Opened 12 years ago

Closed 12 years ago

#1562 closed defect (duplicate)

ffmpeg crashes (segmentation violation) when copying time-delimited portion of .wmv file

Reported by: Jeff Barry Owned by:
Priority: normal Component: ffmpeg
Version: 0.10.4 Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

ffmpeg gets a segmentation violation when I try to trim off the start of some .wmv files (not all). I am using time to trim off some number of seconds worth of the video. It outputs a small amount of the output before it crashes. The time doesn't seem to be important. Some .wmv files crash and other succeed. Here are the particulars for the test case (cat flushing a toilet repeatedly). The input file name is water_leak_found.wmv; I will attempt to upload it by that name. I'm sorry the stack trace-back doesn't help much. My bet is that some bug outside of malloc et al overwrote a malloc data structure with trash causing malloc to fail. It's the usual problem of a bug laying a landmine for malloc to step on. I don't have valgrind on my system either.

How to reproduce:

atomik $?=0> uname -a
Linux atomik 2.6.37.6-smp #1 SMP Sat Apr 9 14:01:14 CDT 2011 i686 Intel(R) Atom(TM) CPU D510   @ 1.66GHz GenuineIntel GNU/Linux

atomik $?=0> cat /etc/slackware-version
Slackware 13.37.0

atomik $?=0> rm -f water_leak_found.TRIMMED.wmv

atomik $?=0> cksum water_leak_found.wmv
2892790208 3255612 water_leak_found.wmv

atomik $?=0> rm -f water_leak_found.TRIMMED.wmv

atomik $?=0> valgrind ffmpeg -ss 1 -i water_leak_found.wmv -acodec copy -vcodec copy  water_leak_found.TRIMMED.wmv
-bash: valgrind: command not found

atomik $?=0> gdb ffmpeg
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-slackware-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/ffmpeg...(no debugging symbols found)...done.
(gdb) run -ss 1 -i water_leak_found.wmv -acodec copy -vcodec copy  water_leak_found.TRIMMED.wmv
Starting program: /usr/bin/ffmpeg -ss 1 -i water_leak_found.wmv -acodec copy -vcodec copy  water_leak_found.TRIMMED.wmv
[Thread debugging using libthread_db enabled]
ffmpeg version 0.10.4 Copyright (c) 2000-2012 the FFmpeg developers
  built on Jul 17 2012 01:40:04 with gcc 4.5.2
  configuration: --prefix=/usr
  libavutil      51. 35.100 / 51. 35.100
  libavcodec     53. 61.100 / 53. 61.100
  libavformat    53. 32.100 / 53. 32.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 61.100 /  2. 61.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  6.100 /  0.  6.100
Input #0, asf, from 'water_leak_found.wmv':
  Metadata:
    Application     : Windows Movie Maker 2.1.4026.0
    WMFSDKVersion   : 10.00.00.3646
    WMFSDKNeeded    : 0.0.0.0000
    IsVBR           : 0
    artist          : Will F. Whittle
  Duration: 00:02:47.73, start: 0.000000, bitrate: 155 kb/s
    Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 16000 Hz, 1 channels, s16, 16 kb/s
    Stream #0:1: Video: wmv3 (Main) (WMV3 / 0x33564D57), yuv420p, 320x240, 134 kb/s, 15 tbr, 1k tbn, 1k tbc
Output #0, asf, to 'water_leak_found.TRIMMED.wmv':
  Metadata:
    Application     : Windows Movie Maker 2.1.4026.0
    WMFSDKVersion   : 10.00.00.3646
    WMFSDKNeeded    : 0.0.0.0000
    IsVBR           : 0
    Author          : Will F. Whittle
    WM/EncodingSettings: Lavf53.32.100
    Stream #0:0: Video: wmv3 (WMV3 / 0x33564D57), yuv420p, 320x240, q=2-31, 134 kb/s, 1k tbn, 1k tbc
    Stream #0:1: Audio: wmav2 (a[1][0][0] / 0x0161), 16000 Hz, 1 channels, 16 kb/s
Stream mapping:
  Stream #0:1 -> #0:0 (copy)
  Stream #0:0 -> #0:1 (copy)
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0xb7cba6d6 in malloc_consolidate () from /lib/libc.so.6
(gdb) bt
#0  0xb7cba6d6 in malloc_consolidate () from /lib/libc.so.6
#1  0xb7cbbe47 in _int_malloc () from /lib/libc.so.6
#2  0xb7cbd336 in _int_memalign () from /lib/libc.so.6
#3  0xb7cbf5b4 in memalign () from /lib/libc.so.6
#4  0xb7cc078f in posix_memalign () from /lib/libc.so.6
#5  0x08720b1e in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xb7cba6b6 to 0xb7cba6f6:
   0xb7cba6b6 <malloc_consolidate+118>:	(bad)
   0xb7cba6b7 <malloc_consolidate+119>:	je     0xb7cba808 <malloc_consolidate+456>
   0xb7cba6bd <malloc_consolidate+125>:	movl   $0x0,(%eax)
   0xb7cba6c3 <malloc_consolidate+131>:	jmp    0xb7cba749 <malloc_consolidate+265>
   0xb7cba6c8 <malloc_consolidate+136>:	add    %eax,%ecx
   0xb7cba6ca <malloc_consolidate+138>:	mov    0x8(%edi),%eax
   0xb7cba6cd <malloc_consolidate+141>:	mov    %eax,-0x1c(%ebp)
   0xb7cba6d0 <malloc_consolidate+144>:	mov    -0x1c(%ebp),%edx
   0xb7cba6d3 <malloc_consolidate+147>:	mov    0xc(%edi),%eax
=> 0xb7cba6d6 <malloc_consolidate+150>:	cmp    0xc(%edx),%edi
   0xb7cba6d9 <malloc_consolidate+153>:	jne    0xb7cba876 <malloc_consolidate+566>
   0xb7cba6df <malloc_consolidate+159>:	cmp    0x8(%eax),%edi
   0xb7cba6e2 <malloc_consolidate+162>:	jne    0xb7cba876 <malloc_consolidate+566>
   0xb7cba6e8 <malloc_consolidate+168>:	mov    -0x1c(%ebp),%edx
   0xb7cba6eb <malloc_consolidate+171>:	cmpl   $0x1ff,0x4(%edi)
   0xb7cba6f2 <malloc_consolidate+178>:	mov    %eax,0xc(%edx)
   0xb7cba6f5 <malloc_consolidate+181>:	mov    %edx,0x8(%eax)
End of assembler dump.
(gdb) info all-registers
eax            0x252879a	38963098
ecx            0x520	1312
edx            0x45b1d064	1169281124
ebx            0xb7da8ff4	-1210413068
esp            0xbfffc17c	0xbfffc17c
ebp            0xbfffc1d8	0xbfffc1d8
esi            0x8e62748	149301064
edi            0x8e62778	149301112
eip            0xb7cba6d6	0xb7cba6d6 <malloc_consolidate+150>
eflags         0x210202	[ IF RF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
st0            0	(raw 0x00000000000000000000)
st1            0	(raw 0x00000000000000000000)
st2            0	(raw 0x00000000000000000000)
st3            -2147483648	(raw 0xc01e8000000000000000)
st4            123456	(raw 0x400ff120000000000000)
st5            1	(raw 0x3fff8000000000000000)
st6            14.266999999999999459987520822323859	(raw 0x4002e445a1cac0831000)
st7            14333	(raw 0x400cdff4000000000000)
fctrl          0x37f	895
fstat          0x20	32
ftag           0xffff	65535
fiseg          0x73	115
fioff          0x80849ca	134760906
foseg          0x7b	123
fooff          0xbfffc870	-1073756048
fop            0x7bc	1980
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
    0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80	[ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0,
    0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4            {uint64 = 0xf120000000000000, v2_int32 = {0x0, 0xf1200000}, v4_int16 = {0x0, 0x0, 0x0,
    0xf120}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xf1}}
mm5            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0,
    0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6            {uint64 = 0xe445a1cac0831000, v2_int32 = {0xc0831000, 0xe445a1ca}, v4_int16 = {0x1000,
    0xc083, 0xa1ca, 0xe445}, v8_int8 = {0x0, 0x10, 0x83, 0xc0, 0xca, 0xa1, 0x45, 0xe4}}
mm7            {uint64 = 0xdff4000000000000, v2_int32 = {0x0, 0xdff40000}, v4_int16 = {0x0, 0x0, 0x0,
    0xdff4}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0xdf}}
(gdb) quit
A debugging session is active.

	Inferior 1 [process 18727] will be killed.

Quit anyway? (y or n) y^M

atomik $?=0> cksum water_leak_found.*
1377656358 221839 water_leak_found.TRIMMED.wmv
2892790208 3255612 water_leak_found.wmv

Change History (1)

comment:1 by Carl Eugen Hoyos, 12 years ago

Keywords: segentation violation .wmv removed
Resolution: duplicate
Status: newclosed

Duplicate of ticket #1563.

Note: See TracTickets for help on using tickets.