ffserver crashes when a client disconnect

[Reventlov]

I am trying to stream a mp4 file using ffserver and ffmpeg from my archlinux server.
I launch ffserver using: ffserver -f /etc/ffserver.conf
Then i launch ffmpeg using: ffmpeg -i foobar.mp4 -override_ffserver -vcodec mpeg2video -b:v 3000 ​http://127.0.0.1:8090/rtsp.ffm
When a client watching the stream using mplayer rtsp://aa.bbb.c.ddd:5454/rtsp.mpg disconnects, sometimes, ffserver crashes, see the gdb and valgrind output below.
Using valgrind, ffserver doesn't crash anymore.
Summary of the bug:

ffmpeg version 2.2.2
built on archlinux using a fixed version of gcc 4.9.0: https://bugs.archlinux.org/task/40256

[Reventlov]

Full output of ffmpeg -v 9 -loglevel 99 -i *.mp4 -override_ffserver -vcodec mpeg2video -b:v 3000 ​http://127.0.0.1:8090/rtsp.ffm

[Reventlov]

GDB output

[Reventlov]

Valgrind output

[Reventlov]

ffserver.conf

[Reventlov]

Note: while using valgrind, the server doesn't segfault anymore.

[calimero]

The bug is present on my 32-bit and 64-bit installations of Arch Linux.
I need to launch and stop one client a few times (sometimes 2 times, 5 times…), and the server segfaults with the exact same backtrace.

GCC versions 4.8.2 and 4.9.0 produce a faulty binary. I'd assume it doesn't come from the compiler.

[Reynaldo H. Verdejo Pinochet]

Reproduced:

Program received signal SIGSEGV, Segmentation fault.
flush_buffer (s=0x180a4e0) at libavformat/aviobuf.c:145
145 s->checksum = s->update_checksum(s->checksum, s->checksum_ptr,
(gdb) bt
#0 flush_buffer (s=0x180a4e0) at libavformat/aviobuf.c:145
#1 avio_flush (s=0x180a4e0) at libavformat/aviobuf.c:197
#2 0x00000000004fff2a in av_write_trailer (s=s@entry=0x17e8b40)

at libavformat/mux.c:948

#3 0x0000000000462c00 in close_connection (c=c@entry=0x17c65a0)

at ffserver.c:919

#4 0x00000000004642a0 in rtsp_cmd_interrupt (c=c@entry=0x17c5760,

url=url@entry=0x7fffffffb400 "rtsp://127.0.0.1:5454/rtsp.mpg/",
h=h@entry=0x7fffffffc400, pause_only=pause_only@entry=0)
at ffserver.c:3337

#5 0x0000000000469670 in rtsp_parse_request (c=0x17c5760) at ffserver.c:2954
#6 0x000000000045c989 in handle_connection (c=0x17c5760) at ffserver.c:999
#7 http_server () at ffserver.c:768
#8 main (argc=<optimized out>, argv=<optimized out>) at ffserver.c:4783

Looking rly quick it seems to be related to ​https://trac.ffmpeg.org/ticket/1740
will take another look tomorrow

[Reynaldo H. Verdejo Pinochet]

slightly different crash today. Otheriwise the same test scenario:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000485b76 in writeout (len=1024, data=0x0, s=0x17bd820)

at libavformat/aviobuf.c:131

131 int ret = s->write_packet(s->opaque, (uint8_t *)data, len);
(gdb) bt
#0 0x0000000000485b76 in writeout (len=1024, data=0x0, s=0x17bd820)

at libavformat/aviobuf.c:131

#1 flush_buffer (s=0x17bd820) at libavformat/aviobuf.c:143
#2 avio_flush (s=0x17bd820) at libavformat/aviobuf.c:197
#3 0x00000000004fff2a in av_write_trailer (s=s@entry=0x17c7da0)

at libavformat/mux.c:948

#4 0x0000000000462c00 in close_connection (c=c@entry=0x17c2580)

at ffserver.c:919

#5 0x00000000004642a0 in rtsp_cmd_interrupt (c=c@entry=0x17bce40,

url=url@entry=0x7fffffffb400 "rtsp://127.0.0.1:5454/rtsp.mpg/",
h=h@entry=0x7fffffffc400, pause_only=pause_only@entry=0) at ffserver.c:3337

#6 0x0000000000469670 in rtsp_parse_request (c=0x17bce40) at ffserver.c:2954
#7 0x000000000045c989 in handle_connection (c=0x17bce40) at ffserver.c:999
#8 http_server () at ffserver.c:768
#9 main (argc=<optimized out>, argv=<optimized out>) at ffserver.c:4783

[janet.byron]

Hi,

I have this problem as well and was wondering if you've been able to make any progress on a fix. I've tried debugging it as well but can't seem to find the root cause in the code. I can also reproduce at will so please let me know if you need any more traces.

Thanks,
janet

[Michael Niedermayer]

is this issue still reproducable ?

[Rostislav Pehlivanov]

ffserver has been removed from git master, closing ticket