[FFmpeg-trac] #6268(ffmpeg:new): Hang when processing corrupt .webm file with -threads > 1

FFmpeg trac at avcodec.org
Mon Mar 27 13:44:31 EEST 2017


#6268: Hang when processing corrupt .webm file with -threads > 1
--------------------------------+--------------------------------------
             Reporter:  Fusl    |                     Type:  defect
               Status:  new     |                 Priority:  normal
            Component:  ffmpeg  |                  Version:  git-master
             Keywords:          |               Blocked By:
             Blocking:          |  Reproduced by developer:  0
Analyzed by developer:  0       |
--------------------------------+--------------------------------------
 > corrupt.webm (File attached):
 {{{
 00000000  1a 45 df a3 01 00 00 00  00 00 00 1f 42 30 81 30
 |.E..........B0.0|
 00000010  42 30 81 30 42 30 81 30  42 30 81 30 42 30 84 30
 |B0.0B0.0B0.0B0.0|
 00000020  30 30 30 42 30 81 30 42  30 81 30 30 16 54 ae 6b
 |000B0.0B0.00.T.k|
 00000030  01 30 30 30 30 30 30 30  ae 01 00 00 00 00 00 00
 |.0000000........|
 00000040  30 d7 81 01 9c 81 30 30  30 30 83 30 30 30 86 85
 |0.....0000.000..|
 00000050  56 5f 56 50 39 83 81 01  30 30 30 84 30 30 30 30
 |V_VP9...000.0000|
 00000060  e0 01 00 00 00 00 00 00  0e b0 81 30 ba 81 30 54
 |...........0..0T|
 00000070  30 81 30 54 30 81 30 ae  01 30 30 30 30 30 30 30
 |0.0T0.0..0000000|
 00000080  d7 81 02 9c 81 30 9c 83  30 30 30 86 88 30 30 30
 |.....0..000..000|
 00000090  30 30 30 30 30 83 81 01  1f 43 b6 75 01 30 30 30
 |00000....C.u.000|
 000000a0  30 30 30 30 30 30 30 a3  30 30 30 30 30 30 30 30
 |0000000.00000000|
 000000b0  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0000000000000000|
 000000c0  30 30 30 30 30 30 30 30  30 30 30 a3 85 82 30 30
 |00000000000...00|
 000000d0  30 30 a3 a3 81 30 30 30  82 49 83 42 30 00 30 30
 |00...000.I.B0.00|
 000000e0  30 30 30 30 30 30 00 00  30 30 30 30 30 30 30 30
 |000000..00000000|
 000000f0  30 30 30 30 30 30 30 30  30 30 e0 30 30 30 30 30
 |0000000000.00000|
 00000100  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0000000000000000|
 *
 00000150  30 30 30 30 30 30 30 30  30 30 30 30 30 30 c6 30
 |00000000000000.0|
 00000160  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0000000000000000|
 *
 000001a0  30 30 30 30 30 30 30 30  95 30 30 30 30 30 30 30
 |00000000.0000000|
 000001b0  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0000000000000000|
 000001c0  30 95 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0.00000000000000|
 000001d0  30 30 30 30 30 30 30 30  30 30 95 30 30 30 30 30
 |0000000000.00000|
 000001e0  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30
 |0000000000000000|
 000001f0  30 30 30 93 30 30 30 30  30 30 30 30 30 30 30 30
 |000.000000000000|
 00000200  30 30 30 30 30 30 30 a3  85 82 30 30 30 30 a3 93
 |0000000...0000..|
 00000210  81 30 30 30 97 30 30 0e  30 30 30 30 30 30 30 00
 |.000.00.0000000.|
 00000220  00 30 30 a3 85 82 30 30  30 30 a3 99 81 30 30 30
 |.00...0000...000|
 00000230  86 30 30 96 30 30 49 e0  00 03 30 30 30 30 30 30
 |.00.00I...000000|
 00000240  30 30 30 30 30                                    |00000|
 00000245
 }}}


 > ffmpeg -threads 2 -v quiet -i $filename -f null -

 GDB:
 {{{
 Program received signal SIGINT, Interrupt.
 pthread_cond_wait@@GLIBC_2.3.2 () at
 ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
 185     ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S: No
 such file or directory.
 (gdb) bt
 #0  pthread_cond_wait@@GLIBC_2.3.2 () at
 ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
 #1  0x0000000000b6681e in ff_thread_decode_frame (avctx=0x22cc170,
 picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x7fffffffe070)
 at libavcodec/pthread_frame.c:496
 #2  0x0000000000c777a8 in avcodec_decode_video2 (avctx=0x22cc170,
 picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x22cd7b0) at
 libavcodec/utils.c:2272
 #3  0x0000000000c796b8 in do_decode (avctx=0x22cc170, pkt=0x22cd7b0) at
 libavcodec/utils.c:2822
 #4  0x0000000000c79c2a in avcodec_receive_frame (avctx=0x22cc170,
 frame=0x22f2070) at libavcodec/utils.c:2949
 #5  0x0000000000423348 in decode (avctx=0x22cc170, frame=0x22f2070,
 got_frame=0x7fffffffe39c, pkt=0x7fffffffe1d0) at ffmpeg.c:2256
 #6  0x0000000000423ae1 in decode_video (ist=0x22c8d00, pkt=0x7fffffffe3a0,
 got_output=0x7fffffffe39c, eof=1, decode_failed=0x7fffffffe398) at
 ffmpeg.c:2393
 #7  0x0000000000424a0d in process_input_packet (ist=0x22c8d00, pkt=0x0,
 no_eof=0) at ffmpeg.c:2628
 #8  0x0000000000429aa6 in process_input (file_index=0) at ffmpeg.c:4171
 #9  0x000000000042b4e3 in transcode_step () at ffmpeg.c:4481
 #10 0x000000000042b603 in transcode () at ffmpeg.c:4535
 #11 0x000000000042bce5 in main (argc=10, argv=0x7fffffffebc8) at
 ffmpeg.c:4740
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x7ffff76c602f to 0x7ffff76c606f:
    0x00007ffff76c602f <pthread_cond_wait@@GLIBC_2.3.2+159>:     add
 %bh,0xca(%rax)
    0x00007ffff76c6035 <pthread_cond_wait@@GLIBC_2.3.2+165>:     syscall
    0x00007ffff76c6037 <pthread_cond_wait@@GLIBC_2.3.2+167>:     cmp
 $0x0,%eax
    0x00007ffff76c603a <pthread_cond_wait@@GLIBC_2.3.2+170>:     sete
 %r8b
    0x00007ffff76c603e <pthread_cond_wait@@GLIBC_2.3.2+174>:     jmp
 0x7ffff76c604f <pthread_cond_wait@@GLIBC_2.3.2+191>
    0x00007ffff76c6040 <pthread_cond_wait@@GLIBC_2.3.2+176>:     mov
 $0x80,%esi
    0x00007ffff76c6045 <pthread_cond_wait@@GLIBC_2.3.2+181>:     xor
 %r8b,%r8b
    0x00007ffff76c6048 <pthread_cond_wait@@GLIBC_2.3.2+184>:     mov
 $0xca,%eax
    0x00007ffff76c604d <pthread_cond_wait@@GLIBC_2.3.2+189>:     syscall
 => 0x00007ffff76c604f <pthread_cond_wait@@GLIBC_2.3.2+191>:     mov
 (%rsp),%edi
    0x00007ffff76c6052 <pthread_cond_wait@@GLIBC_2.3.2+194>:     callq
 0x7ffff76c8710 <__pthread_disable_asynccancel>
    0x00007ffff76c6057 <pthread_cond_wait@@GLIBC_2.3.2+199>:     mov
 0x8(%rsp),%rdi
    0x00007ffff76c605c <pthread_cond_wait@@GLIBC_2.3.2+204>:     mov
 $0x1,%esi
    0x00007ffff76c6061 <pthread_cond_wait@@GLIBC_2.3.2+209>:     xor
 %eax,%eax
    0x00007ffff76c6063 <pthread_cond_wait@@GLIBC_2.3.2+211>:     lock
 cmpxchg %esi,(%rdi)
    0x00007ffff76c6067 <pthread_cond_wait@@GLIBC_2.3.2+215>:     jne
 0x7ffff76c614d <pthread_cond_wait@@GLIBC_2.3.2+445>
    0x00007ffff76c606d <pthread_cond_wait@@GLIBC_2.3.2+221>:     mov
 0x2c(%rdi),%edx
 End of assembler dump.
 (gdb) info all-registers
 rax            0xfffffffffffffe00       -512
 rbx            0x0      0
 rcx            0xffffffffffffffff       -1
 rdx            0x1      1
 rsi            0x80     128
 rdi            0x22caafc        36481788
 rbp            0x7fffffffe020   0x7fffffffe020
 rsp            0x7fffffffdf90   0x7fffffffdf90
 r8             0x22cab00        36481792
 r9             0x0      0
 r10            0x0      0
 r11            0x246    582
 r12            0x404080 4210816
 r13            0x7fffffffebc0   140737488350144
 r14            0x0      0
 r15            0x0      0
 rip            0x7ffff76c604f   0x7ffff76c604f
 <pthread_cond_wait@@GLIBC_2.3.2+191>
 eflags         0x246    [ PF ZF IF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 st0            0        (raw 0x00000000000000000000)
 st1            0        (raw 0x00000000000000000000)
 st2            0        (raw 0x00000000000000000000)
 st3            0        (raw 0x00000000000000000000)
 st4            0        (raw 0x00000000000000000000)
 st5            0        (raw 0x00000000000000000000)
 st6            0        (raw 0x00000000000000000000)
 st7            0        (raw 0x00000000000000000000)
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
 {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x0, 0xff <repeats
 15 times>}, v8_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 0xffff, 0xffff}, v4_int32 = {0xffffff00, 0xffffffff, 0xffffffff,
 0xffffffff}, v2_int64 = {0xffffffffffffff00, 0xffffffffffffffff},
   uint128 = 0xffffffffffffffffffffffffffffff00}
 xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0,
 0x0}, v4_int32 = {0x0, 0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000,
 0x0}, uint128 = 0x00000000000000000000ff0000000000}
 xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
 {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x6d, 0x70, 0x6c,
 0x65, 0x20, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x20, 0x6f, 0x70, 0x74,
 0x69}, v8_int16 = {0x706d, 0x656c, 0x6620, 0x6c69, 0x6574, 0x2072, 0x706f,
 0x6974}, v4_int32 = {0x656c706d, 0x6c696620, 0x20726574,
     0x6974706f}, v2_int64 = {0x6c696620656c706d, 0x6974706f20726574},
 uint128 = 0x6974706f207265746c696620656c706d}
 xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
 {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x74, 0x73, 0x0,
 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x20, 0x61, 0x72, 0x65, 0x73,
 0x61}, v8_int16 = {0x7374, 0x6400, 0x6665, 0x7561, 0x746c, 0x6120, 0x6572,
 0x6173}, v4_int32 = {0x64007374, 0x75616665, 0x6120746c,
     0x61736572}, v2_int64 = {0x7561666564007374, 0x617365726120746c},
 uint128 = 0x617365726120746c7561666564007374}
 xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0xff, 0x0 <repeats 15 times>}, v8_int16 = {0xff, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xff, 0x0, 0x0, 0x0}, v2_int64 =
 {0xff, 0x0}, uint128 = 0x000000000000000000000000000000ff}
 xmm13          {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
 0x0}, v16_int8 = {0xf9, 0xc8, 0xde, 0xfc, 0xd1, 0x21, 0x89, 0xbf, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xc8f9, 0xfcde, 0x21d1,
 0xbf89, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfcdec8f9, 0xbf8921d1, 0x0,
 0x0}, v2_int64 = {0xbf8921d1fcdec8f9, 0x0},
   uint128 = 0x0000000000000000bf8921d1fcdec8f9}
 xmm14          {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
 0x0}, v16_int8 = {0xf9, 0xc8, 0xde, 0xfc, 0xd1, 0x21, 0x89, 0xbf, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xc8f9, 0xfcde, 0x21d1,
 0xbf89, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfcdec8f9, 0xbf8921d1, 0x0,
 0x0}, v2_int64 = {0xbf8921d1fcdec8f9, 0x0},
   uint128 = 0x0000000000000000bf8921d1fcdec8f9}
 xmm15          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
 uint128 = 0x00000000000000000000000000000000}
 mxcsr          0x1fa8   [ OE PE IM DM ZM OM UM PM ]
 (gdb) up
 #1  0x0000000000b6681e in ff_thread_decode_frame (avctx=0x22cc170,
 picture=0x22ca780, got_picture_ptr=0x7fffffffe114, avpkt=0x7fffffffe070)
 at libavcodec/pthread_frame.c:496
 496                     pthread_cond_wait(&p->output_cond,
 &p->progress_mutex);
 (gdb) l
  491             p = &fctx->threads[finished++];
  492
  493             if (atomic_load(&p->state) != STATE_INPUT_READY) {
  494                 pthread_mutex_lock(&p->progress_mutex);
  495                 while (atomic_load_explicit(&p->state,
 memory_order_relaxed) != STATE_INPUT_READY)
 *496                     pthread_cond_wait(&p->output_cond,
 &p->progress_mutex);
  497                 pthread_mutex_unlock(&p->progress_mutex);
  498             }
  499
  500             av_frame_move_ref(picture, p->frame);
 (gdb)
 }}}


 Valgrind:
 {{{
 ==4185== HEAP SUMMARY:
 ==4185==     in use at exit: 400,453 bytes in 428 blocks
 ==4185==   total heap usage: 1,649 allocs, 1,221 frees, 889,427 bytes
 allocated
 ==4185==
 ==4185== 544 bytes in 2 blocks are possibly lost in loss record 143 of 176
 ==4185==    at 0x4C2AD10: calloc (in /usr/lib/valgrind/vgpreload_memcheck-
 amd64-linux.so)
 ==4185==    by 0x4010F91: allocate_dtv (dl-tls.c:296)
 ==4185==    by 0x401169D: _dl_allocate_tls (dl-tls.c:460)
 ==4185==    by 0x5342BE7: allocate_stack (allocatestack.c:589)
 ==4185==    by 0x5342BE7: pthread_create@@GLIBC_2.2.5
 (pthread_create.c:495)
 ==4185==    by 0xB67661: ff_frame_thread_init (pthread_frame.c:810)
 ==4185==    by 0x115BCD4: ff_thread_init (pthread.c:77)
 ==4185==    by 0xC74B6C: avcodec_open2 (utils.c:1419)
 ==4185==    by 0x4257F9: init_input_stream (ffmpeg.c:2890)
 ==4185==    by 0x427F81: transcode_init (ffmpeg.c:3592)
 ==4185==    by 0x42B55F: transcode (ffmpeg.c:4506)
 ==4185==    by 0x42BCE4: main (ffmpeg.c:4740)
 ==4185==
 ==4185== 6,800 bytes in 25 blocks are possibly lost in loss record 170 of
 176
 ==4185==    at 0x4C2AD10: calloc (in /usr/lib/valgrind/vgpreload_memcheck-
 amd64-linux.so)
 ==4185==    by 0x4010F91: allocate_dtv (dl-tls.c:296)
 ==4185==    by 0x401169D: _dl_allocate_tls (dl-tls.c:460)
 ==4185==    by 0x5342BE7: allocate_stack (allocatestack.c:589)
 ==4185==    by 0x5342BE7: pthread_create@@GLIBC_2.2.5
 (pthread_create.c:495)
 ==4185==    by 0x469F35: thread_init_internal (pthread.c:179)
 ==4185==    by 0x46A004: ff_graph_thread_init (pthread.c:210)
 ==4185==    by 0x4515A5: avfilter_graph_alloc_filter (avfiltergraph.c:194)
 ==4185==    by 0x46831C: create_filter (graphparser.c:114)
 ==4185==    by 0x468533: parse_filter (graphparser.c:176)
 ==4185==    by 0x468D7E: avfilter_graph_parse2 (graphparser.c:411)
 ==4185==    by 0x41AC85: configure_filtergraph (ffmpeg_filter.c:1031)
 ==4185==    by 0x423184: ifilter_send_frame (ffmpeg.c:2194)
 ==4185==
 ==4185== LEAK SUMMARY:
 ==4185==    definitely lost: 0 bytes in 0 blocks
 ==4185==    indirectly lost: 0 bytes in 0 blocks
 ==4185==      possibly lost: 7,344 bytes in 27 blocks
 ==4185==    still reachable: 393,109 bytes in 401 blocks
 ==4185==         suppressed: 0 bytes in 0 blocks
 ==4185== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==4185== To see them, rerun with: --leak-check=full --show-leak-kinds=all
 ==4185==
 ==4185== For counts of detected and suppressed errors, rerun with: -v
 ==4185== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
 Killed
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6268>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list