[FFmpeg-trac] #3387(avcodec:new): Out of bound memory accesses with png encoder (and possibly crashes)

Sat, 15 Feb 2014 06:46:30 -0800 

#3387: Out of bound memory accesses with png encoder (and possibly crashes)
---------------------------------+--------------------------------------
             Reporter:  gjdfgh   |                     Type:  defect
               Status:  new      |                 Priority:  important
            Component:  avcodec  |                  Version:  git-master
             Keywords:           |               Blocked By:
             Blocking:           |  Reproduced by developer:  0
Analyzed by developer:  0        |
---------------------------------+--------------------------------------
 Summary of the bug:
 How to reproduce:
 {{{
 % ffmpeg -i in.mkv -pred 5 -compression_level 7 out%03d.png
 }}}
 This results in out of bound accesses as reported by valgrind:
 {{{
 ==6850== Invalid read of size 8
 ==6850==    at 0x86E352D: diff_bytes_mmx (dsputilenc_mmx.c:667)
 ==6850==    by 0x8570D4C: png_filter_row.isra.0 (pngenc.c:126)
 ==6850==    by 0x8570DFB: png_choose_filter (pngenc.c:170)
 ==6850==    by 0x8571306: encode_frame (pngenc.c:393)
 ==6850==    by 0x86159C3: avcodec_encode_video2 (utils.c:1890)
 ==6850==    by 0x8778CDA: worker (frame_thread_encoder.c:93)
 ==6850==    by 0x470DCF0: start_thread (pthread_create.c:311)
 ==6850==    by 0x4811C3D: clone (clone.S:131)
 ==6850==  Address 0xc62205d is 3 bytes before a block of size 2,959,903
 alloc'd
 ==6850==    at 0x402AF50: memalign (in
 /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
 ==6850==    by 0x402B07E: posix_memalign (in
 /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
 ==6850==    by 0x8879EF7: av_malloc (mem.c:94)
 ==6850==    by 0x886B469: av_buffer_allocz (buffer.c:70)
 ==6850==    by 0x886BB40: av_buffer_pool_get (buffer.c:305)
 ==6850==    by 0x861389B: avcodec_default_get_buffer2 (utils.c:677)
 ==6850==    by 0x8614694: ff_get_buffer (utils.c:973)
 ==6850==    by 0x877935A: ff_thread_video_encode_frame
 (frame_thread_encoder.c:250)
 ==6850==    by 0x8615AE1: avcodec_encode_video2 (utils.c:1873)
 ==6850==    by 0x80D02D4: reap_filters (ffmpeg.c:997)
 ==6850==    by 0x80B70B3: main (ffmpeg.c:3375)
 ==6850==
 }}}

 I suspect this is also the cause of mysterious sporadic crashes on OSX
 when encoding png reported by some of my users.

 Tested with git 89c5de6.

 Patches should be submitted to the ffmpeg-devel mailing list and not this
 bug tracker.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3387>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
[email protected]
http://avcodec.org/mailman/listinfo/ffmpeg-trac

Reply via email to