Bug 749428 – theoraenc: memory errors reported by valgrind

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 749428 - theoraenc: memory errors reported by valgrind


Summary:	theoraenc: memory errors reported by valgrind


Status:	RESOLVED NOTABUG

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-base
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Duplicates:	749378 (view as bug list)
Depends on:
Blocks:

Reported:	2015-05-15 12:44 UTC by Guillaume Desmottes
Modified:	2015-08-19 14:22 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Guillaume Desmottes 2015-05-15 12:44:33 UTC

Validate transcode scenarios such as validate.file.transcode.to_vorbis_and_theora_in_ogg.mp3_h264_0_mp4 raise this kind of errors when run inside valgrind:

==25715== Use of uninitialised value of size 8
==25715==    at 0x3ECCA09F1D: UnknownInlinedFun (analyze.c:1047)
==25715==    by 0x3ECCA09F1D: oc_analyze_mb_mode_chroma.isra.1 (analyze.c:1458)
==25715==    by 0x3ECCA0ADD0: oc_cost_intra.isra.2 (analyze.c:1640)
==25715==    by 0x3ECCA113FF: oc_enc_analyze_inter (analyze.c:1958)
==25715==    by 0x3ECCA1E326: oc_enc_compress_frame (encode.c:1180)
==25715==    by 0x3ECCA1E326: th_encode_ycbcr_in (encode.c:1553)
==25715==    by 0x102FA2CE: theora_enc_handle_frame (gsttheoraenc.c:989)
==25715==    by 0x55705E6: gst_video_encoder_chain (gstvideoencoder.c:1380)


==25715== Conditional jump or move depends on uninitialised value(s)
==25715==    at 0x3ECCA0A097: oc_analyze_mb_mode_chroma.isra.1 (analyze.c:1466)
==25715==    by 0x3ECCA0ADD0: oc_cost_intra.isra.2 (analyze.c:1640)
==25715==    by 0x3ECCA113FF: oc_enc_analyze_inter (analyze.c:1958)
==25715==    by 0x3ECCA1E326: oc_enc_compress_frame (encode.c:1180)
==25715==    by 0x3ECCA1E326: th_encode_ycbcr_in (encode.c:1553)
==25715==    by 0x102FA2CE: theora_enc_handle_frame (gsttheoraenc.c:989)

Those could be false positives, bugs in libtheora or in gst (if the encoder expect a specific size of buffer or something like that).

Comment 1 Tim-Philipp Müller 2015-05-17 20:02:36 UTC

Just filing valgrind bugs where it's not even clear whether there's an issue in GStreamer or not is only useful if you intend to investigate this further.

Typically these uninitialised values are when padding between rows or planes is accessed. Encoders often do that for efficiency reasons (so they don't have to deal with 'edge' cases) if resolutions are not a multiple of their block size.

Check the exact addresses involved. Check the address of the video frame. Check the row stride and the width and the plane offsets; and calculate where the padding would be and if this is what it is or not.

Alternative add some kind in gst_video_frame_map() or wherever that initialises the padding bytes.

Comment 2 Vincent Penquerc'h 2015-05-20 08:36:31 UTC

*** Bug 749378 has been marked as a duplicate of this bug. ***

Comment 3 Vincent Penquerc'h 2015-08-19 14:22:06 UTC

Those valgrind errors are gone once the entire frame is memset to 0, so it does seem to be just reads off the allocated border. While the errors are from internal libtheora data, I could trace those data back to reads from the buffer.
I wasted quite some time after having not memset the full frame area, causing me to think the problem was elsewhere...