id,summary,reporter,owner,description,type,status,priority,component,version,resolution,keywords,cc,blockedby,blocking,reproduced,analyzed
1986,ffserver crashes while playing h264 video from matroska container over rtsp,sonntex,,"Summary of the bug:
I'm trying to play h264 video from matroska container over rtsp using ffserver and ffplay, and ffserver crashes on ffplay executing.
How to reproduce:
1. Configuration file for ffserver:
{{{
Port 8090
RTSPPort 8554
BindAddress 0.0.0.0
MaxHTTPConnections 2000
MaxClients 1000
MaxBandwidth 1000
CustomLog -
NoDaemon
Format rtp
File ""h264-cut.mkv""
}}}
2. Execute ffserver:
{{{
% ./ffserver_g -v 9 -loglevel 99 -f ffserver.conf
ffserver version 1.0 Copyright (c) 2000-2012 the FFmpeg developers
built on Dec 3 2012 23:47:06 with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-optimizations --enable-debug=3
libavutil 51. 73.101 / 51. 73.101
libavcodec 54. 59.100 / 54. 59.100
libavformat 54. 29.104 / 54. 29.104
libavdevice 54. 2.101 / 54. 2.101
libavfilter 3. 17.100 / 3. 17.100
libswscale 2. 1.101 / 2. 1.101
libswresample 0. 15.100 / 0. 15.100
Tue Dec 4 00:14:57 2012 Opening file 'h264-cut.mkv'
Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]Format matroska,webm probed with size=2048 and score=100
Tue Dec 4 00:14:57 2012 st:0 removing common factor 1000000 from timebase
Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]File position before avformat_find_stream_info() is 574
Tue Dec 4 00:14:57 2012 [h264 @ 0x35a1de0]Using externally provided dimensions
Tue Dec 4 00:14:57 2012 [h264 @ 0x35a1de0]no picture
Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]All info found
Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]File position after avformat_find_stream_info() is 113333
Tue Dec 4 00:14:57 2012 [AVIOContext @ 0x359b4c0]Statistics: 139214 bytes read, 0 seeks
Tue Dec 4 00:14:57 2012 FFserver started.
Segmentation fault (core dumped)
}}}
3. Execute ffplay:
{{{
% ./ffplay_g -v 9 -loglevel 99 rtsp://localhost:8554/h264-cut.mkv
ffplay version 1.0 Copyright (c) 2003-2012 the FFmpeg developers
built on Dec 3 2012 23:47:06 with gcc 4.7 (Debian 4.7.2-4)
configuration: --disable-optimizations --enable-debug=3
libavutil 51. 73.101 / 51. 73.101
libavcodec 54. 59.100 / 54. 59.100
libavformat 54. 29.104 / 54. 29.104
libavdevice 54. 2.101 / 54. 2.101
libavfilter 3. 17.100 / 3. 17.100
libswscale 2. 1.101 / 2. 1.101
libswresample 0. 15.100 / 0. 15.100
rtsp://localhost:8554/h264-cut.mkv: Invalid data found when processing input
}}}
Gdb:
{{{
% gdb ./ffserver_g core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type ""show copying""
and ""show warranty"" for details.
This GDB was configured as ""x86_64-linux-gnu"".
For bug reporting instructions, please see:
...
Reading symbols from /home/sonntex-devel/devel/ffmpeg-1.0/ffserver_g...done.
[New LWP 31838]
warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library ""/lib/x86_64-linux-gnu/libthread_db.so.1"".
Core was generated by `./ffserver_g -v 9 -loglevel 99 -f ffserver.conf'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000523e40 in sdp_write_media_attributes (
buff=0x35a36c0 ""v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n"", size=2048, c=0x35a2220, payload_type=96,
fmt=0x35a1940) at libavformat/sdp.c:405
405 if (fmt && fmt->oformat->priv_class &&
(gdb) bt
#0 0x0000000000523e40 in sdp_write_media_attributes (
buff=0x35a36c0 ""v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n"", size=2048, c=0x35a2220, payload_type=96,
fmt=0x35a1940) at libavformat/sdp.c:405
#1 0x00000000005246da in ff_sdp_write_media (buff=0x35a36c0 ""v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n"",
size=2048, c=0x35a2220, dest_addr=0x0, dest_type=0x7fff05c842e0 ""IP4"", port=0, ttl=0, fmt=0x35a1940) at libavformat/sdp.c:609
#2 0x00000000005249b0 in av_sdp_create (ac=0x7fff05c843c8, n_files=1,
buf=0x35a36c0 ""v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n"", size=2048) at libavformat/sdp.c:655
#3 0x000000000043d1cc in prepare_sdp_description (stream=0x3599320, pbuffer=0x7fff05c84448, my_ip=...) at ffserver.c:2969
#4 0x000000000043d41e in rtsp_cmd_describe (c=0x35a2640, url=0x7fff05c867a0 ""rtsp://localhost:8554/h264-cut.mkv"") at ffserver.c:3021
#5 0x000000000043cdf0 in rtsp_parse_request (c=0x35a2640) at ffserver.c:2908
#6 0x000000000043751e in handle_connection (c=0x35a2640) at ffserver.c:955
#7 0x0000000000436c97 in http_server () at ffserver.c:729
#8 0x00000000004429f9 in main (argc=7, argv=0x7fff05c86e28) at ffserver.c:4757
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x523e20 to 0x523e60:
0x0000000000523e20 : test %dh,%cl
0x0000000000523e22 : (bad)
0x0000000000523e23 : add %al,(%rax)
0x0000000000523e25 : jmpq 0x524598
0x0000000000523e2a : movl $0x1,-0xc(%rbp)
0x0000000000523e31 : cmpq $0x0,-0x40(%rbp)
0x0000000000523e36 : je 0x523e6e
0x0000000000523e38 : mov -0x40(%rbp),%rax
0x0000000000523e3c : mov 0x10(%rax),%rax
=> 0x0000000000523e40 : mov 0x38(%rax),%rax
0x0000000000523e44 : test %rax,%rax
0x0000000000523e47 : je 0x523e6e
0x0000000000523e49 : mov -0x40(%rbp),%rax
0x0000000000523e4d : mov 0x18(%rax),%rax
0x0000000000523e51 : mov $0xcc1d35,%edx
0x0000000000523e56 : mov $0xcc1d40,%esi
0x0000000000523e5b : mov %rax,%rdi
0x0000000000523e5e : callq 0xc95a48
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x35a1940 56236352
rcx 0x60 96
rdx 0x35a2220 56238624
rsi 0x800 2048
rdi 0x35a36c0 56243904
rbp 0x7fff05c84250 0x7fff05c84250
rsp 0x7fff05c841f0 0x7fff05c841f0
r8 0x35a1940 56236352
r9 0x1 1
r10 0x0 0
r11 0xfffffffb 4294967291
r12 0x435d00 4414720
r13 0x7fff05c86e20 140733290409504
r14 0x0 0
r15 0x0 0
rip 0x523e40 0x523e40
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st2 -nan(0x002000200) (raw 0xffff0000000002000200)
st3 -nan(0x200020002000200) (raw 0xffff0200020002000200)
st4 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st5 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st6 -nan(0x1010101010101010) (raw 0xffff1010101010101010)
st7 -inf (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x8000000000000000, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0xff000000, 0x0, 0x0},
v2_int64 = {0xff00000000000000, 0x0},
uint128 = 0x0000000000000000ff00000000000000
}
xmm1 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x25 },
v8_int16 = {0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525},
v4_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525},
v2_int64 = {0x2525252525252525, 0x2525252525252525},
uint128 = 0x25252525252525252525252525252525
}
xmm2 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 },
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm3 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xff00, 0x0, 0x0, 0x0, 0x0, 0xff00, 0x0, 0x0},
v4_int32 = {0xff00, 0x0, 0xff000000, 0x0},
v2_int64 = {0xff00, 0xff000000},
uint128 = 0x00000000ff000000000000000000ff00
}
xmm4 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x8000000000000000},
v16_int8 = {0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x61, 0x78, 0x20, 0x6d, 0x65, 0x6d, 0x6f},
v8_int16 = {0x6d, 0x0, 0x0, 0x0, 0x616d, 0x2078, 0x656d, 0x6f6d},
v4_int32 = {0x6d, 0x0, 0x2078616d, 0x6f6d656d},
v2_int64 = {0x6d, 0x6f6d656d2078616d},
uint128 = 0x6f6d656d2078616d000000000000006d
}
xmm5 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x95, 0x9c, 0xe7, 0x3f, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0},
---Type to continue, or q to quit---
v8_int16 = {0x0, 0xe000, 0x9c95, 0x3fe7, 0x1, 0x1, 0x1, 0x1},
v4_int32 = {0xe0000000, 0x3fe79c95, 0x10001, 0x10001},
v2_int64 = {0x3fe79c95e0000000, 0x1000100010001},
uint128 = 0x00010001000100013fe79c95e0000000
}
xmm6 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0},
v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d
}
xmm7 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x3bbcc868, 0x0, 0x0},
v2_int64 = {0x3bbcc86800000000, 0x0},
uint128 = 0x00000000000000003bbcc86800000000
}
xmm8 {
v4_float = {0x0, 0xfffffffd, 0x0, 0x0},
v2_double = {0xffffffffffffffd2, 0x0},
v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6, 0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xe6e0, 0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6735e6e0, 0xc047069e, 0x0, 0x0},
v2_int64 = {0xc047069e6735e6e0, 0x0},
uint128 = 0x0000000000000000c047069e6735e6e0
}
xmm9 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0},
v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000
}
xmm10 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0},
v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000
}
xmm11 {
v4_float = {0x9689a800, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea, 0x8f, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x5065a26a, 0xbd8feaf2, 0x0, 0x0},
v2_int64 = {0xbd8feaf25065a26a, 0x0},
uint128 = 0x0000000000000000bd8feaf25065a26a
}
xmm12 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x29, 0xf2, 0x88, 0x6c, 0xa6, 0x49, 0xde, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xf229, 0x6c88, 0x49a6, 0x3ede, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6c88f229, 0x3ede49a6, 0x0, 0x0},
v2_int64 = {0x3ede49a66c88f229, 0x0},
uint128 = 0x00000000000000003ede49a66c88f229
}
xmm13 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0},
v2_int64 = {0x3be64664175812b3, 0x0},
uint128 = 0x00000000000000003be64664175812b3
}
xmm14 {
v4_float = {0x0, 0x3, 0x0, 0x0},
v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0},
v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0
}
xmm15 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
---Type to continue, or q to quit---
v16_int8 = {0x0 },
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
}}}",defect,closed,important,FFserver,git-master,fixed,crash SIGSEGV regression,,,,1,0