[FFmpeg-trac] #10027(avcodec:new): vp4 crash

FFmpeg trac at avcodec.org
Mon Nov 28 01:48:00 EET 2022 

#10027: vp4 crash
------------------------------------+-----------------------------------
             Reporter:  ami_stuff   |                    Owner:  (none)
                 Type:  defect      |                   Status:  new
             Priority:  important   |                Component:  avcodec
              Version:  git-master  |               Resolution:
             Keywords:  vp4 crash   |               Blocked By:
             Blocking:              |  Reproduced by developer:  1
Analyzed by developer:  0           |
------------------------------------+-----------------------------------
Comment (by ami_stuff):

 with -threads 1 I get this:

 {{{
 Thread 1 "ffmpeg_g" received signal SIGABRT, Aborted.
 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 50      ../sysdeps/unix/sysv/linux/raise.c
 (gdb) bt
 #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 #1  0x00007ffff75fe859 in __GI_abort () at abort.c:79
 #2  0x00007ffff766926e in __libc_message (action=action at entry=do_abort,
     fmt=fmt at entry=0x7ffff779308f "*** %s ***: terminated\n")
     at ../sysdeps/posix/libc_fatal.c:155
 #3  0x00007ffff770baba in __GI___fortify_fail (
     msg=msg at entry=0x7ffff7793077 "stack smashing detected")
     at fortify_fail.c:26
 #4  0x00007ffff770ba86 in __stack_chk_fail () at stack_chk_fail.c:24
 #5  0x0000555555f87916 in vp3_decode_frame (avctx=<optimized out>,
     frame=<optimized out>, got_frame=<optimized out>, avpkt=<optimized
 out>)
     at libavcodec/vp3.c:2641
 #6  0x0000555555b93302 in decode_simple_internal (
     discarded_samples=<synthetic pointer>, frame=0x55555717de30,
     avctx=0x5555570247f0) at libavcodec/decode.c:307
 #7  decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized
 out>)
     at libavcodec/decode.c:563
 #8  decode_receive_frame_internal (avctx=avctx at entry=0x5555570247f0,
     frame=0x55555717de30) at libavcodec/decode.c:584
 #9  0x0000555555b93eb0 in avcodec_send_packet (avctx=0x5555570247f0,
     avpkt=0x555557021dd0) at libavcodec/decode.c:665
 #10 0x000055555570808f in decode (pkt=0x555557021dd0,
     got_frame=0x7fffffffdc60, frame=0x55555717c030, avctx=0x5555570247f0)
 --Type <RET> for more, q to quit, c to continue without paging--
     at fftools/ffmpeg.c:1984
 #11 decode_video (ist=0x5555570313d0, pkt=0x555557021dd0,
     got_output=0x7fffffffdc60, duration_pts=0x7fffffffdc70, eof=0,
     decode_failed=0x7fffffffdc64) at fftools/ffmpeg.c:2109
 #12 0x000055555570ac7a in process_input_packet (no_eof=0, pkt=<optimized
 out>,
     ist=0x5555570313d0) at fftools/ffmpeg.c:3558
 #13 process_input (file_index=<optimized out>) at fftools/ffmpeg.c:3683
 #14 transcode_step () at fftools/ffmpeg.c:3818
 #15 transcode () at fftools/ffmpeg.c:3865
 #16 0x00005555556e1c3b in main (argc=8, argv=0x7fffffffdf38)
     at fftools/ffmpeg.c:4010
 }}}

 {{{
 ==34043== Invalid read of size 8
 ==34043==    at 0x747318: decode_simple_internal (decode.c:311)
 ==34043==    by 0x747318: decode_simple_receive_frame (decode.c:563)
 ==34043==    by 0x747318: decode_receive_frame_internal (decode.c:584)
 ==34043==    by 0x747EAF: avcodec_send_packet (decode.c:665)
 ==34043==    by 0x2BC08E: decode (ffmpeg.c:1984)
 ==34043==    by 0x2BC08E: decode_video (ffmpeg.c:2109)
 ==34043==    by 0x2BEC79: process_input_packet (ffmpeg.c:2347)
 ==34043==    by 0x2BEC79: process_input (ffmpeg.c:3683)
 ==34043==    by 0x2BEC79: transcode_step (ffmpeg.c:3818)
 ==34043==    by 0x2BEC79: transcode (ffmpeg.c:3865)
 ==34043==    by 0x295C3A: main (ffmpeg.c:4010)
 ==34043==  Address 0x105ede780 is not stack'd, malloc'd or (recently)
 free'd
 ==34043==
 ==34043==
 ==34043== Process terminating with default action of signal 11 (SIGSEGV)
 ==34043==  Access not within mapped region at address 0x105EDE780
 ==34043==    at 0x747318: decode_simple_internal (decode.c:311)
 ==34043==    by 0x747318: decode_simple_receive_frame (decode.c:563)
 ==34043==    by 0x747318: decode_receive_frame_internal (decode.c:584)
 ==34043==    by 0x747EAF: avcodec_send_packet (decode.c:665)
 ==34043==    by 0x2BC08E: decode (ffmpeg.c:1984)
 ==34043==    by 0x2BC08E: decode_video (ffmpeg.c:2109)
 ==34043==    by 0x2BEC79: process_input_packet (ffmpeg.c:2347)
 ==34043==    by 0x2BEC79: process_input (ffmpeg.c:3683)
 ==34043==    by 0x2BEC79: transcode_step (ffmpeg.c:3818)
 ==34043==    by 0x2BEC79: transcode (ffmpeg.c:3865)
 ==34043==    by 0x295C3A: main (ffmpeg.c:4010)
 ==34043==  If you believe this happened as a result of a stack
 ==34043==  overflow in your program's main thread (unlikely but
 ==34043==  possible), you can try to increase the size of the
 ==34043==  main thread stack using the --main-stacksize= flag.
 ==34043==  The main thread stack size used in this run was 8388608.
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10027#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list