#3713 closed defect (duplicate)
crashes on bogus rtp stream
| Reported by: | Alexander V. Lukyanov | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
multiple core dumps on bogus rtp input.
How to reproduce:
run ffmpeg on udp mpegts stream with rtp:// url (which is of course incorrect), ffmpeg reports multitude of errors and sometimes crashes.
/usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234 -t 30 -f avi -c copy file.avi
gdb info is attached.
Attachments (1)
Change History (9)
by , 10 years ago
comment:1 by , 10 years ago
| Keywords: | crash SIGSEGV added |
|---|---|
| Priority: | normal → important |
Please provide the console output to make this a valid ticket.
Did you find a way to reliably reproduce this problem? Is it possible with an udp stream created with FFmpeg?
comment:2 by , 10 years ago
Segfault happens in various ways, here is a sample:
# /usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234 -t 30 -f avi -c copy file.avi
ffmpeg version N-63863-g2351ea8 Copyright (c) 2000-2014 the FFmpeg developers
built on Jun 10 2014 11:41:03 with gcc 4.8.2 (GCC) 20131212 (Red Hat 4.8.2-7)
configuration:
libavutil 52. 89.100 / 52. 89.100
libavcodec 55. 66.100 / 55. 66.100
libavformat 55. 42.101 / 55. 42.101
libavdevice 55. 13.101 / 55. 13.101
libavfilter 4. 7.100 / 4. 7.100
libswscale 2. 6.100 / 2. 6.100
libswresample 0. 19.100 / 0. 19.100
[mp3 @ 0x2334a80] Header missing
Last message repeated 1 times
[NULL @ 0x2337260] non-existing PPS 0 referenced
[h264 @ 0x2337260] non-existing PPS 0 referenced
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
Last message repeated 1 times
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
Last message repeated 1 times
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
Last message repeated 1 times
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
Last message repeated 1 times
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
Last message repeated 3 times
[h264 @ 0x2337260] non-existing PPS 0 referenced
Last message repeated 1 times
[h264 @ 0x2337260] decode_slice_header error
[h264 @ 0x2337260] no frame!
[mp3 @ 0x2334a80] Header missing
[h264 @ 0x2337260] mmco: unref short failure
Last message repeated 1 times
[h264 @ 0x2337260] number of reference frames (0+4) exceeds max (3; probably corrupt input), discarding one
[mp3 @ 0x2334a80] Header missing
Last message repeated 102 times
[rtp @ 0x2331c20] decoding for stream 0 failed
[rtp @ 0x2331c20] Could not find codec parameters for stream 0 (Audio: mp3 ([6][0][0][0] / 0x0006), 0 channels, s16p): unspecified frame size
Consider increasing the value for the 'analyzeduration' and 'probesize' options
rtp://@224.0.94.27:1234: could not seek to position 8494.819
Input #0, rtp, from 'rtp://@224.0.94.27:1234':
Duration: N/A, start: 8493.818556, bitrate: 159 kb/s
Program 909
Stream #0:0(rus): Audio: mp3 ([6][0][0][0] / 0x0006), 0 channels, s16p
Stream #0:1: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p(tv, bt470bg), 720x576 [SAR 12:11 DAR 15:11], 25 fps, 50 tbr, 90k tbn, 50 tbc
Stream #0:2(rus): Audio: mp2 ([4][0][0][0] / 0x0004), 48000 Hz, stereo, s16p, 159 kb/s
File 'file.avi' already exists. Overwrite ? [y/N] y
Output #0, avi, to 'file.avi':
Metadata:
ISFT : Lavf55.42.101
Stream #0:0: Video: h264 (H264 / 0x34363248), yuv420p, 720x576 [SAR 12:11 DAR 15:11], q=2-31, 25 fps, 50 tbn, 50 tbc
Stream #0:1(rus): Audio: mp2 (P[0][0][0] / 0x0050), 48000 Hz, stereo, 159 kb/s
Stream mapping:
Stream #0:1 -> #0:0 (copy)
Stream #0:2 -> #0:1 (copy)
Press [q] to stop, [?] for help
RTP: missed 866 packets
[rtp @ 0x2331c20] PES packet size mismatch
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate= 30.6kbits/s
Last message repeated 589 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing0 bitrate= 536.1kbits/s
Last message repeated 10 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing0 bitrate= 632.9kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate= 720.9kbits/s
Last message repeated 10 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate= 782.5kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate= 816.6kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing8 bitrate= 856.0kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate= 905.1kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing0 bitrate= 936.6kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing8 bitrate= 974.1kbits/s
Last message repeated 12 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing8 bitrate= 986.2kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate=1026.6kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate=1042.0kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1067.5kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing8 bitrate=1104.2kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1122.5kbits/s
Last message repeated 12 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate=1146.6kbits/s
Last message repeated 14 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate=1185.6kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate=1210.7kbits/s
Last message repeated 12 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1232.5kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing0 bitrate=1262.9kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1272.4kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate=1294.8kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1314.5kbits/s
Last message repeated 14 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing8 bitrate=1322.6kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing6 bitrate=1328.6kbits/s
Last message repeated 11 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate=1334.0kbits/s
Last message repeated 12 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing4 bitrate=1339.4kbits/s
Last message repeated 13 times
[avi @ 0x238f2a0] H.264 bitstream error, startcode missing2 bitrate=1376.4kbits/s
Last message repeated 2 times
frame= 552 fps= 29 q=-1.0 Lsize= 5107kB time=00:00:30.02 bitrate=1393.6kbits/s
video:4658kB audio:375kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 1.484649%
Segmentation fault (core dumped)
#0 av_frame_unref (frame=0x64) at libavutil/frame.c:362 #1 0x0000000000c3b8f6 in av_frame_free (frame=frame@entry=0x23341b0) at libavutil/frame.c:134 #2 0x000000000047d700 in ffmpeg_cleanup (ret=0) at ffmpeg.c:500 #3 0x0000000000466c61 in exit_program (ret=0) at cmdutils.c:121 #4 0x0000000000464154 in main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3820
comment:3 by , 10 years ago
Valgrind errors:
# valgrind /usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234 -t 30 -f avi -c copy file.avi ==53343== Memcheck, a memory error detector ==53343== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==53343== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==53343== Command: /usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234 -t 30 -f avi -c copy file.avi ==53343== ==53343== Invalid write of size 1 ==53343== at 0x5540C8: write_section_data.isra.13 (mpegts.c:398) ==53343== by 0x554793: handle_packet (mpegts.c:2095) ==53343== by 0x5596CE: ff_mpegts_parse_packet (mpegts.c:2646) ==53343== by 0x598994: mpegts_handle_packet (rtpdec_mpegts.c:86) ==53343== by 0x592796: rtp_parse_packet_internal (rtpdec.c:645) ==53343== by 0x593920: ff_rtp_parse_packet (rtpdec.c:792) ==53343== by 0x5A4A19: ff_rtsp_fetch_packet (rtsp.c:2042) ==53343== by 0x5C4435: ff_read_packet (utils.c:791) ==53343== by 0x5C71EF: read_frame_internal (utils.c:1454) ==53343== by 0x5CAB1E: avformat_find_stream_info (utils.c:3240) ==53343== by 0x46FDC0: open_input_file (ffmpeg_opt.c:888) ==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645) ==53343== Address 0x5946030 is 656 bytes inside a block of size 65,992 free'd ==53343== at 0x4C294C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==53343== by 0xC41EDB: av_freep (mem.c:232) ==53343== by 0x4EAE55: ffurl_close (avio.c:381) ==53343== by 0x59E809: rtp_close (rtpproto.c:505) ==53343== by 0x4EAE7C: ffurl_close (avio.c:373) ==53343== by 0x5A3109: rtp_read_header (rtsp.c:2299) ==53343== by 0x5CDAE6: avformat_open_input (utils.c:594) ==53343== by 0x46FCB8: open_input_file (ffmpeg_opt.c:871) ==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645) ==53343== by 0x463EF7: main (ffmpeg.c:3787) ==53343== ==53343== Invalid write of size 1 ==53343== at 0x5540C8: write_section_data.isra.13 (mpegts.c:398) ==53343== by 0x554793: handle_packet (mpegts.c:2095) ==53343== by 0x5596CE: ff_mpegts_parse_packet (mpegts.c:2646) ==53343== by 0x598A06: mpegts_handle_packet (rtpdec_mpegts.c:75) ==53343== by 0x593861: ff_rtp_parse_packet (rtpdec.c:752) ==53343== by 0x5A4D63: ff_rtsp_fetch_packet (rtsp.c:1956) ==53343== by 0x5C4435: ff_read_packet (utils.c:791) ==53343== by 0x5C71EF: read_frame_internal (utils.c:1454) ==53343== by 0x5CAB1E: avformat_find_stream_info (utils.c:3240) ==53343== by 0x46FDC0: open_input_file (ffmpeg_opt.c:888) ==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645) ==53343== by 0x463EF7: main (ffmpeg.c:3787) ==53343== Address 0x5946030 is 656 bytes inside a block of size 65,992 free'd ==53343== at 0x4C294C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==53343== by 0xC41EDB: av_freep (mem.c:232) ==53343== by 0x4EAE55: ffurl_close (avio.c:381) ==53343== by 0x59E809: rtp_close (rtpproto.c:505) ==53343== by 0x4EAE7C: ffurl_close (avio.c:373) ==53343== by 0x5A3109: rtp_read_header (rtsp.c:2299) ==53343== by 0x5CDAE6: avformat_open_input (utils.c:594) ==53343== by 0x46FCB8: open_input_file (ffmpeg_opt.c:871) ==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645) ==53343== by 0x463EF7: main (ffmpeg.c:3787)
comment:4 by , 10 years ago
Am I missing something or do the gdb backtrace and valgrind output look completely different?
comment:5 by , 10 years ago
Memory corruption leads to a core dump not immediately but in some time, I suppose that's the reason for different outputs.
comment:6 by , 10 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Similarly to #3721 ffmpeg does not crash with -f mpegts option, so the bug seems to be the same.
comment:8 by , 10 years ago
I think the newer bug has narrower scope, as it describes the same crash on
a valid stream. I first discovered the problem on bogus streams, but then
noticed that the same happens on some of correct streams (not all). If you
think it is not correct, please change those bugs as you like.
Note:
See TracTickets
for help on using tickets.
gdb info