[libav-bugs] [Bug 825] New: Invalid memory writes with libavresample

bugzilla at aruru.libav.org bugzilla at aruru.libav.org
Mon Mar 2 18:13:27 CET 2015 

https://bugzilla.libav.org/show_bug.cgi?id=825

            Bug ID: 825
           Summary: Invalid memory writes with libavresample
           Product: Libav
           Version: git HEAD
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavresample
          Assignee: bugzilla at libav.org
          Reporter: nfxjfg at googlemail.com

#include <libavresample/avresample.h>
#include <libavutil/mem.h>
#include <libavutil/opt.h>
#include <stdlib.h>

int main() {
    AVAudioResampleContext *avrctx;
    void *data;

    avrctx = avresample_alloc_context();

    av_opt_set_int(avrctx, "in_channel_layout",  AV_CH_LAYOUT_STEREO, 0);
    av_opt_set_int(avrctx, "out_channel_layout", AV_CH_LAYOUT_STEREO, 0);

    av_opt_set_int(avrctx, "in_sample_rate",     48000 * 8, 0);
    av_opt_set_int(avrctx, "out_sample_rate",    48000, 0);

    av_opt_set_int(avrctx, "in_sample_fmt",      AV_SAMPLE_FMT_FLTP, 0);
    av_opt_set_int(avrctx, "out_sample_fmt",     AV_SAMPLE_FMT_FLT, 0);

    if (avresample_open(avrctx) < 0)
        abort();

    data = av_malloc(1024);
    avresample_convert(avrctx, &data, 1024, 128, NULL, 0, 0);
    //avresample_convert(avrctx, &data, 1024, 128, NULL, 0, 0);

    avresample_close(avrctx);

    return 0;
}

==1491== Invalid write of size 4
==1491==    at 0x402DFDA: memcpy (vg_replace_strmem.c:916)
==1491==    by 0x4043260: ff_audio_resample (resample.c:444)
==1491==    by 0x4043F26: avresample_convert (utils.c:449)
==1491==    by 0x8048758: main (in /tmp/test/a.out)
==1491==  Address 0x4365780 is 0 bytes after a block of size 768 alloc'd
==1491==    at 0x402B554: memalign (vg_replace_malloc.c:760)
==1491==    by 0x402B66B: posix_memalign (vg_replace_malloc.c:913)
==1491==    by 0x407ACCF: av_malloc (mem.c:95)
==1491==    by 0x403CFC9: ff_audio_data_realloc (audio_data.c:198)
==1491==    by 0x403D32F: ff_audio_data_alloc (audio_data.c:149)
==1491==    by 0x4042451: ff_audio_resample_init (resample.c:201)
==1491==    by 0x4043928: avresample_open (utils.c:236)
==1491==    by 0x804871A: main (in /tmp/test/a.out)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20150302/b3703163/attachment-0001.html>

More information about the libav-bugs mailing list