[FFmpeg-trac] #2903(undetermined:new): png: invalid write
FFmpeg
trac at avcodec.org
Mon Aug 26 21:26:35 CEST 2013
#2903: png: invalid write
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: unspecified | undetermined
Keywords: | Resolution:
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Comment (by ami_stuff):
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov -f null -
==11460== Memcheck, a memory error detector
==11460== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11460== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==11460== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 1 -i png_fuzz.mov
-f null -
==11460==
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffserver --disable-ffprobe
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 20:33:27
Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR
2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc
(default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf55.14.102
Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127
[SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
==11460== Invalid write of size 4
==11460== at 0x402ABFD: memset (mc_replace_strmem.c:966)
==11460== by 0x85BF4EA: decode_frame (pngdec.c:672)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== Address 0x43e9d74 is 564 bytes inside a block of size 567
alloc'd
==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460== by 0x886D357: av_malloc (mem.c:93)
==11460== by 0x85C0394: decode_frame (pngdec.c:677)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==
[png @ 0x423ae20] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x423ae20] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==11460== Invalid read of size 1
==11460== at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170)
==11460== by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11460== by 0x85BFC85: decode_frame (pngdec.c:297)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd
==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460== by 0x886D357: av_malloc (mem.c:93)
==11460== by 0x85C0394: decode_frame (pngdec.c:677)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==
==11460== Invalid read of size 1
==11460== at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171)
==11460== by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11460== by 0x85BFC85: decode_frame (pngdec.c:297)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460== Address 0x43e9d77 is 0 bytes after a block of size 567 alloc'd
==11460== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11460== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11460== by 0x886D357: av_malloc (mem.c:93)
==11460== by 0x85C0394: decode_frame (pngdec.c:677)
==11460== by 0x8677E5D: avcodec_decode_video2 (utils.c:1982)
==11460== by 0x80B355C: decode_video (ffmpeg.c:1668)
==11460== by 0x40274AD: free (vg_replace_malloc.c:427)
==11460==
frame= 40 fps=0.0 q=0.0 size=N/A time=00:00:01.66 bitrate=N/A dup=11
drop=0 frame= 74 fps= 73 q=0.0 size=N/A time=00:00:03.08 bitrate=N/A
dup=11 drop=0 frame= 108 fps= 71 q=0.0 size=N/A time=00:00:04.50
bitrate=N/A dup=11 drop=0 frame= 140 fps= 69 q=0.0 size=N/A
time=00:00:05.83 bitrate=N/A dup=11 drop=0 frame= 143 fps= 68 q=0.0
Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead
-100.240385%
==11460==
==11460== HEAP SUMMARY:
==11460== in use at exit: 0 bytes in 0 blocks
==11460== total heap usage: 4,639 allocs, 4,639 frees, 12,639,711 bytes
allocated
==11460==
==11460== All heap blocks were freed -- no leaks are possible
==11460==
==11460== For counts of detected and suppressed errors, rerun with: -v
==11460== ERROR SUMMARY: 55858 errors from 3 contexts (suppressed: 59 from
6)
}}}
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov -f null -
==11414== Memcheck, a memory error detector
==11414== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11414== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==11414== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 4 -i png_fuzz.mov
-f null -
==11414==
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffserver --disable-ffprobe
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 20:33:27
Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR
2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc
(default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf55.14.102
Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127
[SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x4347420] inflate returned error -3
[png @ 0x4348540] chunk too big
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
Error while decoding stream #0:0: Invalid data found when processing input
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4346ac0] inflate returned error -3
[png @ 0x4349640] inflate returned error -3
[png @ 0x4348540] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 1 times
[png @ 0x4349640] Missing png signature
[png @ 0x4347420] inflate returned error -3
[png @ 0x4346ac0] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 1 times
[png @ 0x4347420] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4348540] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4349640] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
==11414== Thread 12:eated 1 times
==11414== Invalid write of size 4
==11414== at 0x402ABFD: memset (mc_replace_strmem.c:966)
==11414== by 0x85BF4EA: decode_frame (pngdec.c:672)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414== Address 0x4435fb4 is 564 bytes inside a block of size 567
alloc'd
==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414== by 0x886D357: av_malloc (mem.c:93)
==11414== by 0x85C0394: decode_frame (pngdec.c:677)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414==
==11414== Invalid read of size 1
==11414== at 0x85C09CC: ff_add_png_paeth_prediction (pngdec.c:170)
==11414== by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11414== by 0x85BFC85: decode_frame (pngdec.c:297)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414== Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd
==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414== by 0x886D357: av_malloc (mem.c:93)
==11414== by 0x85C0394: decode_frame (pngdec.c:677)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414==
==11414== Invalid read of size 1
==11414== at 0x85C09E0: ff_add_png_paeth_prediction (pngdec.c:171)
==11414== by 0x85BE5DA: png_filter_row (pngdec.c:260)
==11414== by 0x85BFC85: decode_frame (pngdec.c:297)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414== Address 0x4435fb7 is 0 bytes after a block of size 567 alloc'd
==11414== at 0x40268A4: memalign (vg_replace_malloc.c:694)
==11414== by 0x402695E: posix_memalign (vg_replace_malloc.c:835)
==11414== by 0x886D357: av_malloc (mem.c:93)
==11414== by 0x85C0394: decode_frame (pngdec.c:677)
==11414== by 0x85CCA5D: frame_worker_thread (pthread.c:339)
==11414== by 0x407B953: start_thread (pthread_create.c:304)
==11414== by 0x416395D: clone (clone.S:130)
==11414==
Last message repeated 2 times
frame= 34 fps=0.0 q=0.0 size=N/A time=00:00:01.41 bitrate=N/A dup=11
drop=0 frame= 66 fps= 64 q=0.0 size=N/A time=00:00:02.75 bitrate=N/A
dup=11 drop=0 frame= 97 fps= 63 q=0.0 size=N/A time=00:00:04.04
bitrate=N/A dup=11 drop=0 frame= 127 fps= 62 q=0.0 size=N/A
time=00:00:05.29 bitrate=N/A dup=11 drop=0 frame= 143 fps= 62 q=0.0
Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead
-100.240385%
==11414==
==11414== HEAP SUMMARY:
==11414== in use at exit: 0 bytes in 0 blocks
==11414== total heap usage: 5,713 allocs, 5,713 frees, 13,386,225 bytes
allocated
==11414==
==11414== All heap blocks were freed -- no leaks are possible
==11414==
==11414== For counts of detected and suppressed errors, rerun with: -v
==11414== ERROR SUMMARY: 14058 errors from 3 contexts (suppressed: 59 from
6)
}}}
{{{
knoppix at Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-
abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov -f null -
==11481== Memcheck, a memory error detector
==11481== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11481== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==11481== Command: ffmpeg-HEAD-abe76b8/ffmpeg_g -threads 8 -i png_fuzz.mov
-f null -
==11481==
ffmpeg version 2.0-abe76b8 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 26 2013 21:18:21 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --disable-ffserver --disable-ffprobe
--enable-gpl
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'png_fuzz.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2012-03-24 20:33:27
Duration: 00:00:05.96, start: 0.000000, bitrate: 7021 kb/s
Stream #0:0(eng): Video: png (png / 0x20676E70), rgba, 189x127 [SAR
2834:2834 DAR 189:127], 7019 kb/s, 24 fps, 24 tbr, 1000k tbn, 1000k tbc
(default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
encoder : Lavf55.14.102
Stream #0:0(eng): Video: rawvideo (RGBA / 0x41424752), rgba, 189x127
[SAR 1:1 DAR 189:127], q=2-31, 200 kb/s, 90k tbn, 24 tbc (default)
Metadata:
creation_time : 2012-03-24 20:33:27
handler_name : Procedura obs�ugi skr�t�w danych Apple
Stream mapping:
Stream #0:0 -> #0:0 (png -> rawvideo)
Press [q] to stop, [?] for help
[png @ 0x4348040] inflate returned error -3
[png @ 0x4349140] chunk too big
[png @ 0x434a260] [png @ 0x434c480] inflate returned error -3
inflate returned error -3
[png @ 0x434d580] chunk too big
[png @ 0x434b360] inflate returned error -3
[null @ 0x4274dc0] Encoder did not produce proper pts, making some up.
[png @ 0x434e6a0] Missing png signature
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x43476e0] inflate returned error -3
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4348040] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x4349140] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
[png @ 0x434a260] chunk too big
Error while decoding stream #0:0: Invalid data found when processing input
Last message repeated 6 times
frame= 30 fps=0.0 q=0.0 size=N/A time=00:00:01.25 bitrate=N/A dup=11
drop=0 frame= 61 fps= 60 q=0.0 size=N/A time=00:00:02.54 bitrate=N/A
dup=11 drop=0 frame= 92 fps= 61 q=0.0 size=N/A time=00:00:03.83
bitrate=N/A dup=11 drop=0 frame= 123 fps= 61 q=0.0 size=N/A
time=00:00:05.12 bitrate=N/A dup=11 drop=0 frame= 143 fps= 62 q=0.0
Lsize=N/A time=00:00:05.95 bitrate=N/A dup=11 drop=0
video:9kB audio:0kB subtitle:0 global headers:0kB muxing overhead
-100.240385%
==11481==
==11481== HEAP SUMMARY:
==11481== in use at exit: 0 bytes in 0 blocks
==11481== total heap usage: 5,817 allocs, 5,817 frees, 13,983,600 bytes
allocated
==11481==
==11481== All heap blocks were freed -- no leaks are possible
==11481==
==11481== For counts of detected and suppressed errors, rerun with: -v
==11481== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6)
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2903#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list