[FFmpeg-devel] [PATCH] avcodec/cfhd: Make sure we have an end ofheader tag before allocating a frame.

Piotr Bandurski ami_stuff at o2.pl
Mon Feb 1 14:21:38 CET 2016


> > Fixes tickets #5208 and #5209

Hmm, something strange happens here. I get crash only without valgrind (32-bit build):

aaa at aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
==13424== Memcheck, a memory error detector
==13424== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==13424== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==13424== Command: ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x838095E: av_clip_uintp2_c (common.h:231)
==13424==    by 0x838095E: filter (cfhd.c:113)
==13424==    by 0x838095E: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x838095E: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x838099D: av_clip_uintp2_c (common.h:231)
==13424==    by 0x838099D: filter (cfhd.c:118)
==13424==    by 0x838099D: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x838099D: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x8381329: av_clip_uintp2_c (common.h:231)
==13424==    by 0x8381329: filter (cfhd.c:103)
==13424==    by 0x8381329: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x8381329: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x8381376: av_clip_uintp2_c (common.h:231)
==13424==    by 0x8381376: filter (cfhd.c:108)
==13424==    by 0x8381376: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x8381376: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x83813C3: av_clip_uintp2_c (common.h:231)
==13424==    by 0x83813C3: filter (cfhd.c:93)
==13424==    by 0x83813C3: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x83813C3: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== Conditional jump or move depends on uninitialised value(s)
==13424==    at 0x8381404: av_clip_uintp2_c (common.h:231)
==13424==    by 0x8381404: filter (cfhd.c:98)
==13424==    by 0x8381404: horiz_filter_clip (cfhd.c:130)
==13424==    by 0x8381404: cfhd_decode (cfhd.c:715)
==13424==    by 0x8717EE5: avcodec_decode_video2 (utils.c:2125)
==13424==    by 0x80D8D7E: decode_video (ffmpeg.c:2075)
==13424==    by 0x80E15A5: process_input_packet (ffmpeg.c:2324)
==13424==    by 0x80E15A5: process_input (ffmpeg.c:3986)
==13424==    by 0x80E413F: transcode_step (ffmpeg.c:4074)
==13424==    by 0x80E413F: transcode (ffmpeg.c:4128)
==13424==    by 0x80C1754: main (ffmpeg.c:4319)
==13424== 
==13424== 
==13424== HEAP SUMMARY:
==13424==     in use at exit: 0 bytes in 0 blocks
==13424==   total heap usage: 2,477 allocs, 2,477 frees, 285,043,695 bytes allocated
==13424== 
==13424== All heap blocks were freed -- no leaks are possible
==13424== 
==13424== For counts of detected and suppressed errors, rerun with: -v
==13424== Use --track-origins=yes to see where uninitialised values come from
==13424== ERROR SUMMARY: 4188 errors from 6 contexts (suppressed: 0 from 0)
aaa at aaa-VirtualBox /media/sdb1 $ ffmpeg/ffmpeg_g -loglevel -1 -threads 1 -i 3_fuzz.avi -f null -
Segmentation fault
aaa at aaa-VirtualBox /media/sdb1 $ 





(gdb) r -threads 1 -i 3_fuzz.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
  configuration: --disable-ffprobe --disable-ffserver --disable-ffplay --enable-gpl
  libavutil      55. 16.101 / 55. 16.101
  libavcodec     57. 24.101 / 57. 24.101
  libavformat    57. 23.101 / 57. 23.101
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 28.100 /  6. 28.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[cfhd @ 0x9655dc0] Too many lowpass coefficients
Input #0, avi, from '3_fuzz.avi':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Adobe Premiere Pro CC 2015 (Windows)
  Duration: 00:00:00.00, start: 0.000000, bitrate: 1240878840 kb/s
    Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc), 720x480, 2145368.28 fps, 2145368.28 tbr, 2145368.28 tbn, 2145368.28 tbc
[New Thread 0xb7daeb40 (LWP 13190)]
[New Thread 0xb75adb40 (LWP 13191)]
[New Thread 0xb6dacb40 (LWP 13192)]
[New Thread 0xb65abb40 (LWP 13193)]
[New Thread 0xb5daab40 (LWP 13194)]
Output #0, null, to 'pipe:':
  Metadata:
    date            : 2016-01-23T13:45:31+01:00
    encoder         : Lavf57.23.101
    Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480, q=2-31, 200 kb/s, 2145368.28 fps, 2145368.28 tbn, 2145368.28 tbc
    Metadata:
      encoder         : Lavc57.24.101 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid bits per channel
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 2 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 74 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 36 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 3598 is unsupported
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Sample format of 259 is unsupported
[cfhd @ 0x9657e20]  is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Invalid lowpass width
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Subband Count of 4132 is unsupported
[cfhd @ 0x9657e20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Channel Count of 16387 is unsupported
[cfhd @ 0x9657e20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9657e20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument

Program received signal SIGSEGV, Segmentation fault.
0x08381a7d in filter (clip=<optimized out>, len=<optimized out>, 
    high_stride=<optimized out>, high=<optimized out>, 
    low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
91	            output[(2*i+0)*out_stride] = (tmp + high[0*high_stride]) >> 1;
(gdb) bt
#0  0x08381a7d in filter (clip=<optimized out>, len=<optimized out>, 
    high_stride=<optimized out>, high=<optimized out>, 
    low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>) at libavcodec/cfhd.c:91
#1  vert_filter (len=<optimized out>, high_stride=<optimized out>, 
    high=<optimized out>, low_stride=<optimized out>, low=<optimized out>, 
    out_stride=<optimized out>, output=<optimized out>)
    at libavcodec/cfhd.c:136
#2  cfhd_decode (avctx=0x9657e20, data=0x9672ae0, got_frame=0xbfffe330, 
    avpkt=0xbfffe0ec) at libavcodec/cfhd.c:600
#3  0x08717ee6 in avcodec_decode_video2 (avctx=0x9657e20, 
    picture=picture at entry=0x9672ae0, 
    got_picture_ptr=got_picture_ptr at entry=0xbfffe330, 
    avpkt=avpkt at entry=0xbfffe378) at libavcodec/utils.c:2125
#4  0x080d8d7f in decode_video (ist=ist at entry=0x9657740, 
    pkt=pkt at entry=0xbfffe378, got_output=got_output at entry=0xbfffe330)
    at ffmpeg.c:2075
#5  0x080e15a6 in process_input_packet (no_eof=0, pkt=0xbfffe334, 
    ist=0x9657740) at ffmpeg.c:2324
#6  process_input (file_index=<optimized out>) at ffmpeg.c:3986
#7  0x080e4140 in transcode_step () at ffmpeg.c:4074
#8  transcode () at ffmpeg.c:4128
#9  0x080c1755 in main (argc=<optimized out>, argv=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at ffmpeg.c:4319
(gdb) 



More information about the ffmpeg-devel mailing list