#6519: Crash when passing rgb24 data to ssim filter -------------------------------------+------------------------------------- Reporter: t.rapp | Type: defect Status: new | Priority: normal Component: | Version: git- undetermined | master Keywords: | Blocked By: Blocking: | Reproduced by developer: 0 Analyzed by developer: 0 | -------------------------------------+------------------------------------- Summary of the bug:
When I pass rgb24 data generated by the testsrc filter to ssim the application crashes. When I convert the data to YUV first (like yuv422p) ssim seems to work fine. How to reproduce: {{{ % ./build-linux/ffmpeg-dbg_g -f lavfi -i "testsrc=s=300x200:r=5:d=1" -vf "split [ref][tmp]; [tmp] avgblur=3 [enc]; [enc][ref] ssim" -f null - ffmpeg version N-86755-g0780ad9 Copyright (c) 2000-2017 the FFmpeg developers built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 20160609 configuration: --disable-network --enable-libtwolame --enable-libmp3lame --enable-libvorbis --enable-libfreetype --enable-static --disable-shared --progs-suffix=-dbg --enable-debug --disable-optimizations --enable-extra- warnings --assert-level=2 --prefix=/usr/local libavutil 55. 67.100 / 55. 67.100 libavcodec 57.100.104 / 57.100.104 libavformat 57. 75.100 / 57. 75.100 libavdevice 57. 7.100 / 57. 7.100 libavfilter 6. 95.100 / 6. 95.100 libswscale 4. 7.101 / 4. 7.101 libswresample 2. 8.100 / 2. 8.100 Input #0, lavfi, from 'testsrc=s=300x200:r=5:d=1': Duration: N/A, start: 0.000000, bitrate: N/A Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 300x200 [SAR 1:1 DAR 3:2], 5 tbr, 5 tbn, 5 tbc Stream mapping: Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native)) Press [q] to stop, [?] for help Output #0, null, to 'pipe:': Metadata: encoder : Lavf57.75.100 Stream #0:0: Video: wrapped_avframe, gbrp, 300x200 [SAR 1:1 DAR 3:2], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc Metadata: encoder : Lavc57.100.104 wrapped_avframe frame= 5 fps=0.0 q=-0.0 Lsize=N/A time=00:00:01.00 bitrate=N/A speed=42.2x video:3kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown *** Error in `./build-linux/ffmpeg-dbg_g': corrupted size vs. prev_size: 0x00000000041be170 *** }}} {{{ (gdb) bt #0 0x00007ffff4f45428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #1 0x00007ffff4f4702a in __GI_abort () at abort.c:89 #2 0x00007ffff4f877ea in __libc_message (do_abort=2, fmt=fmt@entry=0x7ffff50a0e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff4f90dfb in malloc_printerr (ar_ptr=0x7ffff52d4b20 <main_arena>, ptr=0x25d2bd0, str=0x7ffff509dc35 "corrupted size vs. prev_size", action=3) at malloc.c:5006 #4 _int_free (av=0x7ffff52d4b20 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:4014 #5 0x00007ffff4f9453c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968 #6 0x000000000166bbfa in av_free (ptr=0x25d2720) at src/libavutil/mem.c:209 #7 0x000000000166bc42 in av_freep (arg=0x25cb158) at src/libavutil/mem.c:219 #8 0x00000000014f7a3f in sws_freeContext (c=0x25c18a0) at src/libswscale/utils.c:2283 #9 0x00000000005cb4d6 in uninit (ctx=0x25ae800) at src/libavfilter/vf_scale.c:151 #10 0x000000000045ec0f in avfilter_free (filter=0x25ae800) at src/libavfilter/avfilter.c:800 #11 0x000000000046127f in avfilter_graph_free (graph=0x25a9850) at src/libavfilter/avfiltergraph.c:123 #12 0x00000000004222ee in ffmpeg_cleanup (ret=0) at src/ffmpeg.c:477 #13 0x000000000040819c in exit_program (ret=0) at src/cmdutils.c:138 #14 0x00000000004338fb in main (argc=11, argv=0x7fffffffdf28) at src/ffmpeg.c:4814 }}} {{{ (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x7ffff4f45408 to 0x7ffff4f45448: 0x00007ffff4f45408 <__GI_raise+24>: mov $0xf000000,%edx 0x00007ffff4f4540d <__GI_raise+29>: add $0x8964c189,%eax 0x00007ffff4f45412 <__GI_raise+34>: add $0x25,%al 0x00007ffff4f45414 <__GI_raise+36>: rolb (%rdx) 0x00007ffff4f45416 <__GI_raise+38>: add %al,(%rax) 0x00007ffff4f45418 <__GI_raise+40>: movslq %eax,%rsi 0x00007ffff4f4541b <__GI_raise+43>: movslq %edi,%rdx 0x00007ffff4f4541e <__GI_raise+46>: mov $0xea,%eax 0x00007ffff4f45423 <__GI_raise+51>: movslq %ecx,%rdi 0x00007ffff4f45426 <__GI_raise+54>: syscall => 0x00007ffff4f45428 <__GI_raise+56>: cmp $0xfffffffffffff000,%rax 0x00007ffff4f4542e <__GI_raise+62>: ja 0x7ffff4f45450 <__GI_raise+96> 0x00007ffff4f45430 <__GI_raise+64>: repz retq 0x00007ffff4f45432 <__GI_raise+66>: nopw 0x0(%rax,%rax,1) 0x00007ffff4f45438 <__GI_raise+72>: test %ecx,%ecx 0x00007ffff4f4543a <__GI_raise+74>: jg 0x7ffff4f4541b <__GI_raise+43> 0x00007ffff4f4543c <__GI_raise+76>: mov %ecx,%edx 0x00007ffff4f4543e <__GI_raise+78>: neg %edx 0x00007ffff4f45440 <__GI_raise+80>: and $0x7fffffff,%ecx 0x00007ffff4f45446 <__GI_raise+86>: cmove %esi,%edx End of assembler dump. }}} {{{ (gdb) info all-registers rax 0x0 0 rbx 0x86 134 rcx 0x7ffff4f45428 140737303041064 rdx 0x6 6 rsi 0x3c35 15413 rdi 0x3c35 15413 rbp 0x7fffffffdae0 0x7fffffffdae0 rsp 0x7fffffffd748 0x7fffffffd748 r8 0x5 5 r9 0x0 0 r10 0x8 8 r11 0x206 518 r12 0x86 134 r13 0x7fffffffd8f8 140737488345336 r14 0x7fffffffd8f8 140737488345336 r15 0x2 2 rip 0x7ffff4f45428 0x7ffff4f45428 <__GI_raise+56> eflags 0x206 [ PF IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 st0 0 (raw 0x00000000000000000000) st1 0 (raw 0x00000000000000000000) st2 0 (raw 0x00000000000000000000) st3 0 (raw 0x00000000000000000000) st4 0 (raw 0x00000000000000000000) st5 0 (raw 0x00000000000000000000) st6 0 (raw 0x00000000000000000000) st7 0 (raw 0x00000000000000000000) fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 14 times>, 0xff, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, v4_int32 = {0x0, 0x0, 0x0, 0xff0000}, v2_int64 = {0x0, 0xff000000000000}, uint128 = 0x00ff0000000000000000000000000000} xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000} xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3e, 0x50, 0x62, 0x12, 0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x503e, 0x1262, 0x7400, 0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0, 0x0}, v2_int64 = { ---Type <return> to continue, or q <return> to quit--- 0x3fce74001262503e, 0x0}, uint128 = 0x00000000000000003fce74001262503e} xmm10 {v4_float = {0xf65282a0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xd6, 0xd7, 0x1a, 0xcd, 0x8b, 0x5, 0x69, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xd7d6, 0xcd1a, 0x58b, 0x3c69, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcd1ad7d6, 0x3c69058b, 0x0, 0x0}, v2_int64 = { 0x3c69058bcd1ad7d6, 0x0}, uint128 = 0x00000000000000003c69058bcd1ad7d6} xmm11 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3e, 0x50, 0x62, 0x12, 0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x503e, 0x1262, 0x7400, 0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0, 0x0}, v2_int64 = { 0x3fce74001262503e, 0x0}, uint128 = 0x00000000000000003fce74001262503e} xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm15 {v4_float = {0xfed6beb2, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xa7, 0xa0, 0x94, 0xcb, 0xd0, 0xe9, 0x46, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xa0a7, 0xcb94, 0xe9d0, 0xbc46, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcb94a0a7, 0xbc46e9d0, 0x0, 0x0}, v2_int64 = { 0xbc46e9d0cb94a0a7, 0x0}, uint128 = 0x0000000000000000bc46e9d0cb94a0a7} mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ] }}} -- Ticket URL: <https://trac.ffmpeg.org/ticket/6519> FFmpeg <https://ffmpeg.org> FFmpeg issue tracker _______________________________________________ FFmpeg-trac mailing list FFmpeg-trac@avcodec.org http://ffmpeg.org/mailman/listinfo/ffmpeg-trac