[FFmpeg-trac] #8299(undetermined:new): Segmentation fault in av_frame_ref at libavutil/frame.c:450

FFmpeg trac at avcodec.org
Thu Oct 17 11:12:19 EEST 2019

#8299: Segmentation fault in av_frame_ref at libavutil/frame.c:450
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  important
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
 Summary of the bug:
 There is a Segmentation fault in av_frame_ref at libavutil/frame.c:450
 How to reproduce:
 % ffmpeg_g -y -i $PoC -filter_complex dedot -target dv50 -loglevel 0 -map
 0 tmp.rpl

 ffmpeg version N-95425-g1e35519fe0 Copyright (c) 2000-2019 the FFmpeg
 built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug

 Here's GDB log

 libavutil/frame.c:450:32: runtime error: member access within null pointer
 of type 'const AVFrame' (aka 'const struct AVFrame')

 Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at
 450         dst->format         = src->format;
 (gdb) bt
 #0  0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at
 #1  0x0000000005908fc0 in av_frame_clone (src=0x0) at
 #2  0x00000000008f31aa in activate (ctx=0x93edd80) at
 #3  0x00000000005ce2ec in ff_filter_activate (filter=<optimized out>) at
 #4  0x00000000005eecd3 in get_frame_internal (ctx=0x93ee780,
 frame=<optimized out>, flags=1,
     samples=<optimized out>) at libavfilter/buffersink.c:110
 #5  0x00000000005e254b in avfilter_graph_request_oldest (graph=0x93e8a80)
 at libavfilter/avfiltergraph.c:1409
 #6  0x000000000048c3a2 in transcode_from_filter (graph=0x93ae700,
 best_ist=<optimized out>)
     at fftools/ffmpeg.c:4531
 #7  transcode_step () at fftools/ffmpeg.c:4606
 #8  transcode () at fftools/ffmpeg.c:4682
 #9  0x0000000000487da4 in main (argc=13, argv=<optimized out>) at
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x5903ab8 to 0x5903af8:
    0x0000000005903ab8 <av_frame_ref+24>:        xchg   %eax,%ebp
    0x0000000005903ab9 <av_frame_ref+25>:        rolb   $0xc7,-0xa(%rcx)
    0x0000000005903abd <av_frame_ref+29>:        (bad)
    0x0000000005903abe <av_frame_ref+30>:        sete   %r12b
    0x0000000005903ac2 <av_frame_ref+34>:        and    %al,%r12b
    0x0000000005903ac5 <av_frame_ref+37>:        je     0x5903e72
    0x0000000005903acb <av_frame_ref+43>:        lea    0x74(%r15),%rbx
    0x0000000005903acf <av_frame_ref+47>:        test   $0x3,%bl
    0x0000000005903ad2 <av_frame_ref+50>:        jne    0x5903e8c
 => 0x0000000005903ad8 <av_frame_ref+56>:        mov    (%rbx),%ebp
    0x0000000005903ada <av_frame_ref+58>:        test   %r14,%r14
    0x0000000005903add <av_frame_ref+61>:        setne  %al
    0x0000000005903ae0 <av_frame_ref+64>:        test   $0x7,%r14b
    0x0000000005903ae4 <av_frame_ref+68>:        sete   %cl
    0x0000000005903ae7 <av_frame_ref+71>:        and    %al,%cl
    0x0000000005903ae9 <av_frame_ref+73>:        mov    %cl,0x6(%rsp)
    0x0000000005903aed <av_frame_ref+77>:        je     0x5903e9e
    0x0000000005903af3 <av_frame_ref+83>:        lea    0x74(%r14),%rbx
    0x0000000005903af7 <av_frame_ref+87>:        test   $0x3,%bl
 End of assembler dump.

 Please confirm.

Ticket URL: <https://trac.ffmpeg.org/ticket/8299>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list