[FFmpeg-devel] [PATCH 6/8] lavfi/vf_scale: convert to the frame-based sws API

James Almer jamrial at gmail.com
Mon Jul 12 23:21:10 EEST 2021 

On 7/12/2021 4:39 PM, Michael Niedermayer wrote:
> On Mon, Jul 12, 2021 at 01:07:07PM +0200, Anton Khirnov wrote:
>> ---
>>   libavfilter/vf_scale.c | 73 ++++++++++++++++++++++++++++--------------
>>   1 file changed, 49 insertions(+), 24 deletions(-)
> 
> crashes:
> 
>   ./ffmpeg  -i ~/tickets/5264/gbrap16.tif -vf format=yuva444p,scale=alphablend=checkerboard,format=yuv420p -y file.png
> 
>   Stream mapping:
>    Stream #0:0 -> #0:0 (tiff (native) -> png (native))
> Press [q] to stop, [?] for help
> ==19419== Invalid read of size 4
> ==19419==    at 0x1223964: av_frame_ref (frame.c:330)
> ==19419==    by 0x1190B34: sws_frame_start (swscale.c:1069)
> ==19419==    by 0x1190EA4: sws_scale_frame (swscale.c:1153)
> ==19419==    by 0x3E7493: scale_frame (vf_scale.c:821)
> ==19419==    by 0x3E752D: filter_frame (vf_scale.c:837)
> ==19419==    by 0x29B314: ff_filter_frame_framed (avfilter.c:969)
> ==19419==    by 0x29BBCF: ff_filter_frame_to_filter (avfilter.c:1117)
> ==19419==    by 0x29BDDF: ff_filter_activate_default (avfilter.c:1166)
> ==19419==    by 0x29C003: ff_filter_activate (avfilter.c:1324)
> ==19419==    by 0x2A0EBB: ff_filter_graph_run_once (avfiltergraph.c:1400)
> ==19419==    by 0x2A2139: push_frame (buffersrc.c:157)
> ==19419==    by 0x2A26B6: av_buffersrc_add_frame_flags (buffersrc.c:225)
> ==19419==    by 0x24FC90: ifilter_send_frame (ffmpeg.c:2241)
> ==19419==    by 0x24FF72: send_frame_to_filters (ffmpeg.c:2315)
> ==19419==    by 0x250D26: decode_video (ffmpeg.c:2512)
> ==19419==    by 0x2517BA: process_input_packet (ffmpeg.c:2674)
> ==19419==    by 0x25799F: process_input (ffmpeg.c:4403)
> ==19419==    by 0x2599A4: transcode_step (ffmpeg.c:4758)
> ==19419==    by 0x259B0C: transcode (ffmpeg.c:4812)
> ==19419==    by 0x25A470: main (ffmpeg.c:5017)
> ==19419==  Address 0x68 is not stack'd, malloc'd or (recently) free'd
> ==19419==
> ==19419==

Both c->frame_src and c->frame_dst need to be allocated earlier in 
sws_init_context(). There seem to be some cases where that function will 
return early with a success code.

More information about the ffmpeg-devel mailing list