[FFmpeg-trac] #4850(swscale:open): Crash when converting to bgra via swscale with fast_bilinear

FFmpeg trac at avcodec.org
Mon Sep 14 23:04:27 CEST 2015 

#4850: Crash when converting to bgra via swscale with fast_bilinear
-------------------------------------+-------------------------------------
             Reporter:  oromit       |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  swscale
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV regression                 |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:   => crash SIGSEGV regression
 * priority:  normal => important
 * status:  new => open


Comment:

 Regression since 62d176de1224f6b9921a53171e5daa7460d5a772
 {{{
 $ valgrind ./ffmpeg_g -cpuflags 0 -f rawvideo -s 7680x4320 -i /dev/zero -s
 360x202 -pix_fmt bgra -sws_flags fast_bilinear -f null -
 ==31919== Memcheck, a memory error detector
 ==31919== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==31919== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==31919== Command: ./ffmpeg_g -cpuflags 0 -f rawvideo -s 7680x4320 -i
 /dev/zero -s 360x202 -pix_fmt bgra -sws_flags fast_bilinear -f null -
 ==31919==
 ffmpeg version N-75285-g8b47e10 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      55.  2.100 / 55.  2.100
   libavcodec     57.  1.100 / 57.  1.100
   libavformat    57.  0.100 / 57.  0.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6.  3.100 /  6.  3.100
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.100 /  2.  0.100
   libpostproc    54.  0.100 / 54.  0.100
 Input #0, rawvideo, from '/dev/zero':
   Duration: N/A, start: 0.000000, bitrate: 1363345 kb/s
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 7680x4320,
 1363345 kb/s, 25 tbr, 25 tbn, 25 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.0.100
     Stream #0:0: Video: rawvideo (BGRA / 0x41524742), bgra, 360x202,
 q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
     Metadata:
       encoder         : Lavc57.1.100 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (rawvideo (native) -> rawvideo (native))
 Press [q] to stop, [?] for help
 ==31919== Invalid write of size 2
 ==31919==    at 0xF44959: ff_hyscale_fast_c (hscale_fast_bilinear.c:31)
 ==31919==    by 0xF94BC1: lum_h_scale (hscale.c:39)
 ==31919==    by 0xF30936: swscale (swscale.c:588)
 ==31919==    by 0xF31E45: sws_scale (swscale.c:1263)
 ==31919==    by 0x51AEB7: filter_frame (vf_scale.c:477)
 ==31919==    by 0x4A867D: ff_filter_frame_framed (avfilter.c:1089)
 ==31919==    by 0x4A8B80: default_filter_frame (avfilter.c:1173)
 ==31919==    by 0x4A867D: ff_filter_frame_framed (avfilter.c:1089)
 ==31919==    by 0x4A96A8: ff_filter_frame (avfilter.c:1173)
 ==31919==    by 0x4AD331: request_frame (buffersrc.c:378)
 ==31919==    by 0x4AD59A: av_buffersrc_add_frame_internal
 (buffersrc.c:180)
 ==31919==    by 0x4AD92C: av_buffersrc_add_frame_flags (buffersrc.c:105)
 ==31919==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
 ==31919==
 ==31919==
 ==31919== Process terminating with default action of signal 11 (SIGSEGV)
 ==31919==  Access not within mapped region at address 0x0
 ==31919==    at 0xF44959: ff_hyscale_fast_c (hscale_fast_bilinear.c:31)
 ==31919==    by 0xF94BC1: lum_h_scale (hscale.c:39)
 ==31919==    by 0xF30936: swscale (swscale.c:588)
 ==31919==    by 0xF31E45: sws_scale (swscale.c:1263)
 ==31919==    by 0x51AEB7: filter_frame (vf_scale.c:477)
 ==31919==    by 0x4A867D: ff_filter_frame_framed (avfilter.c:1089)
 ==31919==    by 0x4A8B80: default_filter_frame (avfilter.c:1173)
 ==31919==    by 0x4A867D: ff_filter_frame_framed (avfilter.c:1089)
 ==31919==    by 0x4A96A8: ff_filter_frame (avfilter.c:1173)
 ==31919==    by 0x4AD331: request_frame (buffersrc.c:378)
 ==31919==    by 0x4AD59A: av_buffersrc_add_frame_internal
 (buffersrc.c:180)
 ==31919==    by 0x4AD92C: av_buffersrc_add_frame_flags (buffersrc.c:105)
 ==31919==  If you believe this happened as a result of a stack
 ==31919==  overflow in your program's main thread (unlikely but
 ==31919==  possible), you can try to increase the size of the
 ==31919==  main thread stack using the --main-stacksize= flag.
 ==31919==  The main thread stack size used in this run was 8388608.
 ==31919==
 ==31919== HEAP SUMMARY:
 ==31919==     in use at exit: 50,373,517 bytes in 199 blocks
 ==31919==   total heap usage: 1,710 allocs, 1,511 frees, 50,826,397 bytes
 allocated
 ==31919==
 ==31919== LEAK SUMMARY:
 ==31919==    definitely lost: 0 bytes in 0 blocks
 ==31919==    indirectly lost: 0 bytes in 0 blocks
 ==31919==      possibly lost: 2,736 bytes in 9 blocks
 ==31919==    still reachable: 50,370,781 bytes in 190 blocks
 ==31919==         suppressed: 0 bytes in 0 blocks
 ==31919== Rerun with --leak-check=full to see details of leaked memory
 ==31919==
 ==31919== For counts of detected and suppressed errors, rerun with: -v
 ==31919== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
 Killed
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4850#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list