Opened 3 months ago

Last modified 3 months ago

#6611 new defect

ffserver crashes on status page request

Reported by: nlebeck Owned by:
Priority: normal Component: ffserver
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

When I add a new stream to the sample ffserver.conf that streams from a video file on disk, the ffserver process crashes when I request the /stat.html status page.

How to reproduce:

  1. Add a new Stream entry to ffserver.conf with a File parameter pointing to the video file. The video file I used for this bug report was the first 10MB of an H.264 movie trailer available online (http://www.digital-digest.com/movies/Rogue_One_A_Star_Wars_Story_1080p_Theatrical_Trailer_2.html), but the problem also appears when using the full 137MB trailer available at that link.
  1. Start ffserver with the modified ffserver.conf.
  1. Access "http://localhost:8090/stat.html" in a web browser.

Details:

Although it's not clear in the GDB/valgrind stack traces below, the compute_status() function in ffserver.c is the function that calls abort() and crashes the server. I put in some debug print statements to figure out exactly where the program was crashing, and I think I found out where and why abort() is called. When the while loop starting at line 1987 of ffserver.c is on the iteration corresponding to the stream I added (named “test2.mp4” in my ffserver.conf), after the call to avcodec_find_encoder() at line 2036, the value of st->codecpar->codec_type is equal to -1. As a result, the switch statement on line 2038 goes to the default case, which calls abort() on line 2059.

I don't know why the codec_type variable is set to -1. The video file plays fine with ffplay, but maybe there is some issue with the parameters in my ffserver.conf file. In any case, I’m assuming that if I’m configuring something wrong, the correct behavior would be to print an error message rather than crashing the server.

The command I ran:

% ./ffserver -f ~/research/temp/ffserver.conf

My ffserver.conf file:

HTTPPort 8090
HTTPBindAddress 0.0.0.0
MaxHTTPConnections 2000
MaxClients 1000
MaxBandwidth 10000
CustomLog -

<Feed feed1.ffm>
File /tmp/feed1.ffm
FileMaxSize 200K
ACL allow 127.0.0.1
</Feed>

<Stream test1.mpg>
Feed feed1.ffm
Format mpeg
AudioBitRate 32
AudioChannels 1
AudioSampleRate 44100
VideoBitRate 64
VideoBufferSize 40
VideoFrameRate 24
VideoSize 160x128
VideoGopSize 12
</Stream>

<Stream test.asf>
Feed feed1.ffm
Format asf
VideoFrameRate 15
VideoSize 352x240
VideoBitRate 256
VideoBufferSize 40
VideoGopSize 30
AudioBitRate 64
StartSendOnKey
</Stream>

<Stream test2.mp4>
File "/home/nl35/research/temp/H.264/rogue_one_trailer_2_small.mp4"
</Stream>

<Stream stat.html>
Format status
ACL allow localhost
ACL allow 192.168.0.0 192.168.255.255
</Stream>

<Redirect index.html>
URL http://www.ffmpeg.org/
</Redirect>

Below I've included valgrind and GDB output. I can provide the verbose console output for ffserver on request, but it is 2.4 MB, which seemed too large to put in the bug report text.

Valgrind output:

==21903== Memcheck, a memory error detector
==21903== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==21903== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==21903== Command: ./ffserver_g -f /home/nl35/research/temp/ffserver.conf
==21903==
ffserver version N-87034-geca2a49 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 20160609
  configuration: --enable-debug=0
  libavutil      55. 74.100 / 55. 74.100
  libavcodec     57.103.100 / 57.103.100
  libavformat    57. 76.100 / 57. 76.100
  libavdevice    57.  7.101 / 57.  7.101
  libavfilter     6.100.100 /  6.100.100
  libswscale      4.  7.102 /  4.  7.102
  libswresample   2.  8.100 /  2.  8.100
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video bit rate tolerance = 16000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video rate control equation = tex^qComp. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video max rate = 128000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for audio sample rate = 22050. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for audio channel count = 1. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video bit rate tolerance = 64000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video rate control equation = tex^qComp. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video max rate = 512000. Use NoDefaults to disable it.
Wed Aug 23 15:48:47 2017 Opening feed file '/home/nl35/research/temp/H.264/rogue_one_trailer_2_small.mp4' for stream 'test2.mp4'
Wed Aug 23 15:48:47 2017 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x5b98da0]stream 0, timescale not set
Wed Aug 23 15:48:48 2017 Codecs do not match for stream 0
Wed Aug 23 15:48:48 2017 [ffm @ 0x65a9a60]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:48:48 2017 [ffm @ 0x65a9a60]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:48:48 2017 [ffm @ 0x65a9a60]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:48:48 2017 [ffm @ 0x65a9a60]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:48:48 2017 FFserver started.
==21903==
==21903== Process terminating with default action of signal 6 (SIGABRT)
==21903==    at 0x57B3428: raise (raise.c:54)
==21903==    by 0x57B5029: abort (abort.c:89)
==21903==    by 0x47CF3A: http_parse_request (in /home/nl35/research/video-streaming/ffmpeg/ffserver_g)
==21903==    by 0x46E024: main (in /home/nl35/research/video-streaming/ffmpeg/ffserver_g)
==21903==
==21903== HEAP SUMMARY:
==21903==     in use at exit: 293,447 bytes in 81 blocks
==21903==   total heap usage: 1,555 allocs, 1,474 frees, 8,874,581 bytes allocated
==21903==
==21903== LEAK SUMMARY:
==21903==    definitely lost: 32 bytes in 1 blocks
==21903==    indirectly lost: 8,608 bytes in 20 blocks
==21903==      possibly lost: 0 bytes in 0 blocks
==21903==    still reachable: 284,807 bytes in 60 blocks
==21903==         suppressed: 0 bytes in 0 blocks
==21903== Rerun with --leak-check=full to see details of leaked memory
==21903==
==21903== For counts of detected and suppressed errors, rerun with: -v
==21903== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted (core dumped)

GDB output:

(gdb) run
Starting program: /home/nl35/research/video-streaming/ffmpeg/ffserver_g -f /home/nl35/research/temp/ffserver.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffserver version N-87034-geca2a49 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 20160609
  configuration: --enable-debug=0
  libavutil      55. 74.100 / 55. 74.100
  libavcodec     57.103.100 / 57.103.100
  libavformat    57. 76.100 / 57. 76.100
  libavdevice    57.  7.101 / 57.  7.101
  libavfilter     6.100.100 /  6.100.100
  libswscale      4.  7.102 /  4.  7.102
  libswresample   2.  8.100 /  2.  8.100
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video bit rate tolerance = 16000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video rate control equation = tex^qComp. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:164: Setting default value for video max rate = 128000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for audio sample rate = 22050. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for audio channel count = 1. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video bit rate tolerance = 64000. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video rate control equation = tex^qComp. Use NoDefaults to disable it.
/home/nl35/research/temp/ffserver.conf:219: Setting default value for video max rate = 512000. Use NoDefaults to disable it.
Wed Aug 23 15:44:56 2017 Opening feed file '/home/nl35/research/temp/H.264/rogue_one_trailer_2_small.mp4' for stream 'test2.mp4'
Wed Aug 23 15:44:56 2017 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x1d4f060]stream 0, timescale not set
Wed Aug 23 15:44:56 2017 Codecs do not match for stream 0
Wed Aug 23 15:44:56 2017 [ffm @ 0x1d4fa20]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:44:56 2017 [ffm @ 0x1d4fa20]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:44:56 2017 [ffm @ 0x1d4fa20]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:44:56 2017 [ffm @ 0x1d4fa20]Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Wed Aug 23 15:44:56 2017 FFserver started.

Program received signal SIGABRT, Aborted.
0x00007ffff70fe428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54    ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff70fe428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff710002a in __GI_abort () at abort.c:89
#2  0x000000000047cf3b in http_parse_request ()
#3  0x000000000046e025 in main ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff70fe408 to 0x7ffff70fe448:
   0x00007ffff70fe408 <__GI_raise+24>:    mov    $0xf000000,%edx
   0x00007ffff70fe40d <__GI_raise+29>:    add    $0x8964c189,%eax
   0x00007ffff70fe412 <__GI_raise+34>:    add    $0x25,%al
   0x00007ffff70fe414 <__GI_raise+36>:    rolb   (%rdx)
   0x00007ffff70fe416 <__GI_raise+38>:    add    %al,(%rax)
   0x00007ffff70fe418 <__GI_raise+40>:    movslq %eax,%rsi
   0x00007ffff70fe41b <__GI_raise+43>:    movslq %edi,%rdx
   0x00007ffff70fe41e <__GI_raise+46>:    mov    $0xea,%eax
   0x00007ffff70fe423 <__GI_raise+51>:    movslq %ecx,%rdi
   0x00007ffff70fe426 <__GI_raise+54>:    syscall
=> 0x00007ffff70fe428 <__GI_raise+56>:    cmp    $0xfffffffffffff000,%rax
   0x00007ffff70fe42e <__GI_raise+62>:    ja     0x7ffff70fe450 <__GI_raise+96>
   0x00007ffff70fe430 <__GI_raise+64>:    repz retq
   0x00007ffff70fe432 <__GI_raise+66>:    nopw   0x0(%rax,%rax,1)
   0x00007ffff70fe438 <__GI_raise+72>:    test   %ecx,%ecx
   0x00007ffff70fe43a <__GI_raise+74>:    jg     0x7ffff70fe41b <__GI_raise+43>
   0x00007ffff70fe43c <__GI_raise+76>:    mov    %ecx,%edx
   0x00007ffff70fe43e <__GI_raise+78>:    neg    %edx
   0x00007ffff70fe440 <__GI_raise+80>:    and    $0x7fffffff,%ecx
   0x00007ffff70fe446 <__GI_raise+86>:    cmove  %esi,%edx
End of assembler dump.

Change History (1)

comment:1 Changed 3 months ago by nlebeck

  • Version changed from unspecified to git-master
Note: See TracTickets for help on using tickets.