Opened 10 years ago
Closed 10 years ago
#3430 closed defect (fixed)
Crash in atempo if a duration was specified
| Reported by: | Waraqa | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avfilter |
| Version: | git-master | Keywords: | crash atempo regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
While I was trying to combine audio and video from different inputs (and synchronize them), I forgot to use map option and got segfault when atempo audio filter applied to the output.
How to reproduce:
This simple command should produce the bug.
% ~/ffmpeg-git-20140302-64bit-static/ffmpeg -i MVI_0125.MOV -filter:a 'atempo=1.0005' test.mp4
ffmpeg version N-40688-gf5d1d1e- http://johnvansickle.com/ffmpeg/ Copyright (c) 2000-2014 the FFmpeg developers
built on Mar 2 2014 02:29:40 with gcc 4.8 (Debian 4.8.2-16)
configuration: --enable-gpl --enable-version3 --disable-shared --disable-debug --enable-runtime-cpudetect --enable-libmp3lame --enable-libx264 --enable-libx265 --enable-libwebp --enable-libspeex --enable-libvorbis --enable-libvpx --enable-libfreetype --enable-libxvid --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libtheora --enable-libvo-aacenc --enable-libvo-amrwbenc --enable-gray --enable-libopenjpeg --enable-libopus --disable-ffserver
libavutil 52. 66.100 / 52. 66.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 2.100 / 4. 2.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'MVI_0125.MOV':
Metadata:
major_brand : qt
minor_version : 537331968
compatible_brands: qt CAEP
creation_time : 2014-02-21 08:45:18
Duration: 00:36:02.16, start: 0.000000, bitrate: 4756 kb/s
Stream #0:0(eng): Video: h264 (Constrained Baseline) (avc1 / 0x31637661), yuvj420p(pc, smpte170m), 640x480, 3217 kb/s, 29.97 fps, 29.97 tbr, 30k tbn, 60k tbc (default)
Metadata:
creation_time : 2014-02-21 08:45:18
Stream #0:1(eng): Audio: pcm_s16le (sowt / 0x74776F73), 48000 Hz, stereo, s16, 1536 kb/s (default)
Metadata:
creation_time : 2014-02-21 08:45:18
No pixel format specified, yuvj420p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x39ab260] using cpu capabilities: MMX2 SSE2Fast LZCNT
[libx264 @ 0x39ab260] profile High, level 3.0
[libx264 @ 0x39ab260] 264 - core 142 r14 956c8d8 - H.264/MPEG-4 AVC codec - Copyleft 2003-2014 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=3 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00
Output #0, mp4, to 'test.mp4':
Metadata:
major_brand : qt
minor_version : 537331968
compatible_brands: qt CAEP
encoder : Lavf55.33.100
Stream #0:0(eng): Video: h264 (libx264) ([33][0][0][0] / 0x0021), yuvj420p, 640x480, q=-1--1, 30k tbn, 29.97 tbc (default)
Metadata:
creation_time : 2014-02-21 08:45:18
Stream #0:1(eng): Audio: aac (libvo_aacenc) ([64][0][0][0] / 0x0040), 48000 Hz, stereo, s16, 128 kb/s (default)
Metadata:
creation_time : 2014-02-21 08:45:18
Stream mapping:
Stream #0:0 -> #0:0 (h264 -> libx264)
Stream #0:1 -> #0:1 (pcm_s16le -> libvo_aacenc)
Press [q] to stop, [?] for help
frame= 55 fps=0.0 q=29.0 size= 39kB time=00:00:01.90 bitrate= 166.3kbits/frame= 77 fps= 75 q=29.0 size= 77kB time=00:00:02.91 bitrate= 216.9kbits/frame= 102 fps= 66 q=29.0 size= 120kB time=00:00:03.42 bitrate= 287.2kbits/frame= 127 fps= 61 q=29.0 size= 158kB time=00:00:04.42 bitrate= 292.7kbits/*** Error in `/home/user/ffmpeg-git-20140302-64bit-static/ffmpeg': double free or corruption (!prev): 0x0000000003a6fde0 ***
*** Error in `/home/user/ffmpeg-git-20140302-64bit-static/ffmpeg': double free or corruption (!prev): 0x0000000003a6fde0 ***
*** Error in `/home/user/ffmpeg-git-20140302-64bit-static/ffmpeg': corrupted double-linked list: 0x00000000040a18c0 ***
*** Error in `/home/user/ffmpeg-git-20140302-64bit-static/ffmpeg': free(): corrupted unsorted chunks: 0x00000000040a08b0 ***
Segmentation fault
I think ffmpeg should warn that the audio stream will become shorter/longer than its video.
Attachments (1)
Change History (7)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
In fact, I have removed -t from the command above and just realized that it doesn't crash without it.
It doesn't matter what output codec is being used (tried also with webm and theora). However, I have uploaded 1 second sample which could be used to reproduce the bug with this exact command:
ffmpeg -i MVI_0155.MOV -filter:a 'atempo=0.5' -t 1 test.mp4
comment:3 by , 10 years ago
| Keywords: | crash atempo regression added |
|---|---|
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
Regression since dd9555e9
$ valgrind ./ffmpeg_g -i fate-suite/svq3/Vertical400kbit.sorenson3.mov -af atempo -t 1 -vn -f null -
==1875== Memcheck, a memory error detector
==1875== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==1875== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==1875== Command: ./ffmpeg_g -i fate-suite/svq3/Vertical400kbit.sorenson3.mov -af atempo -t 1 -vn -f null -
==1875==
ffmpeg version N-61051-g40feed5 Copyright (c) 2000-2014 the FFmpeg developers
built on Mar 3 2014 14:25:25 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 52. 66.100 / 52. 66.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 2.100 / 4. 2.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 18.100 / 0. 18.100
libpostproc 52. 3.100 / 52. 3.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'fate-suite/svq3/Vertical400kbit.sorenson3.mov':
Metadata:
creation_time : 2001-03-20 16:17:18
title : Vertical Online SV3 Demo
title-eng : Vertical Online SV3 Demo
artist : Logan Kelsey
artist-eng : Logan Kelsey
copyright : © Vertical Online 2001
copyright-eng : © Vertical Online 2001
encoder : Sorenson Video 3
encoder-eng : Sorenson Video 3
Duration: 00:00:43.58, start: 0.000000, bitrate: 580 kb/s
Stream #0:0(eng): Video: svq3 (SVQ3 / 0x33515653), yuvj420p, 320x240, 391 kb/s, 30.02 fps, 30 tbr, 600 tbn, 600 tbc (default)
Metadata:
creation_time : 2001-03-20 16:17:18
handler_name : Apple Alias Data Handler
Stream #0:1(eng): Audio: adpcm_ima_qt (ima4 / 0x34616D69), 44100 Hz, mono, s16p, 176 kb/s (default)
Metadata:
creation_time : 2001-03-20 16:17:18
handler_name : Apple Alias Data Handler
Output #0, null, to 'pipe:':
Metadata:
encoder-eng : Sorenson Video 3
title : Vertical Online SV3 Demo
title-eng : Vertical Online SV3 Demo
artist : Logan Kelsey
artist-eng : Logan Kelsey
copyright : © Vertical Online 2001
copyright-eng : © Vertical Online 2001
encoder : Lavf55.33.100
Stream #0:0(eng): Audio: pcm_s16le, 44100 Hz, mono, s16, 705 kb/s (default)
Metadata:
creation_time : 2001-03-20 16:17:18
handler_name : Apple Alias Data Handler
Stream mapping:
Stream #0:1 -> #0:0 (adpcm_ima_qt -> pcm_s16le)
Press [q] to stop, [?] for help
Multiple frames in a packet from stream 1
==1875== Invalid read of size 8
==1875== at 0x4EA2A8: filter_frame (af_atempo.c:1098)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4E74B2: filter_frame (af_aresample.c:215)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x493F71: request_frame (buffersrc.c:500)
==1875== by 0x49420A: av_buffersrc_add_frame_internal (buffersrc.c:181)
==1875== by 0x49459C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==1875== by 0x47F5B5: decode_audio (ffmpeg.c:1722)
==1875== by 0x481CB5: process_input (ffmpeg.c:1962)
==1875== by 0x467FDF: main (ffmpeg.c:3389)
==1875== Address 0xc196720 is 0 bytes inside a block of size 624 free'd
==1875== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1875== by 0xD2016B: av_freep (mem.c:231)
==1875== by 0x48EF1D: ff_filter_frame_framed (avfilter.c:1008)
==1875== by 0x48F2C0: default_filter_frame (avfilter.c:1161)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4EA2E8: filter_frame (af_atempo.c:1060)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4E74B2: filter_frame (af_aresample.c:215)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875==
==1875== Invalid write of size 4
==1875== at 0x4EA2BE: filter_frame (af_atempo.c:1051)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4E74B2: filter_frame (af_aresample.c:215)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x493F71: request_frame (buffersrc.c:500)
==1875== by 0x49420A: av_buffersrc_add_frame_internal (buffersrc.c:181)
==1875== by 0x49459C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==1875== by 0x47F5B5: decode_audio (ffmpeg.c:1722)
==1875== by 0x481CB5: process_input (ffmpeg.c:1962)
==1875== by 0x467FDF: main (ffmpeg.c:3389)
==1875== Address 0xc1968e4 is 452 bytes inside a block of size 624 free'd
==1875== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1875== by 0xD2016B: av_freep (mem.c:231)
==1875== by 0x48EF1D: ff_filter_frame_framed (avfilter.c:1008)
==1875== by 0x48F2C0: default_filter_frame (avfilter.c:1161)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4EA2E8: filter_frame (af_atempo.c:1060)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875== by 0x4E74B2: filter_frame (af_aresample.c:215)
==1875== by 0x48EDB9: ff_filter_frame_framed (avfilter.c:1081)
==1875== by 0x48FEB8: ff_filter_frame (avfilter.c:1161)
==1875==
...
comment:4 by , 10 years ago
| Summary: | Segfault when applying atempo on audio from the same video input → Crash in atempo if a duration was specified |
|---|
comment:5 by , 10 years ago
You should build with --assert-level=2 when you intend to debug, you would get more informative results:
Assertion frame->format == link->format failed at libavfilter/avfilter.c:1147
Apparently, af_atempo sends a frame with format -1, I am trying to find out why.
comment:6 by , 10 years ago
| Component: | undetermined → avfilter |
|---|---|
| Resolution: | → fixed |
| Status: | open → closed |
Fixed by Nicolas in bc6901c9
Note:
See TracTickets
for help on using tickets.
Please test with
-vcodec mpeg4 -acodec aac -strict -2and please provide the input sample.