Context Navigation

#4084 closed defect (fixed)

AAC encoding segfault

Reported by:	Ed Martin	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	aac crash SIGSEGV regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

Summary of the bug:

I'm trying to convert mp4 files ripped from yourtube to aac audio (along with one .aac file, it's trimmed audio from a youtube video). So i concat the videos together and transcode to aac and ffmpeg crashed, playing around with it I also got errors about unsupported features

I'm running git ffmpeg as of a few hours ago

How to reproduce:

% ffmpeg -y -f concat -i segfault.list  -threads 12 -c:a aac -b:a 128k  -strict -2 out-segfault.aac
% ffmpeg -y -f concat -i scramble.list  -threads 12 -c:a aac -b:a 128k  -strict -2 out-scramble.aac

-OR-

% tar -xvf ffmpeg-aac-bug.tar.xz ;  cd bug-test
% ./execute.sh

First list of videos cause a segfault, second causes this error

aac @ 0xdcd700] invalid band type
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Prediction is not allowed in AAC-LC.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Number of bands (18) exceeds limit (17).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Number of bands (26) exceeds limit (11).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Number of bands (26) exceeds limit (21).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Prediction is not allowed in AAC-LC.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Scalefactor (-1) out of range.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Prediction is not allowed in AAC-LC.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-321 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-320 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-319 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-318 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-318 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-314 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-314 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-314 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-314 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-316 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-312 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] If you heard an audible artifact, there may be a bug in the decoder. Clipped noise gain (-313 -> -100) is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[aac @ 0xdcd700] SSR is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[aac @ 0xdcd700] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
Error while decoding stream #0:0: Not yet implemented in FFmpeg, patches welcome
[aac @ 0xdcd700] Number of bands (26) exceeds limit (11).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Prediction is not allowed in AAC-LC.
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Number of bands (27) exceeds limit (17).
Error while decoding stream #0:0: Invalid data found when processing input
[aac @ 0xdcd700] Number of bands (26) exceeds limit (18).

Attachments (2)

backtrace.txt (82.0 KB ) - added by Ed Martin 9 years ago.: Full Backtrace
crashaac.wav (20.1 KB ) - added by Carl Eugen Hoyos 9 years ago.

Download all attachments as: .zip

Change History (5)

by Ed Martin, 9 years ago

Attachment:	backtrace.txt added

Full Backtrace

comment:1 by Ed Martin, 9 years ago

Actual videos I used are here:

http://dev.edman007.com/~edman007/ffmpeg-aac-bug-4084.tar.xz

by Carl Eugen Hoyos, 9 years ago

Attachment:	crashaac.wav added

comment:2 by Carl Eugen Hoyos, 9 years ago

Keywords:	crash SIGSEGV regression added; concat removed
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open
Summary:	AAC Segfault Transcoding multiple flvs into → AAC encoding segfault

Looks different from ticket #3637.

(gdb) r -i crashaac.wav -strict -2 -acodec aac -f null -
Starting program: ffmpeg_g -i crashaac.wav -strict -2 -acodec aac -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-67388-g37425fc Copyright (c) 2000-2014 the FFmpeg developers
  built on Nov  5 2014 09:21:42 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      54. 11.100 / 54. 11.100
  libavcodec     56. 10.102 / 56. 10.102
  libavformat    56. 12.100 / 56. 12.100
  libavdevice    56.  2.100 / 56.  2.100
  libavfilter     5.  2.102 /  5.  2.102
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
Input #0, wav, from 'crashaac.wav':
  Metadata:
    encoder         : Lavf55.33.100
  Duration: 00:00:00.12, bitrate: 1419 kb/s
    Stream #0:0: Audio: pcm_f32le ([3][0][0][0] / 0x0003), 44100 Hz, mono, flt, 1411 kb/s
[New Thread 0x7ffff14f0700 (LWP 8660)]
[New Thread 0x7ffff0cef700 (LWP 8661)]
[New Thread 0x7ffff04ee700 (LWP 8662)]
[New Thread 0x7fffefced700 (LWP 8663)]
[New Thread 0x7fffef4ec700 (LWP 8664)]
[New Thread 0x7fffeeceb700 (LWP 8665)]
[New Thread 0x7fffee4ea700 (LWP 8666)]
[New Thread 0x7fffedce9700 (LWP 8667)]
[New Thread 0x7fffed4e8700 (LWP 8668)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf56.12.100
    Stream #0:0: Audio: aac, 44100 Hz, mono, fltp, 128 kb/s
    Metadata:
      encoder         : Lavc56.10.102 aac
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_f32le (native) -> aac (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
quantize_and_encode_band_cost_template (BT_ESC=0, BT_PAIR=1, BT_UNSIGNED=1, BT_ZERO=0, bits=0x0, uplim=inf, lambda=0, cb=7, scale_idx=<optimized out>, size=4, scaled=<optimized out>, in=0x7ffff7f475a0, pb=0x0, s=0x1a68580) at libavcodec/aaccoder.c:153
153             curbits =  ff_aac_spectral_bits[cb-1][curidx];
(gdb) bt
#0  quantize_and_encode_band_cost_template (BT_ESC=0, BT_PAIR=1, BT_UNSIGNED=1, BT_ZERO=0, bits=0x0, uplim=inf, lambda=0, cb=7, scale_idx=<optimized out>, size=4, scaled=<optimized out>, in=0x7ffff7f475a0, pb=0x0, s=0x1a68580) at libavcodec/aaccoder.c:153
#1  quantize_and_encode_band_cost_UPAIR (s=0x1a68580, pb=0x0, in=0x7ffff7f475a0, scaled=<optimized out>, size=4, scale_idx=<optimized out>, cb=7, lambda=0, uplim=inf, bits=0x0) at libavcodec/aaccoder.c:227
#2  0x0000000000d9c968 in quantize_band_cost (bits=0x0, uplim=inf, lambda=0, cb=7, scale_idx=<optimized out>, size=4, scaled=0x1a68940, in=0x7ffff7f475a0, s=0x1a68580) at libavcodec/aaccoder.c:262
#3  codebook_trellis_rate (s=0x1a68580, sce=0x7ffff7f460e0, win=0, group_len=1, lambda=<optimized out>) at libavcodec/aaccoder.c:473
#4  0x0000000000c8fe76 in encode_band_info (sce=<optimized out>, s=<optimized out>) at libavcodec/aacenc.c:371
#5  encode_individual_channel (common_window=<optimized out>, sce=0x7ffff7f460e0, s=0x1a68580, avctx=<optimized out>) at libavcodec/aacenc.c:449
#6  aac_encode_frame (avctx=0x1a600a0, avpkt=0x7fffffffdb00, frame=0x0, got_packet_ptr=0x7fffffffdafc) at libavcodec/aacenc.c:633
#7  0x0000000000ab1590 in avcodec_encode_audio2 (avctx=avctx@entry=0x1a600a0, avpkt=avpkt@entry=0x7fffffffdb00, frame=frame@entry=0x0, got_packet_ptr=got_packet_ptr@entry=0x7fffffffdafc) at libavcodec/utils.c:1880
#8  0x000000000046db2a in flush_encoders () at ffmpeg.c:1569
#9  transcode () at ffmpeg.c:3730
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3883
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xda0476 to 0xda04b6:
   0x0000000000da0476 <quantize_and_encode_band_cost_UPAIR+374>:        mov    -0x10(%rsp),%r9
   0x0000000000da047b <quantize_and_encode_band_cost_UPAIR+379>:        movaps %xmm7,%xmm5
   0x0000000000da047e <quantize_and_encode_band_cost_UPAIR+382>:        movss  (%rdx,%rax,4),%xmm2
   0x0000000000da0483 <quantize_and_encode_band_cost_UPAIR+387>:        andps  %xmm6,%xmm2
   0x0000000000da0486 <quantize_and_encode_band_cost_UPAIR+390>:        imul   %r8d,%ebp
   0x0000000000da048a <quantize_and_encode_band_cost_UPAIR+394>:        add    0x234(%rdi,%rax,4),%ebp
   0x0000000000da0491 <quantize_and_encode_band_cost_UPAIR+401>:        movslq %ebp,%rbx
   0x0000000000da0494 <quantize_and_encode_band_cost_UPAIR+404>:        add    %ebp,%ebp
=> 0x0000000000da0496 <quantize_and_encode_band_cost_UPAIR+406>:        movzbl (%r9,%rbx,1),%r10d
   0x0000000000da049b <quantize_and_encode_band_cost_UPAIR+411>:        mov    0x109ec80(,%r13,8),%r9
   0x0000000000da04a3 <quantize_and_encode_band_cost_UPAIR+419>:        movslq %ebp,%r12
   0x0000000000da04a6 <quantize_and_encode_band_cost_UPAIR+422>:        lea    (%r9,%r12,4),%r11
   0x0000000000da04aa <quantize_and_encode_band_cost_UPAIR+426>:        movss  (%r11),%xmm3
   0x0000000000da04af <quantize_and_encode_band_cost_UPAIR+431>:        mulss  %xmm3,%xmm5
   0x0000000000da04b3 <quantize_and_encode_band_cost_UPAIR+435>:        ucomiss %xmm4,%xmm3
End of assembler dump.
(gdb) info register
rax            0x0      0
rbx            0xffffffff80000000       -2147483648
rcx            0x1a68940        27691328
rdx            0x7ffff7f475a0   140737353381280
rsi            0x0      0
rdi            0x1a68580        27690368
rbp            0x0      0x0
rsp            0x7fffffff8ef8   0x7fffffff8ef8
r8             0x8      8
r9             0x10a1a60        17439328
r10            0x1a687b0        27690928
r11            0x8      8
r12            0x7ffff7f460e0   140737353375968
r13            0x6      6
r14            0x0      0
r15            0x1a68580        27690368
rip            0xda0496 0xda0496 <quantize_and_encode_band_cost_UPAIR+406>
eflags         0x10a47  [ CF PF ZF IF OF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

Regression since 0bb57f8b / 025ccf1f
Also reproducible with v8g patch from ticket #2686.

comment:3 by Carl Eugen Hoyos, 9 years ago

Resolution:	→ fixed
Status:	open → closed

This ticket was fixed by Michael in f9fa560597cf5e3e637d0f8e9bfd02cd0b91634c (the encoding crash) and 55d592f7d9847a22b594ebe413508d1f77a13ed6 (?) (the bug in the aac decoder that made it output NaN).

Last edited 9 years ago by Carl Eugen Hoyos (previous) (diff)

Note: See TracTickets for help on using tickets.

Download in other formats: