upipe icon indicating copy to clipboard operation
upipe copied to clipboard
verified publisher icon Upipe

upipe_h264_framer: valgrind reports a use of uninitialised value

Open JDarnley opened this issue 5 years ago • 5 comments

Could be a false report.

==12669== Conditional jump or move depends on uninitialised value(s)
==12669==    at 0x378CE0: upipe_h264f_handle_slice (upipe_h264_framer.c:1430)
==12669==    by 0x379179: upipe_h264f_handle_nal (upipe_h264_framer.c:1515)
==12669==    by 0x37C054: upipe_h264f_end_annexb (upipe_h264_framer.c:2198)
==12669==    by 0x37CB49: upipe_h264f_work_annexb (upipe_h264_framer.c:2427)
==12669==    by 0x37DC97: upipe_h264f_handle (upipe_h264_framer.c:2725)
==12669==    by 0x37DD18: upipe_h264f_input (upipe_h264_framer.c:2741)

https://github.com/Upipe/upipe/blob/e95b1d514649c6a5cfdbf7af1a3f6f30be9747fc/lib/upipe-framers/upipe_h264_framer.c#L1430

bf seems to be inited at when declared with bool bf = false; so I guess that means it is upipe_h264f->bf

JDarnley avatar May 13 '20 14:05 JDarnley

I plan to fuzz the framer this weekend with ASAN

kierank avatar May 16 '20 14:05 kierank

@JDarnley I cannot reproduce this warning with valgrind. Can you provide a sample stream?

nto avatar Jul 27 '20 17:07 nto

I fuzzed the framer and ASAN did not report anything

kierank avatar Jul 27 '20 17:07 kierank

I'll try to recreate the issue. I think I could at the time. If I can then I'll use multicat to record some of the stream to disk.

JDarnley avatar Jul 27 '20 17:07 JDarnley

I believe I can recreate the valgrind report with a stream from disk. This TS https://0x0.st/i3KF.ts and its matching aux file https://0x0.st/i3KC.aux sent over the network with multicat into our software reliably causes that report.

JDarnley avatar Aug 04 '20 15:08 JDarnley

Fixed in https://github.com/Upipe/upipe/pull/956

kierank avatar Oct 29 '23 19:10 kierank