Bug 378627

Summary: False positive with GCC 6.3.1 and -fno-ipa-cp-clone (-O3)
Product: [Developer tools] valgrind Reporter: ux <heetahke>
Component: memcheckAssignee: Julian Seward <jseward>
Status: REPORTED ---    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:

Description ux 2017-04-10 14:50:04 UTC 
In FFmpeg we have the following false-report reported by valgrind memcheck:

==28424== Memcheck, a memory error detector
==28424== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==28424== Using Valgrind-3.13.0.SVN and LibVEX; rerun with -h for copyright info
==28424== Command: ./ffmpeg_g -f lavfi -i testsrc -frames:v 1 -c ffv1 -f null -
==28424== 
ffmpeg version N-85447-g8839cbf911 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 6.3.1 (GCC) 20170306
  configuration: --enable-gpl --enable-libx264 --enable-libass --enable-libfreetype --enable-fontconfig --assert-level=2 --samples=/home/ux/fate-samples --enable-libdc1394 --enable-libvpx
  libavutil      55. 60.101 / 55. 60.101
  libavcodec     57. 92.100 / 57. 92.100
  libavformat    57. 72.100 / 57. 72.100
  libavdevice    57.  7.100 / 57.  7.100
  libavfilter     6. 84.101 /  6. 84.101
  libswscale      4.  7.100 /  4.  7.100
  libswresample   2.  8.100 /  2.  8.100
  libpostproc    54.  6.100 / 54.  6.100
Input #0, lavfi, from 'testsrc':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> ffv1 (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.72.100
    Stream #0:0: Video: ffv1, bgr0, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc57.92.100 ffv1
==28424== Thread 21:
==28424== Conditional jump or move depends on uninitialised value(s)
==28424==    at 0x81196B: encode_line (ffv1enc_template.c:58)
==28424==    by 0x81196B: encode_rgb_frame (ffv1enc_template.c:187)
==28424==    by 0x815B34: encode_slice (ffv1enc.c:1067)
==28424==    by 0xA069BA: worker (pthread_slice.c:93)
==28424==    by 0x8C1E2E6: start_thread (in /usr/lib/libpthread-2.25.so)
==28424==    by 0x8F2154E: clone (in /usr/lib/libc-2.25.so)
==28424== 
frame=    1 fps=0.0 q=-0.0 Lsize=N/A time=00:00:00.04 bitrate=N/A speed=0.13x    
video:4kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==28424== 
==28424== HEAP SUMMARY:
==28424==     in use at exit: 18,644 bytes in 7 blocks
==28424==   total heap usage: 2,642 allocs, 2,635 frees, 14,334,780 bytes allocated
==28424== 
==28424== LEAK SUMMARY:
==28424==    definitely lost: 0 bytes in 0 blocks
==28424==    indirectly lost: 0 bytes in 0 blocks
==28424==      possibly lost: 0 bytes in 0 blocks
==28424==    still reachable: 18,644 bytes in 7 blocks
==28424==         suppressed: 0 bytes in 0 blocks
==28424== Rerun with --leak-check=full to see details of leaked memory
==28424== 
==28424== For counts of detected and suppressed errors, rerun with: -v
==28424== Use --track-origins=yes to see where uninitialised values come from
==28424== ERROR SUMMARY: 230400 errors from 1 contexts (suppressed: 0 from 0)


Both valgrind stable (3.12.0) and current SVN (r16297, VEX r3344) are affected. I don't know if it's a regression.

This is not reproducible when using -fno-ipa-cp-clone or with clang.

The source code can be found in libavcodec/ffv1enc_template.c (http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavcodec/ffv1enc_template.c;hb=HEAD). No sample are required to reproduce (see the testsrc command used in the log above).