[FFmpeg-trac] #5215(undetermined:new): cfhd: crash with fuzzed file 5
FFmpeg
trac at avcodec.org
Wed Feb 3 14:52:55 CET 2016
#5215: cfhd: crash with fuzzed file 5
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: normal | Component:
Version: unspecified | undetermined
Keywords: | Resolution:
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Description changed by ami_stuff:
Old description:
> cfhd: crash with fuzzed file 5
>
> http://www.megafileupload.com/aelI/3_fuzz5.avi
>
> {{{
> aaa at aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg
> -threads 1 -i 3_fuzz5.avi -f null -
> ==2226== Memcheck, a memory error detector
> ==2226== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==2226== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright
> info
> ==2226== Command: ffmpeg/ffmpeg -threads 1 -i 3_fuzz5.avi -f null -
> ==2226==
> ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
> built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
> configuration: --disable-ffplay --disable-ffprobe --disable-ffserver
> --enable-gpl
> libavutil 55. 17.100 / 55. 17.100
> libavcodec 57. 24.101 / 57. 24.101
> libavformat 57. 24.100 / 57. 24.100
> libavdevice 57. 0.101 / 57. 0.101
> libavfilter 6. 28.100 / 6. 28.100
> libswscale 4. 0.100 / 4. 0.100
> libswresample 2. 0.101 / 2. 0.101
> libpostproc 54. 0.100 / 54. 0.100
> [cfhd @ 0x4272560] Escape codeword not found, probably corrupt data
> Input #0, avi, from '3_fuzz5.avi':
> Metadata:
> date : 2016-01-"3T13:45:31+01:00
> encoder : Adobe Premiere Pro CC 2015 (Windows)
> Duration: 00:00:04.97, start: 0.000000, bitrate: 17221 kb/s
> Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc),
> 720x480, 17182 kb/s, 29.97 fps, 29.97 tbr, 29.97 tbn, 29.97 tbc
> Output #0, null, to 'pipe:':
> Metadata:
> date : 2016-01-"3T13:45:31+01:00
> encoder : Lavf57.24.100
> Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480,
> q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc
> Metadata:
> encoder : Lavc57.24.101 wrapped_avframe
> Stream mapping:
> Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
> Press [q] to stop, [?] for help
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid highpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Subband Count of 11 is unsupported
> [cfhd @ 0x490eb20] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Channel Count of 1027 is unsupported
> [cfhd @ 0x490eb20] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number actual
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x838143E: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x838143E: filter (cfhd.c:113)
> ==2226== by 0x838143E: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x838143E: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x838147D: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x838147D: filter (cfhd.c:118)
> ==2226== by 0x838147D: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x838147D: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x8381E09: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x8381E09: filter (cfhd.c:103)
> ==2226== by 0x8381E09: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381E09: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x8381E56: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x8381E56: filter (cfhd.c:108)
> ==2226== by 0x8381E56: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381E56: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x8381EA3: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x8381EA3: filter (cfhd.c:93)
> ==2226== by 0x8381EA3: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381EA3: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> ==2226== Conditional jump or move depends on uninitialised value(s)
> ==2226== at 0x8381EE4: av_clip_uintp2_c (common.h:231)
> ==2226== by 0x8381EE4: filter (cfhd.c:98)
> ==2226== by 0x8381EE4: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381EE4: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226==
> [cfhd @ 0x490eb20] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Too many lowpass coefficients
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Subband Count of 16394 is unsupported
> [cfhd @ 0x490eb20] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Channel Count of 16387 is unsupported
> [cfhd @ 0x490eb20] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Subband Count of 36 is unsupported
> [cfhd @ 0x490eb20] Invalid dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt dataed=
> 0x
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x490eb20] Invalid dimensions
> Error while decoding stream #0:0: Invalid argument
> ==2226== Invalid write of size 2
> ==2226== at 0x8381488: filter (cfhd.c:118)
> ==2226== by 0x8381488: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381488: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226== Address 0x7973bae is 353,326 bytes inside a block of size
> 353,327 alloc'd
> ==2226== at 0x402C580: memalign (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==2226== by 0x402C6AE: posix_memalign (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==2226== by 0x8B5E727: av_malloc (mem.c:97)
> ==2226== by 0x8B4D349: av_buffer_alloc (buffer.c:71)
> ==2226== by 0x8B4D349: av_buffer_allocz (buffer.c:84)
> ==2226== by 0x8B4DA25: pool_alloc_buffer (buffer.c:329)
> ==2226== by 0x8B4DA25: av_buffer_pool_get (buffer.c:393)
> ==2226== by 0x8716645: video_get_buffer (utils.c:670)
> ==2226== by 0x8716645: avcodec_default_get_buffer2 (utils.c:725)
> ==2226== by 0x8717080: get_buffer_internal (utils.c:879)
> ==2226== by 0x8717080: ff_get_buffer (utils.c:892)
> ==2226== by 0x86642B6: thread_get_buffer_internal
> (pthread_frame.c:769)
> ==2226== by 0x86642B6: ff_thread_get_buffer (pthread_frame.c:845)
> ==2226== by 0x8380257: cfhd_decode (cfhd.c:424)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226==
> ==2226== Invalid write of size 2
> ==2226== at 0x8381449: filter (cfhd.c:113)
> ==2226== by 0x8381449: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381449: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
> ==2226== Address 0x7973bb0 is 1 bytes after a block of size 353,327
> alloc'd
> ==2226== at 0x402C580: memalign (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==2226== by 0x402C6AE: posix_memalign (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==2226== by 0x8B5E727: av_malloc (mem.c:97)
> ==2226== by 0x8B4D349: av_buffer_alloc (buffer.c:71)
> ==2226== by 0x8B4D349: av_buffer_allocz (buffer.c:84)
> ==2226== by 0x8B4DA25: pool_alloc_buffer (buffer.c:329)
> ==2226== by 0x8B4DA25: av_buffer_pool_get (buffer.c:393)
> ==2226== by 0x8716645: video_get_buffer (utils.c:670)
> ==2226== by 0x8716645: avcodec_default_get_buffer2 (utils.c:725)
> ==2226== by 0x8717080: get_buffer_internal (utils.c:879)
> ==2226== by 0x8717080: ff_get_buffer (utils.c:892)
> ==2226== by 0x86642B6: thread_get_buffer_internal
> (pthread_frame.c:769)
> ==2226== by 0x86642B6: ff_thread_get_buffer (pthread_frame.c:845)
> ==2226== by 0x8380257: cfhd_decode (cfhd.c:424)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226==
>
> valgrind: m_mallocfree.c:304 (get_bszB_as_is): Assertion 'bszB_lo ==
> bszB_hi' failed.
> valgrind: Heap block lo/hi size mismatch: lo = 353400, hi = 0.
> This is probably caused by your program erroneously writing past the
> end of a heap block and corrupting heap metadata. If you fix any
> invalid writes reported by Memcheck, this assertion failure will
> probably go away. Please try that before reporting this as a bug.
>
> host stacktrace:
> ==2226== at 0x3805A504: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x3805A656: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x3805A7B9: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x38068EF2: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x380533A6: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x380502DF: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x38051CD7: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x38056101: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x38050F4D: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x380002C3: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x38033227: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
> ==2226== by 0x64755006: ???
>
> sched status:
> running_tid=1
>
> Thread 1: status = VgTs_Runnable
> ==2226== at 0x8381DFE: filter (cfhd.c:101)
> ==2226== by 0x8381DFE: horiz_filter_clip (cfhd.c:130)
> ==2226== by 0x8381DFE: cfhd_decode (cfhd.c:715)
> ==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
> ==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
> ==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
> ==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
> ==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
> ==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
> ==2226== by 0x80C17E4: main (ffmpeg.c:4319)
>
> Thread 2: status = VgTs_WaitSys
> ==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
> (pthread_cond_wait.S:188)
> ==2226== by 0x810D029: worker (pthread.c:74)
> ==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
> ==2226== by 0x419CBED: clone (clone.S:129)
>
> Thread 3: status = VgTs_WaitSys
> ==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
> (pthread_cond_wait.S:188)
> ==2226== by 0x810D029: worker (pthread.c:74)
> ==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
> ==2226== by 0x419CBED: clone (clone.S:129)
>
> Thread 4: status = VgTs_WaitSys
> ==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
> (pthread_cond_wait.S:188)
> ==2226== by 0x810D029: worker (pthread.c:74)
> ==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
> ==2226== by 0x419CBED: clone (clone.S:129)
>
> Thread 5: status = VgTs_WaitSys
> ==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
> (pthread_cond_wait.S:188)
> ==2226== by 0x810D029: worker (pthread.c:74)
> ==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
> ==2226== by 0x419CBED: clone (clone.S:129)
>
> Thread 6: status = VgTs_WaitSys
> ==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
> (pthread_cond_wait.S:188)
> ==2226== by 0x810D029: worker (pthread.c:74)
> ==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
> ==2226== by 0x419CBED: clone (clone.S:129)
>
> Note: see also the FAQ in the source distribution.
> It contains workarounds to several common problems.
> In particular, if Valgrind aborted or crashed after
> identifying problems in your program, there's a good chance
> that fixing those problems will prevent Valgrind aborting or
> crashing, especially if it happened in m_mallocfree.c.
>
> If that doesn't help, please report this bug to: www.valgrind.org
>
> In the bug report, send all the above text, the valgrind
> version, and what OS and version you are using. Thanks.
> }}}
>
> {{{
> (gdb) r -threads 1 -i 3_fuzz5.avi -f null -
> Starting program: /media/sdb1/ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz5.avi
> -f null -
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
> ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
> built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
> configuration: --disable-ffplay --disable-ffprobe --disable-ffserver
> --enable-gpl
> libavutil 55. 17.100 / 55. 17.100
> libavcodec 57. 24.101 / 57. 24.101
> libavformat 57. 24.100 / 57. 24.100
> libavdevice 57. 0.101 / 57. 0.101
> libavfilter 6. 28.100 / 6. 28.100
> libswscale 4. 0.100 / 4. 0.100
> libswresample 2. 0.101 / 2. 0.101
> libpostproc 54. 0.100 / 54. 0.100
> [cfhd @ 0x9657de0] Escape codeword not found, probably corrupt data
> Input #0, avi, from '3_fuzz5.avi':
> Metadata:
> date : 2016-01-"3T13:45:31+01:00
> encoder : Adobe Premiere Pro CC 2015 (Windows)
> Duration: 00:00:04.97, start: 0.000000, bitrate: 17221 kb/s
> Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc),
> 720x480, 17182 kb/s, 29.97 fps, 29.97 tbr, 29.97 tbn, 29.97 tbc
> [New Thread 0xb7daeb40 (LWP 9380)]
> [New Thread 0xb75adb40 (LWP 9381)]
> [New Thread 0xb6dacb40 (LWP 9382)]
> [New Thread 0xb65abb40 (LWP 9383)]
> [New Thread 0xb5daab40 (LWP 9384)]
> Output #0, null, to 'pipe:':
> Metadata:
> date : 2016-01-"3T13:45:31+01:00
> encoder : Lavf57.24.100
> Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480,
> q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc
> Metadata:
> encoder : Lavc57.24.101 wrapped_avframe
> Stream mapping:
> Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
> Press [q] to stop, [?] for help
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid highpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Subband Count of 11 is unsupported
> [cfhd @ 0x9659920] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Channel Count of 1027 is unsupported
> [cfhd @ 0x9659920] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number actual
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid lowpass width
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Too many lowpass coefficients
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Subband Count of 16394 is unsupported
> [cfhd @ 0x9659920] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Too many highpass coefficents
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Channel Count of 16387 is unsupported
> [cfhd @ 0x9659920] No end of header tag found
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Subband Count of 36 is unsupported
> [cfhd @ 0x9659920] Invalid dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid subband number
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid dimensions
> Error while decoding stream #0:0: Invalid argument
> [cfhd @ 0x9659920] Invalid plane dimensions
> Error while decoding stream #0:0: Invalid argument
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7e23480 in malloc_consolidate (av=0xb7f5a420 <main_arena>) at
> malloc.c:4165
> 4165 malloc.c: No such file or directory.
> (gdb) bt
> #0 0xb7e23480 in malloc_consolidate (av=0xb7f5a420 <main_arena>)
> at malloc.c:4165
> #1 0xb7e23f5b in _int_free (av=0xb7f5a420 <main_arena>, p=<optimized
> out>,
> have_lock=0) at malloc.c:4057
> #2 0x08b4d473 in buffer_replace (src=0x0, dst=0xbfffe334)
> at libavutil/buffer.c:119
> #3 av_buffer_unref (buf=buf at entry=0xbfffe334) at libavutil/buffer.c:129
> #4 0x0836b90a in av_packet_unref (pkt=pkt at entry=0xbfffe334)
> at libavcodec/avpacket.c:548
> #5 0x080e1373 in process_input (file_index=<optimized out>) at
> ffmpeg.c:3989
> #6 0x080e41d0 in transcode_step () at ffmpeg.c:4074
> #7 transcode () at ffmpeg.c:4128
> #8 0x080c17e5 in main (argc=<optimized out>, argv=<optimized out>)
> at ffmpeg.c:4319
> (gdb)
> }}}
New description:
http://www.megafileupload.com/aelI/3_fuzz5.avi
{{{
aaa at aaa-VirtualBox /media/sdb1 $ valgrind --leak-check=full ffmpeg/ffmpeg
-threads 1 -i 3_fuzz5.avi -f null -
==2226== Memcheck, a memory error detector
==2226== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2226== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright
info
==2226== Command: ffmpeg/ffmpeg -threads 1 -i 3_fuzz5.avi -f null -
==2226==
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
configuration: --disable-ffplay --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 55. 17.100 / 55. 17.100
libavcodec 57. 24.101 / 57. 24.101
libavformat 57. 24.100 / 57. 24.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 28.100 / 6. 28.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
[cfhd @ 0x4272560] Escape codeword not found, probably corrupt data
Input #0, avi, from '3_fuzz5.avi':
Metadata:
date : 2016-01-"3T13:45:31+01:00
encoder : Adobe Premiere Pro CC 2015 (Windows)
Duration: 00:00:04.97, start: 0.000000, bitrate: 17221 kb/s
Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc),
720x480, 17182 kb/s, 29.97 fps, 29.97 tbr, 29.97 tbn, 29.97 tbc
Output #0, null, to 'pipe:':
Metadata:
date : 2016-01-"3T13:45:31+01:00
encoder : Lavf57.24.100
Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480,
q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc
Metadata:
encoder : Lavc57.24.101 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid highpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Subband Count of 11 is unsupported
[cfhd @ 0x490eb20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Channel Count of 1027 is unsupported
[cfhd @ 0x490eb20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x838143E: av_clip_uintp2_c (common.h:231)
==2226== by 0x838143E: filter (cfhd.c:113)
==2226== by 0x838143E: horiz_filter_clip (cfhd.c:130)
==2226== by 0x838143E: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x838147D: av_clip_uintp2_c (common.h:231)
==2226== by 0x838147D: filter (cfhd.c:118)
==2226== by 0x838147D: horiz_filter_clip (cfhd.c:130)
==2226== by 0x838147D: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x8381E09: av_clip_uintp2_c (common.h:231)
==2226== by 0x8381E09: filter (cfhd.c:103)
==2226== by 0x8381E09: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381E09: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x8381E56: av_clip_uintp2_c (common.h:231)
==2226== by 0x8381E56: filter (cfhd.c:108)
==2226== by 0x8381E56: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381E56: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x8381EA3: av_clip_uintp2_c (common.h:231)
==2226== by 0x8381EA3: filter (cfhd.c:93)
==2226== by 0x8381EA3: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381EA3: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
==2226== Conditional jump or move depends on uninitialised value(s)
==2226== at 0x8381EE4: av_clip_uintp2_c (common.h:231)
==2226== by 0x8381EE4: filter (cfhd.c:98)
==2226== by 0x8381EE4: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381EE4: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226==
[cfhd @ 0x490eb20] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Subband Count of 16394 is unsupported
[cfhd @ 0x490eb20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Channel Count of 16387 is unsupported
[cfhd @ 0x490eb20] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Subband Count of 36 is unsupported
[cfhd @ 0x490eb20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt dataed=
0x
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x490eb20] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
==2226== Invalid write of size 2
==2226== at 0x8381488: filter (cfhd.c:118)
==2226== by 0x8381488: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381488: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226== Address 0x7973bae is 353,326 bytes inside a block of size
353,327 alloc'd
==2226== at 0x402C580: memalign (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2226== by 0x402C6AE: posix_memalign (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2226== by 0x8B5E727: av_malloc (mem.c:97)
==2226== by 0x8B4D349: av_buffer_alloc (buffer.c:71)
==2226== by 0x8B4D349: av_buffer_allocz (buffer.c:84)
==2226== by 0x8B4DA25: pool_alloc_buffer (buffer.c:329)
==2226== by 0x8B4DA25: av_buffer_pool_get (buffer.c:393)
==2226== by 0x8716645: video_get_buffer (utils.c:670)
==2226== by 0x8716645: avcodec_default_get_buffer2 (utils.c:725)
==2226== by 0x8717080: get_buffer_internal (utils.c:879)
==2226== by 0x8717080: ff_get_buffer (utils.c:892)
==2226== by 0x86642B6: thread_get_buffer_internal (pthread_frame.c:769)
==2226== by 0x86642B6: ff_thread_get_buffer (pthread_frame.c:845)
==2226== by 0x8380257: cfhd_decode (cfhd.c:424)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226==
==2226== Invalid write of size 2
==2226== at 0x8381449: filter (cfhd.c:113)
==2226== by 0x8381449: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381449: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
==2226== Address 0x7973bb0 is 1 bytes after a block of size 353,327
alloc'd
==2226== at 0x402C580: memalign (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2226== by 0x402C6AE: posix_memalign (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2226== by 0x8B5E727: av_malloc (mem.c:97)
==2226== by 0x8B4D349: av_buffer_alloc (buffer.c:71)
==2226== by 0x8B4D349: av_buffer_allocz (buffer.c:84)
==2226== by 0x8B4DA25: pool_alloc_buffer (buffer.c:329)
==2226== by 0x8B4DA25: av_buffer_pool_get (buffer.c:393)
==2226== by 0x8716645: video_get_buffer (utils.c:670)
==2226== by 0x8716645: avcodec_default_get_buffer2 (utils.c:725)
==2226== by 0x8717080: get_buffer_internal (utils.c:879)
==2226== by 0x8717080: ff_get_buffer (utils.c:892)
==2226== by 0x86642B6: thread_get_buffer_internal (pthread_frame.c:769)
==2226== by 0x86642B6: ff_thread_get_buffer (pthread_frame.c:845)
==2226== by 0x8380257: cfhd_decode (cfhd.c:424)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226==
valgrind: m_mallocfree.c:304 (get_bszB_as_is): Assertion 'bszB_lo ==
bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 353400, hi = 0.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata. If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away. Please try that before reporting this as a bug.
host stacktrace:
==2226== at 0x3805A504: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x3805A656: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x3805A7B9: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x38068EF2: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x380533A6: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x380502DF: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x38051CD7: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x38056101: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x38050F4D: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x380002C3: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x38033227: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==2226== by 0x64755006: ???
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==2226== at 0x8381DFE: filter (cfhd.c:101)
==2226== by 0x8381DFE: horiz_filter_clip (cfhd.c:130)
==2226== by 0x8381DFE: cfhd_decode (cfhd.c:715)
==2226== by 0x8718A35: avcodec_decode_video2 (utils.c:2125)
==2226== by 0x80D8E0E: decode_video (ffmpeg.c:2075)
==2226== by 0x80E1635: process_input_packet (ffmpeg.c:2324)
==2226== by 0x80E1635: process_input (ffmpeg.c:3986)
==2226== by 0x80E41CF: transcode_step (ffmpeg.c:4074)
==2226== by 0x80E41CF: transcode (ffmpeg.c:4128)
==2226== by 0x80C17E4: main (ffmpeg.c:4319)
Thread 2: status = VgTs_WaitSys
==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:188)
==2226== by 0x810D029: worker (pthread.c:74)
==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
==2226== by 0x419CBED: clone (clone.S:129)
Thread 3: status = VgTs_WaitSys
==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:188)
==2226== by 0x810D029: worker (pthread.c:74)
==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
==2226== by 0x419CBED: clone (clone.S:129)
Thread 4: status = VgTs_WaitSys
==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:188)
==2226== by 0x810D029: worker (pthread.c:74)
==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
==2226== by 0x419CBED: clone (clone.S:129)
Thread 5: status = VgTs_WaitSys
==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:188)
==2226== by 0x810D029: worker (pthread.c:74)
==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
==2226== by 0x419CBED: clone (clone.S:129)
Thread 6: status = VgTs_WaitSys
==2226== at 0x409FD4B: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:188)
==2226== by 0x810D029: worker (pthread.c:74)
==2226== by 0x409BF6F: start_thread (pthread_create.c:312)
==2226== by 0x419CBED: clone (clone.S:129)
Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.
If that doesn't help, please report this bug to: www.valgrind.org
In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.
}}}
{{{
(gdb) r -threads 1 -i 3_fuzz5.avi -f null -
Starting program: /media/sdb1/ffmpeg/ffmpeg_g -threads 1 -i 3_fuzz5.avi -f
null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.8.git Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04)
configuration: --disable-ffplay --disable-ffprobe --disable-ffserver
--enable-gpl
libavutil 55. 17.100 / 55. 17.100
libavcodec 57. 24.101 / 57. 24.101
libavformat 57. 24.100 / 57. 24.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 28.100 / 6. 28.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
[cfhd @ 0x9657de0] Escape codeword not found, probably corrupt data
Input #0, avi, from '3_fuzz5.avi':
Metadata:
date : 2016-01-"3T13:45:31+01:00
encoder : Adobe Premiere Pro CC 2015 (Windows)
Duration: 00:00:04.97, start: 0.000000, bitrate: 17221 kb/s
Stream #0:0: Video: cfhd (CFHD / 0x44484643), gbrp12le(10 bpc),
720x480, 17182 kb/s, 29.97 fps, 29.97 tbr, 29.97 tbn, 29.97 tbc
[New Thread 0xb7daeb40 (LWP 9380)]
[New Thread 0xb75adb40 (LWP 9381)]
[New Thread 0xb6dacb40 (LWP 9382)]
[New Thread 0xb65abb40 (LWP 9383)]
[New Thread 0xb5daab40 (LWP 9384)]
Output #0, null, to 'pipe:':
Metadata:
date : 2016-01-"3T13:45:31+01:00
encoder : Lavf57.24.100
Stream #0:0: Video: wrapped_avframe, gbrp12le(10 bpc), 720x480,
q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc
Metadata:
encoder : Lavc57.24.101 wrapped_avframe
Stream mapping:
Stream #0:0 -> #0:0 (cfhd (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid highpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Subband Count of 11 is unsupported
[cfhd @ 0x9659920] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Channel Count of 1027 is unsupported
[cfhd @ 0x9659920] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number actual
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid lowpass width
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Too many lowpass coefficients
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Subband Count of 16394 is unsupported
[cfhd @ 0x9659920] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Too many highpass coefficents
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Channel Count of 16387 is unsupported
[cfhd @ 0x9659920] No end of header tag found
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Subband Count of 36 is unsupported
[cfhd @ 0x9659920] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid subband number
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Escape codeword not found, probably corrupt data
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid dimensions
Error while decoding stream #0:0: Invalid argument
[cfhd @ 0x9659920] Invalid plane dimensions
Error while decoding stream #0:0: Invalid argument
Program received signal SIGSEGV, Segmentation fault.
0xb7e23480 in malloc_consolidate (av=0xb7f5a420 <main_arena>) at
malloc.c:4165
4165 malloc.c: No such file or directory.
(gdb) bt
#0 0xb7e23480 in malloc_consolidate (av=0xb7f5a420 <main_arena>)
at malloc.c:4165
#1 0xb7e23f5b in _int_free (av=0xb7f5a420 <main_arena>, p=<optimized
out>,
have_lock=0) at malloc.c:4057
#2 0x08b4d473 in buffer_replace (src=0x0, dst=0xbfffe334)
at libavutil/buffer.c:119
#3 av_buffer_unref (buf=buf at entry=0xbfffe334) at libavutil/buffer.c:129
#4 0x0836b90a in av_packet_unref (pkt=pkt at entry=0xbfffe334)
at libavcodec/avpacket.c:548
#5 0x080e1373 in process_input (file_index=<optimized out>) at
ffmpeg.c:3989
#6 0x080e41d0 in transcode_step () at ffmpeg.c:4074
#7 transcode () at ffmpeg.c:4128
#8 0x080c17e5 in main (argc=<optimized out>, argv=<optimized out>)
at ffmpeg.c:4319
(gdb)
}}}
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5215#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list