[FFmpeg-trac] #9917(undetermined:new): Crash on (corrupt) DNG file
FFmpeg
trac at avcodec.org
Fri Sep 9 21:33:17 EEST 2022
#9917: Crash on (corrupt) DNG file
-------------------------------------+-------------------------------------
Reporter: John P. | Type: defect
Kiffmeyer |
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
'''How to reproduce''': "{{{ffprobe original.dng}}}" File likely corrupt,
see details below.
'''Expected behavior''': Graceful error or warning, if necessary
'''Actual behavior''': Segmentation fault
'''Versions observed''':
- 4.4.2 on Mac (release build)
- 5.0.1 on Linux (release build) and Mac (release and debug builds)
- 5.1.1 on Mac (debug build)
- git-master (06b98e396adc467a5164a03d71dd71508a2d8881) on Mac (debug
build)
----
I'm seeing a segfault when running ffprobe on a particular DNG file. I
suspect the file itself is corrupt, as it also renders poorly or not at
all in other applications, but ffprobe is crashing on it.
Unfortunately, the file that reproduces this is a customer asset, so I
can't share it, but debugger output as well as some additional metadata is
included below in hopes those things are enough. If not, I'll see what I
can do.
I've observed this crash in release builds of 4.4.2, and 5.0.1, as well as
debug builds of 5.1.1 and git-master. The debugger output below was from
a debug build of 5.1.1, pulled from git, built on an Intel Mac.
Additional metadata from mediainfo and ImageMagick follow the debugger
output.
----
Debugger output from lldb:
{{{
➜ ~/code/__non_fio/ffmpeg/ffmpeg-git git:(1bad30dbe3) lldb ./ffprobe_g
(lldb) target create "./ffprobe_g"
Current executable set to '/Users/jpk/code/__non_fio/ffmpeg/ffmpeg-
git/ffprobe_g' (x86_64).
(lldb) run -v 9 -loglevel 99 -i ~/Downloads/original.dng
Process 68824 launched: '/Users/jpk/code/__non_fio/ffmpeg/ffmpeg-
git/ffprobe_g' (x86_64)
ffprobe version n5.1.1 Copyright (c) 2007-2022 the FFmpeg developers
built with Apple clang version 13.0.0 (clang-1300.0.29.30)
configuration: --disable-iconv --disable-asm --disable-optimizations
libavutil 57. 28.100 / 57. 28.100
libavcodec 59. 37.100 / 59. 37.100
libavformat 59. 27.100 / 59. 27.100
libavdevice 59. 7.100 / 59. 7.100
libavfilter 8. 44.100 / 8. 44.100
libswscale 6. 7.100 / 6. 7.100
libswresample 4. 7.100 / 4. 7.100
[NULL @ 0x105206650] Opening '/Users/jpk/Downloads/original.dng' for
reading
[file @ 0x1052069f0] Setting default whitelist 'file,crypto,data'
Probing image2 score:50 size:2048
Probing tiff_pipe score:51 size:2048
[tiff_pipe @ 0x105206650] Format tiff_pipe probed with size=2048 and
score=51
[tiff_pipe @ 0x105206650] Before avformat_find_stream_info() pos: 0 bytes
read:32768 seeks:0 nb_streams:1
[tiff_pipe @ 0x105206650] parser not found for codec tiff, packets or
times may be invalid.
Last message repeated 1 times
[tiff @ 0x1052070a0] compression: 7
[tiff @ 0x1052070a0] DNG file, version 1.4.0.0
[mjpeg @ 0x102b04b40] marker=d8 avail_size_in_buf=3776296
[mjpeg @ 0x102b04b40] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x102b04b40] marker=db avail_size_in_buf=3776294
[mjpeg @ 0x102b04b40] index=0
[mjpeg @ 0x102b04b40] qscale[0]: 2
[mjpeg @ 0x102b04b40] marker parser used 67 bytes (536 bits)
[mjpeg @ 0x102b04b40] marker=c1 avail_size_in_buf=3776225
[mjpeg @ 0x102b04b40] Changing bps from 0 to 12
[mjpeg @ 0x102b04b40] sof0: picture: 8528x602
[mjpeg @ 0x102b04b40] component 0 1:1 id: -1 quant:0
[mjpeg @ 0x102b04b40] component 1 1:1 id: 0 quant:0
[mjpeg @ 0x102b04b40] pix fmt id 11110000
[mjpeg @ 0x102b04b40] Format gray16le chosen by get_format().
[mjpeg @ 0x102b04b40] marker parser used 14 bytes (112 bits)
[mjpeg @ 0x102b04b40] marker=c4 avail_size_in_buf=3776209
[mjpeg @ 0x102b04b40] class=0 index=0 nb_codes=14
[mjpeg @ 0x102b04b40] marker parser used 33 bytes (264 bits)
[mjpeg @ 0x102b04b40] marker=c4 avail_size_in_buf=3776174
[mjpeg @ 0x102b04b40] class=1 index=0 nb_codes=84
[mjpeg @ 0x102b04b40] marker parser used 103 bytes (824 bits)
[mjpeg @ 0x102b04b40] escaping removed 13475 bytes
[mjpeg @ 0x102b04b40] marker=da avail_size_in_buf=3776069
[mjpeg @ 0x102b04b40] component: -1
[mjpeg @ 0x102b04b40] component: 0
Process 68824 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS
(code=1, address=0x10)
frame #0: 0x0000000100ee8934
ffprobe_g`idctSparseColPut_int16_12bit(dest=0x0000000000000010,
line_size=0, col=0x000000010480eb00) at simple_idct_template.c:271:13
268
269 IDCT_COLS;
270
-> 271 dest[0] = av_clip_pixel((int)(a0 + b0) >> COL_SHIFT);
272 dest += line_size;
273 dest[0] = av_clip_pixel((int)(a1 + b1) >> COL_SHIFT);
274 dest += line_size;
Target 0: (ffprobe_g) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS
(code=1, address=0x10)
* frame #0: 0x0000000100ee8934
ffprobe_g`idctSparseColPut_int16_12bit(dest=0x0000000000000010,
line_size=0, col=0x000000010480eb00) at simple_idct_template.c:271:13
frame #1: 0x0000000100ee8191
ffprobe_g`ff_simple_idct_put_int16_12bit(dest_="", line_size=0,
block_=0x000000010480eb00) at simple_idct_template.c:342:9
frame #2: 0x0000000100cdb626
ffprobe_g`mjpeg_decode_scan(s=0x000000010480e600, nb_components=2, Ah=0,
Al=0, mb_bitmask=0x0000000000000000, mb_bitmask_size=0,
reference=0x0000000000000000) at mjpegdec.c:1514:33
frame #3: 0x0000000100cd88cc
ffprobe_g`ff_mjpeg_decode_sos(s=0x000000010480e600,
mb_bitmask=0x0000000000000000, mb_bitmask_size=0,
reference=0x0000000000000000) at mjpegdec.c:1790:24
frame #4: 0x0000000100cdcf53
ffprobe_g`ff_mjpeg_receive_frame(avctx=0x0000000102b04b40,
frame=0x0000000102b04fc0) at mjpegdec.c:2623:24
frame #5: 0x00000001008d590b
ffprobe_g`decode_receive_frame_internal(avctx=0x0000000102b04b40,
frame=0x0000000102b04fc0) at decode.c:532:15
frame #6: 0x00000001008d5826
ffprobe_g`avcodec_send_packet(avctx=0x0000000102b04b40,
avpkt=0x0000000102b04ad0) at decode.c:604:15
frame #7: 0x0000000100f58e6e
ffprobe_g`dng_decode_jpeg(avctx=0x00000001052070a0,
frame=0x0000000105207590, tile_byte_count=3776298, dst_x=0, dst_y=0,
w=4264, h=2408) at tiff.c:660:11
frame #8: 0x0000000100f55778
ffprobe_g`tiff_unpack_strip(s=0x0000000105156000, p=0x0000000105207590,
dst="", stride=8528, src="\xff\xd8\xff\xdb", size=3776298, strip_start=0,
lines=2408) at tiff.c:850:20
frame #9: 0x0000000100f4e1be
ffprobe_g`decode_frame(avctx=0x00000001052070a0, p=0x0000000105207590,
got_frame=0x00007ffeefbfed4c, avpkt=0x0000000102b04580) at tiff.c:1990:24
frame #10: 0x00000001008d8b5c
ffprobe_g`decode_simple_internal(avctx=0x00000001052070a0,
frame=0x0000000105207590, discarded_samples=0x00007ffeefbfedb8) at
decode.c:307:15
frame #11: 0x00000001008d8858
ffprobe_g`decode_simple_receive_frame(avctx=0x00000001052070a0,
frame=0x0000000105207590) at decode.c:515:15
frame #12: 0x00000001008d5937
ffprobe_g`decode_receive_frame_internal(avctx=0x00000001052070a0,
frame=0x0000000105207590) at decode.c:536:15
frame #13: 0x00000001008d5826
ffprobe_g`avcodec_send_packet(avctx=0x00000001052070a0,
avpkt=0x00007ffeefbfeed0) at decode.c:604:15
frame #14: 0x00000001004e1ab3
ffprobe_g`try_decode_frame(s=0x0000000105206650, st=0x0000000105206cb0,
avpkt=0x00000001052077e8, options=0x0000000105206c60) at demux.c:2053:19
frame #15: 0x00000001004dfe26
ffprobe_g`avformat_find_stream_info(ic=0x0000000105206650,
options=0x0000000105206c60) at demux.c:2746:9
frame #16: 0x00000001000133e1
ffprobe_g`open_input_file(ifile=0x00007ffeefbff5b0,
filename="/Users/jpk/Downloads/original.dng",
print_filename=0x0000000000000000) at ffprobe.c:3316:15
frame #17: 0x000000010000e302
ffprobe_g`probe_file(wctx=0x000000010e009a00,
filename="/Users/jpk/Downloads/original.dng",
print_filename=0x0000000000000000) at ffprobe.c:3420:11
frame #18: 0x000000010000c87b ffprobe_g`main(argc=7,
argv=0x00007ffeefbff6b8) at ffprobe.c:4148:19
frame #19: 0x00007fff20646f3d libdyld.dylib`start + 1
frame #20: 0x00007fff20646f3d libdyld.dylib`start + 1
(lldb) frame variable
(uint16_t *) dest = 0x0000000000000010
(ptrdiff_t) line_size = 0
(int16_t *) col = 0x000000010480eb00
(unsigned int) a0 = 42902265
(unsigned int) a1 = 42157125
(unsigned int) a2 = 42316201
(unsigned int) a3 = 41833197
(unsigned int) b0 = 456858
(unsigned int) b1 = 434488
(unsigned int) b2 = 4294272359
(unsigned int) b3 = 4294222919
(lldb)
}}}
----
mediainfo metadata:
{{{
➜ ~/code/__non_fio/ffmpeg/ffmpeg-git git:(1bad30dbe3) mediainfo
~/Downloads/original.dng
General
Complete name :
/Users/jpk/Downloads/original.dng
Format : TIFF
File size : 3.61 MiB
Writing application : SONY RAW convertor
Writing library : ILCE-7SM3
FileExtension_Invalid : tiff tif
Image
Format : JPEG (ISO)
Format settings : Little
Width : 4 264 pixels
Height : 2 408 pixels
Bit depth : 16 bits
Density : 96 dpi
}}}
----
ImageMagick metadata:
{{{
➜ ~/code/__non_fio/ffmpeg/ffmpeg-git git:(1bad30dbe3) convert
~/Downloads/original.dng json:
[{
"version": "1.0",
"image": {
"name": "/Users/jpk/Downloads/original.dng",
"format": "DNG",
"formatDescription": "Digital Negative",
"class": "DirectClass",
"geometry": {
"width": 4264,
"height": 2408,
"x": 0,
"y": 0
},
"units": "Undefined",
"type": "Palette",
"endianness": "Undefined",
"colorspace": "sRGB",
"depth": 16,
"baseDepth": 16,
"channelDepth": {
"red": 11,
"green": 16,
"blue": 14
},
"pixels": 10267712,
"imageStatistics": {
"all": {
"min": 0,
"max": 65535,
"mean": 29.19,
"standardDeviation": 1330.98,
"kurtosis": 2240.14,
"skewness": 47.3509,
"entropy": 0.00347813
}
},
"channelStatistics": {
"red": {
"min": 0,
"max": 65535,
"mean": 48.2214,
"standardDeviation": 1776.98,
"kurtosis": 1354.06,
"skewness": 36.8244,
"entropy": 0.00550377
},
"green": {
"min": 0,
"max": 65535,
"mean": 28.0433,
"standardDeviation": 1355.34,
"kurtosis": 2331.9,
"skewness": 48.3102,
"entropy": 0.00341168
},
"blue": {
"min": 0,
"max": 65535,
"mean": 11.3053,
"standardDeviation": 860.631,
"kurtosis": 5792.25,
"skewness": 76.1191,
"entropy": 0.00151895
}
},
"renderingIntent": "Perceptual",
"gamma": 0.454545,
"chromaticity": {
"redPrimary": {
"x": 0.64,
"y": 0.33
},
"greenPrimary": {
"x": 0.3,
"y": 0.6
},
"bluePrimary": {
"x": 0.15,
"y": 0.06
},
"whitePrimary": {
"x": 0.3127,
"y": 0.329
}
},
"backgroundColor": "#FFFFFFFFFFFF",
"borderColor": "#DFDFDFDFDFDF",
"matteColor": "#BDBDBDBDBDBD",
"transparentColor": "#000000000000",
"interlace": "None",
"intensity": "Undefined",
"compose": "Over",
"pageGeometry": {
"width": 4264,
"height": 2408,
"x": 0,
"y": 0
},
"dispose": "Undefined",
"iterations": 0,
"compression": "Undefined",
"orientation": "Undefined",
"properties": {
"date:create": "2022-09-07T15:16:02+00:00",
"date:modify": "2022-08-31T18:42:20+00:00",
"dng:camera.model.name": "ILCE-7SM3",
"dng:create.date": "1970-01-01T00:00:00+00:00",
"dng:exposure.time": "1/1000000000000.0",
"dng:f.number": "dng",
"dng:focal.length": "0.0",
"dng:focal.length.in.35mm.format": "0 mm",
"dng:iso.setting": "0.0",
"dng:lens": "0.0-0.0mm f/0.0-0.0",
"dng:lens.f.stops": "0.00",
"dng:make": "Sony",
"dng:max.aperture.at.max.focal": "0.0",
"dng:max.aperture.at.min.focal": "0.0 mm",
"dng:max.aperture.value": "0.0",
"dng:max.focal.length": "0.0 mm",
"dng:min.focal.length": "0.0 mm",
"dng:software": "RAW convertor",
"dng:wb.rb.levels": "2.392578 1.569336 1.000000 0.000000",
"signature":
"cba58a106be84cda148144a21c48f7dc98b64eeef416c2e89f9814af3c44de2e"
},
"artifacts": {
"filename": "/Users/jpk/Downloads/original.dng"
},
"tainted": false,
"filesize": "3785330B",
"numberPixels": "10.2677M",
"pixelsPerSecond": "8.47782MB",
"userTime": "1.190u",
"elapsedTime": "0:02.211",
"version": "ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25
https://imagemagick.org"
}
}
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9917>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list