (ffmpeg.c:4490)
==25533== Address 0x7685ca5 is not stack'd, malloc'd or (recently) free'd
==25533==
==25533== Invalid write of size 1
==25533== at 0x8DDF09: vqa_decode_frame (vqavideo.c:495)
==25533== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25533== by 0x437542: output_packet (ffmpeg.c:1711)
==25533== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25533== by 0x4410DC: main (ffmpeg.c:4490)
==25533== Address 0x7685ca6 is not stack'd, malloc'd or (recently) free'd
==25533==
==25533== Invalid write of size 1
==25533== at 0x8DDF22: vqa_decode_frame (vqavideo.c:496)
==25533== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25533== by 0x437542: output_packet (ffmpeg.c:1711)
==25533== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25533== by 0x4410DC: main (ffmpeg.c:4490)
==25533== Address 0x7685ca7 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009b4e15 in vqa_decode_chunk (s=0x2de92c0) at libavcodec/vqavideo.c:493
#0 0x00000000009b4e15 in vqa_decode_chunk (s=0x2de92c0) at libavcodec/vqavideo.c:493
#1 0x00000000009b52de in vqa_decode_frame (avctx=0x2dd88a0, data=0x7fff03eb12a0, data_size=0x7fff03eb141c, avpkt=0x7fff03eb1210) at libavcodec/vqavideo.c:576
#2 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2dd88a0, picture=0x7fff03eb12a0, got_picture_ptr=0x7fff03eb141c, avpkt=0x7fff03eb1210) at libavcodec/utils.c:769
#3 0x000000000040a00c in output_packet (ist=0x2ddee30, ist_index=0, ost_table=0x2de86d0, nb_ostreams=2, pkt=0x7fff03eb2770) at ffmpeg.c:1711
#4 0x000000000040d918 in transcode (output_files=0x2dab520, nb_output_files=1, input_files=0x2db1d50, nb_input_files=1) at ffmpeg.c:2576
#5 0x0000000000413b26 in main (argc=8, argv=0x7fff03eb2ae8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-mad/NFS6LogoE.mad" | zzuf -r0.0001:0.02 -b8- -s36
# Valgrind
==25992== Invalid read of size 1
==25992== at 0x65FE88: decode_frame (eamad.c:80)
==25992== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25992== by 0x437542: output_packet (ffmpeg.c:1711)
==25992== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25992== by 0x4410DC: main (ffmpeg.c:4490)
==25992== Address 0x7491ea0 is 192 bytes inside a block of size 31,171 free'd
==25992== at 0x4C240FD: free (vg_replace_malloc.c:366)
==25992== by 0x874C90: av_fast_malloc (utils.c:74)
==25992== by 0x65F604: decode_frame (eamad.c:279)
==25992== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==25992== by 0x437542: output_packet (ffmpeg.c:1711)
==25992== by 0x43AE4E: transcode (ffmpeg.c:2576)
==25992== by 0x4410DC: main (ffmpeg.c:4490)
[ ... ]
# Backtrace
#0 0x0000000000612f70 in comp (
#0 0x0000000000612f70 in comp (
#1 0x00000000006130c7 in comp_block (t=0x286f680, mb_x=0, mb_y=59, j=0, mv_x=-14, mv_y=9, add=0) at libavcodec/eamad.c:88
#2 0x0000000000613932 in decode_mb (t=0x286f680, inter=1) at libavcodec/eamad.c:208
#3 0x0000000000613ee9 in decode_frame (avctx=0x2894200, data=0x7fff483b6600, data_size=0x7fff483b677c, avpkt=0x7fff483b6570) at libavcodec/eamad.c:287
#4 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2894200, picture=0x7fff483b6600, got_picture_ptr=0x7fff483b677c, avpkt=0x7fff483b6570) at libavcodec/utils.c:769
#5 0x000000000040a00c in output_packet (ist=0x28980b0, ist_index=0, ost_table=0x2898f50, nb_ostreams=1, pkt=0x7fff483b7ad0) at ffmpeg.c:1711
#6 0x000000000040d918 in transcode (output_files=0x2899390, nb_output_files=1, input_files=0x2898110, nb_input_files=1) at ffmpeg.c:2576
#7 0x0000000000413b26 in main (argc=8, argv=0x7fff483b7e48) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/ea-mad/xeasport.mad" | zzuf -r0.0001:0.02 -b8- -s36
# Backtrace
#0 0x0000000000ba0ad4 in yuv2yuvX_MMX2 (c=0x2908dc0, lumFilter=0x2911600, lumSrc=0x2894370, lumFilterSize=2, chrFilter=0x2894440, chrUSrc=0x2894060, chrVSrc=0x2894c80, chrFilterSize=0, alpSrc=0x0, dest=0x7fffaac88730, dstW=512,
#0 0x0000000000ba0ad4 in yuv2yuvX_MMX2 (c=0x2908dc0, lumFilter=0x2911600, lumSrc=0x2894370, lumFilterSize=2, chrFilter=0x2894440, chrUSrc=0x2894060, chrVSrc=0x2894c80, chrFilterSize=0, alpSrc=0x0, dest=0x7fffaac88730, dstW=512,
#1 0x0000000000b91c8c in swScale (c=0x2908dc0, src=0x7fffaac88b50, srcStride=0x7fffaac88b20, srcSliceY=0, srcSliceH=4, dst=0x7fffaac88b30, dstStride=0x7fffaac88b10) at libswscale/swscale.c:2731
#2 0x0000000000b27f4c in sws_scale (c=0x2908dc0, srcSlice=0x7fffaac88c30, srcStride=0x7fffaac88c00, srcSliceY=0, srcSliceH=4, dst=0x7fffaac88c10, dstStride=0x7fffaac88bf0) at libswscale/swscale_unscaled.c:807
#3 0x0000000000436074 in scale_slice (link=0x28b44a0, sws=0x2908dc0, y=0, h=4, mul=1, field=0) at libavfilter/vf_scale.c:303
#4 0x00000000004361f3 in draw_slice (link=0x28b44a0, y=0, h=4, slice_dir=1) at libavfilter/vf_scale.c:320
#5 0x0000000000420e07 in avfilter_draw_slice (link=0x28b44a0, y=0, h=4, slice_dir=1) at libavfilter/avfilter.c:633
#6 0x000000000043c100 in request_frame (link=0x28b44a0) at libavfilter/vsrc_buffer.c:191
#7 0x000000000042070b in avfilter_request_frame (link=0x28b44a0) at libavfilter/avfilter.c:515
#8 0x0000000000420738 in avfilter_request_frame (link=0x28944c0) at libavfilter/avfilter.c:517
#9 0x0000000000425021 in av_buffersink_get_buffer_ref (ctx=0x28b4040, bufref=0x28b9058, flags=0) at libavfilter/sink_buffer.c:128
#10 0x000000000040a83c in output_packet (ist=0x28b9830, ist_index=0, ost_table=0x28b8e20, nb_ostreams=1, pkt=0x7fffaac8a5f0) at ffmpeg.c:1825
#11 0x000000000040d918 in transcode (output_files=0x28b9260, nb_output_files=1, input_files=0x28b9890, nb_input_files=1) at ffmpeg.c:2576
#12 0x0000000000413b26 in main (argc=8, argv=0x7fffaac8a968) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/4xm/version2.4xm" | zzuf -r0.0001:0.02 -b8- -s46
# Valgrind
==27955== Invalid read of size 2
==27955== at 0x97CF18: decode_frame (bytestream.h:47)
==27955== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==27955== by 0x437542: output_packet (ffmpeg.c:1711)
==27955== by 0x43AE4E: transcode (ffmpeg.c:2576)
==27955== by 0x4410DC: main (ffmpeg.c:4490)
==27955== Address 0x71416a0 is 0 bytes after a block of size 1,888 alloc'd
==27955== at 0x4C236B6: memalign (vg_replace_malloc.c:581)
==27955== by 0x4C2370F: posix_memalign (vg_replace_malloc.c:709)
==27955== by 0xA8CF94: av_malloc (mem.c:90)
==27955== by 0x55F32B: av_new_packet (avpacket.c:64)
==27955== by 0x5417D2: fourxm_read_packet (4xm.c:283)
==27955== by 0x5323B3: av_read_packet (utils.c:738)
==27955== by 0x5340A8: read_frame_internal (utils.c:1208)
==27955== by 0x53529A: avformat_find_stream_info (utils.c:2385)
==27955== by 0x43D0C0: opt_input_file (ffmpeg.c:3211)
==27955== by 0x4419FE: parse_option (cmdutils.c:265)
==27955== by 0x441B7B: parse_options (cmdutils.c:298)
==27955== by 0x441006: main (ffmpeg.c:4470)
# Backtrace
#0 0x0000000000a3b42e in bytestream_get_le16 (f=0x264cf80, buf=0x2689002 <Address 0x2689002 out of bounds>, length=1860) at libavcodec/bytestream.h:47
#0 0x0000000000a3b42e in bytestream_get_le16 (f=0x264cf80, buf=0x2689002 <Address 0x2689002 out of bounds>, length=1860) at libavcodec/bytestream.h:47
#1 decode_i2_frame (f=0x264cf80, buf=0x2689002 <Address 0x2689002 out of bounds>, length=1860) at libavcodec/4xm.c:630
#2 0x0000000000a3c198 in decode_frame (avctx=0x266f9c0, data=0x7fff7f6c1680, data_size=0x7fff7f6c17fc, avpkt=0x7fff7f6c15f0) at libavcodec/4xm.c:784
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x266f9c0, picture=0x7fff7f6c1680, got_picture_ptr=0x7fff7f6c17fc, avpkt=0x7fff7f6c15f0) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x2675350, ist_index=0, ost_table=0x2670ea0, nb_ostreams=2, pkt=0x7fff7f6c2b50) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x2675930, nb_output_files=1, input_files=0x2674b90, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7fff7f6c2ec8) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/bink/binkaudio_dct.bik" | zzuf -r0.0001:0.02 -b8- -s45
# Valgrind
==28644== Conditional jump or move depends on uninitialised value(s)
==28644== at 0x563758: bink_decode_plane (bink.c:987)
==28644== by 0x5655C7: decode_frame (bink.c:1188)
==28644== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==28644== by 0x437542: output_packet (ffmpeg.c:1711)
==28644== by 0x43AE4E: transcode (ffmpeg.c:2576)
==28644== by 0x4410DC: main (ffmpeg.c:4490)
==28644==
==28644== Conditional jump or move depends on uninitialised value(s)
==28644== at 0x563761: bink_decode_plane (bink.c:993)
==28644== by 0x5655C7: decode_frame (bink.c:1188)
==28644== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==28644== by 0x437542: output_packet (ffmpeg.c:1711)
==28644== by 0x43AE4E: transcode (ffmpeg.c:2576)
==28644== by 0x4410DC: main (ffmpeg.c:4490)
==28644==
==28644== Use of uninitialised value of size 8
==28644== at 0x563F83: bink_decode_plane (bink.c:993)
==28644== by 0x5655C7: decode_frame (bink.c:1188)
==28644== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==28644== by 0x437542: output_packet (ffmpeg.c:1711)
==28644== by 0x43AE4E: transcode (ffmpeg.c:2576)
==28644== by 0x4410DC: main (ffmpeg.c:4490)
==28644==
==28644== Invalid read of size 8
==28644== at 0x8F6028: put_pixels8_mmx (dsputil_mmx.c:393)
==28644== by 0x564AD0: bink_decode_plane (bink.c:995)
==28644== by 0x5655C7: decode_frame (bink.c:1188)
==28644== by 0x873B87: avcodec_decode_video2 (utils.c:769)
==28644== by 0x437542: output_packet (ffmpeg.c:1711)
==28644== by 0x43AE4E: transcode (ffmpeg.c:2576)
==28644== by 0x4410DC: main (ffmpeg.c:4490)
==28644== Address 0x33320 is not stack'd, malloc'd or (recently) free'd
# Backtrace
#0 0x00000000009d7f60 in put_pixels8_mmx (block=0x7fc8cd8abd70 '\020' <repeats 200 times>..., pixels=0x33320 <Address 0x33320 out of bounds>, line_size=672, h=8) at libavcodec/x86/dsputil_mmx.c:393
#0 0x00000000009d7f60 in put_pixels8_mmx (block=0x7fc8cd8abd70 '\020' <repeats 200 times>..., pixels=0x33320 <Address 0x33320 out of bounds>, line_size=672, h=8) at libavcodec/x86/dsputil_mmx.c:393
#1 0x000000000057c2e2 in bink_decode_plane (c=0x1c6f800, gb=0x7ffff459b070, plane_idx=0, is_chroma=0) at libavcodec/bink.c:995
#2 0x000000000057d281 in decode_frame (avctx=0x1c95cc0, data=0x7ffff459b3f0, data_size=0x7ffff459b56c, pkt=0x7ffff459b360) at libavcodec/bink.c:1188
#3 0x0000000000927825 in avcodec_decode_video2 (avctx=0x1c95cc0, picture=0x7ffff459b3f0, got_picture_ptr=0x7ffff459b56c, avpkt=0x7ffff459b360) at libavcodec/utils.c:769
#4 0x000000000040a00c in output_packet (ist=0x1c96450, ist_index=0, ost_table=0x1ca9330, nb_ostreams=2, pkt=0x7ffff459c8c0) at ffmpeg.c:1711
#5 0x000000000040d918 in transcode (output_files=0x1c94310, nb_output_files=1, input_files=0x1c9b8f0, nb_input_files=1) at ffmpeg.c:2576
#6 0x0000000000413b26 in main (argc=8, argv=0x7ffff459cc38) at ffmpeg.c:4529
cat "/mnt/linux/src/lib/ffmpeg/fate-suite/h264/interlaced_crop.mp4" | zzuf -r0.0001:0.02 -b8- -s45
# Backtrace
#0 0x00000000009f0fd4 in put_h264_qpel8_h_lowpass_ssse3 (
#0 0x00000000009f0fd4 in put_h264_qpel8_h_lowpass_ssse3 (
#1 0x00000000009f1093 in put_h264_qpel16_h_lowpass_ssse3 (
#2 0x00000000009f8791 in put_h264_qpel16_mc20_ssse3 (
#3 0x000000000065e62e in mc_dir_part (h=0x2f40fc0, pic=0x2f69868, n=0, square=1, chroma_height=8, delta=0, list=0,
#4 0x000000000065eeec in mc_part_std (h=0x2f40fc0, n=0, square=1, chroma_height=8, delta=0,
#5 0x000000000065fd36 in mc_part (h=0x2f40fc0, n=0, square=1, chroma_height=8, delta=0,
#6 0x000000000067c763 in hl_motion (h=0x2f40fc0) at libavcodec/h264.c:696
#7 hl_decode_mb_internal (h=0x2f40fc0) at libavcodec/h264.c:1900
#8 hl_decode_mb_complex (h=0x2f40fc0) at libavcodec/h264.c:2076
#9 0x000000000068f03d in ff_h264_hl_decode_mb (h=0x2f40fc0) at libavcodec/h264.c:2099
#10 0x0000000000a940f0 in decode_mb (s=0x2f40fc0, ref=4) at libavcodec/error_resilience.c:59
#11 0x0000000000a96be7 in guess_mv (s=0x2f40fc0) at libavcodec/error_resilience.c:584
#12 0x0000000000a98d5d in ff_er_frame_end (s=0x2f40fc0) at libavcodec/error_resilience.c:1066
#13 0x00000000006903d4 in field_end (h=0x2f40fc0, in_setup=0) at libavcodec/h264.c:2418
#14 0x0000000000698d39 in decode_frame (avctx=0x2f28680, data=0x7fffd85d9820, data_size=0x7fffd85d999c, avpkt=0x7fffd85d9790) at libavcodec/h264.c:3901
#15 0x0000000000927825 in avcodec_decode_video2 (avctx=0x2f28680, picture=0x7fffd85d9820, got_picture_ptr=0x7fffd85d999c, avpkt=0x7fffd85d9790) at libavcodec/utils.c:769
#16 0x000000000040a00c in output_packet (ist=0x2f25f60, ist_index=0, ost_table=0x2f27c00, nb_ostreams=1, pkt=0x7fffd85dacf0) at ffmpeg.c:1711
#17 0x000000000040d918 in transcode (output_files=0x2f261e0, nb_output_files=1, input_files=0x2f29190, nb_input_files=1) at ffmpeg.c:2576
#18 0x0000000000413b26 in main (argc=8, argv=0x7fffd85db068) at ffmpeg.c:4529
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ffmpeg-fuzz.patch
Type: text/x-diff
Size: 1736 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110912/0085f16e/attachment.bin>
More information about the ffmpeg-devel
mailing list