[FFmpeg-trac] #3190(avfilter:new): vf_pad/ff_fill_rectangle corrupts memory and crashes

FFmpeg trac at avcodec.org
Mon Dec 2 21:58:19 CET 2013 

#3190: vf_pad/ff_fill_rectangle corrupts memory and crashes
----------------------------------+--------------------------------------
             Reporter:  MarkZV    |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avfilter  |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+--------------------------------------
 Memory is corrupted by the followed command:
 {{{
 $ ffmpeg -f lavfi -i smptehdbars -vf
 "pad=320:960:0:240,crop=w=320:h=240:x=0:y=if(lt(t\,0)\,240\,if(lt(t\,2)\,240-64*t\,112)),pad=320:1080:0:120"
 -f null -t 2.5 -
 ffmpeg version N-58712-ga6c455c Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Dec  2 2013 12:01:53 with gcc 4.8.2 (MacPots gcc48 4.8.2_0)
   configuration: --enable-swscale --enable-avfilter --cc=/opt/local/bin
 /gcc-mp-4.8 --arch=x86_64 --enable-yasm --enable-debug=3 --disable-
 optimizations --disable-stripping --assert-level=2 --enable-memory-
 poisoning
   libavutil      52. 56.100 / 52. 56.100
   libavcodec     55. 44.100 / 55. 44.100
   libavformat    55. 22.100 / 55. 22.100
   libavdevice    55.  5.102 / 55.  5.102
   libavfilter     3. 91.100 /  3. 91.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 17.104 /  0. 17.104
 Input #0, lavfi, from 'smptehdbars':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240
 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.22.100
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x1080
 [SAR 1:1 DAR 8:27], q=2-31, 200 kb/s, 90k tbn, 25 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (rawvideo -> rawvideo)
 Press [q] to stop, [?] for help
 Segmentation fault
 $
 }}}

 {{{
 Program received signal EXC_BAD_ACCESS, Could not access memory.
 Reason: KERN_INVALID_ADDRESS at address: 0x0000000101ad2000
 0x00007fffffe008b7 in __memcpy ()
 (gdb) bt
 #0  0x00007fffffe008b7 in __memcpy ()
 #1  0x0000000100052b22 in __inline_memcpy_chk (__dest=0x101ad1f40,
 __src=0x101aaa800, __len=320) at secure/_string.h:58
 #2  0x0000000100054026 in ff_fill_rectangle (draw=0x102b00408,
 color=0x102b00438, dst=0x102b02ca0, dst_linesize=0x102b02ce0, dst_x=0,
 dst_y=360, w=320, h=720) at libavfilter/drawutils.c:276
 #3  0x000000010008a95d in filter_frame (inlink=0x102b00ac0,
 in=0x102b02ca0) at libavfilter/vf_pad.c:330
 #4  0x000000010004bf45 in ff_filter_frame_framed (link=0x102b00ac0,
 frame=0x102b02ca0) at libavfilter/avfilter.c:1072
 #5  0x000000010004c49f in ff_filter_frame (link=0x102b00ac0,
 frame=0x102b02ca0) at libavfilter/avfilter.c:1147
 #6  0x000000010006b733 in filter_frame (link=0x102b00780,
 frame=0x102b02ca0) at libavfilter/vf_crop.c:297
 #7  0x000000010004bf45 in ff_filter_frame_framed (link=0x102b00780,
 frame=0x102b02ca0) at libavfilter/avfilter.c:1072
 #8  0x000000010004c49f in ff_filter_frame (link=0x102b00780,
 frame=0x102b02ca0) at libavfilter/avfilter.c:1147
 #9  0x000000010008aae1 in filter_frame (inlink=0x102b00e20, in=0x0) at
 libavfilter/vf_pad.c:355
 #10 0x000000010004bf45 in ff_filter_frame_framed (link=0x102b00e20,
 frame=0x102b02a00) at libavfilter/avfilter.c:1072
 #11 0x000000010004c49f in ff_filter_frame (link=0x102b00e20,
 frame=0x102b02a00) at libavfilter/avfilter.c:1147
 #12 0x0000000100052aa0 in request_frame (link=0x102b00e20) at
 libavfilter/buffersrc.c:491
 #13 0x0000000100051e52 in av_buffersrc_add_frame_internal
 (ctx=0x102b00d00, frame=0x102b024e0, flags=4) at
 libavfilter/buffersrc.c:170
 #14 0x0000000100051b73 in av_buffersrc_add_frame_flags (ctx=0x102b00d00,
 frame=0x102b024e0, flags=4) at libavfilter/buffersrc.c:107
 #15 0x000000010001cdfa in decode_video (ist=0x1028010c0,
 pkt=0x7fff5fbfeba0, got_output=0x7fff5fbfec0c) at ffmpeg.c:1778
 #16 0x000000010001d63b in output_packet (ist=0x1028010c0,
 pkt=0x7fff5fbfed90) at ffmpeg.c:1908
 #17 0x0000000100022f3e in process_input (file_index=0) at ffmpeg.c:3216
 #18 0x00000001000232a2 in transcode_step () at ffmpeg.c:3312
 #19 0x00000001000233bc in transcode () at ffmpeg.c:3364
 #20 0x0000000100023908 in main (argc=12, argv=0x7fff5fbff278) at
 ffmpeg.c:3544
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3190>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list