Opened 11 years ago

Closed 11 years ago

#2562 closed defect (fixed)

Crash after demuxing race condition

Reported by: Carl Eugen Hoyos Owned by:
Priority: important Component: ffmpeg
Version: git-master Keywords: crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

I sometimes get the following crash with ffmpeg (on exit?) that is a regression since 3630a07 / 5db5169
$ ffmpeg -i fate-suite/svq3/Vertical400kbit.sorenson3.mov -qscale 2 -mbd 2 -t 15 out_cut.m2v
$ ffmpeg -i fate-suite/svq3/Vertical400kbit.sorenson3.mov -t 15 out_cut.ac3

$ ffmpeg -threads 1 -itsoffset -10 -i out_cut.m2v -i out_cut.ac3 -c copy -threads 1 out.ts
ffmpeg version N-53000-ge41cd3c Copyright (c) 2000-2013 the FFmpeg developers
  built on May 12 2013 20:03:13 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack --enable-libx264
  libavutil      52. 30.100 / 52. 30.100
  libavcodec     55.  9.100 / 55.  9.100
  libavformat    55.  7.100 / 55.  7.100
  libavdevice    55.  0.100 / 55.  0.100
  libavfilter     3. 65.100 /  3. 65.100
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  3.100 / 52.  3.100
[mpegvideo @ 0x30bd240] max_analyze_duration 5000000 reached at 5000000 microseconds
Input #0, mpegvideo, from 'out_cut.m2v':
  Duration: N/A, bitrate: N/A
    Stream #0:0: Video: mpeg2video (Main), yuv420p, 320x240 [SAR 1:1 DAR 4:3], 30 fps, 30 tbr, 1200k tbn, 60 tbc
[ac3 @ 0x30c3160] max_analyze_duration 5000000 reached at 5014400 microseconds
[ac3 @ 0x30c3160] Estimating duration from bitrate, this may be inaccurate
Input #1, ac3, from 'out_cut.ac3':
  Duration: 00:00:15.01, start: 0.000000, bitrate: 95 kb/s
    Stream #1:0: Audio: ac3, 44100 Hz, mono, fltp, 96 kb/s
Output #0, mpegts, to 'out.ts':
  Metadata:
    encoder         : Lavf55.7.100
    Stream #0:0: Video: mpeg2video, yuv420p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 30 fps, 90k tbn, 30 tbc
    Stream #0:1: Audio: ac3, 44100 Hz, mono, 96 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (copy)
  Stream #1:0 -> #0:1 (copy)
Press [q] to stop, [?] for help
[mpegts @ 0x30c44e0] first pts value must be set
av_interleaved_write_frame(): Invalid data found when processing input
Segmentation fault

Different backtraces are possible:

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000000008fecba in av_parser_parse2 (s=0x167b260, avctx=<optimized out>,
    poutbuf=poutbuf@entry=0x7ffff642ab98, poutbuf_size=poutbuf_size@entry=0x7ffff642aba0,
    buf=<optimized out>, buf@entry=0x7ffff0000b41 "", buf_size=buf_size@entry=831,
    pts=-9223372036854775808, dts=-9223372036854775808, pos=-1) at libavcodec/parser.c:153
#2  0x00000000005b7471 in parse_packet (s=s@entry=0x167a240, pkt=pkt@entry=0x7ffff642ad60,
    stream_index=<optimized out>) at libavformat/utils.c:1332
#3  0x00000000005b7fb3 in read_frame_internal (s=0x167a240, pkt=0x7ffff642ae70)
    at libavformat/utils.c:1501
#4  0x00000000005b8cd6 in av_read_frame (s=0x167a240, pkt=pkt@entry=0x7ffff642ae70)
    at libavformat/utils.c:1539
#5  0x00000000004658a8 in input_thread (arg=0x17c2920) at ffmpeg.c:2712
#6  0x00007ffff764fe0e in start_thread () from /lib64/libpthread.so.0
#7  0x00007ffff67142cd in clone () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff686b005 in __memcpy_ssse3_back () from /lib64/libc.so.6
#1  0x000000000049b62d in ffio_read_partial (s=0x18216e0, buf=0x7ffff00008c0 "\370\004",
    size=1024) at libavformat/aviobuf.c:554
#2  0x000000000053b6dc in ff_raw_read_partial_packet (s=0x18190a0, pkt=0x7ffff6018c40)
    at libavformat/rawdec.c:45
#3  0x000000000058d04e in ff_read_packet (s=0x18190a0, pkt=0x7ffff6018c40)
    at libavformat/utils.c:793
#4  0x000000000058f73e in read_frame_internal (s=0x18190a0, pkt=0x7ffff6018e30)
    at libavformat/utils.c:1438
#5  0x000000000058ff2f in av_read_frame (s=0x18190a0, pkt=0x7ffff6018e30)
    at libavformat/utils.c:1539
#6  0x000000000041cd6e in input_thread (arg=0x1963be0) at ffmpeg.c:2712
#7  0x00007ffff740be0e in start_thread () from /lib64/libpthread.so.0
#8  0x00007ffff681f2cd in clone () from /lib64/libc.so.6

No crash with --disable-pthreads

Change History (1)

comment:1 by Michael Niedermayer, 11 years ago

Reproduced by developer: set
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.