Context Navigation

#2088 closed defect (fixed)

crash with forced aac and h264

Reported by:	ami_stuff	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	h264 leak regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

please add bt if reproducible (if not I will compile git head later)

http://www.datafilehost.com/download-efe6bb11.html

C:\>ffmpeg -cpuflags 0 -acodec aac -vcodec h264 -i dvdsub.vob out.mkv
ffmpeg version N-48329-g1f265f5 Copyright (c) 2000-2012 the FFmpeg developers
  built on Dec 31 2012 02:38:46 with gcc 4.5.0 (GCC) 20100414 (Fedora MinGW 4.5.
0-1.fc14)
  configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm -lpthread' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snap
shots/build/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/s
napshots/build/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3
--enable-nonfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-
libvorbis --enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-
libopencore-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
  libavutil      52. 13.100 / 52. 13.100
  libavcodec     54. 85.100 / 54. 85.100
  libavformat    54. 57.100 / 54. 57.100
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 30.102 /  3. 30.102
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100

Change History (6)

comment:1 by ami_stuff, 11 years ago

this seems to be sse-related

maybe compile build with these flags if can't be reproduced

--enable-mmx --enable-sse --disable-amd3dnow --disable-amd3dnowext --disable-mmxext --disable-sse2 --disable-sse3 --disable-ssse3 --disable-sse4 --disable-sse42 --disable-avx

(gdb) r -cpuflags +sse -acodec aac -vcodec h264 -i dvdsub.vob
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffmpeg_g.exe -cpuflags +
sse -acodec aac -vcodec h264 -i dvdsub.vob
[New Thread 1916.0x68c]

Program received signal SIGSEGV, Segmentation fault.
0x008db6de in clear_blocks_sse (blocks=0x4a57008)
    at libavcodec/x86/dsputil_mmx.c:472
472         __asm__ volatile (
(gdb) bt
#0  0x008db6de in clear_blocks_sse (blocks=0x4a57008)
    at libavcodec/x86/dsputil_mmx.c:472
#1  0x0073eec6 in mpeg_decode_mb (s=0x49ee6e8, block=<optimized out>)
    at libavcodec/mpeg12.c:821
#2  mpeg_decode_slice (s=0x49ee6e8, mb_y=0, buf=0x22f558, buf_size=59680)
    at libavcodec/mpeg12.c:1769
#3  0x007443ab in decode_chunks (avctx=0x49faf50, picture=0x4a0f008,
    got_output=0x22f704, buf=0x4a75820 "", buf_size=59736)
    at libavcodec/mpeg12.c:2508
#4  0x00744a2f in mpeg_decode_frame (avctx=0x49faf50, data=0x4a0f008,
    got_output=0x22f704, avpkt=0x22f600) at libavcodec/mpeg12.c:2577
#5  0x0056d9c2 in avcodec_decode_video2 (avctx=0x49faf50, picture=0x4a0f008,
    got_picture_ptr=0x22f704, avpkt=0x22f698) at libavcodec/utils.c:1621
#6  0x004795f7 in try_decode_frame (st=0x49fad60, avpkt=<optimized out>,
    options=0x0) at libavformat/utils.c:2478
#7  0x004824d4 in avformat_find_stream_info (ic=0x49e85e0, options=0x0)
    at libavformat/utils.c:2889
#8  0x004051a7 in open_input_file (o=0x22fba8, filename=<optimized out>)
    at ffmpeg_opt.c:794
#9  0x00402cdf in open_files (inout=<optimized out>,
    open_file=0x404dc4 <open_input_file>, l=<optimized out>)
    at ffmpeg_opt.c:2296
#10 0x00408b9f in ffmpeg_parse_options (argc=9, argv=0x4902890)
    at ffmpeg_opt.c:2333
#11 0x00b0cf09 in main (argc=9, argv=<optimized out>) at ffmpeg.c:3185
(gdb)

comment:2 by Carl Eugen Hoyos, 11 years ago

Component:	undetermined → avcodec
Keywords:	h264 added
Reproduced by developer:	set
Status:	new → open
Version:	unspecified → git-master

I can only reproduce invalid memory accesses:

valgrind ./ffmpeg_g -vcodec h264 -threads 1 -i dvdsub.vob
==7217== Memcheck, a memory error detector
==7217== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==7217== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==7217== Command: ffmpeg_g -vcodec h264 -threads 1 -i dvdsub.vob
==7217==
ffmpeg version N-48385-g5ed5e90 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jan  1 2013 21:30:44 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack
  libavutil      52. 13.100 / 52. 13.100
  libavcodec     54. 85.100 / 54. 85.100
  libavformat    54. 59.100 / 54. 59.100
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 30.102 /  3. 30.102
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100
==7217== Invalid read of size 4
==7217==    at 0x77E289: avpriv_h264_has_num_reorder_frames (h264.c:80)
==7217==    by 0x5951BC: try_decode_frame (utils.c:906)
==7217==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7217==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7217==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7217==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7217==    by 0x451377: main (ffmpeg.c:3185)
==7217==  Address 0x68a58d4 is 1,396 bytes inside a block of size 2,048 free'd
==7217==    at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7217==    by 0xBB7FBB: av_freep (mem.c:185)
==7217==    by 0x5DCEE3: ff_init_vlc_sparse (bitstream.c:338)
==7217==    by 0x423E78: ff_mpeg12_init_vlcs (mpeg12.c:690)
==7217==    by 0x4242BF: mpeg_decode_init (mpeg12.c:1150)
==7217==    by 0x9A0FC5: avcodec_open2 (utils.c:1030)
==7217==    by 0x595269: try_decode_frame (utils.c:2453)
==7217==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7217==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7217==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7217==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7217==    by 0x451377: main (ffmpeg.c:3185)
==7217==
[mpeg @ 0x66bcbe0] max_analyze_duration 5000000 reached at 5000000
==7217== Invalid read of size 4
==7217==    at 0x77E289: avpriv_h264_has_num_reorder_frames (h264.c:80)
==7217==    by 0x5951BC: try_decode_frame (utils.c:906)
==7217==    by 0x59DB02: avformat_find_stream_info (utils.c:2909)
==7217==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7217==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7217==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7217==    by 0x451377: main (ffmpeg.c:3185)
==7217==  Address 0x68a58d4 is 1,396 bytes inside a block of size 2,048 free'd
==7217==    at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7217==    by 0xBB7FBB: av_freep (mem.c:185)
==7217==    by 0x5DCEE3: ff_init_vlc_sparse (bitstream.c:338)
==7217==    by 0x423E78: ff_mpeg12_init_vlcs (mpeg12.c:690)
==7217==    by 0x4242BF: mpeg_decode_init (mpeg12.c:1150)
==7217==    by 0x9A0FC5: avcodec_open2 (utils.c:1030)
==7217==    by 0x595269: try_decode_frame (utils.c:2453)
==7217==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7217==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7217==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7217==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7217==    by 0x451377: main (ffmpeg.c:3185)
==7217==
Input #0, mpeg, from 'dvdsub.vob':
  Duration: 00:00:07.97, start: 1556.319267, bitrate: 5263 kb/s
    Stream #0:0[0x1e0]: Video: h264, yuv420p, 720x576 [SAR 64:45 DAR 16:9], 25 fps, 1.67 tbr, 90k tbn, 50 tbc
    Stream #0:1[0x80]: Audio: ac3, 48000 Hz, stereo, fltp, 192 kb/s
    Stream #0:2[0x20]: Subtitle: dvd_subtitle
    Stream #0:3[0x22]: Subtitle: dvd_subtitle
    Stream #0:4[0x24]: Subtitle: dvd_subtitle
    Stream #0:5[0x25]: Subtitle: dvd_subtitle
    Stream #0:6[0x26]: Subtitle: dvd_subtitle
    Stream #0:7[0x28]: Subtitle: dvd_subtitle
    Stream #0:8[0x29]: Subtitle: dvd_subtitle
    Stream #0:9[0x21]: Subtitle: dvd_subtitle
    Stream #0:10[0x23]: Subtitle: dvd_subtitle
    Stream #0:11[0x27]: Subtitle: dvd_subtitle
    Stream #0:12[0x2a]: Subtitle: dvd_subtitle
At least one output file must be specified
==7217==
==7217== HEAP SUMMARY:
==7217==     in use at exit: 0 bytes in 0 blocks
==7217==   total heap usage: 3,559 allocs, 3,559 frees, 12,151,708 bytes allocated
==7217==
==7217== All heap blocks were freed -- no leaks are possible
==7217==
==7217== For counts of detected and suppressed errors, rerun with: -v
==7217== ERROR SUMMARY: 119 errors from 2 contexts (suppressed: 2 from 2)

comment:3 by Carl Eugen Hoyos, 11 years ago

Keywords:	leak added

The following produces a memleak, not reproducible with -threads 1 (and not without actual decoding):

$ valgrind ./ffmpeg_g -vcodec h264 -threads 2 -i dvdsub.vob -f null -
==7255== Memcheck, a memory error detector
==7255== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==7255== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==7255== Command: ffmpeg_g -vcodec h264 -threads 2 -i dvdsub.vob -f null -
==7255==
ffmpeg version N-48385-g5ed5e90 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jan  1 2013 21:30:44 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack
  libavutil      52. 13.100 / 52. 13.100
  libavcodec     54. 85.100 / 54. 85.100
  libavformat    54. 59.100 / 54. 59.100
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 30.102 /  3. 30.102
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100
==7255== Invalid read of size 4
==7255==    at 0x77E289: avpriv_h264_has_num_reorder_frames (h264.c:80)
==7255==    by 0x5951BC: try_decode_frame (utils.c:906)
==7255==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7255==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7255==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7255==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7255==    by 0x451377: main (ffmpeg.c:3185)
==7255==  Address 0x68afcd4 is 1,396 bytes inside a block of size 2,048 free'd
==7255==    at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7255==    by 0xBB7FBB: av_freep (mem.c:185)
==7255==    by 0x5DCEE3: ff_init_vlc_sparse (bitstream.c:338)
==7255==    by 0x423E78: ff_mpeg12_init_vlcs (mpeg12.c:690)
==7255==    by 0x4242BF: mpeg_decode_init (mpeg12.c:1150)
==7255==    by 0x9A0FC5: avcodec_open2 (utils.c:1030)
==7255==    by 0x595269: try_decode_frame (utils.c:2453)
==7255==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7255==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7255==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7255==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7255==    by 0x451377: main (ffmpeg.c:3185)
==7255==
[mpeg @ 0x66c6fe0] max_analyze_duration 5000000 reached at 5000000
==7255== Invalid read of size 4
==7255==    at 0x77E289: avpriv_h264_has_num_reorder_frames (h264.c:80)
==7255==    by 0x5951BC: try_decode_frame (utils.c:906)
==7255==    by 0x59DB02: avformat_find_stream_info (utils.c:2909)
==7255==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7255==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7255==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7255==    by 0x451377: main (ffmpeg.c:3185)
==7255==  Address 0x68afcd4 is 1,396 bytes inside a block of size 2,048 free'd
==7255==    at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7255==    by 0xBB7FBB: av_freep (mem.c:185)
==7255==    by 0x5DCEE3: ff_init_vlc_sparse (bitstream.c:338)
==7255==    by 0x423E78: ff_mpeg12_init_vlcs (mpeg12.c:690)
==7255==    by 0x4242BF: mpeg_decode_init (mpeg12.c:1150)
==7255==    by 0x9A0FC5: avcodec_open2 (utils.c:1030)
==7255==    by 0x595269: try_decode_frame (utils.c:2453)
==7255==    by 0x59C755: avformat_find_stream_info (utils.c:2889)
==7255==    by 0x454C80: open_input_file (ffmpeg_opt.c:794)
==7255==    by 0x45349F: open_files.isra.6 (ffmpeg_opt.c:2295)
==7255==    by 0x458E48: ffmpeg_parse_options (ffmpeg_opt.c:2332)
==7255==    by 0x451377: main (ffmpeg.c:3185)
==7255==
Input #0, mpeg, from 'dvdsub.vob':
  Duration: 00:00:07.97, start: 1556.319267, bitrate: 5263 kb/s
    Stream #0:0[0x1e0]: Video: h264, yuv420p, 720x576 [SAR 64:45 DAR 16:9], 25 fps, 1.67 tbr, 90k tbn, 50 tbc
    Stream #0:1[0x80]: Audio: ac3, 48000 Hz, stereo, fltp, 192 kb/s
    Stream #0:2[0x20]: Subtitle: dvd_subtitle
    Stream #0:3[0x22]: Subtitle: dvd_subtitle
    Stream #0:4[0x24]: Subtitle: dvd_subtitle
    Stream #0:5[0x25]: Subtitle: dvd_subtitle
    Stream #0:6[0x26]: Subtitle: dvd_subtitle
    Stream #0:7[0x28]: Subtitle: dvd_subtitle
    Stream #0:8[0x29]: Subtitle: dvd_subtitle
    Stream #0:9[0x21]: Subtitle: dvd_subtitle
    Stream #0:10[0x23]: Subtitle: dvd_subtitle
    Stream #0:11[0x27]: Subtitle: dvd_subtitle
    Stream #0:12[0x2a]: Subtitle: dvd_subtitle
[h264 @ 0x742c480] Ignoring NAL 19 in global header/extradata
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.59.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 720x576 [SAR 64:45 DAR 16:9], q=2-31, 200 kb/s, 90k tbn, 1.67 tbc
    Stream #0:1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (h264 -> rawvideo)
  Stream #0:1 -> #0:1 (ac3 -> pcm_s16le)
Press [q] to stop, [?] for help
[h264 @ 0x66e1300] Ignoring NAL 19 in global header/extradata
[h264 @ 0x66e1300] non-existing PPS referenced
[h264 @ 0x742c480] non-existing PPS 2 referenced
[h264 @ 0x742c480] decode_slice_header error
[h264 @ 0x742c480] no frame!

...

Error while decoding stream #0:0: Operation not permitted
[ac3 @ 0x69b98a0] incomplete frame
Input stream #0:0 frame changed from size:720x576 fmt:yuv420p to size:150x8 fmt:yuv420p
[null @ 0x72d36e0] Encoder did not produce proper pts, making some up.
frame=   15 fps=4.1 q=0.0 size=N/A time=00:00:07.87 bitrate=N/A dup=14 drop=0    ^Mframe=   15 fps=4.1 q=0.0 Lsize=N/A time=00:00:09.00 bitrate=N/A dup=14 drop=0
video:1kB audio:1476kB subtitle:0 global headers:0kB muxing overhead -100.001454%
==7255==
==7255== HEAP SUMMARY:
==7255==     in use at exit: 212,240,756 bytes in 760 blocks
==7255==   total heap usage: 23,505 allocs, 22,745 frees, 261,093,140 bytes allocated
==7255==
==7255== LEAK SUMMARY:
==7255==    definitely lost: 211,124,240 bytes in 756 blocks
==7255==    indirectly lost: 558,316 bytes in 2 blocks
==7255==      possibly lost: 558,200 bytes in 2 blocks
==7255==    still reachable: 0 bytes in 0 blocks
==7255==         suppressed: 0 bytes in 0 blocks
==7255== Rerun with --leak-check=full to see details of leaked memory
==7255==
==7255== For counts of detected and suppressed errors, rerun with: -v
==7255== ERROR SUMMARY: 119 errors from 2 contexts (suppressed: 2 from 2)

comment:4 by Carl Eugen Hoyos, 11 years ago

I opened ticket #2095 for the aac memleak.

comment:5 by Michael Niedermayer, 11 years ago

Resolution:	→ fixed
Status:	open → closed

comment:6 by Carl Eugen Hoyos, 11 years ago

Keywords:	regression added
Priority:	normal → important

Note: See TracTickets for help on using tickets.

Download in other formats: