[FFmpeg-trac] #2903(avcodec:open): png: invalid write
FFmpeg
trac at avcodec.org
Fri Aug 30 02:56:34 CEST 2013
#2903: png: invalid write
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: png | Blocked By:
regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avcodec
* priority: normal => important
* version: unspecified => git-master
* keywords: => png regression
Comment:
Regression since dd1d29b
{{{
$ valgrind ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==26607== Memcheck, a memory error detector
==26607== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26607== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==26607== Command: ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==26607==
ffmpeg version N-55890-g259292f Copyright (c) 2000-2013 the FFmpeg
developers
built on Aug 30 2013 02:55:25 with gcc 4.7 (SUSE Linux)
configuration: --disable-indev=jack --disable-asm --disable-
optimizations
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 15.100 / 55. 15.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 20:33:27
Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR
2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc
(default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf55.15.100
Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127
[SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x735aa50] inflate returned error -3
[png @ 0x735bdf0] chunk too big
[null @ 0x7282200] Encoder did not produce proper pts, making some up.
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735bdf0] chunk too big
[png @ 0x735d190] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735aa50] inflate returned error -3
[png @ 0x7359f30] inflate returned error -3
[png @ 0x735d190] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 1 times
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735aa50] chunk too big
[png @ 0x7359f30] inflate returned error -3
[png @ 0x735bdf0] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x735d190] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==26607== Thread 12:eated 1 times
==26607== Invalid write of size 4
==26607== at 0x4C2D4FF: memset (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0xA58420: av_fast_padded_mallocz (utils.c:125)
==26607== by 0x98BC4A: decode_frame (pngdec.c:672)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607== Address 0x74478d4 is 564 bytes inside a block of size 567
alloc'd
==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0xD1FBFD: av_malloc (mem.c:93)
==26607== by 0x98BC89: decode_frame (pngdec.c:677)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
==26607== Invalid read of size 1
==26607== at 0x9890C8: ff_add_png_paeth_prediction (pngdec.c:170)
==26607== by 0x989B93: png_filter_row (pngdec.c:260)
==26607== by 0x989DF0: png_handle_row (pngdec.c:297)
==26607== by 0x98A35A: png_decode_idat (pngdec.c:381)
==26607== by 0x98BD5C: decode_frame (pngdec.c:692)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607== Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd
==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0xD1FBFD: av_malloc (mem.c:93)
==26607== by 0x98BC89: decode_frame (pngdec.c:677)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
==26607== Invalid read of size 1
==26607== at 0x9890E7: ff_add_png_paeth_prediction (pngdec.c:171)
==26607== by 0x989B93: png_filter_row (pngdec.c:260)
==26607== by 0x989DF0: png_handle_row (pngdec.c:297)
==26607== by 0x98A35A: png_decode_idat (pngdec.c:381)
==26607== by 0x98BD5C: decode_frame (pngdec.c:692)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607== Address 0x74478d7 is 0 bytes after a block of size 567 alloc'd
==26607== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==26607== by 0xD1FBFD: av_malloc (mem.c:93)
==26607== by 0x98BC89: decode_frame (pngdec.c:677)
==26607== by 0x99CDB0: frame_worker_thread (pthread.c:339)
==26607== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==26607==
Last message repeated 2 times
frame= 143 fps= 31 q=0.0 Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11
drop=0
video:13kB audio:0kB subtitle:0 global headers:0kB muxing overhead
-100.160256%
==26607==
==26607== HEAP SUMMARY:
==26607== in use at exit: 0 bytes in 0 blocks
==26607== total heap usage: 6,033 allocs, 6,033 frees, 13,476,472 bytes
allocated
==26607==
==26607== All heap blocks were freed -- no leaks are possible
==26607==
==26607== For counts of detected and suppressed errors, rerun with: -v
==26607== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 2 from
2)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2903#comment:5>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list