[libav-bugs] [Bug 342] Crash decoding Lagarith RGB24 on Windows 64-bit

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Fri Aug 3 02:01:01 CEST 2012


http://bugzilla.libav.org/show_bug.cgi?id=342

Ronald S. Bultje <rsbultje at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rsbultje at gmail.com

--- Comment #2 from Ronald S. Bultje <rsbultje at gmail.com> 2012-08-03 02:01:01 CEST ---
--82437-- run: /usr/bin/dsymutil "./avconv"
avconv version v0.8-2593-g19cf716, Copyright (c) 2000-2012 the Libav developers
  built on Aug  2 2012 12:54:17 with gcc 4.2.1 (GCC) (Apple Inc. build 5666)
(dot 3)
==82437== Invalid read of size 8
==82437==    at 0x10054ADA5: .. at 2596..loop (in ./avconv)
==82437==    by 0x1002FC877: lag_decode_arith_plane (lagarith.c:252)
==82437==    by 0x34BF: ???
==82437==    by 0x7FFF5FBFEF8F: ???
==82437==    by 0x7FFF5FBFE9BF: ???
==82437==  Address 0x10996b379 is 921,593 bytes inside a block of size 921,600
alloc'd
==82437==    at 0x100EEFF94: malloc_zone_memalign (vg_replace_malloc.c:698)
==82437==    by 0x1033F761F: posix_memalign (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x1005DF93C: av_malloc (mem.c:83)
==82437==    by 0x2: ???
==82437== 
==82437== Invalid write of size 8
==82437==    at 0x10054ADCE: .. at 2596..loop (in ./avconv)
==82437==    by 0x1002FC877: lag_decode_arith_plane (lagarith.c:252)
==82437==    by 0x34BF: ???
==82437==    by 0x7FFF5FBFEF8F: ???
==82437==    by 0x7FFF5FBFE9BF: ???
==82437==  Address 0x10996b379 is 921,593 bytes inside a block of size 921,600
alloc'd
==82437==    at 0x100EEFF94: malloc_zone_memalign (vg_replace_malloc.c:698)
==82437==    by 0x1033F761F: posix_memalign (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x1005DF93C: av_malloc (mem.c:83)
==82437==    by 0x2: ???
==82437== 
Input #0, avi, from '/Users/rbultje/Downloads/lagrgbcrash.avi':
  Duration: 00:00:11.06, start: 0.000000, bitrate: 1480 kb/s
    Stream #0.0: Video: lagarith, rgb24, 640x480, 15 fps, 15 tbr, 15 tbn
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.13.0
    Stream #0.0: Video: rawvideo, rgb24, 640x480, q=2-31, 200 kb/s, 90k tbn, 15
tbc
Stream mapping:
  Stream #0:0 -> #0:0 (lagarith -> rawvideo)
Press ctrl-c to stop encoding
==82437== Invalid read of size 8
==82437==    at 0x10054ADA5: .. at 2596..loop (in ./avconv)
==82437==    by 0x1002FC877: lag_decode_arith_plane (lagarith.c:252)
==82437==    by 0x1000034BF: opt_map (avconv.c:3240)
==82437==    by 0x7FFF5FBFF17F: ???
==82437==    by 0x10061B99F: __func__.7898 (in ./avconv)
==82437==    by 0x10336AC73: __swrite (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x7FFF5FBFEC4F: ???
==82437==    by 0x27F0336ABFC: ???
==82437==    by 0x10976E928: ???
==82437==    by 0x28000000003: ???
==82437==    by 0x280000001DF: ???
==82437==    by 0x109D7D49F: ???
==82437==  Address 0x109d7d719 is 921,593 bytes inside a block of size 921,600
alloc'd
==82437==    at 0x100EEFF94: malloc_zone_memalign (vg_replace_malloc.c:698)
==82437==    by 0x1033F761F: posix_memalign (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x1005DF93C: av_malloc (mem.c:83)
==82437==    by 0x10976BF5F: ???
==82437== 
==82437== Invalid write of size 8
==82437==    at 0x10054ADCE: .. at 2596..loop (in ./avconv)
==82437==    by 0x1002FC877: lag_decode_arith_plane (lagarith.c:252)
==82437==    by 0x1000034BF: opt_map (avconv.c:3240)
==82437==    by 0x7FFF5FBFF17F: ???
==82437==    by 0x10061B99F: __func__.7898 (in ./avconv)
==82437==    by 0x10336AC73: __swrite (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x7FFF5FBFEC4F: ???
==82437==    by 0x27F0336ABFC: ???
==82437==    by 0x10976E928: ???
==82437==    by 0x28000000003: ???
==82437==    by 0x280000001DF: ???
==82437==    by 0x109D7D49F: ???
==82437==  Address 0x109d7d719 is 921,593 bytes inside a block of size 921,600
alloc'd
==82437==    at 0x100EEFF94: malloc_zone_memalign (vg_replace_malloc.c:698)
==82437==    by 0x1033F761F: posix_memalign (in /usr/lib/libSystem.B.dylib)
==82437==    by 0x1005DF93C: av_malloc (mem.c:83)
==82437==    by 0x10976BF5F: ???

It seems like the input buffers to the left prediction are not 16-byte padded.

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list