some value uninitialised in running,include yuv_to_rgb (color.c:25) and Syscall param write(buf)

[wanghualei2]

Hello,I found some value uninitialised in running,I don't sure it's your code problem or it will lead to safety issues

command line: ffjpeg -d crash_2

click this to get the crash_2

The message as follow:

==2396412== Memcheck, a memory error detector ==2396412== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==2396412== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info ==2396412== Command: ../../software/ffjpeg/src/ffjpeg -d crash_2 ==2396412== Parent PID: 523953 ==2396412== ==2396412== Conditional jump or move depends on uninitialised value(s) ==2396412== at 0x114EE3: yuv_to_rgb (color.c:25) ==2396412== by 0x112645: jfif_decode (jfif.c:547) ==2396412== by 0x109431: main (ffjpeg.c:24) ==2396412== ==2396412== Conditional jump or move depends on uninitialised value(s) ==2396412== at 0x114F70: yuv_to_rgb (color.c:26) ==2396412== by 0x112645: jfif_decode (jfif.c:547) ==2396412== by 0x109431: main (ffjpeg.c:24) ==2396412== ==2396412== Conditional jump or move depends on uninitialised value(s) ==2396412== at 0x114FFC: yuv_to_rgb (color.c:27) ==2396412== by 0x112645: jfif_decode (jfif.c:547) ==2396412== by 0x109431: main (ffjpeg.c:24) ==2396412== ==2396412== Syscall param write(buf) points to uninitialised byte(s) ==2396412== at 0x4B3C224: write (write.c:27) ==2396412== by 0x4AB728C: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1203) ==2396412== by 0x4AB9020: new_do_write (fileops.c:457) ==2396412== by 0x4AB9020: _IO_do_write@@GLIBC_2.2.5 (fileops.c:433) ==2396412== by 0x4AB7ABC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1266) ==2396412== by 0x4AABA56: fwrite (iofwrite.c:39) ==2396412== by 0x10A036: bmp_save (bmp.c:91) ==2396412== by 0x109448: main (ffjpeg.c:26) ==2396412== Address 0x5134ea6 is 822 bytes inside a block of size 4,096 alloc'd ==2396412== at 0x40357E5: malloc (vg_replace_malloc.c:380) ==2396412== by 0x4AAA26B: _IO_file_doallocate (filedoalloc.c:101) ==2396412== by 0x4ABA448: _IO_doallocbuf (genops.c:365) ==2396412== by 0x4AB9567: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:759) ==2396412== by 0x4AB7ABC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1266) ==2396412== by 0x4AABA56: fwrite (iofwrite.c:39) ==2396412== by 0x109F78: bmp_save (bmp.c:87) ==2396412== by 0x109448: main (ffjpeg.c:26) ==2396412== ==2396412== Syscall param write(buf) points to uninitialised byte(s) ==2396412== at 0x4B3C224: write (write.c:27) ==2396412== by 0x4AB728C: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1203) ==2396412== by 0x4AB9020: new_do_write (fileops.c:457) ==2396412== by 0x4AB9020: _IO_do_write@@GLIBC_2.2.5 (fileops.c:433) ==2396412== by 0x4AB83DF: _IO_file_close_it@@GLIBC_2.2.5 (fileops.c:136) ==2396412== by 0x4AAA466: fclose@@GLIBC_2.2.5 (iofclose.c:53) ==2396412== by 0x10A0B7: bmp_save (bmp.c:93) ==2396412== by 0x109448: main (ffjpeg.c:26) ==2396412== Address 0x5134b70 is 0 bytes inside a block of size 4,096 alloc'd ==2396412== at 0x40357E5: malloc (vg_replace_malloc.c:380) ==2396412== by 0x4AAA26B: _IO_file_doallocate (filedoalloc.c:101) ==2396412== by 0x4ABA448: _IO_doallocbuf (genops.c:365) ==2396412== by 0x4AB9567: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:759) ==2396412== by 0x4AB7ABC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1266) ==2396412== by 0x4AABA56: fwrite (iofwrite.c:39) ==2396412== by 0x109F78: bmp_save (bmp.c:87)

[rockcarry]

with lastest code, commit id 4ab404eb87fe039d6cfba121d2ba572fb060e623, I can't get crash.

[wanghualei2]

Hello, in fact, this problem will not cause the program to crash, but just read the illegal address. I think this may be a security problem, if you want to recurring the problem, you need to use valgrind to find the memory leak

[rockcarry]

yes, can you give me the test enviroment and steps, and then I can reproduce and fix it.

[rockcarry]

I check all code according to the log, but the code looks all right, I can't find any problem.