Opened 14 years ago
Closed 13 years ago
#312 closed defect (fixed)
Invalid reads in ff_h264_pred_direct_motion() when decoding corrupt H264 sample
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avcodec |
| Version: | git-master | Keywords: | h264 |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
$ valgrind ./ffmpeg_g -i invalid_reads1.h264 -f null -
==24302== Memcheck, a memory error detector
==24302== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==24302== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==24302== Command: ./ffmpeg_g -i invalid_reads1.h264 -f null -
==24302==
ffmpeg version N-31019-g5c13b5b, Copyright (c) 2000-2011 the FFmpeg developers
built on Jun 26 2011 17:49:29 with gcc 4.5.3
configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
libavutil 51. 10. 0 / 51. 10. 0
libavcodec 53. 7. 0 / 53. 7. 0
libavformat 53. 4. 0 / 53. 4. 0
libavdevice 53. 1. 1 / 53. 1. 1
libavfilter 2. 23. 0 / 2. 23. 0
libswscale 2. 0. 0 / 2. 0. 0
[h264 @ 0xa44e320] non-existing PPS referenced
[h264 @ 0xa44e320] non-existing PPS 0 referenced
[h264 @ 0xa44e320] decode_slice_header error
[h264 @ 0xa44e320] no frame!
[h264 @ 0xa44e320] non-existing PPS referenced
[h264 @ 0xa44e320] non-existing PPS 0 referenced
[h264 @ 0xa44e320] decode_slice_header error
[h264 @ 0xa44e320] no frame!
...
[h264 @ 0xa44e320] non-existing PPS referenced
[h264 @ 0xa44e320] non-existing PPS 0 referenced
[h264 @ 0xa44e320] decode_slice_header error
[h264 @ 0xa44e320] no frame!
[h264 @ 0xa44e320] non-existing PPS referenced
[h264 @ 0xa44e320] non-existing PPS 0 referenced
[h264 @ 0xa44e320] decode_slice_header error
[h264 @ 0xa44e320] no frame!
[h264 @ 0xa44e320] top block unavailable for requested intra mode at 22 0
[h264 @ 0xa44e320] error while decoding MB 22 0, bytestream (67741)
[h264 @ 0xa44e320] mmco: unref short failure
[h264 @ 0xa404680] Estimating duration from bitrate, this may be inaccurate
Seems stream 0 codec frame rate differs from container frame rate: 59.94 (60000/1001) -> 29.97 (60000/2002)
Input #0, h264, from 'invalid_reads1.h264':
Duration: N/A, bitrate: N/A
Stream #0.0: Video: h264 (Main), yuv420p, 1920x1080 [PAR 1:1 DAR 16:9], 57.89 fps, 29.97 tbr, 1200k tbn, 59.94 tbc
[buffer @ 0xa537120] w:1920 h:1080 pixfmt:yuv420p tb:1/1000000 sar:1/1 sws_param:
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf53.4.0
Stream #0.0: Video: rawvideo, yuv420p, 1920x1080 [PAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 90k tbn, 29.97 tbc
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop, [?] for help
[h264 @ 0xa44e320] left block unavailable for requested intra mode at 0 17
[h264 @ 0xa44e320] error while decoding MB 0 17, bytestream (18637)
frame= 1 fps= 1 q=0.0 size= -0kB time=00:00:00.03 bitrate= -5.3kbits/s ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 70 9, bytestream (2358)
[h264 @ 0xa44e320] illegal short term buffer state detected
[h264 @ 0xa44e320] mmco: unref short failure
frame= 3 fps= 1 q=0.0 size= -0kB time=00:00:00.10 bitrate= -1.8kbits/s ^M Last message repeated 1 times
[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 21 23, bytestream (1567)
frame= 3 fps= 1 q=0.0 size= -0kB time=00:00:00.10 bitrate= -1.8kbits/s dup=0 drop=1 ^M==24302== Invalid read of size 2
==24302== at 0x824DAD0: ff_h264_pred_direct_motion (h264_direct.c:377)
==24302== Address 0xd228c70 is not stack'd, malloc'd or (recently) free'd
==24302==
==24302== Invalid read of size 2
==24302== at 0x824DAE0: ff_h264_pred_direct_motion (h264_direct.c:377)
==24302== Address 0xd228c72 is not stack'd, malloc'd or (recently) free'd
==24302==
[h264 @ 0xa44e320] top block unavailable for requested intra mode at 22 0
[h264 @ 0xa44e320] error while decoding MB 22 0, bytestream (67741)
[h264 @ 0xa44e320] mmco: unref short failure
frame= 4 fps= 1 q=0.0 size= -0kB time=00:00:00.13 bitrate= -1.3kbits/s dup=0 drop=1 ^M[h264 @ 0xa44e320] reference picture missing during reorder
Last message repeated 1 times
[h264 @ 0xa44e320] Missing reference picture
Last message repeated 1 times
[h264 @ 0xa44e320] cabac decode of qscale diff failed at 93 61
[h264 @ 0xa44e320] error while decoding MB 93 61, bytestream (4862)
frame= 5 fps= 1 q=0.0 size= -0kB time=00:00:00.16 bitrate= -1.1kbits/s dup=0 drop=2 ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] mmco: unref short failure
frame= 5 fps= 1 q=0.0 size= -0kB time=00:00:00.16 bitrate= -1.1kbits/s dup=0 drop=3 ^M Last message repeated 3 times
[h264 @ 0xa44e320] number of reference frames (0+5) exceeds max (4; probably corrupt input), discarding one
frame= 6 fps= 1 q=0.0 size= -0kB time=00:00:00.20 bitrate= -0.9kbits/s dup=0 drop=4 ^M[h264 @ 0xa44e320] illegal short term buffer state detected
frame= 7 fps= 1 q=0.0 size= -0kB time=00:00:00.23 bitrate= -0.8kbits/s dup=0 drop=5 ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 4 39, bytestream (1016)
[h264 @ 0xa44e320] illegal short term buffer state detected
[h264 @ 0xa44e320] mmco: unref short failure
Last message repeated 1 times
[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 78 0, bytestream (28013)
[h264 @ 0xa44e320] Reference 6 >= 2
[h264 @ 0xa44e320] error while decoding MB 52 17, bytestream (1583)
frame= 8 fps= 1 q=0.0 size= -0kB time=00:00:00.26 bitrate= -0.7kbits/s dup=0 drop=6 ^M[h264 @ 0xa44e320] mmco: unref short failure
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 27 6, bytestream (15044)
frame= 9 fps= 1 q=0.0 size= -0kB time=00:00:00.30 bitrate= -0.6kbits/s dup=0 drop=7 ^M[h264 @ 0xa44e320] error while decoding MB 14 48, bytestream (-3)
[h264 @ 0xa44e320] reference picture missing during reorder
Last message repeated 1 times
[h264 @ 0xa44e320] Missing reference picture
Last message repeated 1 times
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 95 13, bytestream (2146)
[h264 @ 0xa44e320] mmco: unref short failure
frame= 10 fps= 1 q=0.0 size= -0kB time=00:00:00.33 bitrate= -0.5kbits/s dup=0 drop=7 ^M[h264 @ 0xa44e320] top block unavailable for requested intra4x4 mode -1 at 65 0
[h264 @ 0xa44e320] error while decoding MB 65 0, bytestream (5209)
frame= 11 fps= 1 q=0.0 size= -0kB time=00:00:00.36 bitrate= -0.5kbits/s dup=0 drop=9 ^M[h264 @ 0xa44e320] illegal short term buffer state detected
[h264 @ 0xa44e320] reference picture missing during reorder
Last message repeated 1 times
[h264 @ 0xa44e320] Missing reference picture
Last message repeated 1 times
[h264 @ 0xa44e320] illegal short term buffer state detected
[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 3 >= 2
[h264 @ 0xa44e320] error while decoding MB 114 47, bytestream (474)
frame= 13 fps= 2 q=0.0 size= -0kB time=00:00:00.43 bitrate= -0.4kbits/s dup=0 drop=10 ^M[h264 @ 0xa44e320] mmco: unref short failure
frame= 14 fps= 2 q=0.0 size= -0kB time=00:00:00.46 bitrate= -0.4kbits/s dup=0 drop=11 ^M Last message repeated 1 times
[h264 @ 0xa44e320] top block unavailable for requested intra4x4 mode -1 at 85 0
[h264 @ 0xa44e320] error while decoding MB 85 0, bytestream (3582)
[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 92 4, bytestream (9645)
[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] mmco: unref short failure
[h264 @ 0xa44e320] illegal short term buffer state detected
frame= 15 fps= 2 q=0.0 size= -0kB time=00:00:00.50 bitrate= -0.4kbits/s dup=0 drop=13 ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
frame= 16 fps= 2 q=0.0 size= -0kB time=00:00:00.53 bitrate= -0.3kbits/s dup=0 drop=13 ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] mmco: unref short failure
frame= 17 fps= 2 q=0.0 size= -0kB time=00:00:00.56 bitrate= -0.3kbits/s dup=0 drop=14 ^M[h264 @ 0xa44e320] reference picture missing during reorder
[h264 @ 0xa44e320] Missing reference picture
[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 30 4, bytestream (24043)
frame= 17 fps= 1 q=0.0 size= -0kB time=00:00:00.56 bitrate= -0.3kbits/s dup=0 drop=15 ^M[h264 @ 0xa44e320] Reference 2 >= 2
[h264 @ 0xa44e320] error while decoding MB 111 27, bytestream (1302)
[h264 @ 0xa44e320] error while decoding MB 51 6, bytestream (-4)
[h264 @ 0xa44e320] mmco: unref short failure
frame= 18 fps= 2 q=0.0 Lsize= -0kB time=00:00:00.60 bitrate= -0.3kbits/s dup=0 drop=16 ^M
video:0kB audio:0kB global headers:0kB muxing overhead -inf%
==24302==
==24302== HEAP SUMMARY:
==24302== in use at exit: 132 bytes in 1 blocks
==24302== total heap usage: 1,633 allocs, 1,632 frees, 71,296,585 bytes allocated
==24302==
==24302== LEAK SUMMARY:
==24302== definitely lost: 132 bytes in 1 blocks
==24302== indirectly lost: 0 bytes in 0 blocks
==24302== possibly lost: 0 bytes in 0 blocks
==24302== still reachable: 0 bytes in 0 blocks
==24302== suppressed: 0 bytes in 0 blocks
==24302== Rerun with --leak-check=full to see details of leaked memory
==24302==
==24302== For counts of detected and suppressed errors, rerun with: -v
==24302== ERROR SUMMARY: 20 errors from 2 contexts (suppressed: 3 from 3)
Attachments (1)
Change History (4)
comment:1 by , 14 years ago
by , 13 years ago
comment:2 by , 13 years ago
| Status: | new → open |
|---|
Still reproducible for another sample with 32bit ffmpeg:
$ valgrind ./ffmpeg_g -i test.h264 -f null - ffmpeg version N-33240-ga5dfeb6, Copyright (c) 2000-2011 the FFmpeg developers built on Oct 3 2011 10:53:02 with gcc 4.5.3 configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32' ... ==14866== Invalid read of size 2 ==14866== at 0x8270360: ff_h264_pred_direct_motion (h264_direct.c:377) ==14866== Address 0xe40f900 is not stack'd, malloc'd or (recently) free'd ==14866== ==14866== Invalid read of size 2 ==14866== at 0x8270370: ff_h264_pred_direct_motion (h264_direct.c:377) ==14866== Address 0xe40f902 is not stack'd, malloc'd or (recently) free'd ==14866==
comment:3 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
iam unable to reproduce these invalid reads