[FFmpeg-trac] #6519(undetermined:new): Crash when passing rgb24 data to ssim filter
FFmpeg
trac at avcodec.org
Tue Jul 11 13:49:12 EEST 2017
#6519: Crash when passing rgb24 data to ssim filter
-------------------------------------+-------------------------------------
Reporter: t.rapp | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
When I pass rgb24 data generated by the testsrc filter to ssim the
application crashes. When I convert the data to YUV first (like yuv422p)
ssim seems to work fine.
How to reproduce:
{{{
% ./build-linux/ffmpeg-dbg_g -f lavfi -i "testsrc=s=300x200:r=5:d=1" -vf
"split [ref][tmp]; [tmp] avgblur=3 [enc]; [enc][ref] ssim" -f null -
ffmpeg version N-86755-g0780ad9 Copyright (c) 2000-2017 the FFmpeg
developers
built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 20160609
configuration: --disable-network --enable-libtwolame --enable-libmp3lame
--enable-libvorbis --enable-libfreetype --enable-static --disable-shared
--progs-suffix=-dbg --enable-debug --disable-optimizations --enable-extra-
warnings --assert-level=2 --prefix=/usr/local
libavutil 55. 67.100 / 55. 67.100
libavcodec 57.100.104 / 57.100.104
libavformat 57. 75.100 / 57. 75.100
libavdevice 57. 7.100 / 57. 7.100
libavfilter 6. 95.100 / 6. 95.100
libswscale 4. 7.101 / 4. 7.101
libswresample 2. 8.100 / 2. 8.100
Input #0, lavfi, from 'testsrc=s=300x200:r=5:d=1':
Duration: N/A, start: 0.000000, bitrate: N/A
Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 300x200
[SAR 1:1 DAR 3:2], 5 tbr, 5 tbn, 5 tbc
Stream mapping:
Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf57.75.100
Stream #0:0: Video: wrapped_avframe, gbrp, 300x200 [SAR 1:1 DAR 3:2],
q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
Metadata:
encoder : Lavc57.100.104 wrapped_avframe
frame= 5 fps=0.0 q=-0.0 Lsize=N/A time=00:00:01.00 bitrate=N/A
speed=42.2x
video:3kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: unknown
*** Error in `./build-linux/ffmpeg-dbg_g': corrupted size vs. prev_size:
0x00000000041be170 ***
}}}
{{{
(gdb) bt
#0 0x00007ffff4f45428 in __GI_raise (sig=sig at entry=6) at
../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff4f4702a in __GI_abort () at abort.c:89
#2 0x00007ffff4f877ea in __libc_message (do_abort=2,
fmt=fmt at entry=0x7ffff50a0e98 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff4f90dfb in malloc_printerr (ar_ptr=0x7ffff52d4b20
<main_arena>, ptr=0x25d2bd0,
str=0x7ffff509dc35 "corrupted size vs. prev_size", action=3) at
malloc.c:5006
#4 _int_free (av=0x7ffff52d4b20 <main_arena>, p=<optimized out>,
have_lock=0) at malloc.c:4014
#5 0x00007ffff4f9453c in __GI___libc_free (mem=<optimized out>) at
malloc.c:2968
#6 0x000000000166bbfa in av_free (ptr=0x25d2720) at
src/libavutil/mem.c:209
#7 0x000000000166bc42 in av_freep (arg=0x25cb158) at
src/libavutil/mem.c:219
#8 0x00000000014f7a3f in sws_freeContext (c=0x25c18a0) at
src/libswscale/utils.c:2283
#9 0x00000000005cb4d6 in uninit (ctx=0x25ae800) at
src/libavfilter/vf_scale.c:151
#10 0x000000000045ec0f in avfilter_free (filter=0x25ae800) at
src/libavfilter/avfilter.c:800
#11 0x000000000046127f in avfilter_graph_free (graph=0x25a9850) at
src/libavfilter/avfiltergraph.c:123
#12 0x00000000004222ee in ffmpeg_cleanup (ret=0) at src/ffmpeg.c:477
#13 0x000000000040819c in exit_program (ret=0) at src/cmdutils.c:138
#14 0x00000000004338fb in main (argc=11, argv=0x7fffffffdf28) at
src/ffmpeg.c:4814
}}}
{{{
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff4f45408 to 0x7ffff4f45448:
0x00007ffff4f45408 <__GI_raise+24>: mov $0xf000000,%edx
0x00007ffff4f4540d <__GI_raise+29>: add $0x8964c189,%eax
0x00007ffff4f45412 <__GI_raise+34>: add $0x25,%al
0x00007ffff4f45414 <__GI_raise+36>: rolb (%rdx)
0x00007ffff4f45416 <__GI_raise+38>: add %al,(%rax)
0x00007ffff4f45418 <__GI_raise+40>: movslq %eax,%rsi
0x00007ffff4f4541b <__GI_raise+43>: movslq %edi,%rdx
0x00007ffff4f4541e <__GI_raise+46>: mov $0xea,%eax
0x00007ffff4f45423 <__GI_raise+51>: movslq %ecx,%rdi
0x00007ffff4f45426 <__GI_raise+54>: syscall
=> 0x00007ffff4f45428 <__GI_raise+56>: cmp $0xfffffffffffff000,%rax
0x00007ffff4f4542e <__GI_raise+62>: ja 0x7ffff4f45450
<__GI_raise+96>
0x00007ffff4f45430 <__GI_raise+64>: repz retq
0x00007ffff4f45432 <__GI_raise+66>: nopw 0x0(%rax,%rax,1)
0x00007ffff4f45438 <__GI_raise+72>: test %ecx,%ecx
0x00007ffff4f4543a <__GI_raise+74>: jg 0x7ffff4f4541b
<__GI_raise+43>
0x00007ffff4f4543c <__GI_raise+76>: mov %ecx,%edx
0x00007ffff4f4543e <__GI_raise+78>: neg %edx
0x00007ffff4f45440 <__GI_raise+80>: and $0x7fffffff,%ecx
0x00007ffff4f45446 <__GI_raise+86>: cmove %esi,%edx
End of assembler dump.
}}}
{{{
(gdb) info all-registers
rax 0x0 0
rbx 0x86 134
rcx 0x7ffff4f45428 140737303041064
rdx 0x6 6
rsi 0x3c35 15413
rdi 0x3c35 15413
rbp 0x7fffffffdae0 0x7fffffffdae0
rsp 0x7fffffffd748 0x7fffffffd748
r8 0x5 5
r9 0x0 0
r10 0x8 8
r11 0x206 518
r12 0x86 134
r13 0x7fffffffd8f8 140737488345336
r14 0x7fffffffd8f8 140737488345336
r15 0x2 2
rip 0x7ffff4f45428 0x7ffff4f45428 <__GI_raise+56>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 14 times>,
0xff, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff},
v4_int32 = {0x0, 0x0, 0x0, 0xff0000},
v2_int64 = {0x0, 0xff000000000000}, uint128 =
0x00ff0000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 =
{0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 =
{0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x3e, 0x50, 0x62, 0x12,
0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x503e, 0x1262, 0x7400,
0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0,
0x0}, v2_int64 = {
---Type <return> to continue, or q <return> to quit---
0x3fce74001262503e, 0x0}, uint128 =
0x00000000000000003fce74001262503e}
xmm10 {v4_float = {0xf65282a0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xd6, 0xd7, 0x1a,
0xcd, 0x8b, 0x5, 0x69, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xd7d6, 0xcd1a, 0x58b,
0x3c69, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcd1ad7d6, 0x3c69058b, 0x0,
0x0}, v2_int64 = {
0x3c69058bcd1ad7d6, 0x0}, uint128 =
0x00000000000000003c69058bcd1ad7d6}
xmm11 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x3e, 0x50, 0x62, 0x12,
0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x503e, 0x1262, 0x7400,
0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0,
0x0}, v2_int64 = {
0x3fce74001262503e, 0x0}, uint128 =
0x00000000000000003fce74001262503e}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm15 {v4_float = {0xfed6beb2, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xa7, 0xa0, 0x94,
0xcb, 0xd0, 0xe9, 0x46, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xa0a7, 0xcb94, 0xe9d0,
0xbc46, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcb94a0a7, 0xbc46e9d0, 0x0,
0x0}, v2_int64 = {
0xbc46e9d0cb94a0a7, 0x0}, uint128 =
0x0000000000000000bc46e9d0cb94a0a7}
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6519>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list