[FFmpeg-trac] #2048(avcodec:open): reproducible crash on some subtitles in ff_ass_split_override_codes()

FFmpeg trac at avcodec.org
Thu Dec 20 11:51:28 CET 2012


#2048: reproducible crash on some subtitles in ff_ass_split_override_codes()
-------------------------------------+-------------------------------------
             Reporter:  julian       |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  ass crash    |               Blocked By:
  SIGSEGV                            |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avcodec
 * priority:  normal => important
 * version:  1.0 => git-master
 * keywords:   => ass crash SIGSEGV


Comment:

 {{{
 (gdb) r -i ffmpeg-bug.mkv -map 0:0 -scodec mov_text out.mp4
 Starting program: ffmpeg_g -i ffmpeg-bug.mkv -map 0:0 -scodec mov_text
 out.mp4
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-48034-g174c483 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on Dec 20 2012 10:05:56 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --disable-indev=jack
   libavutil      52. 12.100 / 52. 12.100
   libavcodec     54. 81.100 / 54. 81.100
   libavformat    54. 49.102 / 54. 49.102
   libavdevice    54.  3.102 / 54.  3.102
   libavfilter     3. 28.102 /  3. 28.102
   libswscale      2.  1.103 /  2.  1.103
   libswresample   0. 17.102 /  0. 17.102
   libpostproc    52.  2.100 / 52.  2.100
 Input #0, matroska,webm, from 'ffmpeg-bug.mkv':
   Metadata:
     ENCODER         : Lavf54.29.104
   Duration: 00:24:27.06, start: 0.000000, bitrate: 8 kb/s
     Stream #0:0: Subtitle: ssa (default)
     Metadata:
       title           : 简体中文
     Stream #0:1: Video: h264 (High), yuv420p, 640x360 [SAR 1:1 DAR 16:9],
 23.81 fps, 23.81 tbr, 1k tbn, 47.62 tbc (default)
     Stream #0:2: Subtitle: ssa (default)
     Metadata:
       title           : 繁体中文
 Output #0, mp4, to 'out.mp4':
   Metadata:
     encoder         : Lavf54.49.102
     Stream #0:0: Subtitle: mov_text ([8][0][0][0] / 0x0008) (default)
     Metadata:
       title           : 简体中文
 Stream mapping:
   Stream #0:0 -> #0:0 (ass -> mov_text)
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 ff_ass_split_override_codes (callbacks=callbacks at entry=0xc79ee0
 <mov_text_callbacks>,
     priv=priv at entry=0x15ef840, buf=0x0) at libavcodec/ass_split.c:372
 372         while (*buf) {
 (gdb) bt
 #0  ff_ass_split_override_codes (callbacks=callbacks at entry=0xc79ee0
 <mov_text_callbacks>,
     priv=priv at entry=0x15ef840, buf=0x0) at libavcodec/ass_split.c:372
 #1  0x000000000086b5e1 in mov_text_encode_frame (avctx=0x15f5b00,
 buf=0x7ffff6463040 "",
     bufsize=1048576, sub=0x7fffffffd6f0) at libavcodec/movtextenc.c:125
 #2  0x00000000009a1238 in avcodec_encode_subtitle
 (avctx=avctx at entry=0x15f5b00,
     buf=<optimized out>, buf_size=buf_size at entry=1048576,
 sub=sub at entry=0x7fffffffd6f0)
     at libavcodec/utils.c:1485
 #3  0x0000000000460011 in do_subtitle_out (sub=0x7fffffffd6f0,
 ost=0x15eb3e0, s=0x15ec9c0,
     ist=<optimized out>) at ffmpeg.c:753
 #4  transcode_subtitles (ist=ist at entry=0x15e9de0,
 pkt=pkt at entry=0x7fffffffdac0,
     got_output=got_output at entry=0x7fffffffd85c) at ffmpeg.c:1728
 #5  0x000000000046138a in output_packet (pkt=0x7fffffffda60,
 ist=0x15e9de0) at ffmpeg.c:1812
 #6  process_input (file_index=<optimized out>) at ffmpeg.c:2886
 #7  0x00000000004515d0 in transcode_step () at ffmpeg.c:2982
 #8  transcode () at ffmpeg.c:3034
 #9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3209
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0xaae210 to 0xaae250:
    0x0000000000aae210 <ff_ass_split_override_codes+16>: push   %rsp
    0x0000000000aae211 <ff_ass_split_override_codes+17>: mov    %rdi,%r12
    0x0000000000aae214 <ff_ass_split_override_codes+20>: push   %rbp
    0x0000000000aae215 <ff_ass_split_override_codes+21>: push   %rbx
    0x0000000000aae216 <ff_ass_split_override_codes+22>: sub    $0x128,%rsp
    0x0000000000aae21d <ff_ass_split_override_codes+29>: lea
 0xa0(%rsp),%rbp
    0x0000000000aae225 <ff_ass_split_override_codes+37>: movl
 $0x0,0x2c(%rsp)
    0x0000000000aae22d <ff_ass_split_override_codes+45>: nopl   (%rax)
 => 0x0000000000aae230 <ff_ass_split_override_codes+48>: cmpb   $0x0,(%r15)
    0x0000000000aae234 <ff_ass_split_override_codes+52>: je     0xaae42c
 <ff_ass_split_override_codes+556>
    0x0000000000aae23a <ff_ass_split_override_codes+58>: test   %r14,%r14
    0x0000000000aae23d <ff_ass_split_override_codes+61>: je     0xaae281
 <ff_ass_split_override_codes+129>
    0x0000000000aae23f <ff_ass_split_override_codes+63>: cmpq   $0x0,(%r12)
    0x0000000000aae244 <ff_ass_split_override_codes+68>: je     0xaae281
 <ff_ass_split_override_codes+129>
    0x0000000000aae246 <ff_ass_split_override_codes+70>: lea
 0x30(%rsp),%rdx
    0x0000000000aae24b <ff_ass_split_override_codes+75>: xor    %eax,%eax
    0x0000000000aae24d <ff_ass_split_override_codes+77>: mov
 $0xd4b500,%esi
 End of assembler dump.
 (gdb) info register
 rax            0x1      1
 rbx            0x15ef840        23001152
 rcx            0x0      0
 rdx            0x0      0
 rsi            0x15ef840        23001152
 rdi            0xc79ee0 13082336
 rbp            0x7fffffffd570   0x7fffffffd570
 rsp            0x7fffffffd4d0   0x7fffffffd4d0
 r8             0x0      0
 r9             0x7      7
 r10            0x0      0
 r11            0x7ffff68d1d60   140737329831264
 r12            0xc79ee0 13082336
 r13            0x15ef840        23001152
 r14            0x0      0
 r15            0x0      0
 rip            0xaae230 0xaae230 <ff_ass_split_override_codes+48>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2048#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list