[ffmpeg-devel] [BUG] mpegts.c segfault

I. Po yyymmmm
Tue Jul 25 18:18:16 CEST 2006

Today I meet a problem with processing of one of HDTV streams. When I
start ffmpeg, it crashes with segfault in mpegts.c:212
mpegts_close_filter() .
Problem with parameter 'filter', it equals to 0. Routine are called
from pat_cb():
558      found:
559         mpegts_close_filter(ts, ts->pat_filter);
560         ts->pat_filter = NULL;
so, here  ts->pat_filter == 0. I don't know a logic of this routine,
so I only added a check: if  ts->pat_filter != 0, close filter, and so
on. If its incorrent, people, who wrote this module, should examine it
and fix. (ff passed regression tests with patch)

some kind of log:

$ ./ffmpeg -i /fat32-d/work/www/streams/b.mpg -vcodec copy -acodec
copy -sameq -f mpegts 1
FFmpeg version SVN-r5781, Copyright (c) 2000-2004 Fabrice Bellard
  configuration:  --disable-opts --disable-mmx --disable-iwmmxt
  libavutil version: 49.0.0
  libavcodec version: 51.10.0
  libavformat version: 50.5.0
  built on Jul 25 2006 16:16:56, gcc: 3.3.6
Segmentation fault (core dumped)
$ gdb ffmpeg_g core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-slackware-linux"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".

warning: core file may not match specified executable file.
Core was generated by `./ffmpeg -i /fat32-d/work/www/streams/b.mpg
-vcodec copy -acodec copy -sam'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/tls/libdl.so.2...done.
Loaded symbols for /lib/tls/libdl.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x0809a393 in mpegts_close_filter (ts=0x83fb000, filter=0x0) at mpegts.c:212
212         pid = filter->pid;
(gdb) bt
#0  0x0809a393 in mpegts_close_filter (ts=0x83fb000, filter=0x0) at mpegts.c:212
#1  0x0809ac5a in pat_cb (opaque=0x83fb000, section=0x8404250 "",
section_len=20) at mpegts.c:559
#2  0x0809a208 in write_section_data (s=0x83fa080, tss1=0x84030c0,
buf=0xbf8d8b85 "", buf_size=183, is_start=1)
    at mpegts.c:150
#3  0x0809b946 in handle_packet (ts=0x83fb000, packet=0xbf8d8b80 "G@")
at mpegts.c:1020
#4  0x0809bb39 in handle_packets (ts=0x83fb000, nb_packets=0) at mpegts.c:1099
#5  0x0809c5eb in mpegts_read_packet (s=0x83fa080, pkt=0x83faf90) at
#6  0x080604c0 in av_read_packet (s=0x83fa080, pkt=0x83faf90) at utils.c:647
#7  0x08060fe9 in av_read_frame_internal (s=0x83fa080, pkt=0xbf8d9080)
at utils.c:903
#8  0x08063520 in av_find_stream_info (ic=0x83fa080) at utils.c:1908
#9  0x0805be46 in opt_input_file (filename=0xbf8d95af
"/fat32-d/work/www/streams/bikini.mpg") at ffmpeg.c:2853
#10 0x0805f451 in parse_options (argc=11, argv=0xbf8d92c4,
options=0x8301980) at cmdutils.c:99
#11 0x0805ee3c in main (argc=11, argv=0xbf8d92c4) at ffmpeg.c:4257
(gdb) frame 1
#1  0x0809ac5a in pat_cb (opaque=0x83fb000, section=0x8404250 "",
section_len=20) at mpegts.c:559
559         mpegts_close_filter(ts, ts->pat_filter);
(gdb) print ts->pat_filter
$1 = (MpegTSFilter *) 0x0
(gdb) print *ts
$4 = {stream = 0x83fa080, raw_packet_size = 188, auto_guess = 1,
set_service_ret = -1, mpeg2ts_raw = 0,
  mpeg2ts_compute_pcr = 0, cur_pcr = 0, pcr_incr = 0, pcr_pid = 0,
stop_parse = 0, pkt = 0x83faf90, sdt_filter = 0x0,
  nb_services = 2, services = 0x83f1008, set_service_cb = 0x809bc2a
<set_service_cb>, set_service_opaque = 0x83fb000,
  pat_filter = 0x0, pmt_filter = 0x0, req_sid = 2, pids = {0x84030c0,
0x0 <repeats 16 times>, 0x8405680,
    0x0 <repeats 14 times>, 0x84055e0, 0x0 <repeats 448 times>,
0x8406630, 0x8406590, 0x0 <repeats 17 times>, 0x8403070,
    0x8403250, 0x8405630, 0x0 <repeats 7689 times>}}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mpegts.c.segf.patch
Type: application/octet-stream
Size: 502 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20060725/7bcc4564/attachment.obj>

More information about the ffmpeg-devel mailing list