Bug 378622 - False positive with GCC 6.3.1 and -funswitch-loops (-O3)
Summary: False positive with GCC 6.3.1 and -funswitch-loops (-O3)
Status: REPORTED
Alias: None
Product: valgrind
Classification: Developer tools
Component: memcheck (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-10 14:13 UTC by ux
Modified: 2017-04-10 14:13 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description ux 2017-04-10 14:13:19 UTC 
In FFmpeg we have the following false-report reported by valgrind memcheck:

==26438== Memcheck, a memory error detector
==26438== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==26438== Using Valgrind-3.13.0.SVN and LibVEX; rerun with -h for copyright info
==26438== Command: ./ffmpeg_g -i tests/data/fate/vsynth3-svq1.mov -frames:v 1 -f null -
==26438== 
ffmpeg version N-85447-g8839cbf911 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 6.3.1 (GCC) 20170306
  configuration: --enable-gpl --enable-libx264 --enable-libass --enable-libfreetype --enable-fontconfig --assert-level=2 --samples=/home/ux/fate-samples --enable-libdc1394 --enable-libvpx
  libavutil      55. 60.101 / 55. 60.101
  libavcodec     57. 92.100 / 57. 92.100
  libavformat    57. 72.100 / 57. 72.100
  libavdevice    57.  7.100 / 57.  7.100
  libavfilter     6. 84.101 /  6. 84.101
  libswscale      4.  7.100 /  4.  7.100
  libswresample   2.  8.100 /  2.  8.100
  libpostproc    54.  6.100 / 54.  6.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'tests/data/fate/vsynth3-svq1.mov':
  Metadata:
    major_brand     : qt  
    minor_version   : 512
    compatible_brands: qt  
  Duration: 00:00:02.00, start: 0.000000, bitrate: 163 kb/s
    Stream #0:0(eng): Video: svq1 (SVQ1 / 0x31515653), yuv410p(progressive), 34x34, 159 kb/s, 25 fps, 25 tbr, 12800 tbn, 12800 tbc (default)
    Metadata:
      handler_name    : DataHandler
      encoder         : Lavc svq1
Stream mapping:
  Stream #0:0 -> #0:0 (svq1 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
==26438== Use of uninitialised value of size 8
==26438==    at 0xAA8C50: svq1_decode_block_intra (svq1dec.c:211)
==26438==    by 0xAAA2DE: svq1_decode_frame (svq1dec.c:703)
==26438==    by 0x7A6D17: avcodec_decode_video2 (decode.c:420)
==26438==    by 0x7A7AA7: do_decode (decode.c:224)
==26438==    by 0x7A7C41: avcodec_send_packet (decode.c:319)
==26438==    by 0x4A73C0: decode (ffmpeg.c:2254)
==26438==    by 0x4A73C0: decode_video (ffmpeg.c:2398)
==26438==    by 0x4A8BCA: process_input_packet (ffmpeg.c:2633)
==26438==    by 0x488D79: process_input (ffmpeg.c:4390)
==26438==    by 0x488D79: transcode_step (ffmpeg.c:4501)
==26438==    by 0x488D79: transcode (ffmpeg.c:4555)
==26438==    by 0x488D79: main (ffmpeg.c:4760)
==26438== 
==26438== Use of uninitialised value of size 8
==26438==    at 0xAA8C7A: svq1_decode_block_intra (svq1dec.c:211)
==26438==    by 0xAAA2DE: svq1_decode_frame (svq1dec.c:703)
==26438==    by 0x7A6D17: avcodec_decode_video2 (decode.c:420)
==26438==    by 0x7A7AA7: do_decode (decode.c:224)
==26438==    by 0x7A7C41: avcodec_send_packet (decode.c:319)
==26438==    by 0x4A73C0: decode (ffmpeg.c:2254)
==26438==    by 0x4A73C0: decode_video (ffmpeg.c:2398)
==26438==    by 0x4A8BCA: process_input_packet (ffmpeg.c:2633)
==26438==    by 0x488D79: process_input (ffmpeg.c:4390)
==26438==    by 0x488D79: transcode_step (ffmpeg.c:4501)
==26438==    by 0x488D79: transcode (ffmpeg.c:4555)
==26438==    by 0x488D79: main (ffmpeg.c:4760)
==26438== 
==26438== Use of uninitialised value of size 8
==26438==    at 0xAA8CA6: svq1_decode_block_intra (svq1dec.c:211)
==26438==    by 0xAAA2DE: svq1_decode_frame (svq1dec.c:703)
==26438==    by 0x7A6D17: avcodec_decode_video2 (decode.c:420)
==26438==    by 0x7A7AA7: do_decode (decode.c:224)
==26438==    by 0x7A7C41: avcodec_send_packet (decode.c:319)
==26438==    by 0x4A73C0: decode (ffmpeg.c:2254)
==26438==    by 0x4A73C0: decode_video (ffmpeg.c:2398)
==26438==    by 0x4A8BCA: process_input_packet (ffmpeg.c:2633)
==26438==    by 0x488D79: process_input (ffmpeg.c:4390)
==26438==    by 0x488D79: transcode_step (ffmpeg.c:4501)
==26438==    by 0x488D79: transcode (ffmpeg.c:4555)
==26438==    by 0x488D79: main (ffmpeg.c:4760)
==26438== 
==26438== Use of uninitialised value of size 8
==26438==    at 0xAA8CCE: svq1_decode_block_intra (svq1dec.c:211)
==26438==    by 0xAAA2DE: svq1_decode_frame (svq1dec.c:703)
==26438==    by 0x7A6D17: avcodec_decode_video2 (decode.c:420)
==26438==    by 0x7A7AA7: do_decode (decode.c:224)
==26438==    by 0x7A7C41: avcodec_send_packet (decode.c:319)
==26438==    by 0x4A73C0: decode (ffmpeg.c:2254)
==26438==    by 0x4A73C0: decode_video (ffmpeg.c:2398)
==26438==    by 0x4A8BCA: process_input_packet (ffmpeg.c:2633)
==26438==    by 0x488D79: process_input (ffmpeg.c:4390)
==26438==    by 0x488D79: transcode_step (ffmpeg.c:4501)
==26438==    by 0x488D79: transcode (ffmpeg.c:4555)
==26438==    by 0x488D79: main (ffmpeg.c:4760)
==26438== 
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt  
    minor_version   : 512
    compatible_brands: qt  
    encoder         : Lavf57.72.100
    Stream #0:0(eng): Video: wrapped_avframe, yuv410p, 34x34, q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc (default)
    Metadata:
      handler_name    : DataHandler
      encoder         : Lavc57.92.100 wrapped_avframe
frame=    1 fps=0.0 q=-0.0 Lsize=N/A time=00:00:00.04 bitrate=N/A speed=0.24x    
video:0kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==26438== 
==26438== HEAP SUMMARY:
==26438==     in use at exit: 18,644 bytes in 7 blocks
==26438==   total heap usage: 1,168 allocs, 1,161 frees, 426,378 bytes allocated
==26438== 
==26438== LEAK SUMMARY:
==26438==    definitely lost: 0 bytes in 0 blocks
==26438==    indirectly lost: 0 bytes in 0 blocks
==26438==      possibly lost: 0 bytes in 0 blocks
==26438==    still reachable: 18,644 bytes in 7 blocks
==26438==         suppressed: 0 bytes in 0 blocks
==26438== Rerun with --leak-check=full to see details of leaked memory
==26438== 
==26438== For counts of detected and suppressed errors, rerun with: -v
==26438== Use --track-origins=yes to see where uninitialised values come from
==26438== ERROR SUMMARY: 136 errors from 4 contexts (suppressed: 0 from 0)


Both valgrind stable (3.12.0) and current SVN (r16297, VEX r3344) are affected. I don't know if it's a regression.

This is not reproducible when using -fno-unswitch-loops or with clang.

The source code can be found in libavcodec/svq1dec.c (http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavcodec/svq1dec.c;hb=HEAD) and sample is attached to this report.