Opened 6 years ago

Closed 6 years ago

#7336 closed defect (fixed)

crash when the dash stream only has audio-pid

Reported by: satbaby Owned by:
Priority: important Component: avformat
Version: git-master Keywords: dash crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
How to reproduce:

./ffprobe_g -loglevel 256 https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_two.mpd
ffprobe version N-91542-gec517ad9f9 Copyright (c) 2007-2018 the FFmpeg developers
  built with gcc 7.3.0 (Gentoo 7.3.0-r3 p1.4)
  configuration: --disable-doc --disable-stripping --enable-debug=1 --enable-libxml2 --enable-demuxer=dash --enable-openssl
  libavutil      56. 18.102 / 56. 18.102
  libavcodec     58. 22.100 / 58. 22.100
  libavformat    58. 17.101 / 58. 17.101
  libavdevice    58.  4.101 / 58.  4.101
  libavfilter     7. 26.100 /  7. 26.100
  libswscale      5.  2.100 /  5.  2.100
  libswresample   3.  2.100 /  3.  2.100
[NULL @ 0x55a900bba500] Opening 'https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_two.mpd' for reading
[https @ 0x55a900bbb080] Setting default whitelist 'http,https,tls,rtp,tcp,udp,crypto,httpproxy'
[https @ 0x55a900bbb080] request: GET /media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_two.mpd HTTP/1.1
User-Agent: Lavf/58.17.101
Accept: */*
Range: bytes=0-
Connection: close
Host: a.files.bbci.co.uk
Icy-MetaData: 1


[https @ 0x55a900bbb080] header='HTTP/1.1 206 Partial Content'
[https @ 0x55a900bbb080] http_code=206
[https @ 0x55a900bbb080] header='x-amz-id-2: RPa8tWHSXZjVGxudahPxRJmOHN7Yt8nOkc/bgM08cgFFxCGBQfkDfo/rw5dhf2bLyjaQBWtVt6U='
[https @ 0x55a900bbb080] header='x-amz-request-id: B1E3BDC92FF22F71'
[https @ 0x55a900bbb080] header='Last-Modified: Thu, 08 Mar 2018 13:25:00 GMT'
[https @ 0x55a900bbb080] header='ETag: "58c59ffe11ef7385e4d09d1f0b789202"'
[https @ 0x55a900bbb080] header='Cache-Control: max-age=300'
[https @ 0x55a900bbb080] header='x-amz-meta-checksum: 8ec120aa16672dd851fb47ebb1dffeca'
[https @ 0x55a900bbb080] header='Accept-Ranges: bytes'
[https @ 0x55a900bbb080] header='Content-Type: application/dash+xml'
[https @ 0x55a900bbb080] header='Server: AmazonS3'
[https @ 0x55a900bbb080] header='Date: Mon, 30 Jul 2018 14:55:37 GMT'
[https @ 0x55a900bbb080] header='Content-Range: bytes 0-2492/2493'
[https @ 0x55a900bbb080] header='Content-Length: 2493'
[https @ 0x55a900bbb080] header='Connection: close'
[https @ 0x55a900bbb080] header='Access-Control-Max-Age: 300'
[https @ 0x55a900bbb080] header='Access-Control-Allow-Credentials: false'
[https @ 0x55a900bbb080] header='Access-Control-Allow-Headers: *'
[https @ 0x55a900bbb080] header='Access-Control-Allow-Methods: HEAD,GET'
[https @ 0x55a900bbb080] header='Access-Control-Allow-Origin: *'
[https @ 0x55a900bbb080] header=''
Probing dash score:100 size:2048
[dash @ 0x55a900bba500] Format dash probed with size=2048 and score=100
Segmentation fault

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Change History (2)

comment:1 by Carl Eugen Hoyos, 6 years ago

Keywords: crash SIGSEGV added
Priority: normalimportant
Reproduced by developer: set
Status: newopen

For future tickets: Please remember not to use ffprobe if the issue is reproducible with ffmpeg.

(gdb) r -i https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_two.mpd
Starting program: ffmpeg_g -i https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-91545-gd36b839 Copyright (c) 2000-2018 the FFmpeg developers
  built with gcc 6.4.0 (GCC)
  configuration: --enable-gpl --enable-gnutls --enable-libxml2
  libavutil      56. 18.102 / 56. 18.102
  libavcodec     58. 22.100 / 58. 22.100
  libavformat    58. 17.101 / 58. 17.101
  libavdevice    58.  4.101 / 58.  4.101
  libavfilter     7. 26.100 /  7. 26.100
  libswscale      5.  2.100 /  5.  2.100
  libswresample   3.  2.100 /  3.  2.100
  libpostproc    55.  2.100 / 55.  2.100

Program received signal SIGSEGV, Segmentation fault.
dash_read_header (s=0x20d2500) at libavformat/dashdec.c:1939
1939        c->is_init_section_common_video = is_common_init_section_exist(c->videos, c->n_videos);
Missing separate debuginfos, use: zypper install nss-mdns-debuginfo-0.10-55.5.1.x86_64
(gdb) bt
#0  dash_read_header (s=0x20d2500) at libavformat/dashdec.c:1939
#1  0x000000000076c6ed in avformat_open_input (ps=ps@entry=0x7fffffffd650, filename=filename@entry=0x7fffffffe197 "https://a.files.bbci.c
    at libavformat/utils.c:631
#2  0x0000000000487a5c in open_input_file (o=o@entry=0x7fffffffd7f0, filename=<optimized out>) at fftools/ffmpeg_opt.c:1069
#3  0x00000000004892bf in open_files (l=0x20d2398, l=0x20d2398, open_file=0x486040 <open_input_file>, inout=0x120e491 "input") at fftools
#4  ffmpeg_parse_options (argc=argc@entry=3, argv=argv@entry=0x7fffffffdcf8) at fftools/ffmpeg_opt.c:3259
#5  0x00000000004818ad in main (argc=3, argv=0x7fffffffdcf8) at fftools/ffmpeg.c:4859
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x65d16e to 0x65d1ae:
   0x000000000065d16e <dash_read_header+430>:   in     (%dx),%eax
   0x000000000065d16f <dash_read_header+431>:   jne    0x65d137 <dash_read_header+375>
   0x000000000065d171 <dash_read_header+433>:   mov    0x78(%rbx),%eax
   0x000000000065d174 <dash_read_header+436>:   test   %eax,%eax
   0x000000000065d176 <dash_read_header+438>:   jne    0x65d187 <dash_read_header+455>
   0x000000000065d178 <dash_read_header+440>:   imul   $0xf4240,0x30(%rbx),%rax
   0x000000000065d180 <dash_read_header+448>:   mov    %rax,0x448(%rbp)
   0x000000000065d187 <dash_read_header+455>:   mov    0x18(%rbx),%rdx
   0x000000000065d18b <dash_read_header+459>:   mov    0x10(%rbx),%ecx
=> 0x000000000065d18e <dash_read_header+462>:   mov    (%rdx),%rax
   0x000000000065d191 <dash_read_header+465>:   mov    0x228(%rax),%rax
   0x000000000065d198 <dash_read_header+472>:   test   %rax,%rax
   0x000000000065d19b <dash_read_header+475>:   je     0x65d278 <dash_read_header+696>
   0x000000000065d1a1 <dash_read_header+481>:   test   %ecx,%ecx
   0x000000000065d1a3 <dash_read_header+483>:   je     0x65d278 <dash_read_header+696>
   0x000000000065d1a9 <dash_read_header+489>:   mov    0x10(%rax),%rsi
   0x000000000065d1ad <dash_read_header+493>:   test   %ecx,%ecx
End of assembler dump.
(gdb) info register
rax            0x1      1
rbx            0x20d9200        34443776
rcx            0x0      0
rdx            0x0      0
rsi            0x0      0
rdi            0x7ffff52a7620   140737306588704
rbp            0x20d2500        0x20d2500
rsp            0x7fffffffd4d0   0x7fffffffd4d0
r8             0x20c40e0        34357472
r9             0x0      0
r10            0x7ffff50238f0   140737303951600
r11            0x7ffff5071d60   140737304272224
r12            0x0      0
r13            0x0      0
r14            0x7fffffffd520   140737488344352
r15            0x20d92a8        34443944
rip            0x65d18e 0x65d18e <dash_read_header+462>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

comment:2 by Carl Eugen Hoyos, 6 years ago

Resolution: fixed
Status: openclosed

Fixed by Jacek Jendrzej in 2f45378ba14417cbb4fc9494ba941cb06443c4f9

Note: See TracTickets for help on using tickets.