mencoder crashing in swscale for some videos

[rectalogic@…]

I have a couple of samples where mencoder is crashing when encoding to raw MOV using lavf. mencoder log attached, along with gdb backtrace and valgrind log.

From the valgrind log it looks like swscale is reading off the end of a packet.

Sample uploaded to incoming/swscale-crash/mpeg1-crash.mpg

Command line used was:

mencoder -v mpeg1-crash.mpg -of lavf -lavfopts format=mov -ovc raw -vf format=uyvy -ffourcc 2vuy -sws 9 -nosound -o t.mov

[rectalogic@…]

valgrind log

[rectalogic@…]

gdb log

[rectalogic@…]

mencoder log

[cehoyos]

While I see no crash, I can reproduce the invalid reads (but not with FFmpeg):

$ valgrind mencoder mpeg1-crash.mpg -of lavf -lavfopts format=avi -ovc raw -vf format=uyvy -nosound -o /dev/null
...
==1300== Invalid read of size 4
==1300== at 0x87C6456: hScale_MMX2 (swscale_template.c:2051)
==1300== Address 0xc06cfdd is 196,605 bytes inside a block of size 196,608 alloc'd
==1300== at 0x6CF8E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x6CF8EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x87A6990: av_malloc (mem.c:83)
==1300==
==1300== Invalid read of size 4
==1300== at 0x87C6452: hScale_MMX2 (swscale_template.c:2051)
==1300== Address 0xc06cfde is 196,606 bytes inside a block of size 196,608 alloc'd
==1300== at 0x6CF8E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x6CF8EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x87A6990: av_malloc (mem.c:83)

$ valgrind ffmpeg -i mpeg1-crash.mpg -vcodec rawvideo -pix_fmt uyvy422 -f avi -y /dev/null

(0 errors)

[rectalogic@…]

(In reply to comment #3)

While I see no crash, I can reproduce the invalid reads (but not with FFmpeg):

It crashes for me with mencoder compiled for 32bit, 64bit does not crash.