Opened 9 years ago

Closed 8 years ago

#4884 closed defect (fixed)

Segfault processing audio when using -f lavfi

Reported by: Bob Ziuchkovski Owned by:
Priority: important Component: avfilter
Version: git-master Keywords: crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:

I'm trying to use the semi-recent mpeg closed captioning support to convert a DVR mpeg2 capture to an mkv with the closed captions as subtitles. I've used the same command on a few other DVR mpegs with success, but hit a file tonight that causes ffmpeg to segfault. (See below). If I run the same command, substituting -f lavfi -i "movie=segfault.mpg:s=0+1[out0+subcc][out1]" for -i segfault.mpg, ffmpeg doesn't segfault, but of course I lose the closed caption processing.

Ffmpeg segfaults at the very beginning of the file, so I trimmed the file to 2 seconds length and checked to ensure the trimmed copy, segfault.mpg, produces the same behavior (it does). All commands and output below are run on this 2 second file. I uploaded this file to the upload.ffmpeg.org FTP server as lavfi_audio_segfault.mpg. I'm happy to attach to this ticket directly if that's preferred.

As for the ffmpeg version, I built from master HEAD about an hour ago, but tested on a 2.7.x release as well.

Exact command used:

$ ffmpeg  -f lavfi -i "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg developers
  built with Apple LLVM version 7.0.0 (clang-700.0.72)
  configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-debug=3 --disable-optimizations --disable-mmx --disable-stripping --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac --enable-libx265 --enable-nonfree --enable-vda
  libavutil      55.  2.100 / 55.  2.100
  libavcodec     57.  3.100 / 57.  3.100
  libavformat    57.  2.100 / 57.  2.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6.  8.100 /  6.  8.100
  libavresample   3.  0.  0 /  3.  0.  0
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
[ac3 @ 0x7facbb808c00] exponent out-of-range
[ac3 @ 0x7facbb808c00] error decoding the audio block
[ac3 @ 0x7facbb808c00] frame sync error
[Parsed_movie_0 @ 0x7facbad00000] Decode error: Invalid data found when processing input
[ac3 @ 0x7facbb808c00] new coupling coordinates must be present in block 0
[ac3 @ 0x7facbb808c00] error decoding the audio block
[1]    3547 segmentation fault  ffmpeg -f lavfi -i  -c:v rawvideo -c:a pcm_f32le -c:s srt -f matroska

Info about the file:

$ ffmpeg -v 9 -loglevel 99 -i /Users/bobbyz/tmp/segfault.mpg                           [21:19:01]
ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg developers
  built with Apple LLVM version 7.0.0 (clang-700.0.72)
  configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-debug=3 --disable-optimizations --disable-mmx --disable-stripping --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac --enable-libx265 --enable-nonfree --enable-vda
  libavutil      55.  2.100 / 55.  2.100
  libavcodec     57.  3.100 / 57.  3.100
  libavformat    57.  2.100 / 57.  2.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6.  8.100 /  6.  8.100
  libavresample   3.  0.  0 /  3.  0.  0
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging level) with argument '99'.
Reading option '-i' ... matched as input file with argument '/Users/bobbyz/tmp/segfault.mpg'.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file /Users/bobbyz/tmp/segfault.mpg.
Successfully parsed a group of options.
Opening an input file: /Users/bobbyz/tmp/segfault.mpg.
Probing mp3 score:1 size:2048
Probing mpeg score:26 size:2048
[mpeg @ 0x7fb4c3000000] Format mpeg probed with size=2048 and score=26
[mpeg @ 0x7fb4c3000000] Before avformat_find_stream_info() pos: 0 bytes read:32768 seeks:0
[mpeg @ 0x7fb4c3000000] probing stream 1 pp:2500
Probing aac score:1 size:2011
Probing mp3 score:1 size:2011
Probing mpegvideo score:25 size:2011
[mpeg @ 0x7fb4c3000000] Probe with size=2011, packets=1 detected mpegvideo with score=25
[mpeg @ 0x7fb4c3000000] probed stream 1
[mpeg @ 0x7fb4c3000000] rfps: 60.000000 0.000021
    Last message repeated 1 times
[mpeg @ 0x7fb4c3000000] rfps: 120.000000 0.000084
    Last message repeated 1 times
[mpeg @ 0x7fb4c3000000] rfps: 240.000000 0.000338
    Last message repeated 1 times
[mpeg @ 0x7fb4c3000000] rfps: 59.940060 0.000000
    Last message repeated 1 times
[mpeg @ 0x7fb4c3000000] 0: start_time: 0.045 duration: 0.181
[mpeg @ 0x7fb4c3000000] 1: start_time: 0.205 duration: 0.024
[mpeg @ 0x7fb4c3000000] stream: start_time: 0.500 duration: 2.045 bitrate=1546 kb/s
[mpeg @ 0x7fb4c3000000] After avformat_find_stream_info() pos: 0 bytes read:645264 seeks:2 frames:71
Input #0, mpeg, from '/Users/bobbyz/tmp/segfault.mpg':
  Duration: 00:00:02.05, start: 0.500000, bitrate: 1546 kb/s
    Stream #0:0[0x80], 54, 1/90000: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
    Stream #0:1[0x1e0], 17, 1/90000: Video: mpeg2video (Main), 1 reference frame, yuv420p(tv, left), 1280x720 [SAR 1:1 DAR 16:9], 1001/120000, Closed Captions, max. 20000 kb/s, 59.94 fps, 59.94 tbr, 90k tbn, 119.88 tbc
Successfully opened the file.
At least one output file must be specified
[AVIOContext @ 0x7fb4c25001c0] Statistics: 645264 bytes read, 2 seeks

lldb output:

 $ lldb /usr/local/bin/ffmpeg -- -f lavfi -i "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
(lldb) target create "/usr/local/bin/ffmpeg"
Current executable set to '/usr/local/bin/ffmpeg' (x86_64).
(lldb) settings set -- target.run-args  "-f" "lavfi" "-i" "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" "-c:v" "rawvideo" "-c:a" "pcm_f32le" "-c:s" "srt" "-f" "matroska" "/Users/bobbyz/tmp/test.mkv"
(lldb) r
Process 3609 launched: '/usr/local/bin/ffmpeg' (x86_64)
ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg developers
  built with Apple LLVM version 7.0.0 (clang-700.0.72)
  configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-debug=3 --disable-optimizations --disable-mmx --disable-stripping --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac --enable-libx265 --enable-nonfree --enable-vda
  libavutil      55.  2.100 / 55.  2.100
  libavcodec     57.  3.100 / 57.  3.100
  libavformat    57.  2.100 / 57.  2.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6.  8.100 /  6.  8.100
  libavresample   3.  0.  0 /  3.  0.  0
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
[ac3 @ 0x103008c00] exponent out-of-range
[ac3 @ 0x103008c00] error decoding the audio block
[ac3 @ 0x103008c00] frame sync error
[Parsed_movie_0 @ 0x102b00000] Decode error: Invalid data found when processing input
[ac3 @ 0x103008c00] new coupling coordinates must be present in block 0
[ac3 @ 0x103008c00] error decoding the audio block
Process 3609 stopped
* thread #1: tid = 0xd00d0, 0x00000001014aa5a2 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00000001014aa5a2 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT:
->  0x1014aa5a2 <+55>: movl   (%r14), %esi
    0x1014aa5a5 <+58>: movl   %esi, (%r15)
    0x1014aa5a8 <+61>: leaq   (%r14,%rax), %rsi
    0x1014aa5ac <+65>: movl   (%r14,%rax), %r12d
(lldb) bt
* thread #1: tid = 0xd00d0, 0x00000001014aa5a2 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001014aa5a2 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
    frame #1: 0x00000001014a9421 libswresample.2.dylib`swri_audio_convert + 555
    frame #2: 0x00000001014b12c4 libswresample.2.dylib`swr_convert_internal + 68
    frame #3: 0x00000001014b10f4 libswresample.2.dylib`swr_convert + 1050
    frame #4: 0x0000000100065d6c libavfilter.6.dylib`filter_frame + 387
    frame #5: 0x000000010008110a libavfilter.6.dylib`ff_filter_frame_framed + 497
    frame #6: 0x000000010008244c libavfilter.6.dylib`ff_filter_frame + 181
    frame #7: 0x00000001000936b2 libavfilter.6.dylib`movie_request_frame + 482
    frame #8: 0x0000000100080eab libavfilter.6.dylib`ff_request_frame + 95
    frame #9: 0x0000000100084fbb libavfilter.6.dylib`av_buffersink_get_frame_flags + 96
    frame #10: 0x000000010004b14b libavdevice.57.dylib`lavfi_read_packet + 229
    frame #11: 0x000000010027d839 libavformat.57.dylib`ff_read_packet + 198
    frame #12: 0x000000010027e630 libavformat.57.dylib`read_frame_internal + 119
    frame #13: 0x0000000100281c6f libavformat.57.dylib`avformat_find_stream_info + 1368
    frame #14: 0x00000001000100b8 ffmpeg`open_input_file + 1544
    frame #15: 0x000000010000f917 ffmpeg`open_files + 287
    frame #16: 0x000000010000f680 ffmpeg`ffmpeg_parse_options + 183
    frame #17: 0x000000010001a272 ffmpeg`main + 190
    frame #18: 0x00007fff988495c9 libdyld.dylib`start + 1
(lldb) register read --all
General Purpose Registers:
       rax = 0x0000000000000004
       rbx = 0x0000000000000018
       rcx = 0x0000000000000018
       rdx = 0x0000000000000004
       rdi = 0x0000000104029210
       rsi = 0x0000000000000000
       rbp = 0x00007fff5fbfda60
       rsp = 0x00007fff5fbfda40
        r8 = 0x0000000104032210
        r9 = 0x0000000000000060
       r10 = 0x0000000000000010
       r11 = 0x00000001040321c8
       r12 = 0x0000000000000004
       r13 = 0x0000000104005828
       r14 = 0x0000000000000000
       r15 = 0x0000000104029210
       rip = 0x00000001014aa5a2  libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
    rflags = 0x0000000000010206
        cs = 0x000000000000002b
        fs = 0x0000000000000000
        gs = 0x0000000000000000
       eax = 0x00000004
       ebx = 0x00000018
       ecx = 0x00000018
       edx = 0x00000004
       edi = 0x04029210
       esi = 0x00000000
       ebp = 0x5fbfda60
       esp = 0x5fbfda40
       r8d = 0x04032210
       r9d = 0x00000060
      r10d = 0x00000010
      r11d = 0x040321c8
      r12d = 0x00000004
      r13d = 0x04005828
      r14d = 0x00000000
      r15d = 0x04029210
        ax = 0x0004
        bx = 0x0018
        cx = 0x0018
        dx = 0x0004
        di = 0x9210
        si = 0x0000
        bp = 0xda60
        sp = 0xda40
       r8w = 0x2210
       r9w = 0x0060
      r10w = 0x0010
      r11w = 0x21c8
      r12w = 0x0004
      r13w = 0x5828
      r14w = 0x0000
      r15w = 0x9210
        ah = 0x00
        bh = 0x00
        ch = 0x00
        dh = 0x00
        al = 0x04
        bl = 0x18
        cl = 0x18
        dl = 0x04
       dil = 0x10
       sil = 0x00
       bpl = 0x60
       spl = 0x40
       r8l = 0x10
       r9l = 0x60
      r10l = 0x10
      r11l = 0xc8
      r12l = 0x04
      r13l = 0x28
      r14l = 0x00
      r15l = 0x10

Floating Point Registers:
     fctrl = 0x037f
     fstat = 0x0000
      ftag = 0x00
       fop = 0x0000
     fioff = 0x00000000
     fiseg = 0x0000
     fooff = 0x00000000
     foseg = 0x0000
     mxcsr = 0x00001fa0
  mxcsrmask = 0x0000ffff
     stmm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
     stmm1 = {0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
     stmm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     stmm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     stmm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     stmm5 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
     stmm6 = {0x00 0x00 0x00 0x00 0x00 0x00 0x78 0xbb 0x0b 0x40}
     stmm7 = {0x00 0x00 0x00 0x00 0xfe 0xff 0xff 0xff 0x1d 0x40}
      ymm0 = {0x00 0x12 0x01 0x04 0x01 0x00 0x00 0x00 0x00 0x36 0x02 0x04 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm1 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x00 0x00 0x00 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm5 = {0x00 0x00 0x80 0x3f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm6 = {0x00 0x00 0x00 0x34 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm8 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      ymm9 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm10 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm11 = {0x00 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm12 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm13 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm14 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     ymm15 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm0 = {0x00 0x12 0x01 0x04 0x01 0x00 0x00 0x00 0x00 0x36 0x02 0x04 0x01 0x00 0x00 0x00}
      xmm1 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x00 0x00 0x00 0x04 0x00 0x00 0x00}
      xmm5 = {0x00 0x00 0x80 0x3f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm6 = {0x00 0x00 0x00 0x34 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm8 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      xmm9 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm10 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm11 = {0x00 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm12 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm13 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm14 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
     xmm15 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}

Exception State Registers:
    trapno = 0x0000000e
       err = 0x00000004
  faultvaddr = 0x0000000000000000

Valgrind output:

$ valgrind ffmpeg  -f lavfi -i "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
==3625== Memcheck, a memory error detector
==3625== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==3625== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==3625== Command: ffmpeg -f lavfi -i movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1] -c:v rawvideo -c:a pcm_f32le -c:s srt -f matroska /Users/bobbyz/tmp/test.mkv
==3625==
ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg developers
  built with Apple LLVM version 7.0.0 (clang-700.0.72)
  configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-debug=3 --disable-optimizations --disable-mmx --disable-stripping --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac --enable-libx265 --enable-nonfree --enable-vda
  libavutil      55.  2.100 / 55.  2.100
  libavcodec     57.  3.100 / 57.  3.100
  libavformat    57.  2.100 / 57.  2.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6.  8.100 /  6.  8.100
  libavresample   3.  0.  0 /  3.  0.  0
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
==3625== Conditional jump or move depends on uninitialised value(s)
==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100768D6C: ff_init_buffer_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006C4DC6: ff_thread_get_buffer (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x10065F30D: ff_alloc_picture (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006629DC: alloc_picture (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006621D6: ff_mpv_frame_start (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006326F9: decode_chunks (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100630425: mpeg_decode_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x10076B36B: avcodec_decode_video2 (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100290491: try_decode_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==    by 0x10028F0D6: avformat_find_stream_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==    by 0x10009FB59: movie_common_init (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==
==3625== Conditional jump or move depends on uninitialised value(s)
==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100768D6C: ff_init_buffer_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100769022: ff_get_buffer (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006C4DDD: ff_thread_get_buffer (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x10065F30D: ff_alloc_picture (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006629DC: alloc_picture (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006621D6: ff_mpv_frame_start (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1006326F9: decode_chunks (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100630425: mpeg_decode_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x10076B36B: avcodec_decode_video2 (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100290491: try_decode_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==    by 0x10028F0D6: avformat_find_stream_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==
==3625== Conditional jump or move depends on uninitialised value(s)
==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100768D6C: ff_init_buffer_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x100769022: ff_get_buffer (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1003795CB: ac3_decode_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x10076B9B2: avcodec_decode_audio4 (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
==3625==    by 0x1000A097F: movie_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008DEAA: ff_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10005814A: lavfi_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
==3625==    by 0x10028A838: ff_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==    by 0x10028B62F: read_frame_internal (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==    by 0x10028EC6E: avformat_find_stream_info (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==
[ac3 @ 0x10cfc5220] exponent out-of-range
[ac3 @ 0x10cfc5220] error decoding the audio block
[ac3 @ 0x10cfc5220] frame sync error
[Parsed_movie_0 @ 0x10cfb2700] Decode error: Invalid data found when processing input
[ac3 @ 0x10cfc5220] new coupling coordinates must be present in block 0
[ac3 @ 0x10cfc5220] error decoding the audio block
==3625== Invalid read of size 4
==3625==    at 0x1014B75A2: conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014B6420: swri_audio_convert (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014BE2C3: swr_convert_internal (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014BE0F3: swr_convert (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x100072D6B: filter_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008E109: ff_filter_frame_framed (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008F44B: ff_filter_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x1000A06B1: movie_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008DEAA: ff_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10005814A: lavfi_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
==3625==    by 0x10028A838: ff_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3625==
==3625==
==3625== Process terminating with default action of signal 11 (SIGSEGV)
==3625==  Access not within mapped region at address 0x0
==3625==    at 0x1014B75A2: conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014B6420: swri_audio_convert (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014BE2C3: swr_convert_internal (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x1014BE0F3: swr_convert (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
==3625==    by 0x100072D6B: filter_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008E109: ff_filter_frame_framed (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008F44B: ff_filter_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x1000A06B1: movie_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10008DEAA: ff_request_frame (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
==3625==    by 0x10005814A: lavfi_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
==3625==    by 0x10028A838: ff_read_packet (in /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
==3625==  If you believe this happened as a result of a stack
==3625==  overflow in your program's main thread (unlikely but
==3625==  possible), you can try to increase the size of the
==3625==  main thread stack using the --main-stacksize= flag.
==3625==  The main thread stack size used in this run was 8388608.
==3625==
==3625== HEAP SUMMARY:
==3625==     in use at exit: 1,848,291 bytes in 2,782 blocks
==3625==   total heap usage: 5,754 allocs, 2,972 frees, 7,681,510 bytes allocated
==3625==
==3625== LEAK SUMMARY:
==3625==    definitely lost: 3,518 bytes in 48 blocks
==3625==    indirectly lost: 5,624 bytes in 30 blocks
==3625==      possibly lost: 20,008 bytes in 147 blocks
==3625==    still reachable: 469,956 bytes in 1,078 blocks
==3625==         suppressed: 1,349,185 bytes in 1,479 blocks
==3625== Rerun with --leak-check=full to see details of leaked memory
==3625==
==3625== For counts of detected and suppressed errors, rerun with: -v
==3625== Use --track-origins=yes to see where uninitialised values come from
==3625== ERROR SUMMARY: 5 errors from 4 contexts (suppressed: 0 from 0)
[1]    3625 killed     valgrind ffmpeg -f lavfi -i  -c:v rawvideo -c:a pcm_f32le -c:s srt -f matrosk

Attachments (1)

lavfi_audio_segfault.mpg (386.0 KB ) - added by Carl Eugen Hoyos 9 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 by Carl Eugen Hoyos, 9 years ago

Component: undeterminedswresample
Keywords: crash SIGSEGV added; segfault removed
Priority: normalimportant
Reproduced by developer: set
Status: newopen

Reproducible with:

$ ffmpeg -f lavfi -i amovie=lavfi_audio_segfault.mpg -f null -

by Carl Eugen Hoyos, 9 years ago

Attachment: lavfi_audio_segfault.mpg added

comment:2 by Cigaes, 8 years ago

The second audio frame is quad while the others are 5.1; lavfi does not support formats changes yet, but the movie source does not check for it, hence the failure.

(As a side note, before trying a debugger backtrace, try to rebuild with --assert-level=2, the error message would have been much clearer.)

I am not sure how to fix this. Implementing format reconfiguration is a lot of work. Detecting it would not solve the problem, only make the failure cleaner; and some filters actually work with format reconfiguration, that would break things for them.

In the meantime, you can get things working by separating audio and video processing:

ffmpeg -f lavfi -i 'movie=file.mpg:s=v[out0+subcc]' \
  -i file.mpg \
  -map 0:v -map 1:a -map 0:s output

comment:3 by Carl Eugen Hoyos, 8 years ago

Component: swresampleavfilter
Resolution: fixed
Status: openclosed

The crash was fixed by Michael in 377883c4be7a5b27d57737a79d6a58a6af0ae6cd

Note: See TracTickets for help on using tickets.