ASan failure in get_ref_frame_idx
Building from commit 63d73bc1 with debug profile with -fsanitize=address and ffmpeg commit dc07f98934edb0d78d7a7cdacd65188af9423045 with a .gitlab/workflows/linux/ffmpeg_n7_fix.patch and LDFLAGS='-fsanitize=address' CFLAGS="-g -fno-omit-frame-pointer -fsanitize=address" PKG_CONFIG_PATH=/path/to/svt-av1/lib/pkgconfig ./configure ... --enable-libsvtav1, trying to reencode a H.264 test video, I get this:
$ ffmpeg -v panic -f lavfi -i testsrc2=size=1920x1080 -c:v libx264 -preset ultrafast -crf 8 -f matroska - | LD_LIBRARY_PATH=/opt/svt-av1-psy/lib LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libasan.so.8.0.0 /opt/ffmpeg/bin/ffmpeg -i - -c:v libsvtav1 -svtav1-params preset=0:tune=2 -f null null
ffmpeg version n7.1-184-gdc07f98934 Copyright (c) 2000-2024 the FFmpeg developers
built with gcc 12 (Debian 12.2.0-14)
configuration: --disable-static --enable-shared --enable-gpl --enable-version3 --enable-nonfree --disable-libass --enable-frei0r --enable-libgsm --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-libopus --disable-librtmp --enable-libspeex --enable-libtheora --enable-libtwolame --enable-libv4l2 --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-ffplay --disable-vdpau --enable-libx265 --prefix=/opt/ffmpeg/ --enable-opencl --enable-rpath --enable-libsvtav1
libavutil 59. 39.100 / 59. 39.100
libavcodec 61. 19.101 / 61. 19.101
libavformat 61. 7.100 / 61. 7.100
libavdevice 61. 3.100 / 61. 3.100
libavfilter 10. 4.100 / 10. 4.100
libswscale 8. 3.100 / 8. 3.100
libswresample 5. 3.100 / 5. 3.100
libpostproc 58. 3.100 / 58. 3.100
Input #0, matroska,webm, from 'fd:':
Metadata:
ENCODER : Lavf59.27.100
Duration: N/A, start: 0.000000, bitrate: N/A
Stream #0:0: Video: h264 (Constrained Baseline), yuv420p(progressive), 1920x1080 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 1k tbn
Metadata:
ENCODER : Lavc59.37.100 libx264
Stream mapping:
Stream #0:0 -> #0:0 (h264 (native) -> av1 (libsvtav1))
Svt[info]: -------------------------------------------
Svt[info]: SVT [version]: SVT-AV1 Encoder Lib v2.1.2-365-g63d73bc1
Svt[info]: SVT [build] : GCC 12.2.0 64 bit
Svt[info]: LIB Build date: Feb 3 2025 13:24:16
Svt[info]: -------------------------------------------
Svt[warn]: Instance 1: tune ssim (2) is supported for testing and debugging purposes.This configuration should not be used for any benchmarking analysis at this stage
Svt[info]: Level of Parallelism: 5
Svt[info]: Number of PPCS 140
Svt[info]: [asm level on system : up to avx2]
Svt[info]: [asm level selected : up to avx2]
Svt[info]: -------------------------------------------
Svt[info]: SVT [config]: main profile tier (auto) level (auto)
Svt[info]: SVT [config]: width / height / fps numerator / fps denominator : 1920 / 1080 / 25 / 1
Svt[info]: SVT [config]: bit-depth / color format : 8 / YUV420
Svt[info]: SVT [config]: preset / tune / pred struct : 0 / SSIM / random access
Svt[info]: SVT [config]: gop size / mini-gop size / key-frame type : 161 / 32 / key frame
Svt[info]: SVT [config]: BRC mode / rate factor : CRF / 35
Svt[info]: SVT [config]: AQ mode / variance boost : 2 / 0
Svt[info]: -------------------------------------------
SvtMalloc[info]: SVT Memory Usage:
SvtMalloc[info]: total allocated memory: 3.54 GB
SvtMalloc[info]: malloced memory: 1.05 GB
SvtMalloc[info]: callocated memory: 38.38 MB
SvtMalloc[info]: allocated aligned memory: 2.45 GB
SvtMalloc[info]: mutex count: 24093
SvtMalloc[info]: semaphore count: 681
SvtMalloc[info]: thread count: 74
SvtMalloc[info]: hash table fulless: 0.105836, hash bucket is healthy
SvtMalloc[info]: top 10 malloced memory locations:
SvtMalloc[info]: (286.88 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/coding_unit.c:84
SvtMalloc[info]: (152.80 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:114
SvtMalloc[info]: (125.51 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:115
SvtMalloc[info]: (92.81 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:1075
SvtMalloc[info]: (91.58 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/bitstream_unit.c:36
SvtMalloc[info]: (73.96 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:1533
SvtMalloc[info]: (41.09 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:1536
SvtMalloc[info]: (28.06 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/md_process.c:257
SvtMalloc[info]: (16.88 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:1047
SvtMalloc[info]: (13.01 MB): /home/vi/src/svt-av1-psy/Source/Lib/Codec/pcs.c:571
Output #0, null, to 'null':
Metadata:
encoder : Lavf61.7.100
Stream #0:0: Video: av1, yuv420p(tv, progressive), 1920x1080 [SAR 1:1 DAR 16:9], q=2-31, 25 fps, 25 tbn
Metadata:
encoder : Lavc61.19.101 libsvtav1
=================================================================peed=N/A
==4195==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f64461cffff at pc 0x7f64444d6650 bp 0x7f63aea5a2e0 sp 0x7f63aea5a2d8
READ of size 1 at 0x7f64461cffff thread T87
#0 0x7f64444d664f in get_ref_frame_idx /home/vi/src/svt-av1-psy/Source/Lib/Codec/inter_prediction.h:531
#1 0x7f64444ef7ef in inject_new_nearest_new_comb_candidates /home/vi/src/svt-av1-psy/Source/Lib/Codec/mode_decision.c:1905
#2 0x7f64445067f7 in svt_aom_inject_inter_candidates /home/vi/src/svt-av1-psy/Source/Lib/Codec/mode_decision.c:3566
#3 0x7f644450fb39 in generate_md_stage_0_cand /home/vi/src/svt-av1-psy/Source/Lib/Codec/mode_decision.c:4266
#4 0x7f64446a2c60 in md_encode_block /home/vi/src/svt-av1-psy/Source/Lib/Codec/product_coding_loop.c:9237
#5 0x7f64446b057e in process_block /home/vi/src/svt-av1-psy/Source/Lib/Codec/product_coding_loop.c:10366
#6 0x7f64446b5ecb in svt_aom_mode_decision_sb /home/vi/src/svt-av1-psy/Source/Lib/Codec/product_coding_loop.c:10775
#7 0x7f64442ef06e in svt_aom_mode_decision_kernel /home/vi/src/svt-av1-psy/Source/Lib/Codec/enc_dec_process.c:3526
#8 0x7f644eea8133 in start_thread nptl/pthread_create.c:442
#9 0x7f644ef287db in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
0x7f64461cffff is located 55 bytes to the right of global variable 'allow_refinement_flag' defined in '/home/vi/src/svt-av1-psy/Source/Lib/Codec/mode_decision.c:844:15' (0x7f64461cffc0) of size 8
0x7f64461cffff is located 1 bytes to the left of global variable 'bipred_3x3_x_pos' defined in '/home/vi/src/svt-av1-psy/Source/Lib/Codec/mode_decision.c:845:15' (0x7f64461d0000) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow /home/vi/src/svt-av1-psy/Source/Lib/Codec/inter_prediction.h:531 in get_ref_frame_idx
Shadow bytes around the buggy address:
0x0fed08c31fa0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0fed08c31fb0: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0fed08c31fc0: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
0x0fed08c31fd0: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0fed08c31fe0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
=>0x0fed08c31ff0: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9[f9]
0x0fed08c32000: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0fed08c32010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed08c32020: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0fed08c32030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed08c32040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T87 created by T15 (vf#0:0) here:
#0 0x7f6452849726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x7f644476aa35 in svt_create_thread /home/vi/src/svt-av1-psy/Source/Lib/Codec/svt_threads.c:166
#2 0x7f64441c6ead in svt_av1_enc_init /home/vi/src/svt-av1-psy/Source/Lib/Globals/enc_handle.c:2696
#3 0x7f645030cfa7 (/opt/ffmpeg//lib/libavcodec.so.61+0x10cfa7)
#4 0x7f64515941ff (/opt/ffmpeg//lib/libavcodec.so.61+0x13941ff)
Thread T15 (vf#0:0) created by T0 here:
#0 0x7f6452849726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x5559cb22c0e9 (/opt/ffmpeg/bin/ffmpeg+0x8d0e9)
==4195==ABORTINGOriginally reported here: https://github.com/psy-ex/svt-av1-psy/issues/114#issuecomment-2630260995 - directory designated for svt-av1-psy currently has a plain SVT-AV1 build.
Did not try to reproduce without FFmpeg.
Edited by vi