Opened 2 months ago

Closed 2 months ago

#7200 closed defect (fixed)

Assertion failure with h264_metadata bsf

Reported by: mypopy Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: crash abort regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
How to reproduce:

% ffmpeg -y -i test.ts -c:v copy -bsf:v h264_metadata=aud=remove test_idr_new.mp4
ffmpeg version master (f995aa82d85810e37432fbf49342921c703a4e8d)

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (1)

test.ts (2.2 MB) - added by mypopy 2 months ago.

Change History (6)

Changed 2 months ago by mypopy

comment:1 Changed 2 months ago by mypopy

./ffmpeg -y -i ../../Downloads/test.ts -c:v copy -bsf:v h264_metadata=aud=remove test_idr_new.mp4
ffmpeg version N-90872-g92a0a6bea9 Copyright (c) 2000-2018 the FFmpeg developers

built with gcc 7 (Ubuntu 7.2.0-8ubuntu3.2)
configuration: --enable-vaapi --enable-libx264 --enable-libx265 --enable-gpl --enable-libwebp --disable-optimizations --samples=../fate-suite --enable-libdrm --enable-opencl --enable-libpulse
libavutil 56. 17.100 / 56. 17.100
libavcodec 58. 19.100 / 58. 19.100
libavformat 58. 13.100 / 58. 13.100
libavdevice 58. 4.100 / 58. 4.100
libavfilter 7. 20.100 / 7. 20.100
libswscale 5. 2.100 / 5. 2.100
libswresample 3. 2.100 / 3. 2.100
libpostproc 55. 2.100 / 55. 2.100

Input #0, mpegts, from '../../Downloads/test.ts':

Duration: 00:00:08.84, start: 1.400000, bitrate: 2136 kb/s
Program 1

Metadata:

service_name : Service01
service_provider: FFmpeg

Stream #0:0[0x100]: Video: h264 (Baseline) ([27][0][0][0] / 0x001B), yuv420p(tv, bt470bg/bt470bg/smpte170m, progressive), 1280x720, 23.98 tbr, 90k tbn, 180k tbc
Stream #0:1[0x101]: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, mono, fltp, 98 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (aac (native) -> aac (native))

Press [q] to stop, ? for help
Assertion size > 0 failed at libavcodec/cbs_h2645.c:482
Aborted (core dumped)

comment:2 Changed 2 months ago by jamrial

  • Reproduced by developer set
  • Status changed from new to open
  • Summary changed from FFmpeg crash when use cbs to remove AUD to Assertion failure with h264_metadata bsf

No need to remove AUD NALus, running the file through the h264_metadata bsf is enough.

$ ./ffmpeg -i test.ts -c:v copy -bsf:v h264_metadata -f mp4 NUL
ffmpeg version N-91064-g89a04472a7 Copyright (c) 2000-2018 the FFmpeg developers
  built with gcc 7.3.0 (Rev2, Built by MSYS2 project)
  configuration: --enable-gpl --enable-nonfree --enable-opencl --enable-libaom --enable-libopenjpeg --enable-libzimg --enable-libfdk-aac --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libwebp --cpu=haswell --extra-cflags='-D_WIN32_WINNT=0x0602' --cc='ccache gcc' --x86asmexe=yasm --samples=../samples --prefix=/mingw64
  libavutil      56. 18.102 / 56. 18.102
  libavcodec     58. 19.101 / 58. 19.101
  libavformat    58. 13.102 / 58. 13.102
  libavdevice    58.  4.100 / 58.  4.100
  libavfilter     7. 22.100 /  7. 22.100
  libswscale      5.  2.100 /  5.  2.100
  libswresample   3.  2.100 /  3.  2.100
  libpostproc    55.  2.100 / 55.  2.100
Input #0, mpegts, from 'test.ts':
  Duration: 00:00:08.84, start: 1.400000, bitrate: 2136 kb/s
  Program 1
    Metadata:
      service_name    : Service01
      service_provider: FFmpeg
    Stream #0:0[0x100]: Video: h264 (Baseline) ([27][0][0][0] / 0x001B), yuv420p(tv, bt470bg/bt470bg/smpte170m, progressive), 1280x720, 23.98 tbr, 90k tbn, 180k tbc
    Stream #0:1[0x101]: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, mono, fltp, 98 kb/s
File 'NUL' already exists. Overwrite ? [y/N] y
Stream mapping:
  Stream #0:0 -> #0:0 (copy)
  Stream #0:1 -> #0:1 (aac (native) -> aac (native))
Press [q] to stop, [?] for help
Assertion size > 0 failed at K:/ffmpeg/src/libavcodec/cbs_h2645.c:526

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

Did not check if this is a regression or not.

comment:3 Changed 2 months ago by mkver

The H264 bitstream contains 00 00 00 01 00 00 00 01; the second start code starts a real NAL unit, but the first one is empty after the trailing zeros have been stripped away as is done in cbs_h2645_fragment_add_nals. In the very same function there is also an assert that the size after stripping away trailing zeros is still >0 (which is of course what triggers this assertion failure). This has been introduced in commit e7f64191b27bcf37cbf7006606f0f439c6cdc24f.
If one simply remuxes to mkv/mp4, the file really contains a NAL unit of size zero. Is this even legal H264 in mp4/mkv?

Last edited 2 months ago by mkver (previous) (diff)

comment:4 Changed 2 months ago by cehoyos

  • Keywords crash abort regression added
  • Priority changed from normal to important

comment:5 Changed 2 months ago by jkqxz

  • Resolution set to fixed
  • Status changed from open to closed

Fixed by 9a09f4c54ab829811c2dd041cfb7196000590b78 (NAL units with no content are now dropped during parsing, so they no longer reach the CBS layer).

Note: See TracTickets for help on using tickets.