#10027 closed defect (fixed)
vp4 crash
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | vp4 crash |
| Cc: | Mika Fischer | Blocked By: | |
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://samples.mplayerhq.hu/V-codecs/VP4/ot171_vp40.avi
valgrind --leak-check=full ./ffmpeg_g -i ot171_vp40.avi -f null - ==19766== Memcheck, a memory error detector ==19766== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==19766== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==19766== Command: ./ffmpeg_g -i ot171_vp40.avi -f null - ==19766== ffmpeg version N-109064-gc124981b79 Copyright (c) 2000-2022 the FFmpeg developers built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1) configuration: libavutil 57. 42.100 / 57. 42.100 libavcodec 59. 52.101 / 59. 52.101 libavformat 59. 34.101 / 59. 34.101 libavdevice 59. 8.101 / 59. 8.101 libavfilter 8. 50.100 / 8. 50.100 libswscale 6. 8.112 / 6. 8.112 libswresample 4. 9.100 / 4. 9.100 Guessed Channel Layout for Input Stream #0.1 : mono Input #0, avi, from 'ot171_vp40.avi': Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1 channels, u8, 88 kb/s Stream mapping: Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native)) Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native)) Press [q] to stop, [?] for help ==19766== Thread 3 av:vp4:df1: ==19766== Use of uninitialised value of size 8 ==19766== at 0x9F5D86: frame_worker_thread (pthread_frame.c:241) ==19766== by 0x4FBC608: start_thread (pthread_create.c:477) ==19766== by 0x50F6132: clone (clone.S:95) ==19766== ==19766== Use of uninitialised value of size 8 ==19766== at 0x9F5D90: frame_worker_thread (pthread_frame.c:243) ==19766== by 0x4FBC608: start_thread (pthread_create.c:477) ==19766== by 0x50F6132: clone (clone.S:95) ==19766== ==19766== Use of uninitialised value of size 8 ==19766== at 0x9F5DC0: frame_worker_thread (pthread_frame.c:249) ==19766== by 0x4FBC608: start_thread (pthread_create.c:477) ==19766== by 0x50F6132: clone (clone.S:95) ==19766== ==19766== Invalid read of size 8 ==19766== at 0x9F5DCA: frame_worker_thread (pthread_frame.c:260) ==19766== by 0x4FBC608: start_thread (pthread_create.c:477) ==19766== by 0x50F6132: clone (clone.S:95) ==19766== Address 0x106064e58 is not stack'd, malloc'd or (recently) free'd ==19766== ==19766== ==19766== Process terminating with default action of signal 11 (SIGSEGV) ==19766== Access not within mapped region at address 0x106064E58 ==19766== at 0x9F5DCA: frame_worker_thread (pthread_frame.c:260) ==19766== by 0x4FBC608: start_thread (pthread_create.c:477) ==19766== by 0x50F6132: clone (clone.S:95) ==19766== If you believe this happened as a result of a stack ==19766== overflow in your program's main thread (unlikely but ==19766== possible), you can try to increase the size of the ==19766== main thread stack using the --main-stacksize= flag. ==19766== The main thread stack size used in this run was 8388608. ==19766== ==19766== HEAP SUMMARY: ==19766== in use at exit: 12,612,355 bytes in 1,344 blocks ==19766== total heap usage: 2,977 allocs, 1,633 frees, 20,264,076 bytes allocated ==19766== ==19766== Thread 1: ==19766== 304 bytes in 1 blocks are possibly lost in loss record 152 of 240 ==19766== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==19766== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==19766== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==19766== by 0x4FBD322: allocate_stack (allocatestack.c:622) ==19766== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==19766== by 0x2A199A: thread_start (ffmpeg_demux.c:397) ==19766== by 0x2A199A: ifile_get_packet (ffmpeg_demux.c:417) ==19766== by 0x2C6142: process_input (ffmpeg.c:3637) ==19766== by 0x2C6142: transcode_step (ffmpeg.c:3858) ==19766== by 0x2C6142: transcode (ffmpeg.c:3905) ==19766== by 0x29DC8A: main (ffmpeg.c:4052) ==19766== ==19766== 2,432 bytes in 8 blocks are possibly lost in loss record 209 of 240 ==19766== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==19766== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==19766== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==19766== by 0x4FBD322: allocate_stack (allocatestack.c:622) ==19766== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==19766== by 0x1083EE1: avpriv_slicethread_create (slicethread.c:151) ==19766== by 0x303389: thread_init_internal (pthread.c:77) ==19766== by 0x303389: ff_graph_thread_init (pthread.c:96) ==19766== by 0x2EFC44: avfilter_graph_alloc_filter (avfiltergraph.c:175) ==19766== by 0x30192E: create_filter (graphparser.c:132) ==19766== by 0x30192E: parse_filter (graphparser.c:201) ==19766== by 0x3024D7: avfilter_graph_parse2 (graphparser.c:438) ==19766== by 0x2A35DC: configure_filtergraph (ffmpeg_filter.c:1014) ==19766== by 0x2C3B8B: ifilter_send_frame (ffmpeg.c:1945) ==19766== by 0x2C3B8B: send_frame_to_filters.isra.0 (ffmpeg.c:2021) ==19766== by 0x2C3F5F: decode_audio (ffmpeg.c:2087) ==19766== by 0x2C6D34: process_input_packet (ffmpeg.c:2357) ==19766== by 0x2C6D34: process_input (ffmpeg.c:3723) ==19766== by 0x2C6D34: transcode_step (ffmpeg.c:3858) ==19766== by 0x2C6D34: transcode (ffmpeg.c:3905) ==19766== ==19766== 2,736 bytes in 9 blocks are possibly lost in loss record 210 of 240 ==19766== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==19766== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==19766== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==19766== by 0x4FBD322: allocate_stack (allocatestack.c:622) ==19766== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==19766== by 0x256F4D: init_thread (pthread_frame.c:871) ==19766== by 0x256F4D: ff_frame_thread_init.cold (pthread_frame.c:927) ==19766== by 0x6EDE06: avcodec_open2 (avcodec.c:304) ==19766== by 0x2C4F3F: init_input_stream (ffmpeg.c:2593) ==19766== by 0x2C4F3F: transcode_init (ffmpeg.c:3197) ==19766== by 0x2C5848: transcode (ffmpeg.c:3881) ==19766== by 0x29DC8A: main (ffmpeg.c:4052) ==19766== ==19766== LEAK SUMMARY: ==19766== definitely lost: 0 bytes in 0 blocks ==19766== indirectly lost: 0 bytes in 0 blocks ==19766== possibly lost: 5,472 bytes in 18 blocks ==19766== still reachable: 12,606,883 bytes in 1,326 blocks ==19766== suppressed: 0 bytes in 0 blocks ==19766== Reachable blocks (those to which a pointer was found) are not shown. ==19766== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==19766== ==19766== Use --track-origins=yes to see where uninitialised values come from ==19766== For lists of detected and suppressed errors, rerun with: -s ==19766== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
Attachments (1)
Change History (11)
comment:1 by , 4 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | vp4 crash added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Version: | unspecified → git-master |
comment:2 by , 4 years ago
I also get the crash here (always) with this autobuild, but it's a bit outdated:
https://johnvansickle.com/ffmpeg/builds/ffmpeg-git-amd64-static.tar.xz
comment:3 by , 4 years ago
this has something to do with mmxext
valgrind --leak-check=full ./ffmpeg_g -i ot171_vp40.avi -f null - ==15147== Memcheck, a memory error detector ==15147== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==15147== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==15147== Command: ./ffmpeg_g -i ot171_vp40.avi -f null - ==15147== ffmpeg version N-109227-g1a7efafd33 Copyright (c) 2000-2022 the FFmpeg developers built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1) configuration: --enable-libopenjpeg libavutil 57. 43.100 / 57. 43.100 libavcodec 59. 54.100 / 59. 54.100 libavformat 59. 34.102 / 59. 34.102 libavdevice 59. 8.101 / 59. 8.101 libavfilter 8. 50.101 / 8. 50.101 libswscale 6. 8.112 / 6. 8.112 libswresample 4. 9.100 / 4. 9.100 Guessed Channel Layout for Input Stream #0.1 : mono Input #0, avi, from 'ot171_vp40.avi': Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1 channels, u8, 88 kb/s Stream mapping: Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native)) Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native)) Press [q] to stop, [?] for help ==15147== Thread 3 av:vp4:df1: ==15147== Use of uninitialised value of size 8 ==15147== at 0x9F92A6: frame_worker_thread (pthread_frame.c:241) ==15147== by 0x502A608: start_thread (pthread_create.c:477) ==15147== by 0x5166132: clone (clone.S:95) ==15147== ==15147== Use of uninitialised value of size 8 ==15147== at 0x9F92B0: frame_worker_thread (pthread_frame.c:243) ==15147== by 0x502A608: start_thread (pthread_create.c:477) ==15147== by 0x5166132: clone (clone.S:95) ==15147== ==15147== Use of uninitialised value of size 8 ==15147== at 0x9F92E0: frame_worker_thread (pthread_frame.c:249) ==15147== by 0x502A608: start_thread (pthread_create.c:477) ==15147== by 0x5166132: clone (clone.S:95) ==15147== ==15147== Invalid read of size 8 ==15147== at 0x9F92EA: frame_worker_thread (pthread_frame.c:260) ==15147== by 0x502A608: start_thread (pthread_create.c:477) ==15147== by 0x5166132: clone (clone.S:95) ==15147== Address 0x1060d5ed8 is not stack'd, malloc'd or (recently) free'd ==15147== ==15147== ==15147== Process terminating with default action of signal 11 (SIGSEGV) ==15147== Access not within mapped region at address 0x1060D5ED8 ==15147== at 0x9F92EA: frame_worker_thread (pthread_frame.c:260) ==15147== by 0x502A608: start_thread (pthread_create.c:477) ==15147== by 0x5166132: clone (clone.S:95) ==15147== If you believe this happened as a result of a stack ==15147== overflow in your program's main thread (unlikely but ==15147== possible), you can try to increase the size of the ==15147== main thread stack using the --main-stacksize= flag. ==15147== The main thread stack size used in this run was 8388608. ==15147== ==15147== HEAP SUMMARY: ==15147== in use at exit: 12,613,711 bytes in 1,348 blocks ==15147== total heap usage: 2,982 allocs, 1,634 frees, 20,265,448 bytes allocated ==15147== ==15147== Thread 1: ==15147== 304 bytes in 1 blocks are possibly lost in loss record 152 of 240 ==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==15147== by 0x502B322: allocate_stack (allocatestack.c:622) ==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==15147== by 0x2A51C9: thread_start (ffmpeg_demux.c:398) ==15147== by 0x2A51C9: ifile_get_packet (ffmpeg_demux.c:418) ==15147== by 0x2C9621: process_input (ffmpeg.c:3597) ==15147== by 0x2C9621: transcode_step (ffmpeg.c:3818) ==15147== by 0x2C9621: transcode (ffmpeg.c:3865) ==15147== by 0x2A14AA: main (ffmpeg.c:4010) ==15147== ==15147== 2,432 bytes in 8 blocks are possibly lost in loss record 208 of 240 ==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==15147== by 0x502B322: allocate_stack (allocatestack.c:622) ==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==15147== by 0x10882C1: avpriv_slicethread_create (slicethread.c:151) ==15147== by 0x306829: thread_init_internal (pthread.c:77) ==15147== by 0x306829: ff_graph_thread_init (pthread.c:96) ==15147== by 0x2F30E4: avfilter_graph_alloc_filter (avfiltergraph.c:175) ==15147== by 0x304DCE: create_filter (graphparser.c:132) ==15147== by 0x304DCE: parse_filter (graphparser.c:201) ==15147== by 0x305977: avfilter_graph_parse2 (graphparser.c:438) ==15147== by 0x2A6E3C: configure_filtergraph (ffmpeg_filter.c:1013) ==15147== by 0x2C732B: ifilter_send_frame (ffmpeg.c:1930) ==15147== by 0x2C732B: send_frame_to_filters.isra.0 (ffmpeg.c:2006) ==15147== by 0x2C76FF: decode_audio (ffmpeg.c:2072) ==15147== by 0x2CA114: process_input_packet (ffmpeg.c:2342) ==15147== by 0x2CA114: process_input (ffmpeg.c:3683) ==15147== by 0x2CA114: transcode_step (ffmpeg.c:3818) ==15147== by 0x2CA114: transcode (ffmpeg.c:3865) ==15147== ==15147== 2,736 bytes in 9 blocks are possibly lost in loss record 209 of 240 ==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286) ==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532) ==15147== by 0x502B322: allocate_stack (allocatestack.c:622) ==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660) ==15147== by 0x25926D: init_thread (pthread_frame.c:871) ==15147== by 0x25926D: ff_frame_thread_init.cold (pthread_frame.c:927) ==15147== by 0x6EEFC6: avcodec_open2 (avcodec.c:304) ==15147== by 0x2C85EA: init_input_stream (ffmpeg.c:2577) ==15147== by 0x2C85EA: transcode_init (ffmpeg.c:3156) ==15147== by 0x2C8EA8: transcode (ffmpeg.c:3841) ==15147== by 0x2A14AA: main (ffmpeg.c:4010) ==15147== ==15147== LEAK SUMMARY: ==15147== definitely lost: 0 bytes in 0 blocks ==15147== indirectly lost: 0 bytes in 0 blocks ==15147== possibly lost: 5,472 bytes in 18 blocks ==15147== still reachable: 12,608,239 bytes in 1,330 blocks ==15147== suppressed: 0 bytes in 0 blocks ==15147== Reachable blocks (those to which a pointer was found) are not shown. ==15147== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==15147== ==15147== Use --track-origins=yes to see where uninitialised values come from ==15147== For lists of detected and suppressed errors, rerun with: -s ==15147== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
valgrind --leak-check=full ./ffmpeg_g -cpuflags -mmxext -i ot171_vp40.avi -f null -
==15199== Memcheck, a memory error detector
==15199== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15199== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==15199== Command: ./ffmpeg_g -cpuflags -mmxext -i ot171_vp40.avi -f null -
==15199==
ffmpeg version N-109227-g1a7efafd33 Copyright (c) 2000-2022 the FFmpeg developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration: --enable-libopenjpeg
libavutil 57. 43.100 / 57. 43.100
libavcodec 59. 54.100 / 59. 54.100
libavformat 59. 34.102 / 59. 34.102
libavdevice 59. 8.101 / 59. 8.101
libavfilter 8. 50.101 / 8. 50.101
libswscale 6. 8.112 / 6. 8.112
libswresample 4. 9.100 / 4. 9.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1 channels, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf59.34.102
Stream #0:0: Video: wrapped_avframe, yuv420p(progressive), 160x112, q=2-31, 200 kb/s, 15 fps, 15 tbn
Metadata:
encoder : Lavc59.54.100 wrapped_avframe
Stream #0:1: Audio: pcm_s16le, 11025 Hz, mono, s16, 176 kb/s
Metadata:
encoder : Lavc59.54.100 pcm_s16le
frame= 364 fps=139 q=-0.0 Lsize=N/A time=00:00:24.23 bitrate=N/A speed=9.27x
video:171kB audio:523kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==15199==
==15199== HEAP SUMMARY:
==15199== in use at exit: 0 bytes in 0 blocks
==15199== total heap usage: 27,801 allocs, 27,801 frees, 23,578,463 bytes allocated
==15199==
==15199== All heap blocks were freed -- no leaks are possible
==15199==
==15199== For lists of detected and suppressed errors, rerun with: -s
==15199== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
comment:4 by , 4 years ago
with -threads 1 I get this:
Thread 1 "ffmpeg_g" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff75fe859 in __GI_abort () at abort.c:79
#2 0x00007ffff766926e in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff779308f "*** %s ***: terminated\n")
at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff770baba in __GI___fortify_fail (
msg=msg@entry=0x7ffff7793077 "stack smashing detected")
at fortify_fail.c:26
#4 0x00007ffff770ba86 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x0000555555f87916 in vp3_decode_frame (avctx=<optimized out>,
frame=<optimized out>, got_frame=<optimized out>, avpkt=<optimized out>)
at libavcodec/vp3.c:2641
#6 0x0000555555b93302 in decode_simple_internal (
discarded_samples=<synthetic pointer>, frame=0x55555717de30,
avctx=0x5555570247f0) at libavcodec/decode.c:307
#7 decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized out>)
at libavcodec/decode.c:563
#8 decode_receive_frame_internal (avctx=avctx@entry=0x5555570247f0,
frame=0x55555717de30) at libavcodec/decode.c:584
#9 0x0000555555b93eb0 in avcodec_send_packet (avctx=0x5555570247f0,
avpkt=0x555557021dd0) at libavcodec/decode.c:665
#10 0x000055555570808f in decode (pkt=0x555557021dd0,
got_frame=0x7fffffffdc60, frame=0x55555717c030, avctx=0x5555570247f0)
--Type <RET> for more, q to quit, c to continue without paging--
at fftools/ffmpeg.c:1984
#11 decode_video (ist=0x5555570313d0, pkt=0x555557021dd0,
got_output=0x7fffffffdc60, duration_pts=0x7fffffffdc70, eof=0,
decode_failed=0x7fffffffdc64) at fftools/ffmpeg.c:2109
#12 0x000055555570ac7a in process_input_packet (no_eof=0, pkt=<optimized out>,
ist=0x5555570313d0) at fftools/ffmpeg.c:3558
#13 process_input (file_index=<optimized out>) at fftools/ffmpeg.c:3683
#14 transcode_step () at fftools/ffmpeg.c:3818
#15 transcode () at fftools/ffmpeg.c:3865
#16 0x00005555556e1c3b in main (argc=8, argv=0x7fffffffdf38)
at fftools/ffmpeg.c:4010
==34043== Invalid read of size 8 ==34043== at 0x747318: decode_simple_internal (decode.c:311) ==34043== by 0x747318: decode_simple_receive_frame (decode.c:563) ==34043== by 0x747318: decode_receive_frame_internal (decode.c:584) ==34043== by 0x747EAF: avcodec_send_packet (decode.c:665) ==34043== by 0x2BC08E: decode (ffmpeg.c:1984) ==34043== by 0x2BC08E: decode_video (ffmpeg.c:2109) ==34043== by 0x2BEC79: process_input_packet (ffmpeg.c:2347) ==34043== by 0x2BEC79: process_input (ffmpeg.c:3683) ==34043== by 0x2BEC79: transcode_step (ffmpeg.c:3818) ==34043== by 0x2BEC79: transcode (ffmpeg.c:3865) ==34043== by 0x295C3A: main (ffmpeg.c:4010) ==34043== Address 0x105ede780 is not stack'd, malloc'd or (recently) free'd ==34043== ==34043== ==34043== Process terminating with default action of signal 11 (SIGSEGV) ==34043== Access not within mapped region at address 0x105EDE780 ==34043== at 0x747318: decode_simple_internal (decode.c:311) ==34043== by 0x747318: decode_simple_receive_frame (decode.c:563) ==34043== by 0x747318: decode_receive_frame_internal (decode.c:584) ==34043== by 0x747EAF: avcodec_send_packet (decode.c:665) ==34043== by 0x2BC08E: decode (ffmpeg.c:1984) ==34043== by 0x2BC08E: decode_video (ffmpeg.c:2109) ==34043== by 0x2BEC79: process_input_packet (ffmpeg.c:2347) ==34043== by 0x2BEC79: process_input (ffmpeg.c:3683) ==34043== by 0x2BEC79: transcode_step (ffmpeg.c:3818) ==34043== by 0x2BEC79: transcode (ffmpeg.c:3865) ==34043== by 0x295C3A: main (ffmpeg.c:4010) ==34043== If you believe this happened as a result of a stack ==34043== overflow in your program's main thread (unlikely but ==34043== possible), you can try to increase the size of the ==34043== main thread stack using the --main-stacksize= flag. ==34043== The main thread stack size used in this run was 8388608.
comment:5 by , 3 years ago
it's a regression since fd172185580c1ccdcfb90bbfdb59fa806fad3117
valgrind --leak-check=full ./ffmpeg_g -threads 1 -i ot171_vp40.avi -y out.avi
==36339== Memcheck, a memory error detector
==36339== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==36339== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==36339== Command: ./ffmpeg_g -threads 1 -i ot171_vp40.avi -y out.avi
==36339==
ffmpeg version N-95589-gd3dee676b8 Copyright (c) 2000-2019 the FFmpeg developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration:
libavutil 56. 35.101 / 56. 35.101
libavcodec 58. 60.100 / 58. 60.100
libavformat 58. 33.100 / 58. 33.100
libavdevice 58. 9.100 / 58. 9.100
libavfilter 7. 66.100 / 7. 66.100
libswscale 5. 6.100 / 5. 6.100
libswresample 3. 6.100 / 3. 6.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn, 15 tbc
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, mono, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> mpeg4 (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> ac3 (native))
Press [q] to stop, [?] for help
[mpeg4 @ 0x5e92a00] too many threads/slices (8), reducing to 7
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf58.33.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 160x112, q=2-31, 200 kb/s, 15 fps, 15 tbn, 15 tbc
Metadata:
encoder : Lavc58.60.100 mpeg4
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: N/A
Stream #0:1: Audio: ac3 ([0] [0][0] / 0x2000), 11025 Hz, mono, fltp, 96 kb/s
Metadata:
encoder : Lavc58.60.100 ac3
frame= 1 fps=0.9 q=2.5 size= 10kB time=00:00:00.55 bitrate= 142.2kbits/sframe= 42 fps= 25 q=2.0 size= 10kB time=00:00:03.20 bitrate= 24.7kbits/sframe= 99 fps= 46 q=2.0 size= 10kB time=00:00:06.96 bitrate= 11.4kbits/sframe= 152 fps= 57 q=2.0 size= 266kB time=00:00:10.58 bitrate= 205.5kbits/sframe= 207 fps= 65 q=2.0 size= 266kB time=00:00:14.21 bitrate= 153.2kbits/sframe= 265 fps= 72 q=1.6 size= 522kB time=00:00:18.11 bitrate= 236.0kbits/sframe= 320 fps= 76 q=2.0 size= 522kB time=00:00:21.73 bitrate= 196.6kbits/sframe= 364 fps= 79 q=2.0 Lsize= 846kB time=00:00:24.38 bitrate= 284.4kbits/s speed=5.28x
video:538kB audio:286kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 2.729511%
==36339==
==36339== HEAP SUMMARY:
==36339== in use at exit: 0 bytes in 0 blocks
==36339== total heap usage: 56,717 allocs, 56,717 frees, 12,828,653 bytes allocated
==36339==
==36339== All heap blocks were freed -- no leaks are possible
==36339==
==36339== For lists of detected and suppressed errors, rerun with: -s
==36339== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
valgrind --leak-check=full ./ffmpeg_g -threads 1 -i ot171_vp40.avi -y out.avi
==42690== Memcheck, a memory error detector
==42690== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==42690== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==42690== Command: ./ffmpeg_g -threads 1 -i ot171_vp40.avi -y out.avi
==42690==
ffmpeg version N-95590-gfd17218558 Copyright (c) 2000-2019 the FFmpeg developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration:
libavutil 56. 35.101 / 56. 35.101
libavcodec 58. 60.100 / 58. 60.100
libavformat 58. 33.100 / 58. 33.100
libavdevice 58. 9.100 / 58. 9.100
libavfilter 7. 66.100 / 7. 66.100
libswscale 5. 6.100 / 5. 6.100
libswresample 3. 6.100 / 3. 6.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn, 15 tbc
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, mono, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> mpeg4 (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> ac3 (native))
Press [q] to stop, [?] for help
[mpeg4 @ 0x5e92a40] too many threads/slices (8), reducing to 7
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf58.33.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 160x112, q=2-31, 200 kb/s, 15 fps, 15 tbn, 15 tbc
Metadata:
encoder : Lavc58.60.100 mpeg4
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: N/A
Stream #0:1: Audio: ac3 ([0] [0][0] / 0x2000), 11025 Hz, mono, fltp, 96 kb/s
Metadata:
encoder : Lavc58.60.100 ac3
frame= 1 fps=0.9 q=2.5 size= 10kB time=00:00:00.55 bitrate= 142.2kbits/s==42690==
Invalid read of size 8
==42690== at 0x62CC83: decode_simple_internal (decode.c:434)
==42690== by 0x62CC83: decode_simple_receive_frame (decode.c:628)
==42690== by 0x62CC83: decode_receive_frame_internal (decode.c:646)
==42690== by 0x62D96F: avcodec_send_packet (decode.c:704)
==42690== by 0x2954F9: decode (ffmpeg.c:2231)
==42690== by 0x2954F9: decode_video (ffmpeg.c:2373)
==42690== by 0x2954F9: process_input_packet (ffmpeg.c:2614)
==42690== by 0x298AA7: process_input (ffmpeg.c:4509)
==42690== by 0x298AA7: transcode_step (ffmpeg.c:4629)
==42690== by 0x298AA7: transcode (ffmpeg.c:4683)
==42690== by 0x2774AD: main (ffmpeg.c:4885)
==42690== Address 0x105e81310 is not stack'd, malloc'd or (recently) free'd
==42690==
==42690==
==42690== Process terminating with default action of signal 11 (SIGSEGV)
==42690== Access not within mapped region at address 0x105E81310
==42690== at 0x62CC83: decode_simple_internal (decode.c:434)
==42690== by 0x62CC83: decode_simple_receive_frame (decode.c:628)
==42690== by 0x62CC83: decode_receive_frame_internal (decode.c:646)
==42690== by 0x62D96F: avcodec_send_packet (decode.c:704)
==42690== by 0x2954F9: decode (ffmpeg.c:2231)
==42690== by 0x2954F9: decode_video (ffmpeg.c:2373)
==42690== by 0x2954F9: process_input_packet (ffmpeg.c:2614)
==42690== by 0x298AA7: process_input (ffmpeg.c:4509)
==42690== by 0x298AA7: transcode_step (ffmpeg.c:4629)
==42690== by 0x298AA7: transcode (ffmpeg.c:4683)
==42690== by 0x2774AD: main (ffmpeg.c:4885)
==42690== If you believe this happened as a result of a stack
==42690== overflow in your program's main thread (unlikely but
==42690== possible), you can try to increase the size of the
==42690== main thread stack using the --main-stacksize= flag.
==42690== The main thread stack size used in this run was 8388608.
==42690==
==42690== HEAP SUMMARY:
==42690== in use at exit: 3,896,480 bytes in 801 blocks
==42690== total heap usage: 3,105 allocs, 2,304 frees, 7,238,496 bytes allocated
==42690==
==42690== 2,128 bytes in 7 blocks are possibly lost in loss record 395 of 445
==42690== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==42690== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==42690== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==42690== by 0x4FBD322: allocate_stack (allocatestack.c:622)
==42690== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==42690== by 0xF67F71: avpriv_slicethread_create (slicethread.c:147)
==42690== by 0x88C482: ff_slice_thread_init (pthread_slice.c:159)
==42690== by 0x98182E: avcodec_open2 (utils.c:754)
==42690== by 0x29299A: init_output_stream.constprop.0 (ffmpeg.c:3508)
==42690== by 0x294CF0: reap_filters (ffmpeg.c:1443)
==42690== by 0x298AB8: transcode_step (ffmpeg.c:4639)
==42690== by 0x298AB8: transcode (ffmpeg.c:4683)
==42690== by 0x2774AD: main (ffmpeg.c:4885)
==42690==
==42690== 2,432 bytes in 8 blocks are possibly lost in loss record 398 of 445
==42690== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==42690== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==42690== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==42690== by 0x4FBD322: allocate_stack (allocatestack.c:622)
==42690== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==42690== by 0xF67F71: avpriv_slicethread_create (slicethread.c:147)
==42690== by 0x2D0659: thread_init_internal (pthread.c:78)
==42690== by 0x2D0659: ff_graph_thread_init (pthread.c:97)
==42690== by 0x2BE6B9: avfilter_graph_alloc_filter (avfiltergraph.c:180)
==42690== by 0x2CEBD8: create_filter (graphparser.c:130)
==42690== by 0x2CEBD8: parse_filter (graphparser.c:192)
==42690== by 0x2CF797: avfilter_graph_parse2 (graphparser.c:427)
==42690== by 0x2835A0: configure_filtergraph (ffmpeg_filter.c:1056)
==42690== by 0x295167: ifilter_send_frame (ffmpeg.c:2180)
==42690== by 0x295167: send_frame_to_filters (ffmpeg.c:2261)
==42690== by 0x295EAF: decode_audio (ffmpeg.c:2328)
==42690== by 0x295EAF: process_input_packet (ffmpeg.c:2610)
==42690== by 0x298AA7: process_input (ffmpeg.c:4509)
==42690== by 0x298AA7: transcode_step (ffmpeg.c:4629)
==42690== by 0x298AA7: transcode (ffmpeg.c:4683)
==42690==
==42690== 2,432 bytes in 8 blocks are possibly lost in loss record 399 of 445
==42690== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==42690== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==42690== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==42690== by 0x4FBD322: allocate_stack (allocatestack.c:622)
==42690== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==42690== by 0xF67F71: avpriv_slicethread_create (slicethread.c:147)
==42690== by 0x2D0659: thread_init_internal (pthread.c:78)
==42690== by 0x2D0659: ff_graph_thread_init (pthread.c:97)
==42690== by 0x2BE6B9: avfilter_graph_alloc_filter (avfiltergraph.c:180)
==42690== by 0x2CEBD8: create_filter (graphparser.c:130)
==42690== by 0x2CEBD8: parse_filter (graphparser.c:192)
==42690== by 0x2CF797: avfilter_graph_parse2 (graphparser.c:427)
==42690== by 0x2835A0: configure_filtergraph (ffmpeg_filter.c:1056)
==42690== by 0x295167: ifilter_send_frame (ffmpeg.c:2180)
==42690== by 0x295167: send_frame_to_filters (ffmpeg.c:2261)
==42690== by 0x295920: decode_video (ffmpeg.c:2460)
==42690== by 0x295920: process_input_packet (ffmpeg.c:2614)
==42690== by 0x298AA7: process_input (ffmpeg.c:4509)
==42690== by 0x298AA7: transcode_step (ffmpeg.c:4629)
==42690== by 0x298AA7: transcode (ffmpeg.c:4683)
==42690==
==42690== LEAK SUMMARY:
==42690== definitely lost: 0 bytes in 0 blocks
==42690== indirectly lost: 0 bytes in 0 blocks
==42690== possibly lost: 6,992 bytes in 23 blocks
==42690== still reachable: 3,889,488 bytes in 778 blocks
==42690== suppressed: 0 bytes in 0 blocks
==42690== Reachable blocks (those to which a pointer was found) are not shown.
==42690== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==42690==
==42690== For lists of detected and suppressed errors, rerun with: -s
==42690== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
valgrind --leak-check=full ./ffmpeg_g -i ot171_vp40.avi -y out.avi
==42750== Memcheck, a memory error detector
==42750== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==42750== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==42750== Command: ./ffmpeg_g -i ot171_vp40.avi -y out.avi
==42750==
ffmpeg version N-95590-gfd17218558 Copyright (c) 2000-2019 the FFmpeg developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration:
libavutil 56. 35.101 / 56. 35.101
libavcodec 58. 60.100 / 58. 60.100
libavformat 58. 33.100 / 58. 33.100
libavdevice 58. 9.100 / 58. 9.100
libavfilter 7. 66.100 / 7. 66.100
libswscale 5. 6.100 / 5. 6.100
libswresample 3. 6.100 / 3. 6.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s, 15 fps, 15 tbr, 15 tbn, 15 tbc
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, mono, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> mpeg4 (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> ac3 (native))
Press [q] to stop, [?] for help
==42750== Thread 3:
==42750== Use of uninitialised value of size 8
==42750== at 0x88B0DB: frame_worker_thread (pthread_frame.c:201)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x88B0E5: frame_worker_thread (pthread_frame.c:203)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x88B121: frame_worker_thread (pthread_frame.c:213)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x88B12B: frame_worker_thread (pthread_frame.c:218)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FBEFC4: pthread_mutex_lock (pthread_mutex_lock.c:67)
==42750== by 0x88B143: frame_worker_thread (pthread_frame.c:224)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FBEFEF: pthread_mutex_lock (pthread_mutex_lock.c:80)
==42750== by 0x88B143: frame_worker_thread (pthread_frame.c:224)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FBEFF9: pthread_mutex_lock (pthread_mutex_lock.c:81)
==42750== by 0x88B143: frame_worker_thread (pthread_frame.c:224)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FBF00C: pthread_mutex_lock (pthread_mutex_lock.c:159)
==42750== by 0x88B143: frame_worker_thread (pthread_frame.c:224)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC42A3: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:43)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC42C8: __condvar_acquire_lock (pthread_cond_common.c:256)
==42750== by 0x4FC42C8: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:48)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC42DD: __condvar_acquire_lock (pthread_cond_common.c:259)
==42750== by 0x4FC42DD: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:48)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC42E4: __condvar_load_wseq_relaxed (pthread_cond_common.c:31)
==42750== by 0x4FC42E4: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:50)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC4338: __condvar_get_orig_size (pthread_cond_common.c:301)
==42750== by 0x4FC4338: __condvar_quiesce_and_switch_g1 (pthread_cond_common.c:352)
==42750== by 0x4FC4338: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:73)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC435A: __condvar_quiesce_and_switch_g1 (pthread_cond_common.c:354)
==42750== by 0x4FC435A: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:73)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC44D4: __condvar_release_lock (pthread_cond_common.c:291)
==42750== by 0x4FC44D4: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:83)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC44DF: __condvar_release_lock (pthread_cond_common.c:291)
==42750== by 0x4FC44DF: pthread_cond_broadcast@@GLIBC_2.3.2 (pthread_cond_broadcast.c:83)
==42750== by 0x88B157: frame_worker_thread (pthread_frame.c:228)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC3F53: pthread_cond_signal@@GLIBC_2.3.2 (pthread_cond_signal.c:42)
==42750== by 0x88B160: frame_worker_thread (pthread_frame.c:229)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC07B4: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:41)
==42750== by 0x4FC07B4: pthread_mutex_unlock (pthread_mutex_unlock.c:357)
==42750== by 0x88B168: frame_worker_thread (pthread_frame.c:230)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC07CB: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:55)
==42750== by 0x4FC07CB: pthread_mutex_unlock (pthread_mutex_unlock.c:357)
==42750== by 0x88B168: frame_worker_thread (pthread_frame.c:230)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x88B030: frame_worker_thread (pthread_frame.c:176)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC3194: __condvar_fetch_add_wseq_acquire (pthread_cond_common.c:37)
==42750== by 0x4FC3194: __pthread_cond_wait_common (pthread_cond_wait.c:403)
==42750== by 0x4FC3194: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC31FA: __pthread_cond_wait_common (pthread_cond_wait.c:434)
==42750== by 0x4FC31FA: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC32FF: __pthread_cond_wait_common (pthread_cond_wait.c:486)
==42750== by 0x4FC32FF: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC3303: __pthread_cond_wait_common (pthread_cond_wait.c:487)
==42750== by 0x4FC3303: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x4FC330E: __condvar_load_g1_start_relaxed (pthread_cond_common.c:49)
==42750== by 0x4FC330E: __pthread_cond_wait_common (pthread_cond_wait.c:488)
==42750== by 0x4FC330E: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Syscall param futex(futex) contains uninitialised byte(s)
==42750== at 0x4FC3376: futex_wait_cancelable (futex-internal.h:183)
==42750== by 0x4FC3376: __pthread_cond_wait_common (pthread_cond_wait.c:508)
==42750== by 0x4FC3376: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.c:647)
==42750== by 0x88B225: frame_worker_thread (pthread_frame.c:177)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
frame= 0 fps=0.0 q=0.0 size= 0kB time=-577014:32:22.77 bitrate= -0.0kb==42750== Thread 10:
==42750== Invalid write of size 4
==42750== at 0x88B0DB: frame_worker_thread (pthread_frame.c:201)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750== Address 0x5edcfe3 is 29 bytes before a block of size 1,120 in arena "client"
==42750==
==42750== Invalid read of size 4
==42750== at 0x88B0E5: frame_worker_thread (pthread_frame.c:203)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750== Address 0x5edcfdf is 31 bytes after a block of size 16 in arena "client"
==42750==
==42750== Use of uninitialised value of size 8
==42750== at 0x88B170: frame_worker_thread (pthread_frame.c:214)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750==
==42750== Invalid read of size 4
==42750== at 0x4FC07B4: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:41)
==42750== by 0x4FC07B4: pthread_mutex_unlock (pthread_mutex_unlock.c:357)
==42750== by 0x88B185: frame_worker_thread (pthread_frame.c:215)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750== Address 0x629354048 is not stack'd, malloc'd or (recently) free'd
==42750==
==42750==
==42750== Process terminating with default action of signal 11 (SIGSEGV)
==42750== Access not within mapped region at address 0x629354048
==42750== at 0x4FC07B4: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:41)
==42750== by 0x4FC07B4: pthread_mutex_unlock (pthread_mutex_unlock.c:357)
==42750== by 0x88B185: frame_worker_thread (pthread_frame.c:215)
==42750== by 0x4FBC608: start_thread (pthread_create.c:477)
==42750== by 0x50F6132: clone (clone.S:95)
==42750== If you believe this happened as a result of a stack
==42750== overflow in your program's main thread (unlikely but
==42750== possible), you can try to increase the size of the
==42750== main thread stack using the --main-stacksize= flag.
==42750== The main thread stack size used in this run was 8388608.
==42750==
==42750== HEAP SUMMARY:
==42750== in use at exit: 3,477,272 bytes in 911 blocks
==42750== total heap usage: 2,232 allocs, 1,321 frees, 6,435,466 bytes allocated
==42750==
==42750== Thread 1:
==42750== 2,432 bytes in 8 blocks are possibly lost in loss record 259 of 302
==42750== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==42750== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==42750== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==42750== by 0x4FBD322: allocate_stack (allocatestack.c:622)
==42750== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==42750== by 0xF67F71: avpriv_slicethread_create (slicethread.c:147)
==42750== by 0x2D0659: thread_init_internal (pthread.c:78)
==42750== by 0x2D0659: ff_graph_thread_init (pthread.c:97)
==42750== by 0x2BE6B9: avfilter_graph_alloc_filter (avfiltergraph.c:180)
==42750== by 0x2CEBD8: create_filter (graphparser.c:130)
==42750== by 0x2CEBD8: parse_filter (graphparser.c:192)
==42750== by 0x2CF797: avfilter_graph_parse2 (graphparser.c:427)
==42750== by 0x2835A0: configure_filtergraph (ffmpeg_filter.c:1056)
==42750== by 0x295167: ifilter_send_frame (ffmpeg.c:2180)
==42750== by 0x295167: send_frame_to_filters (ffmpeg.c:2261)
==42750== by 0x295EAF: decode_audio (ffmpeg.c:2328)
==42750== by 0x295EAF: process_input_packet (ffmpeg.c:2610)
==42750== by 0x298AA7: process_input (ffmpeg.c:4509)
==42750== by 0x298AA7: transcode_step (ffmpeg.c:4629)
==42750== by 0x298AA7: transcode (ffmpeg.c:4683)
==42750==
==42750== 2,736 bytes in 9 blocks are possibly lost in loss record 260 of 302
==42750== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==42750== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==42750== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==42750== by 0x4FBD322: allocate_stack (allocatestack.c:622)
==42750== by 0x4FBD322: pthread_create@@GLIBC_2.2.5 (pthread_create.c:660)
==42750== by 0x88B767: ff_frame_thread_init (pthread_frame.c:828)
==42750== by 0x98182E: avcodec_open2 (utils.c:754)
==42750== by 0x297674: init_input_stream (ffmpeg.c:2930)
==42750== by 0x297674: transcode_init (ffmpeg.c:3687)
==42750== by 0x297674: transcode (ffmpeg.c:4654)
==42750== by 0x2774AD: main (ffmpeg.c:4885)
==42750==
==42750== LEAK SUMMARY:
==42750== definitely lost: 0 bytes in 0 blocks
==42750== indirectly lost: 0 bytes in 0 blocks
==42750== possibly lost: 5,168 bytes in 17 blocks
==42750== still reachable: 3,472,104 bytes in 894 blocks
==42750== suppressed: 0 bytes in 0 blocks
==42750== Reachable blocks (those to which a pointer was found) are not shown.
==42750== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==42750==
==42750== Use --track-origins=yes to see where uninitialised values come from
==42750== For lists of detected and suppressed errors, rerun with: -s
==42750== ERROR SUMMARY: 61 errors from 32 contexts (suppressed: 0 from 0)
comment:6 by , 2 years ago
| Cc: | added |
|---|
by , 2 years ago
| Attachment: | ffmpeg-fix-vp3-crash.patch added |
|---|
follow-up: 8 comment:7 by , 2 years ago
The patch above fixes the issue for me, it's a simple typo. I can't believe this has gone unnoticed for 5 years - especially considering there's a VP4 file in the fate suite that triggers this issue.
comment:8 by , 2 years ago
Replying to Mika Fischer:
The patch above fixes the issue for me, it's a simple typo. I can't believe this has gone unnoticed for 5 years - especially considering there's a VP4 file in the fate suite that triggers this issue.
Thanks for the patch. I just sent it to the mailing list (https://ffmpeg.org/pipermail/ffmpeg-devel/2024-April/326515.html) and intend to apply it soon. If you want it with your authorship information (apart from being mentioned in the commit message), you need to tell me what author name+email I should use (or even better: send the patch to the mailing list yourself).
comment:9 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in c3ca90a92e7211aef8ad1d044518a34f6ba137d7. Thanks to you two.
Note:
See TracTickets
for help on using tickets.
I cannot reproduce with every configuration.