[FFmpeg-trac] #8252(undetermined:new): Segmentation fault at libavfilter/vf_waveform.c:777

FFmpeg trac at avcodec.org
Fri Oct 11 08:25:52 EEST 2019


#8252: Segmentation fault at libavfilter/vf_waveform.c:777
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 There is a Segmentation fault at libavfilter/vf_waveform.c:777
 {{{
 Thread 3 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0x7ffff5069700 (LWP 12595)]
 lowpass (s=<optimized out>, in=<optimized out>, out=0x230e940,
 intensity=10, column=1, mirror=1,
     jobnr=<optimized out>, nb_jobs=<optimized out>, component=<optimized
 out>,
     offset_y=<optimized out>, offset_x=<optimized out>) at
 libavfilter/vf_waveform.c:777
 777                     update(target, max, intensity);
 (gdb) bt
 #0  lowpass (s=<optimized out>, in=<optimized out>, out=0x230e940,
 intensity=10, column=1, mirror=1,
     jobnr=<optimized out>, nb_jobs=<optimized out>, component=<optimized
 out>,
     offset_y=<optimized out>, offset_x=<optimized out>) at
 libavfilter/vf_waveform.c:777
 #1  lowpass_column_mirror (ctx=<optimized out>, arg=<optimized out>,
 jobnr=<optimized out>,
     nb_jobs=<optimized out>) at libavfilter/vf_waveform.c:840
 #2  0x0000000000468a95 in worker_func (priv=0x22b6880, jobnr=1,
 threadnr=<optimized out>, nb_jobs=0,
     nb_threads=0) at libavfilter/pthread.c:50
 #3  0x00000000013f4927 in run_jobs (ctx=<optimized out>) at
 libavutil/slicethread.c:61
 #4  thread_worker (v=0x22bf5f0) at libavutil/slicethread.c:85
 #5  0x00007ffff668e6db in start_thread (arg=0x7ffff5069700) at
 pthread_create.c:463
 #6  0x00007ffff63b788f in clone () at
 ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 (gdb) list
 772             for (p = src_data + slicew_start; p < src_data_end; p++) {
 773                 uint8_t *target;
 774                 if (column) {
 775                     target = dst + dst_signed_linesize * *p;
 776                     dst += step;
 777                     update(target, max, intensity);
 778                 } else {
 779                     uint8_t *row = dst_data;
 780                     if (mirror)
 781                         target = row - *p - 1;
 (gdb) print dst
 $1 = (uint8_t *) 0x1 <error: Cannot access memory at address 0x1>
 (gdb) print dst_signed_linesize
 $2 = 0
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x555f47 to 0x555f87:
    0x0000000000555f47 <lowpass_column_mirror+343>:      lea
 (%r12,%rsi,1),%rsi
    0x0000000000555f4b <lowpass_column_mirror+347>:      lea
 (%r12,%r14,1),%rdi
    0x0000000000555f4f <lowpass_column_mirror+351>:      mov    %r9,%rax
    0x0000000000555f52 <lowpass_column_mirror+354>:      data16 data16
 data16 data16 nopw %cs:0x0(%rax,%rax,1)
    0x0000000000555f60 <lowpass_column_mirror+368>:      movzbl (%rdi),%edx
    0x0000000000555f63 <lowpass_column_mirror+371>:      imul   %r8,%rdx
 => 0x0000000000555f67 <lowpass_column_mirror+375>:      movzbl
 (%rax,%rdx,1),%ecx
    0x0000000000555f6b <lowpass_column_mirror+379>:      mov    $0xff,%bl
    0x0000000000555f6d <lowpass_column_mirror+381>:      cmp    %ecx,%r13d
    0x0000000000555f70 <lowpass_column_mirror+384>:      jl     0x555f77
 <lowpass_column_mirror+391>
    0x0000000000555f72 <lowpass_column_mirror+386>:      add    %r15b,%cl
    0x0000000000555f75 <lowpass_column_mirror+389>:      mov    %ecx,%ebx
    0x0000000000555f77 <lowpass_column_mirror+391>:      mov
 %bl,(%rax,%rdx,1)
    0x0000000000555f7a <lowpass_column_mirror+394>:      add    %rbp,%rax
    0x0000000000555f7d <lowpass_column_mirror+397>:      add    $0x1,%rdi
    0x0000000000555f81 <lowpass_column_mirror+401>:      cmp    %rsi,%rdi
    0x0000000000555f84 <lowpass_column_mirror+404>:      jb     0x555f60
 <lowpass_column_mirror+368>
    0x0000000000555f86 <lowpass_column_mirror+406>:      add
 -0x40(%rsp),%r12
 End of assembler dump.

 }}}
 How to reproduce:
 {{{
 % ffmpeg_g -y -r 101 -i $PoC -filter_complex waveform -target svcd
 -loglevel 99 tmp.hls

 ffmpeg version N-95314-g1331e00179 Copyright (c) 2000-2019 the FFmpeg
 developers
   built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
   configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8252>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list