[FFmpeg-devel] [PATCH] avcodec/cfhd: Make sure we have an end ofheader tag before allocating a frame.
Piotr Bandurski
ami_stuff at o2.pl
Mon Feb 1 14:21:38 CET 2016
> > Fixes tickets #5208 and #5209
Hmm, something strange happens here. I get crash only without valgrind (32-bit build):
aaa at aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
==13424== Memcheck, a memory error detector
==13424== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==13424== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==13424== Command: ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x838095E: av_clip_uintp2_c (common.h:231)
==13424== by 0x838095E: filter (cfhd.c:113)
==13424== by 0x838095E: horiz_filter_clip (cfhd.c:130)
==13424== by 0x838095E: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x838099D: av_clip_uintp2_c (common.h:231)
==13424== by 0x838099D: filter (cfhd.c:118)
==13424== by 0x838099D: horiz_filter_clip (cfhd.c:130)
==13424== by 0x838099D: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x8381329: av_clip_uintp2_c (common.h:231)
==13424== by 0x8381329: filter (cfhd.c:103)
==13424== by 0x8381329: horiz_filter_clip (cfhd.c:130)
==13424== by 0x8381329: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x8381376: av_clip_uintp2_c (common.h:231)
==13424== by 0x8381376: filter (cfhd.c:108)
==13424== by 0x8381376: horiz_filter_clip (cfhd.c:130)
==13424== by 0x8381376: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x83813C3: av_clip_uintp2_c (common.h:231)
==13424== by 0x83813C3: filter (cfhd.c:93)
==13424== by 0x83813C3: horiz_filter_clip (cfhd.c:130)
==13424== by 0x83813C3: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424== Conditional jump or move depends on uninitialised value(s)
==13424== at 0x8381404: av_clip_uintp2_c (common.h:231)
==13424== by 0x8381404: filter (cfhd.c:98)
==13424== by 0x8381404: horiz_filter_clip (cfhd.c:130)
==13424== by 0x8381404: cfhd_decode (cfhd.c:715)
==13424== by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424== by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424== by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424== by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424== by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424== by 0x80E413F: transcode (ffmpeg.c:4128)
==13424== by 0x80C1754: main (ffmpeg.c:4319)
==13424==
==13424==
==13424== HEAP SUMMARY:
==13424== in use at exit: 0 bytes in 0 blocks
==13424== total heap usage: 2,477 allocs, 2,477 frees, 285,043,695 bytes allocated
==13424==
==13424== All heap blocks were freed -- no leaks are possible
==13424==
==13424== For counts of detected and suppressed errors, rerun with: -v
==13424== Use --track-origins=yes to see where uninitialised values come from
==13424== ERROR SUMMARY: 4188 errors from 6 contexts (suppressed: 0 from 0)
aaa at aaa-VirtualBox /media/sdb1 $ ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
Segmentation fault
aaa at aaa-VirtualBox /media/sdb1 $
(gdb) r -threads 1 -i 3_fuzz.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
configuration: --disable-ffprobe --disable-ffserver --disable-ffplay --enable-gpl
libavutil 55. 16.101 / 55. 16.101
libavcodec 57. 24.101 / 57. 24.101
libavformat 57. 23.101 / 57. 23.101
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 28.100 / 6. 28.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
[cfhd @ 0x9655dc0] Too many lowpass coefficients
Input #0, avi, from '3_fuzz.avi':
Metadata:
date : 2016-01-23T13:45:31+01:00
encoder : Adobe Premiere Pro CC 2015 (Windows)
Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc), 720x480, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn, 2145368.28 tbc
[New Thread 0xb7daeb40 (LWP 13190)]
[New Thread 0xb75adb40 (LWP 13191)]
[New Thread 0xb6dacb40 (LWP 13192)]
[New Thread 0xb65abb40 (LWP 13193)]
[New Thread 0xb5daab40 (LWP 13194)]
Output #0, null, to 'pipe:':
Metadata:
date : 2016-01-23T13:45:31+01:00
encoder : Lavf57.23.101
Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480, q=2-31, 200 kb/s, 2145368.28 fps, 2145368.28 tbn, 2145368.28 tbc
Metadata:
encoder : Lavc57.24.101 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid bits per channel
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 2 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 74 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 3598 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Sample format of 259 is unsupported
[cfhd @ 0x9657e20] is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid lowpass width
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 4132 is unsupported
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 16387 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
Program received signal SIGSEGV, Segmentation fault.
0x08381a7d in filter (clip=<optimized out>, len=<optimized out>,
high_stride=<optimized out>, high=<optimized out>,
low_stride=<optimized out>, low=<optimized out>,
out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
91 output[(2*i+0)*out_stride] = (tmp + high[0*high_stride]) >> 1;
(gdb) bt
#0 0x08381a7d in filter (clip=<optimized out>, len=<optimized out>,
high_stride=<optimized out>, high=<optimized out>,
low_stride=<optimized out>, low=<optimized out>,
out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
#1 vert_filter (len=<optimized out>, high_stride=<optimized out>,
high=<optimized out>, low_stride=<optimized out>, low=<optimized out>,
out_stride=<optimized out>, output=<optimized out>)
at libavcodec/cfhd.c:136
#2 cfhd_decode (avctx=0x9657e20, data=0x9672ae0, got_frame=0xbfffe330,
avpkt=0xbfffe0ec) at libavcodec/cfhd.c:600
#3 0x08717ee6 in avcodec_decode_video2 (avctx=0x9657e20,
picture=picture at entry=0x9672ae0,
got_picture_ptr=got_picture_ptr at entry=0xbfffe330,
avpkt=avpkt at entry=0xbfffe378) at libavcodec/utils.c:2125
#4 0x080d8d7f in decode_video (ist=ist at entry=0x9657740,
pkt=pkt at entry=0xbfffe378, got_output=got_output at entry=0xbfffe330)
at ffmpeg.c:2075
#5 0x080e15a6 in process_input_packet (no_eof=0, pkt=0xbfffe334,
ist=0x9657740) at ffmpeg.c:2324
#6 process_input (file_index=<optimized out>) at ffmpeg.c:3986
#7 0x080e4140 in transcode_step () at ffmpeg.c:4074
#8 transcode () at ffmpeg.c:4128
#9 0x080c1755 in main (argc=<optimized out>, argv=<optimized out>)
---Type <return> to continue, or q <return> to quit---
at ffmpeg.c:4319
(gdb)
More information about the ffmpeg-devel
mailing list