1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 <2022> 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 <2022> 2023 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | AreaDetector ffMpeg invalid writes |
From: | "Daykin, Evan via Tech-talk" <tech-talk at aps.anl.gov> |
To: | "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov> |
Date: | Wed, 20 Apr 2022 15:53:23 +0000 |
Hi, I am trying to update our site copy of AreaDetector-ffmpegserver to use the latest versions of avcodec, ffmpeg, etc. The full draft patch I am using to do this is here: https://gist.github.com/daykin/3694c96bd9db8215c47abeec055360f3 When I access the MJPG server using UInt16 data type, everything runs fine. However, when I change the type to UInt8, I get segfaults and corrupted linked lists, caused by this section: AVPacket pkt; av_init_packet(&pkt); pkt.data = "" // packet data will be allocated by the encoder pkt.size = c->width * c->height; int sts; sts = avcodec_send_frame(c,scPicture); ####Fails here after 1-4 frames char err[64]; if (sts) { av_strerror(sts, err, 64*sizeof(char)); asynPrint(this->pasynUserSelf, ASYN_TRACE_ERROR, "%s:%s: Encoding jpeg failed ... %d ... %s\n", driverName, functionName, sts, err); } sts = avcodec_receive_packet(c, &pkt); if (sts) { av_strerror(sts, err, 64*sizeof(char)); asynPrint(this->pasynUserSelf, ASYN_TRACE_ERROR, "%s:%s: Recv packet failed ... %d ... %s\n", driverName, functionName, sts, err); } this->jpeg->dims[0].size = pkt.size; this->jpeg->pData = pkt.data; Valgrind output is as follows: ==3304954== Thread 75 arv_gv_stream: ==3304954== Invalid write of size 8 ==3304954== at 0x483F7FB: memmove (vg_replace_strmem.c:1270) ==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0) ==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8) ==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477) ==3304954== by 0x4EEBDEE: clone (clone.S:95) ==3304954== Address 0x2686f868 is 26,904 bytes inside a block of size 26,905 alloc'd ==3304954== at 0x48386AF: malloc (vg_replace_malloc.c:306) ==3304954== by 0x483ADE7: realloc (vg_replace_malloc.c:834) ==3304954== by 0x794E28F: av_buffer_realloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.56.51.100) ==3304954== by 0x64986DE: av_packet_make_refcounted (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659314D: avcodec_encode_video2 (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x6593281: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659340E: avcodec_send_frame (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x4B49233: ffmpegStream::processCallbacks(NDArray*) (ffmpegServer.cpp:590) ==3304954== by 0x49E4F6E: NDPluginDriver::processTask() (NDPluginDriver.cpp:518) ==3304954== by 0x49E67BD: NDPluginDriver::run() (NDPluginDriver.cpp:935) ==3304954== by 0x4D95BA9: epicsThreadCallEntryPoint (epicsThread.cpp:83) ==3304954== by 0x4D9E679: start_routine (osdThread.c:403) ==3304954== ==3304954== Invalid write of size 8 ==3304954== at 0x483F803: memmove (vg_replace_strmem.c:1270) ==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0) ==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8) ==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477) ==3304954== by 0x4EEBDEE: clone (clone.S:95) ==3304954== Address 0x2686f870 is 7 bytes after a block of size 26,905 alloc'd ==3304954== at 0x48386AF: malloc (vg_replace_malloc.c:306) ==3304954== by 0x483ADE7: realloc (vg_replace_malloc.c:834) ==3304954== by 0x794E28F: av_buffer_realloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.56.51.100) ==3304954== by 0x64986DE: av_packet_make_refcounted (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659314D: avcodec_encode_video2 (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x6593281: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659340E: avcodec_send_frame (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x4B49233: ffmpegStream::processCallbacks(NDArray*) (ffmpegServer.cpp:590) ==3304954== by 0x49E4F6E: NDPluginDriver::processTask() (NDPluginDriver.cpp:518) ==3304954== by 0x49E67BD: NDPluginDriver::run() (NDPluginDriver.cpp:935) ==3304954== by 0x4D95BA9: epicsThreadCallEntryPoint (epicsThread.cpp:83) ==3304954== by 0x4D9E679: start_routine (osdThread.c:403) ==3304954== ==3304954== Invalid write of size 8 ==3304954== at 0x483F80B: memmove (vg_replace_strmem.c:1270) ==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0) ==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8) ==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477) ==3304954== by 0x4EEBDEE: clone (clone.S:95) ==3304954== Address 0x2686f878 is 15 bytes after a block of size 26,905 alloc'd ==3304954== at 0x48386AF: malloc (vg_replace_malloc.c:306) ==3304954== by 0x483ADE7: realloc (vg_replace_malloc.c:834) ==3304954== by 0x794E28F: av_buffer_realloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.56.51.100) ==3304954== by 0x64986DE: av_packet_make_refcounted (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659314D: avcodec_encode_video2 (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x6593281: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659340E: avcodec_send_frame (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x4B49233: ffmpegStream::processCallbacks(NDArray*) (ffmpegServer.cpp:590) ==3304954== by 0x49E4F6E: NDPluginDriver::processTask() (NDPluginDriver.cpp:518) ==3304954== by 0x49E67BD: NDPluginDriver::run() (NDPluginDriver.cpp:935) ==3304954== by 0x4D95BA9: epicsThreadCallEntryPoint (epicsThread.cpp:83) ==3304954== by 0x4D9E679: start_routine (osdThread.c:403) ==3304954== ==3304954== Invalid write of size 8 ==3304954== at 0x483F7F3: memmove (vg_replace_strmem.c:1270) ==3304954== by 0x531853F: ??? (in /usr/lib/x86_64-linux-gnu/libaravis-0.6.so.0.0.0) ==3304954== by 0x81430BC: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6600.8) ==3304954== by 0x53B8EA6: start_thread (pthread_create.c:477) ==3304954== by 0x4EEBDEE: clone (clone.S:95) ==3304954== Address 0x2686f880 is 23 bytes after a block of size 26,905 alloc'd ==3304954== at 0x48386AF: malloc (vg_replace_malloc.c:306) ==3304954== by 0x483ADE7: realloc (vg_replace_malloc.c:834) ==3304954== by 0x794E28F: av_buffer_realloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.56.51.100) ==3304954== by 0x64986DE: av_packet_make_refcounted (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659314D: avcodec_encode_video2 (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x6593281: ??? (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x659340E: avcodec_send_frame (in /usr/lib/x86_64-linux-gnu/libavcodec.so.58.91.100) ==3304954== by 0x4B49233: ffmpegStream::processCallbacks(NDArray*) (ffmpegServer.cpp:590) ==3304954== by 0x49E4F6E: NDPluginDriver::processTask() (NDPluginDriver.cpp:518) ==3304954== by 0x49E67BD: NDPluginDriver::run() (NDPluginDriver.cpp:935) ==3304954== by 0x4D95BA9: epicsThreadCallEntryPoint (epicsThread.cpp:83) ==3304954== by 0x4D9E679: start_routine (osdThread.c:403) ==3304954== valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 26976, hi = 1952620617163020826. This is probably caused by your program erroneously writing past the end of a heap block and corrupting heap metadata. If you fix any invalid writes reported by Memcheck, this assertion failure will probably go away. Please try that before reporting this as a bug. I am not very familiar with libav or ffmpegServer. Is there something obvious (e.g. array dimensions of scPicture) that needs changing?
|