Opened 9 years ago

Last modified 8 years ago

#1833 new defect

mencoder crashing in swscale for some videos

Reported by: rectalogic@… Owned by: reimar
Priority: normal Component: ve
Version: HEAD Severity: major
Keywords: Cc: cehoyos
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

I have a couple of samples where mencoder is crashing when encoding to raw MOV using lavf. mencoder log attached, along with gdb backtrace and valgrind log.

From the valgrind log it looks like swscale is reading off the end of a packet.

Sample uploaded to incoming/swscale-crash/mpeg1-crash.mpg

Command line used was:

mencoder -v mpeg1-crash.mpg -of lavf -lavfopts format=mov -ovc raw -vf format=uyvy -ffourcc 2vuy -sws 9 -nosound -o t.mov

Attachments (3)

valgrind.log.txt (4.4 KB) - added by rectalogic@… 9 years ago.
valgrind log
gdb.log.txt (2.4 KB) - added by rectalogic@… 9 years ago.
gdb log
mencoder.log.txt (7.2 KB) - added by rectalogic@… 9 years ago.
mencoder log

Download all attachments as: .zip

Change History (8)

Changed 9 years ago by rectalogic@…

valgrind log

Changed 9 years ago by rectalogic@…

gdb log

comment:1 Changed 9 years ago by rectalogic@…

Changed 9 years ago by rectalogic@…

mencoder log

comment:2 Changed 9 years ago by rectalogic@…

comment:3 Changed 9 years ago by cehoyos

  • Cc cehoyos@… added

While I see no crash, I can reproduce the invalid reads (but not with FFmpeg):

$ valgrind mencoder mpeg1-crash.mpg -of lavf -lavfopts format=avi -ovc raw -vf format=uyvy -nosound -o /dev/null
...
==1300== Invalid read of size 4
==1300== at 0x87C6456: hScale_MMX2 (swscale_template.c:2051)
==1300== Address 0xc06cfdd is 196,605 bytes inside a block of size 196,608 alloc'd
==1300== at 0x6CF8E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x6CF8EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x87A6990: av_malloc (mem.c:83)
==1300==
==1300== Invalid read of size 4
==1300== at 0x87C6452: hScale_MMX2 (swscale_template.c:2051)
==1300== Address 0xc06cfde is 196,606 bytes inside a block of size 196,608 alloc'd
==1300== at 0x6CF8E9E: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x6CF8EFB: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-x86-linux.so)
==1300== by 0x87A6990: av_malloc (mem.c:83)

$ valgrind ffmpeg -i mpeg1-crash.mpg -vcodec rawvideo -pix_fmt uyvy422 -f avi -y /dev/null

(0 errors)

comment:4 Changed 8 years ago by diego@…

comment:5 Changed 8 years ago by rectalogic@…

(In reply to comment #3)

While I see no crash, I can reproduce the invalid reads (but not with FFmpeg):

It crashes for me with mencoder compiled for 32bit, 64bit does not crash.

Note: See TracTickets for help on using tickets.