[FFmpeg-trac] #569(avformat:new): segfault trying to identify flv with no audio channels
FFmpeg
trac at avcodec.org
Tue Oct 18 19:39:27 CEST 2011
#569: segfault trying to identify flv with no audio channels
-------------------------------------+------------------------------------
Reporter: andrewr | Owner:
Type: defect | Status: new
Priority: normal | Component: avformat
Version: unspecified | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+------------------------------------
Comment (by andrewr):
Sorry about the formatting, I haven't used trac much and I didn't know
about the Code block, maybe you could add it to the bug reporting
instructions (http://ffmpeg.org/bugreports.html).
Unfortunately the difference between the working version and today's trunk
is about 2 years, so it's not practical to bisect to find the offending
commit. I have recompiled with --disable-shared and --disable-
optimizations, which seems to have given more information:
{{{
$ gdb /tmp/binary-dist-ffmpeg-107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g
Detected executable built for fbcode's gcc-4.6.0-glibc-2.13 platform
Running from "/usr/local/fbcode/gcc-4.6.0-glibc-2.13/bin/gdb"
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-facebook-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /tmp/binary-dist-ffmpeg-
107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g...done.
<bad-videos/flv-segfault-identify/251336914908174.flv
Starting program: /tmp/binary-dist-ffmpeg-
107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g -i ~andrewr/local/bad-videos
/flv-segfault-identify/251336914908174.flv
[Thread debugging using libthread_db enabled]
ffmpeg version fb-107460c_ffmpeg, Copyright (c) 2000-2011 the FFmpeg
developers
built on Oct 18 2011 10:21:12 with gcc 4.6.0 20110331 (Red Hat 4.6.0-2)
configuration: --prefix --enable-shared --prefix=/home/engshare/third-
party/gcc-4.6.0-glibc-2.13/ffmpeg/ffmpeg-107460c --enable-libfaac
--enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-
libschroedinger --enable-libspeex --enable-libgsm --enable-libopenjpeg
--enable-libxvid --enable-libx264 --enable-bzlib --enable-zlib --disable-
devices --disable-ffserver --disable-ffplay --enable-pthreads --enable-
static --enable-nonfree --enable-version3 --enable-gpl --disable-shared
--disable-optimizations --enable-libopencore-amrnb --enable-libopencore-
amrwb --disable-decoder=amrnb --disable-decoder=amrwb
libavutil 51. 21. 0 / 51. 21. 0
libavcodec 53. 20. 1 / 53. 20. 1
libavformat 53. 16. 0 / 53. 16. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 43. 6 / 2. 43. 6
libswscale 2. 1. 0 / 2. 1. 0
libpostproc 51. 2. 0 / 51. 2. 0
Program received signal SIGSEGV, Segmentation fault.
ff_add_index_entry (index_entries=0x90, nb_index_entries=0x98,
index_entries_allocated_size=0x9c, pos=3683, timestamp=0, size=0,
distance=0, flags=1) at libavformat/utils.c:1462
1462 if((unsigned)*nb_index_entries + 1 >= UINT_MAX /
sizeof(AVIndexEntry))
(gdb) bt
#0 ff_add_index_entry (index_entries=0x90, nb_index_entries=0x98,
index_entries_allocated_size=0x9c, pos=3683, timestamp=0, size=0,
distance=0, flags=1) at libavformat/utils.c:1462
#1 0x0000000000529526 in av_add_index_entry (st=<value optimized out>,
pos=<value optimized out>, timestamp=<value optimized out>,
size=<value optimized out>, distance=<value optimized out>,
flags=<value optimized out>) at libavformat/utils.c:1503
#2 0x00000000004c45e5 in parse_keyframes_index (s=0x0, astream=0x11c4e40,
vstream=0x0, key=<value optimized out>, max_pos=1149, depth=1)
at libavformat/flvdec.c:196
#3 amf_parse_object (s=0x0, astream=0x11c4e40, vstream=0x0,
key=<value optimized out>, max_pos=1149, depth=1)
at libavformat/flvdec.c:232
#4 0x00000000004c424b in amf_parse_object (s=0x11c4780,
astream=0x11c4e40,
vstream=0x0, key=0x7fff9d966920 "onMetaData", max_pos=1149, depth=0)
at libavformat/flvdec.c:252
#5 0x00000000004c4cf3 in flv_read_metabody (s=0x11c4780,
pkt=0x7fff9d966a30)
at libavformat/flvdec.c:343
#6 flv_read_packet (s=0x11c4780, pkt=0x7fff9d966a30)
at libavformat/flvdec.c:452
#7 0x0000000000528bb7 in av_read_packet (s=0x11c4780, pkt=0x7fff9d966a30)
at libavformat/utils.c:744
#8 0x00000000005295b9 in read_frame_internal (s=0x11c4780,
pkt=0x7fff9d966cb0) at libavformat/utils.c:1219
#9 0x000000000052ad66 in avformat_find_stream_info (ic=0x11c4780,
options=0x11cb0a0) at libavformat/utils.c:2412
#10 0x000000000045eeb6 in opt_input_file (o=0x7fff9d9670c0,
opt=<value optimized out>, filename=<value optimized out>)
at ffmpeg.c:3146
#11 0x000000000046940c in parse_option (optctx=0x7fff9d9670c0,
opt=0x7fff9d967808 "i",
arg=0x7fff9d96780a "/home/andrewr/local/bad-videos/flv-segfault-
identify/251336914908174.flv", options=<value optimized out>) at
cmdutils.c:275
#12 0x0000000000469584 in parse_options (optctx=0x7fff9d9670c0, argc=3,
argv=0x7fff9d967428, options=0xc137c0,
parse_arg_function=0x465bf0 <opt_output_file>) at cmdutils.c:308
#13 0x000000000045bb20 in main (argc=3, argv=0x7fff9d967428) at
ffmpeg.c:4378
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x529368 to 0x5293a8:
0x0000000000529368 <ff_add_index_entry+8>: mov %rbp,-0x28(%rsp)
0x000000000052936d <ff_add_index_entry+13>: mov %r12,-0x20(%rsp)
0x0000000000529372 <ff_add_index_entry+18>: mov %r13,-0x18(%rsp)
0x0000000000529377 <ff_add_index_entry+23>: mov %rdi,%rbp
0x000000000052937a <ff_add_index_entry+26>: mov %r15,-0x8(%rsp)
0x000000000052937f <ff_add_index_entry+31>: mov %r14,-0x10(%rsp)
0x0000000000529384 <ff_add_index_entry+36>: sub $0x48,%rsp
=> 0x0000000000529388 <ff_add_index_entry+40>: mov (%rbx),%eax
0x000000000052938a <ff_add_index_entry+42>: mov %rdx,%rsi
0x000000000052938d <ff_add_index_entry+45>: mov %rcx,%r13
0x0000000000529390 <ff_add_index_entry+48>: mov %r8,%r12
0x0000000000529393 <ff_add_index_entry+51>: mov %r9d,%r15d
0x0000000000529396 <ff_add_index_entry+54>: add $0x1,%eax
0x0000000000529399 <ff_add_index_entry+57>: cmp $0xaaaaaa9,%eax
0x000000000052939e <ff_add_index_entry+62>: ja 0x5294e0
<ff_add_index_entry+384>
0x00000000005293a4 <ff_add_index_entry+68>: cltq
0x00000000005293a6 <ff_add_index_entry+70>: mov (%rdi),%rdi
End of assembler dump.
(gdb) info all-registers
rax 0xe63 3683
rbx 0x98 152
rcx 0xe63 3683
rdx 0x9c 156
rsi 0x98 152
rdi 0x90 144
rbp 0x90 0x90
rsp 0x7fff9d9662a0 0x7fff9d9662a0
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0x0 0
r12 0x47d 1149
r13 0x1 1
r14 0x3 3
r15 0x7fff9d966660 140735837267552
rip 0x529388 0x529388 <ff_add_index_entry+40>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0,
0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 =
0x00000000000000004043600000000000}
xmm1 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0,
0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 =
0x00000000000000004043600000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xff, 0x0, 0xff, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0xff, 0xff, 0x0}, v2_int64 = {0xff00000000,
0xff},
uint128 = 0x00000000000000ff000000ff00000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x5f, 0x73, 0x61,
0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x6d, 0x74, 0x0, 0x38, 0x2d, 0x62,
0x69}, v8_int16 = {0x735f, 0x6d61, 0x6c70, 0x5f65, 0x6d66, 0x74,
0x2d38,
0x6962}, v4_int32 = {0x6d61735f, 0x5f656c70, 0x746d66, 0x69622d38},
v2_int64 = {0x5f656c706d61735f, 0x69622d3800746d66},
uint128 = 0x69622d3800746d665f656c706d61735f}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0},
v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d}
xmm6 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e,
0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 =
{0xaa5b,
0x2aa2, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x2aa2aa5b,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e2aa2aa5b, 0x0},
uint128 = 0x0000000000000000c047069e2aa2aa5b}
xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {
0x3ff0000000000000, 0x0}, uint128 =
0x00000000000000003ff0000000000000}
xmm8 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e,
0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 =
{0xe6e0,
0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e6735e6e0, 0x0},
uint128 = 0x0000000000000000c047069e6735e6e0}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0,
0x0,
0x0}, v4_int32 = {0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {
0x3bbcc86800000000, 0x0}, uint128 =
0x00000000000000003bbcc86800000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0},
v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000}
xmm11 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea,
0x8f, 0xbd, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0xff}, v8_int16 =
{
0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0xffff, 0xffff, 0xff, 0xffff},
v4_int32 = {0x5065a26a, 0xbd8feaf2, 0xffffffff, 0xffff00ff}, v2_int64 =
{
0xbd8feaf25065a26a, 0xffff00ffffffffff},
uint128 = 0xffff00ffffffffffbd8feaf25065a26a}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3cc40000, 0x0, 0x0}, v2_int64 = {
0x3cc4000000000000, 0x0}, uint128 =
0x00000000000000003cc4000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0, 0x0,
0x0,
0x0}, v4_int32 = {0x0, 0xbc598000, 0x0, 0x0}, v2_int64 = {
0xbc59800000000000, 0x0}, uint128 =
0x0000000000000000bc59800000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0},
v2_int64 = {0x3c5324f0e883858e, 0x0},
uint128 = 0x00000000000000003c5324f0e883858e}
xmm15 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0},
v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0}
mxcsr 0x1fa2 [ DE PE IM DM ZM OM UM PM ]
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/569#comment:2>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list