New submission from twk <[email protected]>:
After noticing some crashes in my win32 app that decodes mp3s, I've isolated
the
problem on linux using Valgrind with the latest code from svn. My test source
and
output from valgrind & gdb are below. The sample file is attached to the bug.
Note
that I have a non-standard ./configure (I just need to decode a few formats).
I've changed ffmpeg.c to demonstrate this bug in the standard framework. Here
is my
main routine:
int main(int argc, char **argv)
{
int i;
int64_t ti;
avcodec_register_all();
#if CONFIG_AVDEVICE
avdevice_register_all();
#endif
#if CONFIG_AVFILTER
avfilter_register_all();
#endif
av_register_all();
for(i=0; i<AVMEDIA_TYPE_NB; i++){
avcodec_opts[i]= avcodec_alloc_context2(i);
}
avformat_opts = avformat_alloc_context();
sws_opts = sws_getContext(16,16,0, 16,16,0, sws_flags, NULL,NULL,NULL);
show_banner();
AVFormatContext* pFormatContext;
const char* path = "./av_info_stream_info.mp3";
int err;
if ((err = av_open_input_file(&pFormatContext, path, NULL, 0, NULL) ) == 0)
{
if ((err = av_find_stream_info(pFormatContext)) >= 0)
{
printf( "OK\n" );
}
else
{
printf( "av_find_stream_info failed, err %i\n", err );
}
}
else
{
printf( "av_open_input_file failed, err %i\n", err );
}
return 0;
}
Here is the valgrind/gdb output:
FFmpeg version SVN-r25157, Copyright (c) 2000-2010 the FFmpeg developers
built on Sep 22 2010 13:59:26 with gcc 4.3.2
configuration: --enable-memalign-hack --disable-everything
--enable-decoder=aac --
enable-parser=aac --enable-demuxer=mov --enable-decoder=mp3
--enable-parser=mpegaudio -
-enable-demuxer=mp3 --enable-protocol=file --enable-encoder=pcm_s16le --enable-
muxer=wav --disable-network --enable-debug --disable-stripping
--disable-optimizations
libavutil 50.27. 0 / 50.27. 0
libavcore 0. 9. 0 / 0. 9. 0
libavcodec 52.89. 0 / 52.89. 0
libavformat 52.78. 5 / 52.78. 5
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.39. 0 / 1.39. 0
libswscale 0.11. 0 / 0.11. 0
Format detected only with low score of 1, misdetection possible!
[mp3 @ 0x5a425f0] Header missing
==2046== Invalid read of size 4imes
==2046== at 0x4384C4: get_bits (get_bits.h:365)
==2046== by 0x43829F: mp_decode_layer1 (mpegaudiodec.c:943)
==2046== by 0x43C5CE: mp_decode_frame (mpegaudiodec.c:1971)
==2046== by 0x43CB8F: decode_frame (mpegaudiodec.c:2074)
==2046== by 0x444E0A: avcodec_decode_audio3 (utils.c:659)
==2046== by 0x427DC9: try_decode_frame (utils.c:2076)
==2046== by 0x428DED: av_find_stream_info (utils.c:2343)
==2046== by 0x40F11F: main (ffmpeg.c:4324)
==2046== Address 0x58cf9fd is 301 bytes inside a block of size 304 alloc'd
==2046== at 0x4C2260E: malloc (vg_replace_malloc.c:207)
==2046== by 0x5083AE: av_malloc (mem.c:76)
==2046== by 0x430625: av_dup_packet (avpacket.c:81)
==2046== by 0x4288B5: av_find_stream_info (utils.c:2288)
==2046== by 0x40F11F: main (ffmpeg.c:4324)
==2046==
==2046== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==2046== starting debugger with cmd: /usr/bin/gdb -nw /proc/2071/fd/49990 2071
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Attaching to program: /proc/2071/fd/49990, process 2071
Reading symbols from /usr/lib/valgrind/amd64-linux/vgpreload_core.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_core.so
Reading symbols from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x402bb30 (LWP 2046)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x00000000004384c4 in get_bits (s=0x5a4b0f8, n=16) at libavcodec/get_bits.h:365
365 UPDATE_CACHE(re, s)
(gdb) bt
#0 0x00000000004384c4 in get_bits (s=0x5a4b0f8, n=16) at
libavcodec/get_bits.h:365
#1 0x00000000004382a0 in mp_decode_layer1 (s=0x5a4acb0) at
libavcodec/mpegaudiodec.c:943
#2 0x000000000043c5cf in mp_decode_frame (s=0x5a4acb0, samples=0x6203ec0,
buf=0x58cf8e0
"yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\021
02yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02102yG\02
102yG\02102yG\02102yG\021, buf_size=280) at libavcodec/mpegaudiodec.c:1971
#3 0x000000000043cb90 in decode_frame (avctx=0x5a425f0, data=0x6203ec0,
data_size=0x7fefe3be0, avpkt=0x5a18b10)
at libavcodec/mpegaudiodec.c:2074
#4 0x0000000000444e0b in avcodec_decode_audio3 (avctx=0x5a425f0,
samples=0x6203ec0,
frame_size_ptr=0x7fefe3be0,
avpkt=0x5a18b10) at libavcodec/utils.c:659
#5 0x0000000000427dca in try_decode_frame (st=0x5a423a0, avpkt=0x5a18b10) at
libavformat/utils.c:2076
#6 0x0000000000428dee in av_find_stream_info (ic=0x5a41330) at
libavformat/utils.c:2343
#7 0x000000000040f120 in main (argc=1, argv=0x7ff000728) at ffmpeg.c:4324
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x4384a4 to 0x4384e4:
0x00000000004384a4 <get_bits+22>: mov %eax,-0x8(%rbp)
0x00000000004384a7 <get_bits+25>: movl $0x0,-0x4(%rbp)
0x00000000004384ae <get_bits+32>: mov -0x18(%rbp),%rax
0x00000000004384b2 <get_bits+36>: mov (%rax),%rax
0x00000000004384b5 <get_bits+39>: mov %rax,%rdx
0x00000000004384b8 <get_bits+42>: mov -0x8(%rbp),%eax
0x00000000004384bb <get_bits+45>: shr $0x3,%eax
0x00000000004384be <get_bits+48>: mov %eax,%eax
0x00000000004384c0 <get_bits+50>: lea (%rdx,%rax,1),%rax
0x00000000004384c4 <get_bits+54>: mov (%rax),%edi
0x00000000004384c6 <get_bits+56>: callq 0x4339e6 <av_bswap32>
0x00000000004384cb <get_bits+61>: mov %eax,%edx
0x00000000004384cd <get_bits+63>: mov -0x8(%rbp),%eax
0x00000000004384d0 <get_bits+66>: mov %eax,%ecx
0x00000000004384d2 <get_bits+68>: and $0x7,%ecx
0x00000000004384d5 <get_bits+71>: mov %edx,%eax
0x00000000004384d7 <get_bits+73>: shl %cl,%eax
0x00000000004384d9 <get_bits+75>: mov %eax,-0x4(%rbp)
0x00000000004384dc <get_bits+78>: mov -0x1c(%rbp),%eax
0x00000000004384df <get_bits+81>: movsbl %al,%esi
0x00000000004384e2 <get_bits+84>: mov -0x4(%rbp),%edi
End of assembler dump.
(gdb) info all-registers
rax 0x58cf9fd 93125117
rbx 0x7fefe3930 34342844720
rcx 0x4 4
rdx 0x58cf8e4 93124836
rsi 0x10 16
rdi 0x5a4b0f8 94679288
rbp 0x7fefe3870 0x7fefe3870
rsp 0x7fefe3850 0x7fefe3850
r8 0x58cfa00 93125120
r9 0x118 280
r10 0x1 1
r11 0x4337bb 4405179
r12 0xf 15
r13 0x7ff000720 34342962976
r14 0x0 0
r15 0x0 0
rip 0x4384c4 0x4384c4 <get_bits+54>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x27f 639
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm1 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm2 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm3 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x92, 0x8e, 0x4e, 0x5c, 0xff, 0xff, 0xdf, 0x3f, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x8e92, 0x5c4e, 0xffff, 0x3fdf, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x5c4e8e92, 0x3fdfffff, 0x0, 0x0},
v2_int64 = {0x3fdfffff5c4e8e92, 0x0},
uint128 = 0x00000000000000003fdfffff5c4e8e92
}
---Type <return> to continue, or q <return> to quit---
xmm4 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x70, 0xc0, 0x45, 0x31, 0x63, 0x62, 0x6a, 0x3c, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0xc070, 0x3145, 0x6263, 0x3c6a, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x3145c070, 0x3c6a6263, 0x0, 0x0},
v2_int64 = {0x3c6a62633145c070, 0x0},
uint128 = 0x00000000000000003c6a62633145c070
}
xmm5 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm6 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm7 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x85, 0xce, 0x35, 0xa4, 0xc6, 0x97, 0xe7, 0x3f, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0xce85, 0xa435, 0x97c6, 0x3fe7, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xa435ce85, 0x3fe797c6, 0x0, 0x0},
v2_int64 = {0x3fe797c6a435ce85, 0x0},
uint128 = 0x00000000000000003fe797c6a435ce85
}
xmm8 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm9 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm10 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm11 {
v4_float = {0x0, 0xfffffff4, 0x0, 0x0},
v2_double = {0xffffffffffc36ad5, 0x0},
v16_int8 = {0x64, 0xd8, 0xae, 0xb4, 0x95, 0x4a, 0x4e, 0xc1, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0xd864, 0xb4ae, 0x4a95, 0xc14e, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xb4aed864, 0xc14e4a95, 0x0, 0x0},
v2_int64 = {0xc14e4a95b4aed864, 0x0},
uint128 = 0x0000000000000000c14e4a95b4aed864
}
xmm12 {
v4_float = {0x0, 0xfffffff4, 0x0, 0x0},
v2_double = {0xffffffffffc36ad5, 0x0},
v16_int8 = {0x64, 0xd8, 0xae, 0xb4, 0x95, 0x4a, 0x4e, 0xc1, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v8_int16 = {0xd864, 0xb4ae, 0x4a95, 0xc14e, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xb4aed864, 0xc14e4a95, 0x0, 0x0},
v2_int64 = {0xc14e4a95b4aed864, 0x0},
uint128 = 0x0000000000000000c14e4a95b4aed864
}
xmm13 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm14 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm15 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
File 'av_info_stream_info.mp3' not attached - you can download it from
https://roundup.ffmpeg.org/file1096.
----------
files: av_info_stream_info.mp3
messages: 12001
priority: normal
status: new
substatus: new
title: Valgrind error in av_find_stream_info
type: bug
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2241>
________________________________________________
