Experimental Physics and
Industrial Control System

1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 <2022> 2023 2024	Index	1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 <2022> 2023 2024
<== Date ==>		<== Thread ==>

Subject:	AreaDetector ffMpeg invalid writes
From:	"Daykin, Evan via Tech-talk" <tech-talk at aps.anl.gov>
To:	"tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date:	Wed, 20 Apr 2022 15:53:23 +0000

Hi,

I am trying to update our site copy of AreaDetector-ffmpegserver to use the latest versions of avcodec, ffmpeg, etc. The full draft patch I am using to do this is here: https://gist.github.com/daykin/3694c96bd9db8215c47abeec055360f3

When I access the MJPG server using UInt16 data type, everything runs fine. However, when I change the type to UInt8, I get segfaults and corrupted linked lists, caused by this section:

AVPacket pkt;

av_init_packet(&pkt);

pkt.data = "" // packet data will be allocated by the encoder

pkt.size = c->width * c->height;

int sts;

sts = avcodec_send_frame(c,scPicture); ####Fails here after 1-4 frames

char err[64];

if (sts) {

av_strerror(sts, err, 64*sizeof(char));

asynPrint(this->pasynUserSelf, ASYN_TRACE_ERROR,

"%s:%s: Encoding jpeg failed ... %d ... %s\n",

driverName, functionName, sts, err);

}

sts = avcodec_receive_packet(c, &pkt);

if (sts) {

av_strerror(sts, err, 64*sizeof(char));

asynPrint(this->pasynUserSelf, ASYN_TRACE_ERROR,

"%s:%s: Recv packet failed ... %d ... %s\n",

driverName, functionName, sts, err);

}

this->jpeg->dims[0].size = pkt.size;

this->jpeg->pData = pkt.data;

Valgrind output is as follows:

==3304954== Thread 75 arv_gv_stream:

==3304954== Invalid write of size 8

==3304954== at 0x483F7FB: memmove (vg_replace_strmem.c:1270)

==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0)

==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8)

==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477)

==3304954== by 0x4EEBDEE: clone (clone.S:95)

==3304954== Address 0x2686f868 is 26,904 bytes inside a block of size 26,905 alloc'd

==3304954== at 0x48386AF: malloc (vg_replace_malloc.c:306)

==3304954== by 0x483ADE7: realloc (vg_replace_malloc.c:834)

==3304954== by 0x794E28F: av_buffer_realloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.56.51.100)

==3304954== by 0x64986DE: av_packet_make_refcounted (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100)

==3304954== by 0x659314D: avcodec_encode_video2 (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100)

==3304954== by 0x6593281: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100)

==3304954== by 0x659340E: avcodec_send_frame (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100)

==3304954== by 0x4B49233: ffmpegStream::processCallbacks(NDArray*) (ffmpegServer.cpp:590)

==3304954== by 0x49E4F6E: NDPluginDriver::processTask() (NDPluginDriver.cpp:518)

==3304954== by 0x49E67BD: NDPluginDriver::run() (NDPluginDriver.cpp:935)

==3304954== by 0x4D95BA9: epicsThreadCallEntryPoint (epicsThread.cpp:83)

==3304954== by 0x4D9E679: start_routine (osdThread.c:403)

==3304954==

==3304954== Invalid write of size 8

==3304954== at 0x483F803: memmove (vg_replace_strmem.c:1270)

==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0)

==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8)

==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477)

==3304954== by 0x4EEBDEE: clone (clone.S:95)

==3304954== Address 0x2686f870 is 7 bytes after a block of size 26,905 alloc'd