[libav-bugs] [Bug 501] New: Segfault when -deinterlace and -s options both used

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Wed May 1 15:21:40 CEST 2013


           Summary: Segfault when -deinterlace and -s options both used
           Product: Libav
           Version: 9
          Platform: X86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: libswscale
        AssignedTo: bugzilla at libav.org
        ReportedBy: simon at onepointltd.com

Command line:

simonb at simon:~/Videos$ ./avconv -y -i clip_in.mp4 -threads 0 -profile:v
baseline -level 30 -deinterlace -r 15 -s 640x480 -acodec libfdk_aac -ar 44100
-ac 2 -ab 64k -vcodec libx264 -aspect 4:3 -async 2000 -b 200k -minrate 100k
-maxrate 300k clip_out.mp4

Results in a segfault in swscale.c, hScale8To15_c with "src" parameter out of
bounds. Removing either "-s 640x480" or "deinterlace" from the command line
runs OK.

I debug using the following build options:
./configure --enable-gpl --enable-nonfree --enable-runtime-cpudetect
--enable-avplay --enable-libfaac --enable-libfdk-aac --enable-librtmp
--enable-libmp3lame  --enable-nonfree --enable-libopenjpeg --enable-libpulse
--enable-libspeex --enable-libopus --enable-libtheora --enable-libvo-aacenc
--enable-version3 --enable-libvorbis --enable-libvpx --enable-libx264
--enable-libxavs --enable-libxvid --enable-static --disable-shared
--enable-debug --disable-asm --disable-optimizations

When I run the command line in a debugger I find I get the segfault in

// bilinear / bicubic scaling
static void hScale8To15_c(SwsContext *c, int16_t *dst, int dstW,
                          const uint8_t *src, const int16_t *filter,
                          const int32_t *filterPos, int filterSize)
    int i;
    for (i = 0; i < dstW; i++) {
        int j;
        int srcPos = filterPos[i];
        int val    = 0;
        for (j = 0; j < filterSize; j++) {
Segfault>>>            val += ((int)src[srcPos + j]) * filter[filterSize * i +
        dst[i] = FFMIN(val >> 7, (1 << 15) - 1); // the cubic equation does
overflow ...

Inspecting the variables shows that src is "0x7fffec6fe040 <Address
0x7fffec6fe040 out of bounds>".

Configure bugmail: https://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the libav-bugs mailing list