Opened 13 years ago

Closed 13 years ago

Last modified 11 years ago

#20 closed defect (fixed)

Crash when encoding to tif with high value for -ss

Reported by: Carl Eugen Hoyos Owned by: Michael Niedermayer
Priority: important Component: ffmpeg
Version: git Keywords: crash SIGSEGV roundup
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

(issue 2658)
Reproducible with (m)any files, I used fate-suite/svq3/Vertical400kbit.sorenson3.mov

(gdb) r -i Vertical400kbit.sorenson3.mov -ss 40 out.tif
Starting program: ffmpeg_g -i Vertical400kbit.sorenson3.mov -ss 40 out.tif
FFmpeg version git-N-28634-g0bfe349, Copyright (c) 2000-2011 the FFmpeg developers
  built on Mar 25 2011 20:50:13 with gcc 4.5.2
  configuration: --cc='/usr/local/gcc-4.5.2/bin/gcc -m32' --enable-gpl
  libavutil    50. 40. 0 / 50. 40. 0
  libavcodec   52.114. 1 / 52.114. 1
  libavformat  52.103. 0 / 52.103. 0
  libavdevice  52.  3. 0 / 52.  3. 0
  libavfilter   1. 76. 0 /  1. 76. 0
  libswscale    0. 12. 0 /  0. 12. 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8beb6a0] max_analyze_duration reached

Seems stream 0 codec frame rate differs from container frame rate: 600.00 (600/1) -> 30.00 (30/1)
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'Vertical400kbit.sorenson3.mov':
  Metadata:
    creation_time   : 2001-03-20 16:17:18
    title           : Vertical Online SV3 Demo
    title-eng       : Vertical Online SV3 Demo
    artist          : Logan Kelsey
    artist-eng      : Logan Kelsey
    copyright       : © Vertical Online 2001
    copyright-eng   : © Vertical Online 2001
    encoder         : Sorenson Video 3
    encoder-eng     : Sorenson Video 3
  Duration: 00:00:43.57, start: 0.000000, bitrate: 580 kb/s
    Stream #0.0(eng): Video: svq3, yuvj420p, 320x240, 391 kb/s, 30.02 fps, 30 tbr, 600 tbn, 600 tbc
    Metadata:
      creation_time   : 2001-03-20 16:17:18
    Stream #0.1(eng): Audio: adpcm_ima_qt, 44100 Hz, 1 channels, s16
    Metadata:
      creation_time   : 2001-03-20 16:17:18
[buffer @ 0x8bf05b0] w:320 h:240 pixfmt:yuvj420p
[ffsink @ 0x8bfd730] auto-inserting filter 'auto-inserted scaler 0' between the filter 'src' and the filter 'out'
[scale @ 0x8bfd9e0] w:320 h:240 fmt:yuvj420p -> w:320 h:240 fmt:rgb24 flags:0xa0000004
Output #0, image2, to 'out.tif':
  Metadata:
    creation_time   : 2001-03-20 16:17:18
    title           : Vertical Online SV3 Demo
    title-eng       : Vertical Online SV3 Demo
    artist          : Logan Kelsey
    artist-eng      : Logan Kelsey
    copyright       : © Vertical Online 2001
    copyright-eng   : © Vertical Online 2001
    encoder-eng     : Sorenson Video 3
    encoder         : Lavf52.103.0
    Stream #0.0(eng): Video: tiff, rgb24, 320x240, q=2-31, 200 kb/s, 90k tbn, 30 tbc
    Metadata:
      creation_time   : 2001-03-20 16:17:18
Stream mapping:
  Stream #0.0 -> #0.0
Press ctrl-c to stop encoding
[buffer @ 0x8bf05b0] Buffering several frames is not supported. Please consume all available frames before adding a new one.
    Last message repeated 1049 times
Program received signal SIGSEGV, Segmentation fault.
print_report (ost_table=0x8bf4020, nb_ostreams=1, is_last_report=0, output_files=0x86a5ac0)
    at ffmpeg.c:1334
1334                snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "frame=%5d fps=%3d q=%3.1f ",
(gdb) bt
#0  print_report (ost_table=0x8bf4020, nb_ostreams=1, is_last_report=0, output_files=0x86a5ac0)
    at ffmpeg.c:1334
#1  0x08053156 in transcode (nb_output_files=1, nb_input_files=1, stream_maps=0x0, nb_stream_maps=0,
    input_files=0x86a5c60, output_files=0x86a5ac0) at ffmpeg.c:2618
#2  0x08057d39 in main (argc=6, argv=0xffffcfe4) at ffmpeg.c:4345
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8050130 to 0x8050170:
0x08050130 <print_report+704>:  in     (%dx),%al
0x08050131 <print_report+705>:  add    %al,(%eax)
0x08050133 <print_report+707>:  add    %cl,-0x7376bbb0(%ebx)
0x08050139 <print_report+713>:  and    $0xa0,%al
0x0805013b <print_report+715>:  add    %al,(%eax)
0x0805013d <print_report+717>:  add    %al,0x42850fd2(%ebp)
0x08050143 <print_report+723>:  add    (%eax),%al
0x08050145 <print_report+725>:  add    %cl,-0x748fdb94(%ebx)
0x0805014b <print_report+731>:  test   %edx,-0x24ffffff(%eax)
0x08050151 <print_report+737>:  inc    %eax
0x08050152 <print_report+738>:  dec    %eax
0x08050153 <print_report+739>:  fstps  0xec(%esp)
0x0805015a <print_report+746>:  flds   0xec(%esp)
0x08050161 <print_report+753>:  fdivs  0x8562178
0x08050167 <print_report+759>:  fstpl  0xe0(%esp)
0x0805016e <print_report+766>:  fldl   0xe0(%esp)
End of assembler dump.
(gdb) info registers
eax            0x0      0
ecx            0x0      0
edx            0x0      0
ebx            0xffffbd00       -17152
esp            0xffffbc10       0xffffbc10
ebp            0x8bf3b20        0x8bf3b20
esi            0x0      0
edi            0x8bfcc90        146787472
eip            0x8050150        0x8050150 <print_report+736>
eflags         0x210246 [ PF ZF IF RF ID ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99
$ valgrind ffmpeg_g -i Vertical400kbit.sorenson3.mov -ss 40 out.tif
==16721== Memcheck, a memory error detector
==16721== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==16721== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==16721== Command: ffmpeg_g -i Vertical400kbit.sorenson3.mov -ss 40 out.tif
==16721==
FFmpeg version git-N-28634-g0bfe349, Copyright (c) 2000-2011 the FFmpeg developers
  built on Mar 25 2011 20:50:13 with gcc 4.5.2
  configuration: --cc='/usr/local/gcc-4.5.2/bin/gcc -m32' --enable-gpl
  libavutil    50. 40. 0 / 50. 40. 0
  libavcodec   52.114. 1 / 52.114. 1
  libavformat  52.103. 0 / 52.103. 0
  libavdevice  52.  3. 0 / 52.  3. 0
  libavfilter   1. 76. 0 /  1. 76. 0
  libswscale    0. 12. 0 /  0. 12. 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7be28c0] max_analyze_duration reached

Seems stream 0 codec frame rate differs from container frame rate: 600.00 (600/1) -> 30.00 (30/1)
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'Vertical400kbit.sorenson3.mov':
  Metadata:
    creation_time   : 2001-03-20 16:17:18
    title           : Vertical Online SV3 Demo
    title-eng       : Vertical Online SV3 Demo
    artist          : Logan Kelsey
    artist-eng      : Logan Kelsey
    copyright       : © Vertical Online 2001
    copyright-eng   : © Vertical Online 2001
    encoder         : Sorenson Video 3
    encoder-eng     : Sorenson Video 3
  Duration: 00:00:43.57, start: 0.000000, bitrate: 580 kb/s
    Stream #0.0(eng): Video: svq3, yuvj420p, 320x240, 391 kb/s, 30.02 fps, 30 tbr, 600 tbn, 600 tbc
    Metadata:
      creation_time   : 2001-03-20 16:17:18
    Stream #0.1(eng): Audio: adpcm_ima_qt, 44100 Hz, 1 channels, s16
    Metadata:
      creation_time   : 2001-03-20 16:17:18
[buffer @ 0x7cef550] w:320 h:240 pixfmt:yuvj420p
[ffsink @ 0x7cef910] auto-inserting filter 'auto-inserted scaler 0' between the filter 'src' and the filter 'out'
[scale @ 0x7cefff0] w:320 h:240 fmt:yuvj420p -> w:320 h:240 fmt:rgb24 flags:0xa0000004
Output #0, image2, to 'out.tif':
  Metadata:
    creation_time   : 2001-03-20 16:17:18
    title           : Vertical Online SV3 Demo
    title-eng       : Vertical Online SV3 Demo
    artist          : Logan Kelsey
    artist-eng      : Logan Kelsey
    copyright       : © Vertical Online 2001
    copyright-eng   : © Vertical Online 2001
    encoder-eng     : Sorenson Video 3
    encoder         : Lavf52.103.0
    Stream #0.0(eng): Video: tiff, rgb24, 320x240, q=2-31, 200 kb/s, 90k tbn, 30 tbc
    Metadata:
      creation_time   : 2001-03-20 16:17:18
Stream mapping:
  Stream #0.0 -> #0.0
Press ctrl-c to stop encoding
[buffer @ 0x7cef550] Buffering several frames is not supported. Please consume all available frames before adding a new one.
==16721== Invalid read of size 4
==16721==    at 0x8050150: print_report.clone.13 (ffmpeg.c:1334)
==16721==  Address 0x48 is not stack'd, malloc'd or (recently) free'd
==16721==
==16721==
==16721== Process terminating with default action of signal 11 (SIGSEGV)
==16721==  Access not within mapped region at address 0x48
==16721==    at 0x8050150: print_report.clone.13 (ffmpeg.c:1334)
==16721==  If you believe this happened as a result of a stack
==16721==  overflow in your program's main thread (unlikely but
==16721==  possible), you can try to increase the size of the
==16721==  main thread stack using the --main-stacksize= flag.
==16721==  The main thread stack size used in this run was 8388608.
==16721==
==16721== HEAP SUMMARY:
==16721==     in use at exit: 1,650,946 bytes in 407 blocks
==16721==   total heap usage: 1,098 allocs, 691 frees, 2,254,669 bytes allocated
==16721==
==16721== LEAK SUMMARY:
==16721==    definitely lost: 0 bytes in 0 blocks
==16721==    indirectly lost: 0 bytes in 0 blocks
==16721==      possibly lost: 0 bytes in 0 blocks
==16721==    still reachable: 1,650,946 bytes in 407 blocks
==16721==         suppressed: 0 bytes in 0 blocks
==16721== Rerun with --leak-check=full to see details of leaked memory
==16721==
==16721== For counts of detected and suppressed errors, rerun with: -v
==16721== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 3)

Change History (2)

comment:1 by Michael Niedermayer, 13 years ago

Resolution: fixed
Status: newclosed

comment:2 by Carl Eugen Hoyos, 11 years ago

Keywords: crash SIGSEGV roundup added
Note: See TracTickets for help on using tickets.