Bug 616545 – [ffmpegcolorspace] Crashes when converting Y41B with some width/height combinations

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 616545 - [ffmpegcolorspace] Crashes when converting Y41B with some width/height combinations


Summary:	[ffmpegcolorspace] Crashes when converting Y41B with some width/height combin...


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-base
Version:	git master
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	0.10.29
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-04-22 17:13 UTC by Sebastian Dröge (slomo)
Modified:	2010-04-22 19:06 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
ffmpegcolorspace: Fix Y41B->Y444 conversion (842 bytes, patch) 2010-04-22 18:59 UTC, Sebastian Dröge (slomo)	committed	Details \| Review

Description Sebastian Dröge (slomo) 2010-04-22 17:13:14 UTC

Example:

gst-launch-0.10 videotestsrc ! "video/x-raw-yuv,format=(fourcc)Y41B,width=840,height=631" ! ffmpegcolorspace ! "video/x-raw-rgb" ! fakesink

I don't know yet which width/height combinations make it crash ;)

Comment 1 Sebastian Dröge (slomo) 2010-04-22 18:47:33 UTC

==1530== Thread 2:
==1530== Invalid write of size 1
==1530==    at 0x4173CBA: grow41_line (imgconvert.c:1873)
==1530==    by 0x419E987: grow41 (imgconvert.c:1910)
==1530==    by 0x419F474: img_convert (imgconvert.c:3102)
==1530==    by 0x416FBBF: gst_ffmpegcsp_transform (gstffmpegcolorspace.c:520)
==1530==    by 0x41512E2: gst_base_transform_handle_buffer (gstbasetransform.c:2026)
==1530==    by 0x41519FB: gst_base_transform_chain (gstbasetransform.c:2140)
==1530==    by 0x407BBDC: gst_pad_chain_data_unchecked (gstpad.c:4131)
==1530==    by 0x407CC75: gst_pad_push_data (gstpad.c:4360)
==1530==    by 0x4151A49: gst_base_transform_chain (gstbasetransform.c:2161)
==1530==    by 0x407BBDC: gst_pad_chain_data_unchecked (gstpad.c:4131)
==1530==    by 0x407CC75: gst_pad_push_data (gstpad.c:4360)
==1530==    by 0x414A8B2: gst_base_src_loop (gstbasesrc.c:2480)
==1530==  Address 0x9270968 is 0 bytes after a block of size 1,590,120 alloc'd
==1530==    at 0x4C213A6: memalign (vg_replace_malloc.c:532)
==1530==    by 0x4C21402: posix_memalign (vg_replace_malloc.c:660)
==1530==    by 0x4054009: gst_buffer_try_new_and_alloc (gstbuffer.c:155)
==1530==    by 0x407C563: gst_pad_alloc_buffer_full (gstpad.c:2935)
==1530==    by 0x414E633: gst_base_transform_buffer_alloc (gstbasetransform.c:1673)
==1530==    by 0x407C4A6: gst_pad_alloc_buffer_full (gstpad.c:2899)
==1530==    by 0x41513FB: gst_base_transform_handle_buffer (gstbasetransform.c:1250)
==1530==    by 0x41519FB: gst_base_transform_chain (gstbasetransform.c:2140)
==1530==    by 0x407BBDC: gst_pad_chain_data_unchecked (gstpad.c:4131)
==1530==    by 0x407CC75: gst_pad_push_data (gstpad.c:4360)
==1530==    by 0x4151A49: gst_base_transform_chain (gstbasetransform.c:2161)
==1530==    by 0x407BBDC: gst_pad_chain_data_unchecked (gstpad.c:4131)
==1530== 


No idea why it writes too much, the code looks correct.

Comment 2 Sebastian Dröge (slomo) 2010-04-22 18:59:22 UTC

Created attachment 159353 [details] [review]
ffmpegcolorspace: Fix Y41B->Y444 conversion

...which is the intermediate conversion for conversion to all
other formats.

Fixes bug #616545.

Comment 3 Sebastian Dröge (slomo) 2010-04-22 19:06:21 UTC

commit b5853bf8ba41a0fed293a9e6beadec0db1597533
Author: Sebastian Dröge <sebastian.droege@collabora.co.uk>
Date:   Thu Apr 22 20:58:29 2010 +0200

    ffmpegcolorspace: Fix Y41B->Y444 conversion
    
    ...which is the intermediate conversion for conversion to all
    other formats.
    
    Fixes bug #616545.