[libav-bugs] [Bug 1060] New: Invalid read in put_no_rnd_pixels8_xy2_mmx (rnd_template.c:38) causes segmentation fault

bugzilla at libav.org bugzilla at libav.org
Wed May 17 08:58:00 CEST 2017


https://bugzilla.libav.org/show_bug.cgi?id=1060

            Bug ID: 1060
           Summary: Invalid read in put_no_rnd_pixels8_xy2_mmx
                    (rnd_template.c:38) causes segmentation fault
           Product: Libav
           Version: 12
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: 7450942 at qq.com

Created attachment 667
  --> https://bugzilla.libav.org/attachment.cgi?id=667&action=edit
reproducer

on libav 12.1
The command used to hit the crash is:
avconv -i $FILE -f null

output is:
avconv version 12.1, Copyright (c) 2000-2017 the Libav developers
  built on May 17 2017 14:40:52 with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
20160609
Trailing options were found on the commandline.
[h263 @ 0x1eed060] Format detected only with low score of 25, misdetection
possible!
[h263 @ 0x1ef9040] Bad UFEP type (6)
[h263 @ 0x1ef9040] header damaged
[h263 @ 0x1ef9040] warning: first frame is no keyframe
Segmentation fault

The valgrind output is:
==31070== Invalid read of size 8
==31070==    at 0x8E829A: put_no_rnd_pixels8_xy2_mmx (rnd_template.c:38)
==31070==    by 0x738B60: hpel_motion (mpegvideo_motion.c:225)
==31070==    by 0x738B60: apply_8x8 (mpegvideo_motion.c:786)
==31070==    by 0x738B60: mpv_motion_internal (mpegvideo_motion.c:865)
==31070==    by 0x738B60: ff_mpv_motion (mpegvideo_motion.c:969)
==31070==    by 0x7250C1: mpv_decode_mb_internal (mpegvideo.c:1599)
==31070==    by 0x7250C1: ff_mpv_decode_mb (mpegvideo.c:1734)
==31070==    by 0x60DE95: decode_slice (h263dec.c:280)
==31070==    by 0x60EAC5: ff_h263_decode_frame (h263dec.c:588)
==31070==    by 0x810DA2: avcodec_decode_video2 (utils.c:1588)
==31070==    by 0x81142F: do_decode (utils.c:1727)
==31070==    by 0x81183A: avcodec_send_packet (utils.c:1804)
==31070==    by 0x53F97C: try_decode_frame.isra.11 (utils.c:1950)
==31070==    by 0x543BEB: avformat_find_stream_info (utils.c:2356)
==31070==    by 0x44E4A5: open_input_file (avconv_opt.c:771)
==31070==    by 0x4504B9: open_files (avconv_opt.c:2380)
==31070==    by 0x4504B9: avconv_parse_options (avconv_opt.c:2417)
==31070==  Address 0x5a2258e is 30 bytes after a block of size 48 in arena
"client"

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170517/8499e523/attachment.html>


More information about the libav-bugs mailing list