#10089: smc enc crash
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Type: defect
Status: new | Priority: normal
Component: | Version:
undetermined | unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
https://trac.ffmpeg.org/raw-attachment/ticket/10068/gold2.avi
{{{
(gdb) r -i gold2.avi -s 157x333 -vcodec smc -y out.mov
Starting program: ffmpeg_g -i gold2.avi -s 157x333 -vcodec smc -y out.mov
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-109341-g6b368bcb85 Copyright (c) 2000-2022 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration: --enable-libopenjpeg
libavutil 57. 43.100 / 57. 43.100
libavcodec 59. 54.100 / 59. 54.100
libavformat 59. 34.102 / 59. 34.102
libavdevice 59. 8.101 / 59. 8.101
libavfilter 8. 51.100 / 8. 51.100
libswscale 6. 8.112 / 6. 8.112
libswresample 4. 9.100 / 4. 9.100
Input #0, avi, from 'gold2.avi':
Duration: 00:00:12.00, start: 0.000000, bitrate: 153 kb/s
Stream #0:0: Video: srgc (srgc / 0x63677273), bgra, 299x171, 149 kb/s,
15 fps, 15 tbr, 15 tbn
Stream mapping:
Stream #0:0 -> #0:0 (srgc (native) -> smc (native))
Press [q] to stop, [?] for help
[New Thread 0x7ffff6b6d700 (LWP 18163)]
[New Thread 0x7ffff636c700 (LWP 18164)]
[New Thread 0x7ffff5b6b700 (LWP 18165)]
[New Thread 0x7ffff536a700 (LWP 18166)]
[New Thread 0x7ffff4b69700 (LWP 18167)]
[New Thread 0x7fffeffff700 (LWP 18168)]
[New Thread 0x7fffef7fe700 (LWP 18169)]
[New Thread 0x7fffeeffd700 (LWP 18170)]
[New Thread 0x7fffee7fc700 (LWP 18171)]
[New Thread 0x7fffedffb700 (LWP 18172)]
[New Thread 0x7fffed7fa700 (LWP 18173)]
[New Thread 0x7fffecff9700 (LWP 18174)]
[New Thread 0x7fffec7f8700 (LWP 18175)]
[New Thread 0x7fffebff7700 (LWP 18176)]
[New Thread 0x7fffeb7f6700 (LWP 18177)]
[New Thread 0x7fffeaff5700 (LWP 18178)]
[New Thread 0x7fffea7f4700 (LWP 18179)]
Output #0, mov, to 'out.mov':
Metadata:
encoder : Lavf59.34.102
Stream #0:0: Video: smc (smc / 0x20636D73), pal8(pc, progressive),
157x333, q=2-31, 200 kb/s, 15 fps, 15360 tbn
Metadata:
encoder : Lavc59.54.100 smc
[New Thread 0x7fffe9ff3700 (LWP 18180)]
--Type <RET> for more, q to quit, c to continue without paging--
Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
0x0000555555ee1521 in memcpy (__len=18446744073709551613,
__src=0x5555572a4880, __dest=0x7fffffffd410)
at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0
(__dest));
(gdb) bt
#0 0x0000555555ee1521 in memcpy (__len=18446744073709551613,
__src=0x5555572a4880, __dest=0x7fffffffd410)
at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#1 smc_encode_stream (pb=<synthetic pointer>, frame=<optimized out>,
s=<optimized out>) at libavcodec/smcenc.c:223
#2 smc_encode_frame (avctx=<optimized out>, pkt=<optimized out>,
frame=<optimized out>, got_packet=<optimized out>)
at libavcodec/smcenc.c:557
#3 0xffffffffffffffff in ?? ()
#4 0xffffffffffffffff in ?? ()
#5 0xffffffffffffffff in ?? ()
#6 0xffffffffffffffff in ?? ()
#7 0xffffffffffffffff in ?? ()
#8 0xffffffffffffffff in ?? ()
#9 0xffffffffffffffff in ?? ()
#10 0xffffffffffffffff in ?? ()
#11 0x000000ffffffffff in ?? ()
#12 0xffffffffffffffff in ?? ()
#13 0xffffffffffffffff in ?? ()
#14 0xffffffffffffffff in ?? ()
#15 0xffffffffffffffff in ?? ()
#16 0xffffffffffffffff in ?? ()
#17 0xffffffffffffffff in ?? ()
--Type <RET> for more, q to quit, c to continue without paging--
#18 0xffffffffffffffff in ?? ()
#19 0xffffffffffffffff in ?? ()
#20 0xffffffffffffffff in ?? ()
#21 0xffffffffffffffff in ?? ()
#22 0xffffffffffffffff in ?? ()
#23 0xffffffffffffffff in ?? ()
#24 0xffffffffffffffff in ?? ()
#25 0xffffffffffffffff in ?? ()
#26 0xffffffffffffffff in ?? ()
}}}
{{{
==18059== Invalid write of size 1
==18059== at 0xA95521: memcpy (string_fortified.h:34)
==18059== by 0xA95521: smc_encode_stream (smcenc.c:223)
==18059== by 0xA95521: smc_encode_frame (smcenc.c:557)
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== Address 0x1fff001000 is not stack'd, malloc'd or (recently)
free'd
==18059==
==18059==
==18059== Process terminating with default action of signal 11 (SIGSEGV)
==18059== Access not within mapped region at address 0x1FFF001000
==18059== at 0xA95521: memcpy (string_fortified.h:34)
==18059== by 0xA95521: smc_encode_stream (smcenc.c:223)
==18059== by 0xA95521: smc_encode_frame (smcenc.c:557)
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== by 0xFFFFFFFFFFFFFFFE: ???
==18059== If you believe this happened as a result of a stack
==18059== overflow in your program's main thread (unlikely but
==18059== possible), you can try to increase the size of the
==18059== main thread stack using the --main-stacksize= flag.
==18059== The main thread stack size used in this run was 8388608.
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10089>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
