[FFmpeg-trac] #10795(avfilter:new): scale2ref filter crash
FFmpeg
trac at avcodec.org
Fri Jan 12 19:46:39 EET 2024
#10795: scale2ref filter crash
-------------------------------------+-------------------------------------
Reporter: Axel | Type: defect
Terizaki |
Status: new | Priority: normal
Component: avfilter | Version: git-
| master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
When using lavfi-complex with a scale2ref filter, ffmpeg crashes with a
core dump.
How to reproduce:
Example with trying to place picture 1 in picture 2 and trying to scale it
depending on picture 2's size.
{{{
% ffmpeg -report -v 9 -loglevel 99 -y -i default.jpg -filter_complex
"movie=../temp/qrcode.png[logo];[logo][0:v]scale2ref=w=(ih*.256):h=(ih*.256)[logo1][base];[base][logo1]overlay=x=W-(W*50/300):y=H*20/300"
output.png
ffmpeg version N-113315-gbfa1b7577d Copyright (c) 2000-2024 the FFmpeg
developers
built with gcc 13.2.1 (GCC) 20230801
configuration: --prefix=/usr --disable-debug --disable-static --disable-
stripping --disable-htmlpages --enable-amf --enable-avisynth --enable-
cuda-llvm --enable-lto --enable-fontconfig --enable-gmp --enable-gnutls
--enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-
libbluray --enable-libbs2b --enable-libdav1d --enable-libdrm --enable-
libfreetype --enable-libfribidi --enable-libgsm --enable-libiec61883
--enable-libjack --enable-libjxl --enable-libmodplug --enable-libmp3lame
--enable-libopencore_amrnb --enable-libopencore_amrwb --enable-libopenjpeg
--enable-libopenmpt --enable-libopus --enable-libpulse --enable-librav1e
--enable-librsvg --enable-libsoxr --enable-libspeex --enable-libsrt
--enable-libssh --enable-libsvtav1 --enable-libtheora --enable-libv4l2
--enable-libvidstab --enable-libvmaf --enable-libvorbis --enable-libvpl
--enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265
--enable-libxcb --enable-libxml2 --enable-libxvid --enable-libzimg
--enable-nvdec --enable-nvenc -- libavutil 58. 36.101 / 58. 36.101
libavcodec 60. 37.100 / 60. 37.100
libavformat 60. 20.100 / 60. 20.100
libavdevice 60. 4.100 / 60. 4.100
libavfilter 9. 17.100 / 9. 17.100
libswscale 7. 6.100 / 7. 6.100
libswresample 4. 13.100 / 4. 13.100
libpostproc 57. 4.100 / 57. 4.100
Splitting the commandline.
Reading option '-report' ... matched as option 'report' (generate a
report) with argument '1'.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-y' ... matched as option 'y' (overwrite output files)
with argument '1'.
Reading option '-i' ... matched as output url with argument 'default.jpg'.
Reading option '-filter_complex' ... matched as option 'filter_complex'
(create a complex filtergraph) with argument
'movie=../temp/qrcode.png[logo];[logo][0:v]scale2ref=w=(ih*.256):h=(ih*.256)[logo1][base];[base][logo1]overlay=x=W-(W*50/300):y=H*20/300'.
Reading option 'output.png' ... matched as output url.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option report (generate a report) with argument 1.
Applying option v (set logging level) with argument 9.
Applying option loglevel (set logging level) with argument 99.
Applying option y (overwrite output files) with argument 1.
Applying option filter_complex (create a complex filtergraph) with
argument
movie=../temp/qrcode.png[logo];[logo][0:v]scale2ref=w=(ih*.256):h=(ih*.256)[logo1][base];[base][logo1]overlay=x=W-(W*50/300):y=H*20/300.
[AVFilterGraph @ 0x5621acb3adc0] Setting 'filename' to value
'../temp/qrcode.png'
[AVFilterGraph @ 0x5621acb3adc0] Setting 'w' to value '(ih*.256)'
[AVFilterGraph @ 0x5621acb3adc0] Setting 'h' to value '(ih*.256)'
[AVFilterGraph @ 0x5621acb3adc0] Setting 'x' to value 'W-(W*50/300)'
[AVFilterGraph @ 0x5621acb3adc0] Setting 'y' to value 'H*20/300'
[AVFormatContext @ 0x5621acb49440] Opening '../temp/qrcode.png' for
reading
[file @ 0x5621acb49a00] Setting default whitelist 'file,crypto,data'
Probing image2 score:50 size:1525
Probing png_pipe score:99 size:1525
[png_pipe @ 0x5621acb49440] Format png_pipe probed with size=2048 and
score=99
[png_pipe @ 0x5621acb49440] Before avformat_find_stream_info() pos: 0
bytes read:1525 seeks:0 nb_streams:1
[png_pipe @ 0x5621acb49440] stream 0: start_time: NOPTS duration: NOPTS
[png_pipe @ 0x5621acb49440] format: start_time: NOPTS duration: NOPTS
(estimate from bit rate) bitrate=0 kb/s
[png_pipe @ 0x5621acb49440] After avformat_find_stream_info() pos: 1525
bytes read:1525 seeks:0 frames:1
[Parsed_movie_0 @ 0x5621acb3bac0] seek_point:0 format_name:(null)
file_name:../temp/qrcode.png stream_index:-1
[Parsed_scale2ref_1 @ 0x5621acb3bbc0] w:(ih*.256) h:(ih*.256) flags:''
interl:0
[AVIOContext @ 0x5621acb51b80] Statistics: 1525 bytes read, 0 seeks
Successfully parsed a group of options.
Parsing a group of options: input url default.jpg.
Successfully parsed a group of options.
Opening an input file: default.jpg.
[AVFormatContext @ 0x5621acb49440] Opening 'default.jpg' for reading
[file @ 0x5621acb49a00] Setting default whitelist 'file,crypto,data'
Probing image2 score:50 size:2048
Probing jpeg_pipe score:7 size:2048
[image2 @ 0x5621acb49440] Format image2 probed with size=2048 and score=50
[image2 @ 0x5621acb49440] Before avformat_find_stream_info() pos: 0 bytes
read:32768 seeks:0 nb_streams:1
[mjpeg @ 0x5621acb4a500] marker=d8 avail_size_in_buf=433582
[mjpeg @ 0x5621acb4a500] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x5621acb4a500] marker=e1 avail_size_in_buf=433580
[mjpeg @ 0x5621acb4a500] marker parser used 4416 bytes (35328 bits)
[mjpeg @ 0x5621acb4a500] marker=ed avail_size_in_buf=429161
[mjpeg @ 0x5621acb4a500] marker parser used 6387 bytes (51096 bits)
[mjpeg @ 0x5621acb4a500] marker=e1 avail_size_in_buf=422771
[mjpeg @ 0x5621acb4a500] marker parser used 4008 bytes (32064 bits)
[mjpeg @ 0x5621acb4a500] marker=ee avail_size_in_buf=418760
[mjpeg @ 0x5621acb4a500] marker parser used 14 bytes (112 bits)
[mjpeg @ 0x5621acb4a500] marker=db avail_size_in_buf=418744
[mjpeg @ 0x5621acb4a500] index=0
[mjpeg @ 0x5621acb4a500] qscale[0]: 1
[mjpeg @ 0x5621acb4a500] index=1
[mjpeg @ 0x5621acb4a500] qscale[1]: 3
[mjpeg @ 0x5621acb4a500] marker parser used 132 bytes (1056 bits)
[mjpeg @ 0x5621acb4a500] marker=c0 avail_size_in_buf=418610
[mjpeg @ 0x5621acb4a500] Changing bps from 0 to 8
[mjpeg @ 0x5621acb4a500] sof0: picture: 1920x1080
[mjpeg @ 0x5621acb4a500] component 0 1:1 id: 1 quant:0
[mjpeg @ 0x5621acb4a500] component 1 1:1 id: 2 quant:1
[mjpeg @ 0x5621acb4a500] component 2 1:1 id: 3 quant:1
[mjpeg @ 0x5621acb4a500] pix fmt id 11111100
[mjpeg @ 0x5621acb4a500] Format yuvj444p chosen by get_format().
[mjpeg @ 0x5621acb4a500] marker parser used 17 bytes (136 bits)
[mjpeg @ 0x5621acb4a500] marker=dd avail_size_in_buf=418591
[mjpeg @ 0x5621acb4a500] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x5621acb4a500] marker=c4 avail_size_in_buf=418585
[mjpeg @ 0x5621acb4a500] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x5621acb4a500] escaping removed 2047 bytes
[mjpeg @ 0x5621acb4a500] marker=da avail_size_in_buf=418165
[mjpeg @ 0x5621acb4a500] marker parser used 416118 bytes (3328944 bits)
[mjpeg @ 0x5621acb4a500] marker=d9 avail_size_in_buf=0
[mjpeg @ 0x5621acb4a500] decode frame unused 0 bytes
[image2 @ 0x5621acb49440] stream 0: start_time: 0 duration: 0.04
[image2 @ 0x5621acb49440] format: start_time: 0 duration: 0.04 (estimate
from stream) bitrate=86716 kb/s
[image2 @ 0x5621acb49440] After avformat_find_stream_info() pos: 433584
bytes read:433584 seeks:0 frames:1
Input #0, image2, from 'default.jpg':
Duration: 00:00:00.04, start: 0.000000, bitrate: 86716 kb/s
Stream #0:0, 1, 1/25: Video: mjpeg (Baseline), 1 reference frame,
yuvj444p(pc, bt470bg/unknown/unknown, center), 1920x1080, 0/1, 25 fps, 25
tbr, 25 tbn
Successfully opened the file.
Parsing a group of options: output url output.png.
Successfully parsed a group of options.
Opening an output file: output.png.
[out#0/image2 @ 0x5621acb50940] Creating output stream from unlabeled
output of complex filtergraph 0. This overrides automatic video mapping.
[vost#0:0/png @ 0x5621acb476c0] Created video stream from complex
filtergraph 0:[overlay:default]
[vost#0:0/png @ 0x5621acb476c0]
[out#0/image2 @ 0x5621acb50940] No explicit maps, mapping streams
automatically...
Successfully opened the file.
Stream mapping:
Stream #0:0 (mjpeg) -> scale2ref
overlay:default -> Stream #0:0 (png)
[vost#0:0/png @ 0x5621acb476c0] Starting thread...
[fc#0 @ 0x5621acb3a880] Starting thread...
[vist#0:0/mjpeg @ 0x5621acb4e180] Starting thread...
[in#0/image2 @ 0x5621acb496c0] Starting thread...
Press [q] to stop, [?] for help
[in#0/image2 @ 0x5621acb496c0] EOF while reading input
[in#0/image2 @ 0x5621acb496c0] Terminating thread with return code 0
(success)
[mjpeg @ 0x5621acb4aec0] marker=d8 avail_size_in_buf=433582
[mjpeg @ 0x5621acb4aec0] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x5621acb4aec0] marker=e1 avail_size_in_buf=433580
[mjpeg @ 0x5621acb4aec0] marker parser used 4416 bytes (35328 bits)
[mjpeg @ 0x5621acb4aec0] marker=ed avail_size_in_buf=429161
[mjpeg @ 0x5621acb4aec0] marker parser used 6387 bytes (51096 bits)
[mjpeg @ 0x5621acb4aec0] marker=e1 avail_size_in_buf=422771
[mjpeg @ 0x5621acb4aec0] marker parser used 4008 bytes (32064 bits)
[mjpeg @ 0x5621acb4aec0] marker=ee avail_size_in_buf=418760
[mjpeg @ 0x5621acb4aec0] marker parser used 14 bytes (112 bits)
[mjpeg @ 0x5621acb4aec0] marker=db avail_size_in_buf=418744
[mjpeg @ 0x5621acb4aec0] index=0
[mjpeg @ 0x5621acb4aec0] qscale[0]: 1
[mjpeg @ 0x5621acb4aec0] index=1
[mjpeg @ 0x5621acb4aec0] qscale[1]: 3
[mjpeg @ 0x5621acb4aec0] marker parser used 132 bytes (1056 bits)
[mjpeg @ 0x5621acb4aec0] marker=c0 avail_size_in_buf=418610
[mjpeg @ 0x5621acb4aec0] sof0: picture: 1920x1080
[mjpeg @ 0x5621acb4aec0] component 0 1:1 id: 1 quant:0
[mjpeg @ 0x5621acb4aec0] component 1 1:1 id: 2 quant:1
[mjpeg @ 0x5621acb4aec0] component 2 1:1 id: 3 quant:1
[mjpeg @ 0x5621acb4aec0] pix fmt id 11111100
[mjpeg @ 0x5621acb4aec0] Format yuvj444p chosen by get_format().
[mjpeg @ 0x5621acb4aec0] marker parser used 17 bytes (136 bits)
[mjpeg @ 0x5621acb4aec0] marker=dd avail_size_in_buf=418591
[mjpeg @ 0x5621acb4aec0] restart interval: 240
[mjpeg @ 0x5621acb4aec0] marker parser used 4 bytes (32 bits)
[mjpeg @ 0x5621acb4aec0] marker=c4 avail_size_in_buf=418585
[mjpeg @ 0x5621acb4aec0] class=0 index=0 nb_codes=12
[mjpeg @ 0x5621acb4aec0] class=0 index=1 nb_codes=12
[mjpeg @ 0x5621acb4aec0] class=1 index=0 nb_codes=162
[mjpeg @ 0x5621acb4aec0] class=1 index=1 nb_codes=162
[mjpeg @ 0x5621acb4aec0] marker parser used 418 bytes (3344 bits)
[mjpeg @ 0x5621acb4aec0] escaping removed 2047 bytes
[mjpeg @ 0x5621acb4aec0] marker=da avail_size_in_buf=418165
[mjpeg @ 0x5621acb4aec0] component: 1
[mjpeg @ 0x5621acb4aec0] component: 2
[mjpeg @ 0x5621acb4aec0] component: 3
[mjpeg @ 0x5621acb4aec0] marker parser used 416117 bytes (3328930 bits)
[mjpeg @ 0x5621acb4aec0] marker=d9 avail_size_in_buf=0
[mjpeg @ 0x5621acb4aec0] decode frame unused 0 bytes
[AVFilterGraph @ 0x7f9b0c001100] Setting 'filename' to value
'../temp/qrcode.png'
[AVFilterGraph @ 0x7f9b0c001100] Setting 'w' to value '(ih*.256)'
[vist#0:0/mjpeg @ 0x5621acb4e180] Decoder thread received EOF packet
[AVFilterGraph @ 0x7f9b0c001100] Setting 'h' to value '(ih*.256)'
[vist#0:0/mjpeg @ 0x5621acb4e180] Decoder returned EOF, finishing
[AVFilterGraph @ 0x7f9b0c001100] Setting 'x' to value 'W-(W*50/300)'
[vist#0:0/mjpeg @ 0x5621acb4e180] Terminating thread with return code 0
(success)
[AVFilterGraph @ 0x7f9b0c001100] Setting 'y' to value 'H*20/300'
detected 12 logical cores
[AVFormatContext @ 0x7f9b0c011740] Opening '../temp/qrcode.png' for
reading
[file @ 0x7f9b0c011d00] Setting default whitelist 'file,crypto,data'
Probing image2 score:50 size:1525
Probing png_pipe score:99 size:1525
[png_pipe @ 0x7f9b0c011740] Format png_pipe probed with size=2048 and
score=99
[png_pipe @ 0x7f9b0c011740] Before avformat_find_stream_info() pos: 0
bytes read:1525 seeks:0 nb_streams:1
[png_pipe @ 0x7f9b0c011740] stream 0: start_time: NOPTS duration: NOPTS
[png_pipe @ 0x7f9b0c011740] format: start_time: NOPTS duration: NOPTS
(estimate from bit rate) bitrate=0 kb/s
[png_pipe @ 0x7f9b0c011740] After avformat_find_stream_info() pos: 1525
bytes read:1525 seeks:0 frames:1
[Parsed_movie_0 @ 0x7f9b0c003d80] seek_point:0 format_name:(null)
file_name:../temp/qrcode.png stream_index:-1
[Parsed_scale2ref_1 @ 0x7f9b0c003ec0] w:(ih*.256) h:(ih*.256) flags:''
interl:0
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'video_size' to
value '1920x1080'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'pix_fmt' to
value '14'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'time_base' to
value '1/25'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'pixel_aspect' to
value '0/1'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'colorspace' to
value 'bt470bg'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'range' to value
'pc'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] Setting 'frame_rate' to
value '25/1'
[graph 0 input from stream 0:0 @ 0x7f9b0c017000] w:1920 h:1080
pixfmt:yuvj444p tb:1/25 fr:25/1 sar:0/1 csp:bt470bg range:pc
[format @ 0x7f9b0c047100] Setting 'pix_fmts' to value
'rgb24|rgba|rgb48be|rgba64be|pal8|gray|ya8|gray16be|ya16be|monob'
[auto_scale_0 @ 0x7f9b0c049680] w:iw h:ih flags:'' interl:0
[Parsed_overlay_2 @ 0x7f9b0c0113c0] auto-inserting filter 'auto_scale_0'
between the filter 'Parsed_scale2ref_1' and the filter 'Parsed_overlay_2'
[auto_scale_1 @ 0x7f9b0c0575c0] w:iw h:ih flags:'' interl:0
[format @ 0x7f9b0c047100] auto-inserting filter 'auto_scale_1' between the
filter 'Parsed_overlay_2' and the filter 'format'
[AVFilterGraph @ 0x7f9b0c001100] query_formats: 6 queried, 12 merged, 6
already done, 0 delayed
[auto_scale_1 @ 0x7f9b0c0575c0] picking rgba out of 10 ref:yuva420p
alpha:1
[swscaler @ 0x7f9b0c065400] deprecated pixel format used, make sure you
did set range correctly
[auto_scale_0 @ 0x7f9b0c049680] w:1920 h:1080 fmt:yuvj444p csp:unknown
range:pc sar:0/1 -> w:1920 h:1080 fmt:yuva420p csp:unknown range:unknown
sar:0/1 flags:0x00000004
[Parsed_scale2ref_1 @ 0x7f9b0c003ec0] w:1920 h:1080 fmt:yuvj444p
csp:unknown range:pc sar:0/1 -> w:276 h:276 fmt:yuva420p csp:unknown
range:unknown sar:1/1 flags:0x00000004
[Parsed_overlay_2 @ 0x7f9b0c0113c0] main w:1920 h:1080 fmt:yuva420p
overlay w:276 h:276 fmt:yuva420p
[Parsed_overlay_2 @ 0x7f9b0c0113c0] [framesync @ 0x7f9b0c0114e8] Selected
1/25 time base
[Parsed_overlay_2 @ 0x7f9b0c0113c0] [framesync @ 0x7f9b0c0114e8] Sync
level 2
[auto_scale_1 @ 0x7f9b0c0575c0] w:1920 h:1080 fmt:yuva420p csp:unknown
range:unknown sar:0/1 -> w:1920 h:1080 fmt:rgba csp:gbr range:pc sar:0/1
flags:0x00000004
[Parsed_overlay_2 @ 0x7f9b0c0113c0] Copying data in avfilter.
[Parsed_overlay_2 @ 0x7f9b0c0113c0] n:1.000000 t:0.000000 x:1600.000000
xi:1600 y:72.000000 yi:72
Output #0, image2, to 'output.png':
Metadata:
encoder : Lavf60.20.100
Stream #0:0, 0, 1/25: Video: png, 1 reference frame, rgba(pc,
gbr/unknown/unknown, progressive, center), 1920x1080 (0x0), 0/1, q=2-31,
200 kb/s, 25 fps, 25 tbn
Metadata:
encoder : Lavc60.37.100 png
[out#0/image2 @ 0x5621acb50940] Starting thread...
Assertion best_input >= 0 failed at fftools/ffmpeg_filter.c:1957
}}}
You can use any set of pictures for an example, it'll always crashes.
I've seen that bug when using mpv and found out it was ffmpeg causing the
issue. I've bisected the ffmpeg git to this commit :
https://github.com/FFmpeg/FFmpeg/commit/d9e41ead82263e96ebd14d4d88d6e7f858dd944c
Starting with this, ffmpeg/mpv crashes when trying to apply this lavfi-
complex line.
Hope this helps fix the issue somehow. I think this is easily reproducible
(tried with a friend) but if I can provide more information, please ask.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10795>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list