Bug#735528: opencv: segfault on reading some video

Fabrice Silva silva at lma.cnrs-mrs.fr
Thu Jan 16 07:30:37 UTC 2014 

Source: opencv
Version: 2.4.6
Severity: important

With some video files, the following command leads to segfault:
python -c "import cv2; vid = cv2.VideoCapture('some_video ');
vid.read()"

It occurs from python, but also using C++ library.

Example of backtrace in gdb
        #0  0x00007fffeca1a814 in rgb32tobgr24_MMXEXT (src=0x7fffdf7ab080 <Address 0x7fffdf7ab080 out of bounds>,    dst=0x7fffdf0eb010 "", src_size=<optimized out>) at /build/libav-RgBsVf/libav-9.10/libswscale/x86/rgb2rgb_template.c:155
        #1  0x00007fffeca13da3 in rgbToRgbWrapper (c=0x10ac0e0, src=<optimized out>, srcStride=0x7fffffffda80, srcSliceY=0, srcSliceH=500, dst=0x7fffffffdac0, dstStride=0x7fffffffda90) at /build/libav-RgBsVf/libav-9.10/libswscale/swscale_unscaled.c:592
        #2  0x00007fffeca1589d in sws_scale (c=<optimized out>, srcSlice=<optimized out>, srcStride=0xab2ba0, srcSliceY=0, srcSliceH=500, dst=<optimized out>, dstStride=0xa156a8) at /build/libav-RgBsVf/libav-9.10/libswscale/swscale_unscaled.c:1152
        #3  0x00007ffff526fefe in CvCapture_FFMPEG::retrieveFrame(int, unsigned char**, int*, int*, int*, int*) ()  from /usr/lib/x86_64-linux-gnu/libopencv_highgui.so.2.4
        #4  0x00007ffff526ffab in cvRetrieveFrame_FFMPEG () from /usr/lib/x86_64-linux-gnu/libopencv_highgui.so.2.4
        #5  0x00007ffff526f419 in CvCapture_FFMPEG_proxy::retrieveFrame(int) () from /usr/lib/x86_64-linux-gnu/libopencv_highgui.so.2.4
        #6  0x00007ffff526dcb9 in cv::VideoCapture::retrieve(cv::Mat&, int) () from /usr/lib/x86_64-linux-gnu/libopencv_highgui.so.2.4
        #7  0x00007ffff526daa7 in cv::VideoCapture::read(cv::Mat&) () from /usr/lib/x86_64-linux-gnu/libopencv_highgui.so.2.4

Out of bounds address seems to be used in a call to a function from
libswscale.

Segfault occurs for at least for one uncompressed avi file
RIFF (little-endian) data, AVI, 944 x 500, 30.00 fps, video: uncompressed

but not for a compressed one
RIFF (little-endian) data, AVI, 592 x 320, 25.00 fps, video: XviD, audio:
MPEG-1 Layer 3 (stereo, 48000 Hz)

The former can be found at http://tinyurl.com/lv657fn (uncompressed,
almost 200Mo)



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the debian-science-maintainers mailing list