Opened 5 years ago

Closed 5 years ago

#2449 closed defect (fixed)

Segfault when using idet filter with an MPEG TS file

Reported by: eseifert Owned by:
Priority: important Component: avfilter
Version: 1.0.6 Keywords: crash SIGSEGV idet
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
ffmpeg crashes when I try to analyze a MPEG2 TS recording from VDR using the idet filter. Without the idet filter everything runs fine, even with other filters like cropdetect.

How to reproduce:

/usr/bin/ffmpeg -y -i 00001.ts -filter:v idet -f rawvideo -an /dev/null
ffmpeg version 1.0.6 Copyright (c) 2000-2013 the FFmpeg developers
  built on Apr  8 2013 16:29:58 with gcc 4.6.3 (Gentoo 4.6.3 p1.11, pie-0.5.2)
  configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --mandir=/usr/share/man --enable-shared --cc=x86_64-pc-linux-gnu-gcc --cxx=x86_64-pc-linux-gnu-g++ --ar=x86_64-pc-linux-gnu-ar --optflags='-march=core2 -mtune=core2 -mcx16 -msahf -mpopcnt -msse4.2 -O2 -fomit-frame-pointer -pipe -O1 -fvar-tracking -ggdb' --extra-cflags='-march=core2 -mtune=core2 -mcx16 -msahf -mpopcnt -msse4.2 -O2 -fomit-frame-pointer -pipe -O1 -fvar-tracking -ggdb' --extra-cxxflags='-march=core2 -mtune=core2 -mcx16 -msahf -mpopcnt -msse4.2 -O2 -fomit-frame-pointer -pipe -O1 -fvar-tracking -ggdb' --disable-static --enable-gpl --enable-version3 --enable-postproc --enable-avfilter --enable-avresample --disable-stripping --disable-debug --disable-doc --disable-network --disable-vaapi --disable-runtime-cpudetect --enable-libmp3lame --enable-libvo-aacenc --enable-libtheora --enable-libx264 --enable-libxvid --enable-libfaac --enable-nonfree --disable-indev=v4l2 --disable-indev=oss --disable-indev=jack --enable-x11grab --disabl  libavutil      51. 73.101 / 51. 73.101
  libavcodec     54. 59.100 / 54. 59.100
  libavformat    54. 29.104 / 54. 29.104
  libavdevice    54.  2.101 / 54.  2.101
  libavfilter     3. 17.100 /  3. 17.100
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
[mpegts @ 0x632150] max_analyze_duration 5000000 reached at 5000000
[NULL @ 0x6388b0] start time is not set in estimate_timings_from_pts                                                                                                                                                                                                           
[mpegts @ 0x632150] PES packet size mismatch                                                                                                                                                                                                                                   
    Last message repeated 3 times
Input #0, mpegts, from '00001.ts':
  Duration: 00:28:29.52, start: 59010.275933, bitrate: 6054 kb/s
  Program 132 
    Stream #0:0[0x6e]: Video: mpeg2video (Main) ([2][0][0][0] / 0x0002), yuv420p, 720x576 [SAR 16:15 DAR 4:3], 15000 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc
    Stream #0:1[0x78](deu): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz, stereo, s16, 256 kb/s
    Stream #0:2[0x79](mis): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz, stereo, s16, 192 kb/s
    Stream #0:3[0x7a](mul): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz, stereo, s16, 192 kb/s
    Stream #0:4[0x7d](deu): Audio: ac3 ([6][0][0][0] / 0x0006), 48000 Hz, stereo, s16, 448 kb/s
    Stream #0:5[0x83](deu): Subtitle: dvb_subtitle ([6][0][0][0] / 0x0006) (hearing impaired)
[New Thread 0x7ffff6006700 (LWP 29188)]
[New Thread 0x7ffff5805700 (LWP 29189)]
[New Thread 0x7ffff5004700 (LWP 29190)]
[New Thread 0x7ffff4803700 (LWP 29191)]
[New Thread 0x7ffff4002700 (LWP 29192)]
[New Thread 0x7ffff3801700 (LWP 29193)]
[New Thread 0x7ffff3000700 (LWP 29194)]
[New Thread 0x7ffff27ff700 (LWP 29195)]
[New Thread 0x7ffff1ffe700 (LWP 29196)]
Output #0, rawvideo, to '/dev/null':
  Metadata:
    encoder         : Lavf54.29.104
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 720x576 [SAR 16:15 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg2video -> rawvideo)
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
copy_video_props (dst=0x6c9750, src=0x100000240) at libavfilter/buffer.c:43
43      libavfilter/buffer.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  copy_video_props (dst=0x6c9750, src=0x100000240) at libavfilter/buffer.c:43
#1  0x00007ffff7b3752d in avfilter_ref_buffer (ref=0x6d3d60, pmask=-1) at libavfilter/buffer.c:63
#2  0x00007ffff7b6b32f in start_frame (link=<optimized out>, picref=0x6c95b0) at libavfilter/vf_idet.c:184
#3  0x00007ffff7b784dd in ff_start_frame (link=0x661090, picref=0x6c95b0) at libavfilter/video.c:304
#4  0x00007ffff7b37ee5 in request_frame (link=0x661090) at libavfilter/buffersrc.c:378
#5  0x00007ffff7b385b2 in av_buffersrc_add_ref (s=0x660b00, buf=0x6c95b0, flags=7) at libavfilter/buffersrc.c:152
#6  0x00000000004169d2 in decode_video (got_output=0x7fffffffd59c, pkt=0x7fffffffd540, ist=0x638f80) at ffmpeg.c:1655
#7  output_packet (ist=<optimized out>, pkt=<optimized out>) at ffmpeg.c:1775
#8  0x0000000000418497 in process_input (file_index=<optimized out>) at ffmpeg.c:2840
#9  0x0000000000418aee in transcode_step () at ffmpeg.c:2936
#10 transcode () at ffmpeg.c:2988
#11 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3168
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff7b373f9 to 0x7ffff7b37439:
   0x00007ffff7b373f9 <ff_calculate_bounding_box+377>:  movslq %edx,%esi
   0x00007ffff7b373fb <ff_calculate_bounding_box+379>:  jmpq   0x7ffff7b3736c <ff_calculate_bounding_box+236>
   0x00007ffff7b37400 <copy_video_props+0>:     mov    %rbx,-0x18(%rsp)
   0x00007ffff7b37405 <copy_video_props+5>:     mov    %rbp,-0x10(%rsp)
   0x00007ffff7b3740a <copy_video_props+10>:    mov    %r12,-0x8(%rsp)
   0x00007ffff7b3740f <copy_video_props+15>:    sub    $0x18,%rsp
   0x00007ffff7b37413 <copy_video_props+19>:    mov    %rdi,%rbp
   0x00007ffff7b37416 <copy_video_props+22>:    mov    %rsi,%rbx
=> 0x00007ffff7b37419 <copy_video_props+25>:    mov    (%rsi),%rax
   0x00007ffff7b3741c <copy_video_props+28>:    mov    %rax,(%rdi)
   0x00007ffff7b3741f <copy_video_props+31>:    mov    0x8(%rsi),%rax
   0x00007ffff7b37423 <copy_video_props+35>:    mov    %rax,0x8(%rdi)
   0x00007ffff7b37427 <copy_video_props+39>:    mov    0x10(%rsi),%rax
   0x00007ffff7b3742b <copy_video_props+43>:    mov    %rax,0x10(%rdi)
   0x00007ffff7b3742f <copy_video_props+47>:    mov    0x18(%rsi),%rax
   0x00007ffff7b37433 <copy_video_props+51>:    mov    %rax,0x18(%rdi)
   0x00007ffff7b37437 <copy_video_props+55>:    mov    0x20(%rsi),%rax
End of assembler dump.
(gdb) info all-registers
rax            0x6c96a0 7116448
rbx            0x100000240      4294967872
rcx            0x3a123a2678     249413903992
rdx            0x6c9750 7116624
rsi            0x100000240      4294967872
rdi            0x6c9750 7116624
rbp            0x6c9750 0x6c9750
rsp            0x7fffffffd2d0   0x7fffffffd2d0
r8             0x1      1
r9             0x2      2
r10            0x0      0
r11            0x3a12170640     249411601984
r12            0xffffffff       4294967295
r13            0x7ffff7b6b2d6   140737349333718
r14            0x660c10 6687760
r15            0x697bd0 6912976
rip            0x7ffff7b37419   0x7ffff7b37419 <copy_video_props+25>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
st2            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st3            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
st4            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st5            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
st6            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st7            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
fctrl          0x37f    895
fstat          0x220    544
ftag           0xffff   65535
fiseg          0x3a     58
fioff          0x12426de7       306343399
foseg          0x7fff   32767
fooff          0xffffd418       -11240
fop            0x51f    1311
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 15 times>, 0x0}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x4}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x40404}, v2_int64 = {0x404040404040404, 
    0x4040404040404}, uint128 = 0x00040404040404040404040404040404}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4, 0x0, 0x4 <repeats 14 times>}, v8_int16 = {0x4, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040004, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {
    0x404040404040004, 0x404040404040404}, uint128 = 0x04040404040404040404040404040004}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 15 times>, 0x0}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x4}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x40404}, v2_int64 = {0x404040404040404, 
    0x4040404040404}, uint128 = 0x00040404040404040404040404040404}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 13 times>, 0x0, 0x4, 0x4}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x4, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040004}, v2_int64 = {
    0x404040404040404, 0x404000404040404}, uint128 = 0x04040004040404040404040404040404}
xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4 <repeats 16 times>}, v8_int16 = {0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404, 0x404}, v4_int32 = {0x4040404, 0x4040404, 0x4040404, 0x4040404}, v2_int64 = {0x404040404040404, 
    0x404040404040404}, uint128 = 0x04040404040404040404040404040404}
xmm10          {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, 
  v2_int64 = {0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000}
xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x11, 0x11, 0x11, 0x71, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x1100, 0x1111, 0x3e71, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x11000000, 0x3e711111, 
    0x0, 0x0}, v2_int64 = {0x3e71111111000000, 0x0}, uint128 = 0x00000000000000003e71111111000000}
xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x2000, 0x3c56, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3c562000, 0x0, 0x0}, 
  v2_int64 = {0x3c56200000000000, 0x0}, uint128 = 0x00000000000000003c56200000000000}
xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xb8, 0x45, 0x3c, 0x33, 0xa5, 0xd, 0x48, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x45b8, 0x333c, 0xda5, 0x3c48, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x333c45b8, 
    0x3c480da5, 0x0, 0x0}, v2_int64 = {0x3c480da5333c45b8, 0x0}, uint128 = 0x00000000000000003c480da5333c45b8}
xmm15          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]

Attachments (1)

ticket2449-idet-filter-segfault.ts (1000.0 KB) - added by cehoyos 5 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avfilter
  • Keywords crash SIGSEGV idet added
  • Priority changed from normal to important

Please provide 00001.ts, you can upload to http://www1.datafilehost.com/ until incoming works again.

comment:3 Changed 5 years ago by cehoyos

  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed

Fixed in release/1.0, not reproducible with 1.1, 1.2 and git master.

Changed 5 years ago by cehoyos

Note: See TracTickets for help on using tickets.