Ronald S. Bultje <[email protected]> added the comment: It fixes some, but not all. wc -l of valgrind ffmpeg goes from ~2000 to ~400, but still more warnings remain:
==61513== Invalid read of size 4 ==61513== at 0x10036E8BA: vc1_decode_i_blocks_adv (in ./ffmpeg_g) ==61513== by 0x3000000017: ??? ==61513== by 0x1010DC41F: ??? ==61513== by 0x7FFF0000000C: ??? ==61513== by 0x300000019: ??? ==61513== by 0x16FFFFFFFF: ??? ==61513== by 0x7FFF5FBFE46B: ??? ==61513== by 0x7FFF5FBFE467: ??? ==61513== by 0x7FFF5FBFE463: ??? ==61513== by 0x10105FFF2: ??? ==61513== by 0x58FF: ??? ==61513== by 0x11: ??? ==61513== Address 0x1010beedc is 3,436 bytes inside a block of size 3,439 alloc'd 0x000000010036e897 <vc1_decode_i_blocks_adv+1239>: shl $0x3,%rax 0x000000010036e89b <vc1_decode_i_blocks_adv+1243>: add 0x2bc85e(%rip),%rax # 0x10062b100 0x000000010036e8a2 <vc1_decode_i_blocks_adv+1250>: mov 0x8(%rax),%r8 0x000000010036e8a6 <get_vlc2+0>: mov 0x3cf8(%rbp),%esi 0x000000010036e8ac <get_vlc2+6>: mov 0x3ce8(%rbp),%r9 0x000000010036e8b3 <get_vlc2+13>: mov %esi,%eax 0x000000010036e8b5 <get_vlc2+15>: shr $0x3,%eax 0x000000010036e8b8 <get_vlc2+18>: mov %eax,%eax 0x000000010036e8ba <get_vlc2+20>: mov (%r9,%rax,1),%eax 0x000000010036e8be <av_bswap32+0>: bswap %eax 0x000000010036e8c0 <NEG_USR32+0>: mov %esi,%ecx 0x000000010036e8c2 <NEG_USR32+2>: and $0x7,%ecx 0x000000010036e8c5 <NEG_USR32+5>: shl %cl,%eax 0x000000010036e8c7 <NEG_USR32+7>: shr $0xf7,%eax ==61513== Invalid read of size 4 ==61513== at 0x100369FF1: vc1_decode_ac_coeff (in ./ffmpeg_g) ==61513== by 0x10036ECA1: vc1_decode_i_blocks_adv (in ./ffmpeg_g) ==61513== by 0x3000000017: ??? ==61513== by 0x1010E22FF: ??? ==61513== by 0x7FFF0000000C: ??? ==61513== by 0x300000019: ??? ==61513== by 0x16FFFFFFFF: ??? ==61513== by 0x7FFF5FBFE46B: ??? ==61513== by 0x7FFF5FBFE467: ??? ==61513== by 0x7FFF5FBFE463: ??? ==61513== by 0x10105FFF2: ??? ==61513== by 0x58FF: ??? ==61513== Address 0x1010beedc is 3,436 bytes inside a block of size 3,439 alloc'd (gdb) disass 0x100369FF1 Dump of assembler code for function vc1_decode_ac_coeff: 0x0000000100369fa0 <vc1_decode_ac_coeff+0>: mov %rbx,-0x30(%rsp) 0x0000000100369fa5 <vc1_decode_ac_coeff+5>: mov %rbp,-0x28(%rsp) 0x0000000100369faa <vc1_decode_ac_coeff+10>: mov %r12,-0x20(%rsp) 0x0000000100369faf <vc1_decode_ac_coeff+15>: mov %r13,-0x18(%rsp) 0x0000000100369fb4 <vc1_decode_ac_coeff+20>: mov %r14,-0x10(%rsp) 0x0000000100369fb9 <vc1_decode_ac_coeff+25>: mov %r15,-0x8(%rsp) 0x0000000100369fbe <vc1_decode_ac_coeff+30>: mov %rdi,%rbx 0x0000000100369fc1 <vc1_decode_ac_coeff+33>: mov %rsi,%r13 0x0000000100369fc4 <vc1_decode_ac_coeff+36>: mov %rdx,%r14 0x0000000100369fc7 <vc1_decode_ac_coeff+39>: mov %rcx,%r15 0x0000000100369fca <vc1_decode_ac_coeff+42>: lea 0x828c4f(%rip),%rdi # 0x100b92c20 <ff_vc1_ac_coeff_table> 0x0000000100369fd1 <vc1_decode_ac_coeff+49>: movslq %r8d,%r8 0x0000000100369fd4 <vc1_decode_ac_coeff+52>: lea (%r8,%r8,2),%rax 0x0000000100369fd8 <vc1_decode_ac_coeff+56>: mov 0x8(%rdi,%rax,8),%r10 0x0000000100369fdd <vc1_decode_ac_coeff+61>: mov 0x3cf8(%rbx),%esi 0x0000000100369fe3 <vc1_decode_ac_coeff+67>: mov 0x3ce8(%rbx),%rbp 0x0000000100369fea <vc1_decode_ac_coeff+74>: mov %esi,%eax 0x0000000100369fec <vc1_decode_ac_coeff+76>: shr $0x3,%eax 0x0000000100369fef <vc1_decode_ac_coeff+79>: mov %eax,%eax 0x0000000100369ff1 <vc1_decode_ac_coeff+81>: mov 0x0(%rbp,%rax,1),%eax 0x0000000100369ff5 <av_bswap32+0>: bswap %eax i.e. this is the get_vlc2() 4 lines above the one your patch touches. Also during playback a lot of these warnings: [vc1 @ 0x100f8bbc0] Luma scaling is not supported, expect wrong picture [vc1 @ 0x100f8bbc0] Chroma scaling is not supported, expect wrong picture ________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/issue2584> ________________________________________________
