[FFmpeg-trac] #6268(ffmpeg:new): Hang when processing corrupt .webm file with -threads > 1
FFmpeg
trac at avcodec.org
Mon Mar 27 13:44:31 EEST 2017
#6268: Hang when processing corrupt .webm file with -threads > 1
--------------------------------+--------------------------------------
Reporter: Fusl | Type: defect
Status: new | Priority: normal
Component: ffmpeg | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
--------------------------------+--------------------------------------
> corrupt.webm (File attached):
{{{
00000000 1a 45 df a3 01 00 00 00 00 00 00 1f 42 30 81 30
|.E..........B0.0|
00000010 42 30 81 30 42 30 81 30 42 30 81 30 42 30 84 30
|B0.0B0.0B0.0B0.0|
00000020 30 30 30 42 30 81 30 42 30 81 30 30 16 54 ae 6b
|000B0.0B0.00.T.k|
00000030 01 30 30 30 30 30 30 30 ae 01 00 00 00 00 00 00
|.0000000........|
00000040 30 d7 81 01 9c 81 30 30 30 30 83 30 30 30 86 85
|0.....0000.000..|
00000050 56 5f 56 50 39 83 81 01 30 30 30 84 30 30 30 30
|V_VP9...000.0000|
00000060 e0 01 00 00 00 00 00 00 0e b0 81 30 ba 81 30 54
|...........0..0T|
00000070 30 81 30 54 30 81 30 ae 01 30 30 30 30 30 30 30
|0.0T0.0..0000000|
00000080 d7 81 02 9c 81 30 9c 83 30 30 30 86 88 30 30 30
|.....0..000..000|
00000090 30 30 30 30 30 83 81 01 1f 43 b6 75 01 30 30 30
|00000....C.u.000|
000000a0 30 30 30 30 30 30 30 a3 30 30 30 30 30 30 30 30
|0000000.00000000|
000000b0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0000000000000000|
000000c0 30 30 30 30 30 30 30 30 30 30 30 a3 85 82 30 30
|00000000000...00|
000000d0 30 30 a3 a3 81 30 30 30 82 49 83 42 30 00 30 30
|00...000.I.B0.00|
000000e0 30 30 30 30 30 30 00 00 30 30 30 30 30 30 30 30
|000000..00000000|
000000f0 30 30 30 30 30 30 30 30 30 30 e0 30 30 30 30 30
|0000000000.00000|
00000100 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0000000000000000|
*
00000150 30 30 30 30 30 30 30 30 30 30 30 30 30 30 c6 30
|00000000000000.0|
00000160 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0000000000000000|
*
000001a0 30 30 30 30 30 30 30 30 95 30 30 30 30 30 30 30
|00000000.0000000|
000001b0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0000000000000000|
000001c0 30 95 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0.00000000000000|
000001d0 30 30 30 30 30 30 30 30 30 30 95 30 30 30 30 30
|0000000000.00000|
000001e0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
|0000000000000000|
000001f0 30 30 30 93 30 30 30 30 30 30 30 30 30 30 30 30
|000.000000000000|
00000200 30 30 30 30 30 30 30 a3 85 82 30 30 30 30 a3 93
|0000000...0000..|
00000210 81 30 30 30 97 30 30 0e 30 30 30 30 30 30 30 00
|.000.00.0000000.|
00000220 00 30 30 a3 85 82 30 30 30 30 a3 99 81 30 30 30
|.00...0000...000|
00000230 86 30 30 96 30 30 49 e0 00 03 30 30 30 30 30 30
|.00.00I...000000|
00000240 30 30 30 30 30 |00000|
00000245
}}}
> ffmpeg -threads 2 -v quiet -i $filename -f null -
GDB:
{{{
Program received signal SIGINT, Interrupt.
pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
185 ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S: No
such file or directory.
(gdb) bt
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1 0x0000000000b6681e in ff_thread_decode_frame (avctx=0x22cc170,
picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x7fffffffe070)
at libavcodec/pthread_frame.c:496
#2 0x0000000000c777a8 in avcodec_decode_video2 (avctx=0x22cc170,
picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x22cd7b0) at
libavcodec/utils.c:2272
#3 0x0000000000c796b8 in do_decode (avctx=0x22cc170, pkt=0x22cd7b0) at
libavcodec/utils.c:2822
#4 0x0000000000c79c2a in avcodec_receive_frame (avctx=0x22cc170,
frame=0x22f2070) at libavcodec/utils.c:2949
#5 0x0000000000423348 in decode (avctx=0x22cc170, frame=0x22f2070,
got_frame=0x7fffffffe39c, pkt=0x7fffffffe1d0) at ffmpeg.c:2256
#6 0x0000000000423ae1 in decode_video (ist=0x22c8d00, pkt=0x7fffffffe3a0,
got_output=0x7fffffffe39c, eof=1, decode_failed=0x7fffffffe398) at
ffmpeg.c:2393
#7 0x0000000000424a0d in process_input_packet (ist=0x22c8d00, pkt=0x0,
no_eof=0) at ffmpeg.c:2628
#8 0x0000000000429aa6 in process_input (file_index=0) at ffmpeg.c:4171
#9 0x000000000042b4e3 in transcode_step () at ffmpeg.c:4481
#10 0x000000000042b603 in transcode () at ffmpeg.c:4535
#11 0x000000000042bce5 in main (argc=10, argv=0x7fffffffebc8) at
ffmpeg.c:4740
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff76c602f to 0x7ffff76c606f:
0x00007ffff76c602f <pthread_cond_wait@@GLIBC_2.3.2+159>: add
%bh,0xca(%rax)
0x00007ffff76c6035 <pthread_cond_wait@@GLIBC_2.3.2+165>: syscall
0x00007ffff76c6037 <pthread_cond_wait@@GLIBC_2.3.2+167>: cmp
$0x0,%eax
0x00007ffff76c603a <pthread_cond_wait@@GLIBC_2.3.2+170>: sete
%r8b
0x00007ffff76c603e <pthread_cond_wait@@GLIBC_2.3.2+174>: jmp
0x7ffff76c604f <pthread_cond_wait@@GLIBC_2.3.2+191>
0x00007ffff76c6040 <pthread_cond_wait@@GLIBC_2.3.2+176>: mov
$0x80,%esi
0x00007ffff76c6045 <pthread_cond_wait@@GLIBC_2.3.2+181>: xor
%r8b,%r8b
0x00007ffff76c6048 <pthread_cond_wait@@GLIBC_2.3.2+184>: mov
$0xca,%eax
0x00007ffff76c604d <pthread_cond_wait@@GLIBC_2.3.2+189>: syscall
=> 0x00007ffff76c604f <pthread_cond_wait@@GLIBC_2.3.2+191>: mov
(%rsp),%edi
0x00007ffff76c6052 <pthread_cond_wait@@GLIBC_2.3.2+194>: callq
0x7ffff76c8710 <__pthread_disable_asynccancel>
0x00007ffff76c6057 <pthread_cond_wait@@GLIBC_2.3.2+199>: mov
0x8(%rsp),%rdi
0x00007ffff76c605c <pthread_cond_wait@@GLIBC_2.3.2+204>: mov
$0x1,%esi
0x00007ffff76c6061 <pthread_cond_wait@@GLIBC_2.3.2+209>: xor
%eax,%eax
0x00007ffff76c6063 <pthread_cond_wait@@GLIBC_2.3.2+211>: lock
cmpxchg %esi,(%rdi)
0x00007ffff76c6067 <pthread_cond_wait@@GLIBC_2.3.2+215>: jne
0x7ffff76c614d <pthread_cond_wait@@GLIBC_2.3.2+445>
0x00007ffff76c606d <pthread_cond_wait@@GLIBC_2.3.2+221>: mov
0x2c(%rdi),%edx
End of assembler dump.
(gdb) info all-registers
rax 0xfffffffffffffe00 -512
rbx 0x0 0
rcx 0xffffffffffffffff -1
rdx 0x1 1
rsi 0x80 128
rdi 0x22caafc 36481788
rbp 0x7fffffffe020 0x7fffffffe020
rsp 0x7fffffffdf90 0x7fffffffdf90
r8 0x22cab00 36481792
r9 0x0 0
r10 0x0 0
r11 0x246 582
r12 0x404080 4210816
r13 0x7fffffffebc0 140737488350144
r14 0x0 0
r15 0x0 0
rip 0x7ffff76c604f 0x7ffff76c604f
<pthread_cond_wait@@GLIBC_2.3.2+191>
eflags 0x246 [ PF ZF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x0, 0xff <repeats
15 times>}, v8_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff}, v4_int32 = {0xffffff00, 0xffffffff, 0xffffffff,
0xffffffff}, v2_int64 = {0xffffffffffffff00, 0xffffffffffffffff},
uint128 = 0xffffffffffffffffffffffffffffff00}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000,
0x0}, uint128 = 0x00000000000000000000ff0000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x6d, 0x70, 0x6c,
0x65, 0x20, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x20, 0x6f, 0x70, 0x74,
0x69}, v8_int16 = {0x706d, 0x656c, 0x6620, 0x6c69, 0x6574, 0x2072, 0x706f,
0x6974}, v4_int32 = {0x656c706d, 0x6c696620, 0x20726574,
0x6974706f}, v2_int64 = {0x6c696620656c706d, 0x6974706f20726574},
uint128 = 0x6974706f207265746c696620656c706d}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x74, 0x73, 0x0,
0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x20, 0x61, 0x72, 0x65, 0x73,
0x61}, v8_int16 = {0x7374, 0x6400, 0x6665, 0x7561, 0x746c, 0x6120, 0x6572,
0x6173}, v4_int32 = {0x64007374, 0x75616665, 0x6120746c,
0x61736572}, v2_int64 = {0x7561666564007374, 0x617365726120746c},
uint128 = 0x617365726120746c7561666564007374}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xff, 0x0 <repeats 15 times>}, v8_int16 = {0xff, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xff, 0x0, 0x0, 0x0}, v2_int64 =
{0xff, 0x0}, uint128 = 0x000000000000000000000000000000ff}
xmm13 {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xf9, 0xc8, 0xde, 0xfc, 0xd1, 0x21, 0x89, 0xbf, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xc8f9, 0xfcde, 0x21d1,
0xbf89, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfcdec8f9, 0xbf8921d1, 0x0,
0x0}, v2_int64 = {0xbf8921d1fcdec8f9, 0x0},
uint128 = 0x0000000000000000bf8921d1fcdec8f9}
xmm14 {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xf9, 0xc8, 0xde, 0xfc, 0xd1, 0x21, 0x89, 0xbf, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xc8f9, 0xfcde, 0x21d1,
0xbf89, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfcdec8f9, 0xbf8921d1, 0x0,
0x0}, v2_int64 = {0xbf8921d1fcdec8f9, 0x0},
uint128 = 0x0000000000000000bf8921d1fcdec8f9}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
(gdb) up
#1 0x0000000000b6681e in ff_thread_decode_frame (avctx=0x22cc170,
picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x7fffffffe070)
at libavcodec/pthread_frame.c:496
496 pthread_cond_wait(&p->output_cond,
&p->progress_mutex);
(gdb) l
491 p = &fctx->threads[finished++];
492
493 if (atomic_load(&p->state) != STATE_INPUT_READY) {
494 pthread_mutex_lock(&p->progress_mutex);
495 while (atomic_load_explicit(&p->state,
memory_order_relaxed) != STATE_INPUT_READY)
*496 pthread_cond_wait(&p->output_cond,
&p->progress_mutex);
497 pthread_mutex_unlock(&p->progress_mutex);
498 }
499
500 av_frame_move_ref(picture, p->frame);
(gdb)
}}}
Valgrind:
{{{
==4185== HEAP SUMMARY:
==4185== in use at exit: 400,453 bytes in 428 blocks
==4185== total heap usage: 1,649 allocs, 1,221 frees, 889,427 bytes
allocated
==4185==
==4185== 544 bytes in 2 blocks are possibly lost in loss record 143 of 176
==4185== at 0x4C2AD10: calloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
==4185== by 0x4010F91: allocate_dtv (dl-tls.c:296)
==4185== by 0x401169D: _dl_allocate_tls (dl-tls.c:460)
==4185== by 0x5342BE7: allocate_stack (allocatestack.c:589)
==4185== by 0x5342BE7: pthread_create@@GLIBC_2.2.5
(pthread_create.c:495)
==4185== by 0xB67661: ff_frame_thread_init (pthread_frame.c:810)
==4185== by 0x115BCD4: ff_thread_init (pthread.c:77)
==4185== by 0xC74B6C: avcodec_open2 (utils.c:1419)
==4185== by 0x4257F9: init_input_stream (ffmpeg.c:2890)
==4185== by 0x427F81: transcode_init (ffmpeg.c:3592)
==4185== by 0x42B55F: transcode (ffmpeg.c:4506)
==4185== by 0x42BCE4: main (ffmpeg.c:4740)
==4185==
==4185== 6,800 bytes in 25 blocks are possibly lost in loss record 170 of
176
==4185== at 0x4C2AD10: calloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
==4185== by 0x4010F91: allocate_dtv (dl-tls.c:296)
==4185== by 0x401169D: _dl_allocate_tls (dl-tls.c:460)
==4185== by 0x5342BE7: allocate_stack (allocatestack.c:589)
==4185== by 0x5342BE7: pthread_create@@GLIBC_2.2.5
(pthread_create.c:495)
==4185== by 0x469F35: thread_init_internal (pthread.c:179)
==4185== by 0x46A004: ff_graph_thread_init (pthread.c:210)
==4185== by 0x4515A5: avfilter_graph_alloc_filter (avfiltergraph.c:194)
==4185== by 0x46831C: create_filter (graphparser.c:114)
==4185== by 0x468533: parse_filter (graphparser.c:176)
==4185== by 0x468D7E: avfilter_graph_parse2 (graphparser.c:411)
==4185== by 0x41AC85: configure_filtergraph (ffmpeg_filter.c:1031)
==4185== by 0x423184: ifilter_send_frame (ffmpeg.c:2194)
==4185==
==4185== LEAK SUMMARY:
==4185== definitely lost: 0 bytes in 0 blocks
==4185== indirectly lost: 0 bytes in 0 blocks
==4185== possibly lost: 7,344 bytes in 27 blocks
==4185== still reachable: 393,109 bytes in 401 blocks
==4185== suppressed: 0 bytes in 0 blocks
==4185== Reachable blocks (those to which a pointer was found) are not
shown.
==4185== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==4185==
==4185== For counts of detected and suppressed errors, rerun with: -v
==4185== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Killed
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6268>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list