Opened 12 years ago
Closed 12 years ago
#1730 closed defect (fixed)
Crash while demuxing m4a file
Reported by: | Bert | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avformat |
Version: | git-master | Keywords: | mov crash SIGSEGV apic id3 |
Cc: | donmoir@comcast.net | Blocked By: | |
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
ffmpeg -v 9 -loglevel 99 -i 05.m4a ffmpeg version 0.11.1.git Copyright (c) 2000-2012 the FFmpeg developers built on Sep 10 2012 13:52:16 with gcc 4.1.2 (GCC) 20061115 (prerelease) (SUSE Linux) configuration: --enable-debug=3 --disable-asm --disable-stripping --enable-gpl --disable-shared --enable-static --disable-encoders --disable-decoders --disable-bsfs --disable-filters --disable-muxers --disable-hwaccels --disable-indevs --disable-outdevs --disable-devices --disable-protocols --disable-demuxers --disable-parsers --disable-altivec --disable-decoder=vorbis --enable-decoder=alac --enable-decoder=mp3 --enable-decoder=aac --enable-parser=aac --enable-parser=alac --enable-parser=mpegaudio --enable-demuxer=aac --enable-demuxer=alac --enable-demuxer=aiff --enable-demuxer=asf --enable-demuxer=mov --enable-demuxer=mp3 --enable-demuxer=pcm_alaw --enable-demuxer=pcm_f32be --enable-demuxer=pcm_f32le --enable-demuxer=pcm_f64be --enable-demuxer=pcm_f64le --enable-demuxer=pcm_mulaw --enable-demuxer=pcm_s16be --enable-demuxer=pcm_s16le --enable-demuxer=pcm_s24be --enable-demuxer=pcm_s24le --enable-demuxer=pcm_s32be --enable-demuxer=pcm_s32le --enable-demuxer=pcm_s8 --enable-demuxer=pcm_u16be --enable-demuxer libavutil 51. 72.100 / 51. 72.100 libavcodec 54. 55.100 / 54. 55.100 libavformat 54. 25.105 / 54. 25.105 libavdevice 54. 2.100 / 54. 2.100 libavfilter 3. 16.101 / 3. 16.101 libswscale 2. 1.101 / 2. 1.101 libswresample 0. 15.100 / 0. 15.100 libpostproc 52. 0.100 / 52. 0.100 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x83364e0] Format mov,mp4,m4a,3gp,3g2,mj2 probed with size=32768 and score=100 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x83364e0] ISO: File Type Major Brand: M4A [mov,mp4,m4a,3gp,3g2,mj2 @ 0x83364e0] Unknown cover type: 0x0. [mov,mp4,m4a,3gp,3g2,mj2 @ 0x83364e0] File position before avformat_find_stream_info() is 9597458 Segmentation fault
This FFmpeg was build on Ubuntu 10.04.
We are demux a m4a file which is actually corrupted and its not played by iTunes or VLC. FFmpeg 0.8.6 was able to demux correctly but FFmpeg Trunk is crashing for the same file.
We are also providing a patch which solves this problem.
Change History (6)
comment:1 by , 12 years ago
Keywords: | mov crash added; m4a segmentation fault removed |
---|
comment:2 by , 12 years ago
Uploaded the file at
http://www.filesend.net/download.php?f=4c48b0bddc9c3eda4c48d2848321c885
comment:3 by , 12 years ago
Reproduced by developer: | set |
---|---|
Status: | new → open |
Regression since 079ea6c / 79ae084
(gdb) r -i FFMpeg_Bug_1730_crash_demuxing_m4a.m4a Starting program: ffmpeg_g -i FFMpeg_Bug_1730_crash_demuxing_m4a.m4a [Thread debugging using libthread_db enabled] ffmpeg version N-44432-g59db014 Copyright (c) 2000-2012 the FFmpeg developers built on Sep 13 2012 18:43:05 with gcc 4.5.3 (GCC) configuration: --cc=/usr/local/gcc-4.5.3/bin/gcc libavutil 51. 73.100 / 51. 73.100 libavcodec 54. 55.100 / 54. 55.100 libavformat 54. 27.100 / 54. 27.100 libavdevice 54. 2.100 / 54. 2.100 libavfilter 3. 16.103 / 3. 16.103 libswscale 2. 1.101 / 2. 1.101 libswresample 0. 15.100 / 0. 15.100 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x148c240] Unknown cover type: 0x0. Program received signal SIGSEGV, Segmentation fault. mov_find_next_sample (st=<value optimized out>, s=<value optimized out>) at libavformat/mov.c:3071 3071 if (msc->pb && msc->current_sample < avst->nb_index_entries) { (gdb) bt #0 mov_find_next_sample (st=<value optimized out>, s=<value optimized out>) at libavformat/mov.c:3071 #1 mov_read_packet (st=<value optimized out>, s=<value optimized out>) at libavformat/mov.c:3098 #2 0x00000000005118c2 in ff_read_packet (s=0x148c240, pkt=0x7fffffffd240) at libavformat/utils.c:750 #3 0x0000000000511c1b in read_frame_internal (s=0x148c240, pkt=0x7fffffffd5e0) at libavformat/utils.c:1306 #4 0x000000000051488b in avformat_find_stream_info (ic=0x148c240, options=0x14920e0) at libavformat/utils.c:2633 #5 0x000000000040992d in opt_input_file (optctx=<value optimized out>, opt=<value optimized out>, filename=0x7fffffffe261 "FFMpeg_Bug_1730_crash_demuxing_m4a.m4a") at ffmpeg_opt.c:770 #6 0x00000000004187c3 in parse_option (optctx=0x7fffffffd980, opt=0x7fffffffe25f "i", arg=0x7fffffffe261 "FFMpeg_Bug_1730_crash_demuxing_m4a.m4a", options=<value optimized out>) at cmdutils.c:319 #7 0x0000000000418ba7 in parse_options (optctx=0x7fffffffd980, argc=3, argv=0x7fffffffdde8, options=0xac02a0, parse_arg_function=0x40a3f0 <opt_output_file>) at cmdutils.c:352 #8 0x0000000000416211 in main (argc=3, argv=0x7fffffffdde8) at ffmpeg.c:3135 (gdb) disass $pc-37 $pc+32 Dump of assembler code from 0x49b15f to 0x49b1a4: 0x000000000049b15f <mov_find_next_sample+23>: je 0x49b4e0 <mov_find_next_sample+920> 0x000000000049b165 <mov_find_next_sample+29>: nopl (%rax) 0x000000000049b168 <mov_find_next_sample+32>: add $0x1,%r12d 0x000000000049b16c <mov_find_next_sample+36>: cmp %ecx,%r12d 0x000000000049b16f <mov_find_next_sample+39>: jae 0x49b200 <mov_read_packet+256> 0x000000000049b175 <mov_find_next_sample+45>: mov 0x30(%rbx),%rax 0x000000000049b179 <mov_find_next_sample+49>: movslq %r12d,%rdx 0x000000000049b17c <mov_find_next_sample+52>: mov (%rax,%rdx,8),%r13 0x000000000049b180 <mov_find_next_sample+56>: mov 0x18(%r13),%rax 0x000000000049b184 <mov_find_next_sample+60>: mov (%rax),%r14 0x000000000049b187 <mov_find_next_sample+63>: test %r14,%r14 0x000000000049b18a <mov_find_next_sample+66>: je 0x49b168 <mov_find_next_sample+32> 0x000000000049b18c <mov_find_next_sample+68>: mov 0xb0(%rax),%edx 0x000000000049b192 <mov_find_next_sample+74>: cmp 0x1e0(%r13),%edx 0x000000000049b199 <mov_find_next_sample+81>: jge 0x49b168 <mov_find_next_sample+32> 0x000000000049b19b <mov_find_next_sample+83>: movslq %edx,%rdx 0x000000000049b19e <mov_find_next_sample+86>: mov $0xf4240,%esi 0x000000000049b1a3 <mov_find_next_sample+91>: lea (%rdx,%rdx,2),%r15 End of assembler dump. (gdb) info register rax 0x0 0 rbx 0x148c240 21545536 rcx 0x2 2 rdx 0x1 1 rsi 0xf4240 1000000 rdi 0x0 0 rbp 0x7ffff7f67010 0x7ffff7f67010 rsp 0x7fffffffd140 0x7fffffffd140 r8 0xac44 44100 r9 0x5622 22050 r10 0x0 0 r11 0x1 1 r12 0x1 1 r13 0x1493ba0 21576608 r14 0x1494960 21580128 r15 0x7ffff7f67010 140737353510928 rip 0x49b184 0x49b184 <mov_find_next_sample+60> eflags 0x10297 [ CF PF AF SF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
comment:4 by , 12 years ago
Cc: | added |
---|
comment:5 by , 12 years ago
Keywords: | SIGSEGV added |
---|
comment:6 by , 12 years ago
Keywords: | apic id3 added |
---|---|
Resolution: | → fixed |
Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Please provide the sample.