id	summary	reporter	owner	description	type	status	priority	component	version	resolution	keywords	cc	blockedby	blocking	reproduced	analyzed
329	Crash when decoding vob file	ralexand	michael	"The input file is a DVD rip from Blade Runner Final Cut.  I was trying  to recode it with just the main english audio track.  I've had a bit of a look around and it seems somewhere the number of input streams gets increased during the packet decoding, so it thinks there are more input streams then actually exist (and are allocated for in memory) so it causes a segfault. I time limited to two minutes and the problem always happens at the end of the copy.  However doing this on another DVD rip (LAW & ORDER, simple single video + audio streams) works okay.


mig27 15:26:23$ ./ffprobe /vobs/BRFC/vob/001/BRFC-001.vob 
ffprobe version 0.8, Copyright (c) 2007-2011 the FFmpeg developers
  built on Jul  5 2011 15:06:24 with gcc 4.6.1
  configuration: --prefix=/usr --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libx264 --enable-gpl --enable-shared --enable-postproc --enable-libxvid --enable-pthreads --enable-nonfree --enable-libfaac --enable-libschroedinger --enable-libmp3lame
  libavutil    51.  9. 1 / 51.  9. 1
  libavcodec   53.  7. 0 / 53.  7. 0
  libavformat  53.  4. 0 / 53.  4. 0
  libavdevice  53.  1. 1 / 53.  1. 1
  libavfilter   2. 23. 0 /  2. 23. 0
  libswscale    2.  0. 0 /  2.  0. 0
  libpostproc  51.  2. 0 / 51.  2. 0
[mpeg @ 0x9b53360] max_analyze_duration 5000000 reached at 5000000
Input #0, mpeg, from '/vobs/BRFC/vob/001/BRFC-001.vob':
  Duration: 00:18:14.92, start: 0.287267, bitrate: 7845 kb/s
    Stream #0.0[0x1e0]: Video: mpeg2video (Main), yuv420p, 720x576 [PAR 64:45 DAR 16:9], 9800 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc
    Stream #0.1[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.2[0x81]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.3[0x82]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.4[0x83]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.5[0x84]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
    Stream #0.6[0x85]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
    Stream #0.7[0x86]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s

mig27 15:26:26$ gdb ffmpeg_g
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type ""show copying""
and ""show warranty"" for details.
This GDB was configured as ""i686-pc-linux-gnu"".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /vobs/build/32/ffmpeg-0.8/ffmpeg_g...done.
(gdb) run -i /vobs/BRFC/vob/001/BRFC-001.vob -acodec copy -vcodec copy -t 00:02:00 -f mp4 -y brfc.mp4
Starting program: /vobs/build/32/ffmpeg-0.8/ffmpeg_g -i /vobs/BRFC/vob/001/BRFC-001.vob -acodec copy -vcodec copy -t 00:02:00 -f mp4 -y brfc.mp4
[Thread debugging using libthread_db enabled]
ffmpeg version 0.8, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jul  5 2011 15:06:24 with gcc 4.6.1
  configuration: --prefix=/usr --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libx264 --enable-gpl --enable-shared --enable-postproc --enable-libxvid --enable-pthreads --enable-nonfree --enable-libfaac --enable-libschroedinger --enable-libmp3lame
  libavutil    51.  9. 1 / 51.  9. 1
  libavcodec   53.  7. 0 / 53.  7. 0
  libavformat  53.  4. 0 / 53.  4. 0
  libavdevice  53.  1. 1 / 53.  1. 1
  libavfilter   2. 23. 0 /  2. 23. 0
  libswscale    2.  0. 0 /  2.  0. 0
  libpostproc  51.  2. 0 / 51.  2. 0
[mpeg @ 0x8068360] max_analyze_duration 5000000 reached at 5000000
Input #0, mpeg, from '/vobs/BRFC/vob/001/BRFC-001.vob':
  Duration: 00:18:14.92, start: 0.287267, bitrate: 7845 kb/s
    Stream #0.0[0x1e0]: Video: mpeg2video (Main), yuv420p, 720x576 [PAR 64:45 DAR 16:9], 9800 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc
    Stream #0.1[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.2[0x81]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.3[0x82]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.4[0x83]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
    Stream #0.5[0x84]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
    Stream #0.6[0x85]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
    Stream #0.7[0x86]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Output #0, mp4, to 'brfc.mp4':
  Metadata:
    encoder         : Lavf53.4.0
    Stream #0.0: Video: mpeg2video, yuv420p, 720x576 [PAR 64:45 DAR 16:9], q=2-31, 9800 kb/s, 25 tbn, 25 tbc
    Stream #0.1: Audio: ac3, 48000 Hz, stereo, 192 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
  Stream #0.5 -> #0.1
Press [q] to stop, [?] for help
[mp4 @ 0x80690c0] pts has no value
    Last message repeated 254 times
Program received signal SIGSEGV, Segmentation fault.
0x08053b49 in transcode (nb_output_files=1, input_files=0x8062028, nb_input_files=1, 
    stream_maps=0x0, nb_stream_maps=0, output_files=0x8060d00) at ffmpeg.c:2739
2739	            pkt.dts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x8053b29 to 0x8053b69:
   0x08053b29 <transcode+7945>:	test   %esi,-0x74fffffc(%eax)
   0x08053b2f <transcode+7951>:	mov    $0xd4024,%esp
   0x08053b34 <transcode+7956>:	add    %cl,0xd3c24b4(%ebx)
   0x08053b3a <transcode+7962>:	add    %al,(%eax)
   0x08053b3c <transcode+7964>:	lea    -0x80000000(%edi),%eax
   0x08053b42 <transcode+7970>:	or     %esi,%eax
   0x08053b44 <transcode+7972>:	je     0x8053b95 <transcode+8053>
   0x08053b46 <transcode+7974>:	mov    0x4(%ebx),%eax
=> 0x08053b49 <transcode+7977>:	mov    0x3c(%eax),%edx
   0x08053b4c <transcode+7980>:	mov    0x38(%eax),%eax
   0x08053b4f <transcode+7983>:	movl   $0x1,0x8(%esp)
   0x08053b57 <transcode+7991>:	movl   $0xf4240,0xc(%esp)
   0x08053b5f <transcode+7999>:	mov    %edx,0x14(%esp)
   0x08053b63 <transcode+8003>:	mov    %eax,0x10(%esp)
   0x08053b67 <transcode+8007>:	mov    (%ebx),%eax
End of assembler dump.
(gdb) info all-registers
eax            0x5dc0	24000
ecx            0x9	9
edx            0x0	0
ebx            0x806f3c4	134673348
esp            0xffffbf50	0xffffbf50
ebp            0x0	0x0
esi            0x38f95e	3733854
edi            0x0	0
eip            0x8053b49	0x8053b49 <transcode+7977>
eflags         0x210282	[ SF IF RF ID ]
cs             0x23	35
ss             0x2b	43
ds             0x2b	43
es             0x2b	43
fs             0x0	0
gs             0x63	99
st0            -nan(0x8080808080808080)	(raw 0xffff8080808080808080)
st1            -nan(0x80008000800080)	(raw 0xffff0080008000800080)
st2            -nan(0x8080808080808080)	(raw 0xffff8080808080808080)
st3            -1	(raw 0xbfff8000000000000000)
st4            -1	(raw 0xbfff8000000000000000)
st5            1	(raw 0x3fff8000000000000000)
st6            1	(raw 0x3fff8000000000000000)
st7            1	(raw 0x3fff8000000000000000)
fctrl          0x37f	895
fstat          0x21	33
ftag           0xffff	65535
fiseg          0x0	0
fioff          0x0	0
foseg          0x0	0
fooff          0x0	0
fop            0x0	0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 
    0x0, 0xff, 0x0 <repeats 11 times>}, v8_int16 = {0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int32 = {0x0, 0xff, 0x0, 0x0}, v2_int64 = {0xff00000000, 0x0}, 
  uint128 = 0x0000000000000000000000ff00000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
---Type <return> to continue, or q <return> to quit---
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 
    0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80	[ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 0x80808080}, v4_int16 = {
    0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm1            {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080}, v4_int16 = {0x80, 0x80, 
    0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0}}
mm2            {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 0x80808080}, v4_int16 = {
    0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}

(gdb) bt
#0  0x08053b49 in transcode (nb_output_files=1, input_files=0x8062028, nb_input_files=1, 
    stream_maps=0x0, nb_stream_maps=0, output_files=0x8060d00) at ffmpeg.c:2739
#1  0x0804f6b7 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4576
(gdb) print ist->file_index
$1 = 0
(gdb) print input_files_ts_offset[0]
$2 = -287267
(gdb) print ist->st
$3 = (AVStream *) 0x5dc0

(gdb) list
2734	        ist = &input_streams[ist_index];
2735	        if (ist->discard)
2736	            goto discard_packet;
2737	
2738	        if (pkt.dts != AV_NOPTS_VALUE)
2739	            pkt.dts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);
2740	        if (pkt.pts != AV_NOPTS_VALUE)
2741	            pkt.pts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);
2742	
2743	        if (pkt.stream_index < nb_input_files_ts_scale[file_index]
(gdb) print ist_index
$6 = 9
"	defect	closed	important	FFmpeg	git-master	fixed	regression				1	0