[libav-bugs] [Bug 98] New: Invalid free in mp3 with header missing

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Wed Nov 23 23:22:02 CET 2011


http://bugzilla.libav.org/show_bug.cgi?id=98

           Summary: Invalid free in mp3 with header missing
           Product: Libav
           Version: git HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: libavformat
        AssignedTo: bugzilla at libav.org
        ReportedBy: alex.converse at gmail.com


Asan:

$ ./avconv -i /home/aconverse/Downloads/1_sample.avi -f null -
avconv version v0.7-1925-ga78fa3b, Copyright (c) 2000-2011 the Libav developers
  built on Nov 23 2011 10:15:48 with clang 3.1 (trunk 144800)
[mp3 @ 0x7ff216864080] Header missing
attempting free on address which was not malloc()-ed: 0x7ff21635c087
    #0 0x14a17c1 in free _asan_rtl_
    #1 0x4da8f1 in ffio_set_buf_size
/usr/local/google/home/aconverse/src-ext/libav/libav/libavformat/aviobuf.c:900

Valgrind:

$ ./avconv -i /home/aconverse/Downloads/1_sample.avi -f null -
avconv version v0.7-1925-ga78fa3b, Copyright (c) 2000-2011 the Libav developers
  built on Nov 23 2011 10:24:35 with gcc 4.4.3
[mp3 @ 0x7044480] Header missing
==6666== Invalid free() / delete / delete[]
==6666==    at 0x4C268FE: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6666==    by 0x46D9D2: fill_buffer (aviobuf.c:900)
==6666==    by 0x46E117: ff_get_line (aviobuf.c:631)
==6666==    by 0x4640EC: read_header (assdec.c:99)
==6666==    by 0x4F1139: avformat_open_input (utils.c:656)
==6666==    by 0x464A4E: read_gab2_sub (avidec.c:785)
==6666==    by 0x465EAB: avi_read_packet (avidec.c:1089)
==6666==    by 0x4F05D7: av_read_packet (utils.c:723)
==6666==    by 0x4F24A8: read_frame_internal (utils.c:1175)
==6666==    by 0x4F35EF: avformat_find_stream_info (utils.c:2360)
==6666==    by 0x436BB7: opt_input_file (avconv.c:3014)
==6666==    by 0x43FF3D: parse_option (cmdutils.c:275)
==6666==  Address 0x717e4c7 is 7 bytes inside a block of size 33,734 alloc'd
==6666==    at 0x4C25CB8: memalign (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6666==    by 0x4C25D67: posix_memalign (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6666==    by 0xAABA8C: av_malloc (mem.c:83)
==6666==    by 0x51E75B: av_new_packet (avpacket.c:64)
==6666==    by 0x4EE004: av_get_packet (utils.c:269)
==6666==    by 0x465E39: avi_read_packet (avidec.c:1065)
==6666==    by 0x4F05D7: av_read_packet (utils.c:723)
==6666==    by 0x4F24A8: read_frame_internal (utils.c:1175)
==6666==    by 0x4F35EF: avformat_find_stream_info (utils.c:2360)
==6666==    by 0x436BB7: opt_input_file (avconv.c:3014)
==6666==    by 0x43FF3D: parse_option (cmdutils.c:275)
==6666==    by 0x44010D: parse_options (cmdutils.c:308)
==6666== 

Seems stream 0 codec frame rate differs from container frame rate: 23.98
(65535/2733) -> 23.98 (10000000/417083)
Input #0, avi, from '/home/aconverse/Downloads/1_sample.avi':
  Duration: 00:21:55.56, start: 0.000000, bitrate: 3 kb/s
    Stream #0.0: Video: mpeg4 (Simple Profile), yuv420p, 640x480 [PAR 1:1 DAR
4:3], 23.98 fps, 23.98 tbr, 23.98 tbn, 23.98 tbc
    Stream #0.1: Audio: mp3, 48000 Hz, stereo, s16, 192 kb/s
    Stream #0.2: Subtitle: ass
    Metadata:
      title           : 1
[buffer @ 0x7236300] w:640 h:480 pixfmt:yuv420p
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf53.15.0
    Stream #0.0: Video: rawvideo, yuv420p, 640x480 [PAR 1:1 DAR 4:3], q=2-31,
200 kb/s, 90k tbn, 23.98 tbc
    Stream #0.1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
  Stream #0:1 -> #0:1 (mp3 -> pcm_s16le)
Press ctrl-c to stop encoding
[mp3 @ 0x7044480] Header missing
Error while decoding stream #0:1
incomplete frame 21 q=0.0 size=      -0kB time=0.92 bitrate=  -0.2kbits/s    
Error while decoding stream #0:1
frame=   23 fps= 21 q=0.0 Lsize=      -0kB time=0.96 bitrate=  -0.2kbits/s    
video:0kB audio:315kB global headers:0kB muxing overhead -100.006820%

Was https://roundup.libav.org/issue2231

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list