[FFmpeg-trac] #2714(avcodec:open): mpeg4: crash with lowres > 2 (was: xvid: crash with lowres > 2)
FFmpeg
trac at avcodec.org
Wed Jun 26 00:31:27 CEST 2013
#2714: mpeg4: crash with lowres > 2
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: regression | Blocked By:
crash SIGSEGV asp lowres | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avcodec
* priority: normal => important
* version: unspecified => git-master
* keywords: => regression crash SIGSEGV asp lowres
Comment:
Regression since a3f30f2
{{{
$ valgrind ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
==21611== Memcheck, a memory error detector
==21611== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21611== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==21611== Command: ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
==21611==
ffmpeg version N-54200-gda8c9b3 Copyright (c) 2000-2013 the FFmpeg
developers
built on Jun 26 2013 00:26:34 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 37.101 / 52. 37.101
libavcodec 55. 17.100 / 55. 17.100
libavformat 55. 10.100 / 55. 10.100
libavdevice 55. 2.100 / 55. 2.100
libavfilter 3. 77.101 / 3. 77.101
libswscale 2. 3.100 / 2. 3.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 3.100 / 52. 3.100
[mpeg4 @ 0x7248540] Invalid and inefficient vfw-avi packed B frames
detected
Input #0, avi, from 'xvid.avi':
Duration: 00:00:12.64, start: 0.000000, bitrate: 454 kb/s
Stream #0:0: Video: mpeg4 (Advanced Simple Profile) (XVID /
0x44495658), yuv420p, 40x30 [SAR 1:1 DAR 4:3], 23.97 tbr, 23.97 tbn, 23.97
tbc
Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz, stereo, s16p,
128 kb/s
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.10.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 40x30 [SAR
1:1 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
Press [q] to stop, [?] for help
[mpeg4 @ 0x73ad520] Invalid and inefficient vfw-avi packed B frames
detected
==21611== Thread 11:
==21611== Invalid write of size 8
==21611== at 0xA74494: ff_put_pixels_clamped_mmx (dsputil_mmx.c:72)
==21611== by 0x8D5F0E: ff_MPV_decode_mb (mpegvideo.c:2591)
==21611== by 0x6E4D3F: decode_slice (h263dec.c:257)
==21611== by 0x6E5CE1: ff_h263_decode_frame (h263dec.c:679)
==21611== by 0x922075: frame_worker_thread (pthread.c:338)
==21611== by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==21611== Address 0x73f5ba0 is 1 bytes after a block of size 575 alloc'd
==21611== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21611== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21611== by 0xBF9989: av_malloc (mem.c:93)
==21611== by 0xBED6CD: av_buffer_allocz (buffer.c:70)
==21611== by 0xBEDCAB: av_buffer_pool_get (buffer.c:305)
==21611== by 0x9C7496: video_get_buffer (utils.c:550)
==21611== by 0x9C8A9E: get_buffer_internal (utils.c:830)
==21611== by 0x9C8FC5: ff_get_buffer (utils.c:842)
==21611== by 0x923995: ff_thread_get_buffer (pthread.c:955)
==21611== by 0x8CE3D2: ff_alloc_picture (mpegvideo.c:234)
==21611== by 0x8D240F: ff_MPV_frame_start (mpegvideo.c:1550)
==21611== by 0x6E5C4B: ff_h263_decode_frame (h263dec.c:649)
...
}}}
{{{
(gdb) r -vlowres 3 -i xvid.avi -an -f null -
Starting program: ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-54200-gda8c9b3 Copyright (c) 2000-2013 the FFmpeg
developers
built on Jun 26 2013 00:26:34 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 37.101 / 52. 37.101
libavcodec 55. 17.100 / 55. 17.100
libavformat 55. 10.100 / 55. 10.100
libavdevice 55. 2.100 / 55. 2.100
libavfilter 3. 77.101 / 3. 77.101
libswscale 2. 3.100 / 2. 3.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 3.100 / 52. 3.100
[mpeg4 @ 0x169a420] Invalid and inefficient vfw-avi packed B frames
detected
Input #0, avi, from 'xvid.avi':
Duration: 00:00:12.64, start: 0.000000, bitrate: 454 kb/s
Stream #0:0: Video: mpeg4 (Advanced Simple Profile) (XVID /
0x44495658), yuv420p, 40x30 [SAR 1:1 DAR 4:3], 23.97 tbr, 23.97 tbn, 23.97
tbc
Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz, stereo, s16p,
128 kb/s
[New Thread 0x7ffff59e7700 (LWP 21680)]
[New Thread 0x7ffff51e6700 (LWP 21681)]
[New Thread 0x7ffff49e5700 (LWP 21682)]
[New Thread 0x7ffff41e4700 (LWP 21683)]
[New Thread 0x7ffff39e3700 (LWP 21684)]
[New Thread 0x7ffff31e2700 (LWP 21685)]
[New Thread 0x7ffff29e1700 (LWP 21686)]
[New Thread 0x7ffff21e0700 (LWP 21687)]
[New Thread 0x7ffff19df700 (LWP 21688)]
[New Thread 0x7ffff11de700 (LWP 21689)]
[New Thread 0x7ffff09dd700 (LWP 21690)]
[New Thread 0x7ffff01dc700 (LWP 21691)]
[New Thread 0x7fffef9db700 (LWP 21692)]
[New Thread 0x7fffef1da700 (LWP 21693)]
[New Thread 0x7fffee9d9700 (LWP 21694)]
[New Thread 0x7fffee1d8700 (LWP 21695)]
[New Thread 0x7fffed9d7700 (LWP 21696)]
[New Thread 0x7fffed1d6700 (LWP 21697)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.10.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 40x30 [SAR
1:1 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
Press [q] to stop, [?] for help
[mpeg4 @ 0x1683be0] Invalid and inefficient vfw-avi packed B frames
detected
Program received signal SIGSEGV, Segmentation fault.
av_buffer_ref (buf=0x7fffe80254a0) at libavutil/buffer.c:100
100 avpriv_atomic_int_add_and_fetch(&buf->buffer->refcount, 1);
(gdb) bt
#0 av_buffer_ref (buf=0x7fffe80254a0) at libavutil/buffer.c:100
#1 0x0000000000bf4a16 in av_frame_ref (dst=0x16c4780, src=0x7fffe80008c0)
at libavutil/frame.c:269
#2 0x00000000009cf0d7 in ff_thread_ref_frame (dst=dst at entry=0x16c49e8,
src=src at entry=0x7fffe8000b28) at libavcodec/utils.c:3091
#3 0x00000000008ced26 in ff_mpeg_ref_picture (s=s at entry=0x16afde0,
dst=0x16c4780,
src=0x7fffe80008c0) at libavcodec/mpegvideo.c:511
#4 0x00000000008d08d6 in ff_mpeg_update_thread_context (dst=<optimized
out>,
src=<optimized out>) at libavcodec/mpegvideo.c:707
#5 0x0000000000922a50 in update_context_from_thread (for_user=0,
src=<optimized out>,
dst=<optimized out>) at libavcodec/pthread.c:418
#6 submit_packet (avpkt=0x7fffffffd5d0, p=0x16adcf8) at
libavcodec/pthread.c:516
#7 ff_thread_decode_frame (avctx=avctx at entry=0x169a420,
picture=picture at entry=0x169e040,
got_picture_ptr=got_picture_ptr at entry=0x7fffffffd84c,
avpkt=avpkt at entry=0x7fffffffd5d0)
at libavcodec/pthread.c:597
#8 0x00000000009ca969 in avcodec_decode_video2 (avctx=0x169a420,
picture=picture at entry=0x169e040,
got_picture_ptr=got_picture_ptr at entry=0x7fffffffd84c,
avpkt=avpkt at entry=0x7fffffffdab0) at libavcodec/utils.c:1937
#9 0x000000000046ac00 in decode_video (ist=ist at entry=0x16a0220,
pkt=pkt at entry=0x7fffffffdab0,
got_output=got_output at entry=0x7fffffffd84c)
at ffmpeg.c:1654
#10 0x000000000046d8f7 in output_packet (pkt=0x7fffffffda50,
ist=0x16a0220) at ffmpeg.c:1852
#11 process_input (file_index=<optimized out>) at ffmpeg.c:3064
#12 0x000000000045c550 in transcode_step () at ffmpeg.c:3160
#13 transcode () at ffmpeg.c:3212
#14 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3390
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xbed789 to 0xbed7c9:
0x0000000000bed789 <av_buffer_ref+9>: callq 0xbf9bc0
<av_mallocz>
0x0000000000bed78e <av_buffer_ref+14>: test %rax,%rax
0x0000000000bed791 <av_buffer_ref+17>: je 0xbed7ae
<av_buffer_ref+46>
0x0000000000bed793 <av_buffer_ref+19>: mov (%rbx),%rdx
0x0000000000bed796 <av_buffer_ref+22>: mov %rdx,(%rax)
0x0000000000bed799 <av_buffer_ref+25>: mov 0x8(%rbx),%rcx
0x0000000000bed79d <av_buffer_ref+29>: mov %rcx,0x8(%rax)
0x0000000000bed7a1 <av_buffer_ref+33>: mov 0x10(%rbx),%rcx
0x0000000000bed7a5 <av_buffer_ref+37>: mov %rcx,0x10(%rax)
=> 0x0000000000bed7a9 <av_buffer_ref+41>: lock addl $0x1,0xc(%rdx)
0x0000000000bed7ae <av_buffer_ref+46>: pop %rbx
0x0000000000bed7af <av_buffer_ref+47>: retq
0x0000000000bed7b0 <av_buffer_unref+0>: test %rdi,%rdi
0x0000000000bed7b3 <av_buffer_unref+3>: je 0xbed7de
<av_buffer_unref+46>
0x0000000000bed7b5 <av_buffer_unref+5>: mov (%rdi),%rax
0x0000000000bed7b8 <av_buffer_unref+8>: test %rax,%rax
0x0000000000bed7bb <av_buffer_unref+11>: je 0xbed7de
<av_buffer_unref+46>
0x0000000000bed7bd <av_buffer_unref+13>: sub $0x18,%rsp
0x0000000000bed7c1 <av_buffer_unref+17>: mov (%rax),%rax
0x0000000000bed7c4 <av_buffer_unref+20>: mov %rax,0x8(%rsp)
End of assembler dump.
(gdb) info register
rax 0x16835c0 23606720
rbx 0x7fffe80254a0 140737085854880
rcx 0x1111101010101010 1229781834423865360
rdx 0x1111111111111111 1229782938247303441
rsi 0x0 0
rdi 0x16835d8 23606744
rbp 0x16c49e8 0x16c49e8
rsp 0x7fffffffd440 0x7fffffffd440
r8 0x18 24
r9 0x101010101010101 72340172838076673
r10 0x0 0
r11 0x7ffff6099112 140737321210130
r12 0x16c4780 23873408
r13 0x16c49e8 23874024
r14 0x16afde0 23789024
r15 0x16c4aa8 23874216
rip 0xbed7a9 0xbed7a9 <av_buffer_ref+41>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2714#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list