Opened 7 years ago
Closed 7 years ago
#6346 closed defect (fixed)
Segmentation fault, Auto-inserting h264_mp4toannexb bitstream filter
| Reported by: | ffmpegTV | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | crash regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug: Segmentation fault: 11
How to reproduce:
% ffmpeg -f concat -safe 0 -i files.txt -c copy out.mp4 ffmpeg version N-85641-gdd49eff-tessus Copyright (c) 2000-2017 the FFmpeg developers built with Apple LLVM version 8.0.0 (clang-800.0.42.1) configuration: --cc=/usr/bin/clang --prefix=/opt/ffmpeg --extra-version=tessus --enable-avisynth --enable-fontconfig --enable-gpl --enable-libass --enable-libbluray --enable-libfreetype --enable-libgsm --enable-libmodplug --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopus --enable-libschroedinger --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libx264 --enable-libx265 --enable-libxavs --enable-libxvid --enable-libzmq --enable-libzvbi --enable-version3 --disable-ffplay --disable-indev=qtkit libavutil 55. 61.100 / 55. 61.100 libavcodec 57. 93.100 / 57. 93.100 libavformat 57. 72.101 / 57. 72.101 libavdevice 57. 7.100 / 57. 7.100 libavfilter 6. 86.100 / 6. 86.100 libswscale 4. 7.101 / 4. 7.101 libswresample 2. 8.100 / 2. 8.100 libpostproc 54. 6.100 / 54. 6.100 [mpegts @ 0x7f9092001000] Auto-inserting h264_mp4toannexb bitstream filter Segmentation fault: 11
# content of file list file 'ARD_HD_2017-03-10_17-03-01.ts' file 'ARD_HD_2017-03-10_17-04-01.ts' file 'ARD_HD_2017-03-10_17-05-01.ts' file 'ARD_HD_2017-03-10_17-06-01.ts' file 'ARD_HD_2017-03-10_17-07-01.ts' file 'ARD_HD_2017-03-10_17-08-01.ts' file 'ARD_HD_2017-03-10_17-09-01.ts' file 'ARD_HD_2017-03-10_17-10-01.ts' file 'ARD_HD_2017-03-10_17-11-01.ts'
ffmpeg version: N-85641-gdd49eff-tessus
current snapshot: ffmpeg-85641-gdd49eff from https://evermeet.cx/ffmpeg/ MacOS, 64Bit, running on MacOS, 64Bit, 10.12.4 (16E195)
Attachments (2)
Change History (7)
comment:1 by , 7 years ago
| Keywords: | crash added |
|---|---|
| Priority: | normal → important |
comment:2 by , 7 years ago
Example files could be downloaded under: https://wetransfer.com/downloads/c1bd637c82ed9289fb8ee900d45aa66c20170425100020/53ea1a84896816f1d6e87b7701c0776b20170425100020/92cacb
comment:3 by , 7 years ago
| Keywords: | regression added |
|---|---|
| Reproduced by developer: | set |
| Version: | unspecified → git-master |
Regression since b8f26779d615dfb466e90627323b1a4e40639f76
$ valgrind ffmpeg_g -f concat -i files.txt ==25745== Memcheck, a memory error detector ==25745== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==25745== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==25745== Command: ffmpeg_g -f concat -i files.txt ==25745== ffmpeg version N-85646-g550a9c5 Copyright (c) 2000-2017 the FFmpeg developers built with gcc 6.3.0 (GCC) configuration: --enable-gpl libavutil 55. 61.100 / 55. 61.100 libavcodec 57. 93.100 / 57. 93.100 libavformat 57. 72.101 / 57. 72.101 libavdevice 57. 7.100 / 57. 7.100 libavfilter 6. 87.100 / 6. 87.100 libswscale 4. 7.101 / 4. 7.101 libswresample 2. 8.100 / 2. 8.100 libpostproc 54. 6.100 / 54. 6.100 [mpegts @ 0x82204a0] Auto-inserting h264_mp4toannexb bitstream filter ==25745== Invalid read of size 4 ==25745== at 0x7683D7: av_packet_copy_props (avpacket.c:562) ==25745== by 0x768614: av_packet_ref (avpacket.c:589) ==25745== by 0x799605: avcodec_send_packet (decode.c:647) ==25745== by 0x709F14: try_decode_frame (utils.c:3004) ==25745== by 0x712244: avformat_find_stream_info (utils.c:3821) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== Address 0x821fc78 is 8 bytes inside a block of size 16 free'd ==25745== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25745== by 0x768588: av_packet_unref (avpacket.c:275) ==25745== by 0x60CDAA: concat_read_packet (concatdec.c:565) ==25745== by 0x70A82D: ff_read_packet (utils.c:816) ==25745== by 0x70DB23: read_frame_internal (utils.c:1517) ==25745== by 0x711E83: avformat_find_stream_info (utils.c:3697) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== ==25745== Invalid read of size 4 ==25745== at 0x7683E8: av_packet_copy_props (avpacket.c:561) ==25745== by 0x768614: av_packet_ref (avpacket.c:589) ==25745== by 0x799605: avcodec_send_packet (decode.c:647) ==25745== by 0x709F14: try_decode_frame (utils.c:3004) ==25745== by 0x712244: avformat_find_stream_info (utils.c:3821) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== Address 0x821fc7c is 12 bytes inside a block of size 16 free'd ==25745== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25745== by 0x768588: av_packet_unref (avpacket.c:275) ==25745== by 0x60CDAA: concat_read_packet (concatdec.c:565) ==25745== by 0x70A82D: ff_read_packet (utils.c:816) ==25745== by 0x70DB23: read_frame_internal (utils.c:1517) ==25745== by 0x711E83: avformat_find_stream_info (utils.c:3697) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== ==25745== Invalid read of size 8 ==25745== at 0x7683EB: av_packet_copy_props (avpacket.c:563) ==25745== by 0x768614: av_packet_ref (avpacket.c:589) ==25745== by 0x799605: avcodec_send_packet (decode.c:647) ==25745== by 0x709F14: try_decode_frame (utils.c:3004) ==25745== by 0x712244: avformat_find_stream_info (utils.c:3821) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== Address 0x821fc70 is 0 bytes inside a block of size 16 free'd ==25745== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25745== by 0x768588: av_packet_unref (avpacket.c:275) ==25745== by 0x60CDAA: concat_read_packet (concatdec.c:565) ==25745== by 0x70A82D: ff_read_packet (utils.c:816) ==25745== by 0x70DB23: read_frame_internal (utils.c:1517) ==25745== by 0x711E83: avformat_find_stream_info (utils.c:3697) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== ==25745== Invalid read of size 1 ==25745== at 0x4C2C531: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25745== by 0x7684A5: av_packet_copy_props (avpacket.c:570) ==25745== by 0x768614: av_packet_ref (avpacket.c:589) ==25745== by 0x799605: avcodec_send_packet (decode.c:647) ==25745== by 0x709F14: try_decode_frame (utils.c:3004) ==25745== by 0x712244: avformat_find_stream_info (utils.c:3821) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==25745== ==25745== ==25745== Process terminating with default action of signal 11 (SIGSEGV) ==25745== Access not within mapped region at address 0x0 ==25745== at 0x4C2C531: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25745== by 0x7684A5: av_packet_copy_props (avpacket.c:570) ==25745== by 0x768614: av_packet_ref (avpacket.c:589) ==25745== by 0x799605: avcodec_send_packet (decode.c:647) ==25745== by 0x709F14: try_decode_frame (utils.c:3004) ==25745== by 0x712244: avformat_find_stream_info (utils.c:3821) ==25745== by 0x48AEA5: open_input_file (ffmpeg_opt.c:1013) ==25745== by 0x48DB5E: ffmpeg_parse_options (ffmpeg_opt.c:3203) ==25745== by 0x47DA86: main (ffmpeg.c:4742) ==25745== If you believe this happened as a result of a stack ==25745== overflow in your program's main thread (unlikely but ==25745== possible), you can try to increase the size of the ==25745== main thread stack using the --main-stacksize= flag. ==25745== The main thread stack size used in this run was 8388608. ==25745== ==25745== HEAP SUMMARY: ==25745== in use at exit: 1,014,992 bytes in 206 blocks ==25745== total heap usage: 1,357 allocs, 1,151 frees, 22,165,309 bytes allocated ==25745== ==25745== LEAK SUMMARY: ==25745== definitely lost: 0 bytes in 0 blocks ==25745== indirectly lost: 0 bytes in 0 blocks ==25745== possibly lost: 0 bytes in 0 blocks ==25745== still reachable: 1,014,992 bytes in 206 blocks ==25745== suppressed: 0 bytes in 0 blocks ==25745== Rerun with --leak-check=full to see details of leaked memory ==25745== ==25745== For counts of detected and suppressed errors, rerun with: -v ==25745== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2) Segmentation fault
by , 7 years ago
| Attachment: | ARD_HD_2017-03-10_17-03-01_cut.ts added |
|---|
by , 7 years ago
comment:4 by , 7 years ago
| Status: | new → open |
|---|
b8f26779d615dfb466e90627323b1a4e40639f76 is not the cause. It simply exposed a latent bug, plus the fact concatdec was doing an incomplete annexb extradata check.
Fixed the wrong extradata check in b4330a0e02fcbef61d630a369abe5f4421ced659, which should prevent the crash detailed here, but as i said the actual bug is still present.
comment:5 by , 7 years ago
| Component: | undetermined → avformat |
|---|---|
| Resolution: | → fixed |
| Status: | open → closed |
The underlying bug should be fixed in 14e092448f2ecf2e872821db13d625273c9eb33c
Note:
See TracTickets
for help on using tickets.
Please provide the input files(s) needed to reproduce the issue.