New submission from twk <[email protected]>:
I have an app that decodes mp3s using libav (built from the 0.6 release) on
win32. It was
crashing when decoding a particular mp3 under Application Verifier on Windows,
so I checked out
the latest source and built a debug version on linux, then ran it under
valgrind. I've uploaded
the file to 25157-valgrind-err on the ftp server.
Here is the output from a debug version (with optimizations enabled I get a
different, but less
useful error):
@dev:~/tmp/ffmpeg$ valgrind ./ffmpeg -y -i sample.mp3 out.wav
==26866== Memcheck, a memory error detector.
==26866== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==26866== Using LibVEX rev 1854, a library for dynamic binary translation.
==26866== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==26866== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation
framework.
==26866== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==26866== For more details, rerun with: -v
==26866==
FFmpeg version SVN-r25157, Copyright (c) 2000-2010 the FFmpeg developers
built on Sep 22 2010 10:46:00 with gcc 4.3.2
configuration: --enable-debug --disable-stripping --disable-optimizations
libavutil 50.27. 0 / 50.27. 0
libavcore 0. 9. 0 / 0. 9. 0
libavcodec 52.89. 0 / 52.89. 0
libavformat 52.78. 5 / 52.78. 5
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.39. 0 / 1.39. 0
libswscale 0.11. 0 / 0.11. 0
[mp3 @ 0x5839790] max_analyze_duration reached
[mp3 @ 0x5839790] max_analyze_duration reached
[mp3 @ 0x5839790] Estimating duration from bitrate, this may be inaccurate
Input #0, mp3, from 'sample.mp3':
Metadata:
<snip>
Duration: 00:03:04.06, start: 0.000000, bitrate: 128 kb/s
Stream #0.0: Audio: mp3, 44100 Hz, 2 channels, s16, 128 kb/s
Output #0, wav, to 'out.wav':
Metadata:
encoder : Lavf52.78.5
Stream #0.0: Audio: pcm_s16le, 44100 Hz, 2 channels, s16, 1411 kb/s
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop encoding
[mp3 @ 0x584c5b0] Header missingte=1408.1kbits/s
Error while decoding stream #0.0
[mp3 @ 0x584c5b0] big_values too big
Last message repeated 2144 times410.4kbits/s
[mp3 @ 0x584c5b0] invalid new backstep -501
==26866== Invalid read of size 4
==26866== at 0x651145: skip_bits (get_bits.h:388)
==26866== by 0x65119D: align_get_bits (get_bits.h:501)
==26866== by 0x650F2C: mp_decode_frame (mpegaudiodec.c:1995)
==26866== by 0x65136F: decode_frame (mpegaudiodec.c:2074)
==26866== by 0x71B80A: avcodec_decode_audio3 (utils.c:659)
==26866== by 0x407AC1: output_packet (ffmpeg.c:1565)
==26866== by 0x40BC9D: transcode (ffmpeg.c:2609)
==26866== by 0x4100BE: main (ffmpeg.c:4336)
==26866== Address 0x58accd3 is not stack'd, malloc'd or (recently) free'd
Looking at the mp3 in a hex editor, it is obviously corrupt, but it would be
nice if the
libraries didn't crash when decoding it.
----------
messages: 12000
priority: normal
status: new
substatus: new
title: Valgrind invalid read decoding mp3
type: bug
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2240>
________________________________________________
