[libav-bugs] [Bug 501] New: Segfault when -deinterlace and -s options both used

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Wed May 1 15:21:40 CEST 2013


https://bugzilla.libav.org/show_bug.cgi?id=501

           Summary: Segfault when -deinterlace and -s options both used
           Product: Libav
           Version: 9
          Platform: X86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: libswscale
        AssignedTo: bugzilla at libav.org
        ReportedBy: simon at onepointltd.com


Command line:

simonb at simon:~/Videos$ ./avconv -y -i clip_in.mp4 -threads 0 -profile:v
baseline -level 30 -deinterlace -r 15 -s 640x480 -acodec libfdk_aac -ar 44100
-ac 2 -ab 64k -vcodec libx264 -aspect 4:3 -async 2000 -b 200k -minrate 100k
-maxrate 300k clip_out.mp4

Results in a segfault in swscale.c, hScale8To15_c with "src" parameter out of
bounds. Removing either "-s 640x480" or "deinterlace" from the command line
runs OK.


I debug using the following build options:
./configure --enable-gpl --enable-nonfree --enable-runtime-cpudetect
--enable-avplay --enable-libfaac --enable-libfdk-aac --enable-librtmp
--enable-libmp3lame  --enable-nonfree --enable-libopenjpeg --enable-libpulse
--enable-libspeex --enable-libopus --enable-libtheora --enable-libvo-aacenc
--enable-version3 --enable-libvorbis --enable-libvpx --enable-libx264
--enable-libxavs --enable-libxvid --enable-static --disable-shared
--enable-debug --disable-asm --disable-optimizations

When I run the command line in a debugger I find I get the segfault in
swscale.c.


// bilinear / bicubic scaling
static void hScale8To15_c(SwsContext *c, int16_t *dst, int dstW,
                          const uint8_t *src, const int16_t *filter,
                          const int32_t *filterPos, int filterSize)
{
    int i;
    for (i = 0; i < dstW; i++) {
        int j;
        int srcPos = filterPos[i];
        int val    = 0;
        for (j = 0; j < filterSize; j++) {
Segfault>>>            val += ((int)src[srcPos + j]) * filter[filterSize * i +
j];
        }
        dst[i] = FFMIN(val >> 7, (1 << 15) - 1); // the cubic equation does
overflow ...
    }
}

Inspecting the variables shows that src is "0x7fffec6fe040 <Address
0x7fffec6fe040 out of bounds>".

-- 
Configure bugmail: https://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list