Opened 4 years ago

Closed 4 years ago

#2714 closed defect (fixed)

mpeg4: crash with lowres > 2

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: regression crash SIGSEGV asp lowres
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

attached file crashes ffmpeg when lowres >2 is used

this seems to be related to asm code, no crash here with "-cpuflags 0"

I will compile new build later to get a bt if crash is not reproducable

C:\>ffmpeg -vlowres 2 -i xvid.avi -an out.avi
ffmpeg version N-54183-g1029822 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jun 25 2013 02:39:45 with gcc 4.5.0 (GCC) 20100414 (Fedora MinGW 4.5.
0-1.fc14)
  configuration: --prefix=/var/www/users/research/ffmpeg/snapshots/build --arch=
x86 --target-os=mingw32 --cross-prefix=i686-pc-mingw32- --cc='ccache i686-pc-min
gw32-gcc' --enable-w32threads --enable-memalign-hack --enable-runtime-cpudetect
--enable-cross-compile --enable-static --disable-shared --extra-libs='-lws2_32 -
lwinmm -lpthread' --extra-cflags='--static -I/var/www/users/research/ffmpeg/snap
shots/build/include' --extra-ldflags='-static -L/var/www/users/research/ffmpeg/s
napshots/build/lib' --enable-bzlib --enable-zlib --enable-gpl --enable-version3
--enable-nonfree --enable-libx264 --enable-libspeex --enable-libtheora --enable-
libvorbis --enable-libfaac --enable-libxvid --enable-libopencore-amrnb --enable-
libopencore-amrwb --enable-libmp3lame --enable-libvpx --disable-decoder=libvpx
  libavutil      52. 37.101 / 52. 37.101
  libavcodec     55. 17.100 / 55. 17.100
  libavformat    55. 10.100 / 55. 10.100
  libavdevice    55.  2.100 / 55.  2.100
  libavfilter     3. 77.101 /  3. 77.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  3.100 / 52.  3.100
[mpeg4 @ 0x20de1e0] Invalid and inefficient vfw-avi packed B frames detected
Input #0, avi, from 'xvid.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 454 kb/s
    Stream #0:0: Video: mpeg4 (Advanced Simple Profile) (XVID / 0x44495658), yuv
420p, 80x60 [SAR 1:1 DAR 4:3], 23.97 tbr, 23.97 tbn, 23.97 tbc
    Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz, stereo, s16p, 128 k
b/s
[mpeg4 @ 0x20db6a0] too many threads/slices (5), reducing to 4
Output #0, avi, to 'out.avi':
  Metadata:
    ISFT            : Lavf55.10.100
    Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 80x60 [SAR 1:1 DAR 4
:3], q=2-31, 200 kb/s, 23.97 tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> mpeg4)
Press [q] to stop, [?] for help
[mpeg4 @ 0x20fd7e0] Invalid and inefficient vfw-avi packed B frames detected

Attachments (2)

xvid.avi (700.7 KB) - added by ami_stuff 4 years ago.
valgrind.log (87.3 KB) - added by cehoyos 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by ami_stuff

comment:1 Changed 4 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords regression crash SIGSEGV asp lowres added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Summary changed from xvid: crash with lowres > 2 to mpeg4: crash with lowres > 2
  • Version changed from unspecified to git-master

Regression since a3f30f2

$ valgrind ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
==21611== Memcheck, a memory error detector
==21611== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21611== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==21611== Command: ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
==21611==
ffmpeg version N-54200-gda8c9b3 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jun 26 2013 00:26:34 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack
  libavutil      52. 37.101 / 52. 37.101
  libavcodec     55. 17.100 / 55. 17.100
  libavformat    55. 10.100 / 55. 10.100
  libavdevice    55.  2.100 / 55.  2.100
  libavfilter     3. 77.101 /  3. 77.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  3.100 / 52.  3.100
[mpeg4 @ 0x7248540] Invalid and inefficient vfw-avi packed B frames detected
Input #0, avi, from 'xvid.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 454 kb/s
    Stream #0:0: Video: mpeg4 (Advanced Simple Profile) (XVID / 0x44495658), yuv420p, 40x30 [SAR 1:1 DAR 4:3], 23.97 tbr, 23.97 tbn, 23.97 tbc
    Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz, stereo, s16p, 128 kb/s
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.10.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 40x30 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
Press [q] to stop, [?] for help
[mpeg4 @ 0x73ad520] Invalid and inefficient vfw-avi packed B frames detected
==21611== Thread 11:
==21611== Invalid write of size 8
==21611==    at 0xA74494: ff_put_pixels_clamped_mmx (dsputil_mmx.c:72)
==21611==    by 0x8D5F0E: ff_MPV_decode_mb (mpegvideo.c:2591)
==21611==    by 0x6E4D3F: decode_slice (h263dec.c:257)
==21611==    by 0x6E5CE1: ff_h263_decode_frame (h263dec.c:679)
==21611==    by 0x922075: frame_worker_thread (pthread.c:338)
==21611==    by 0x5D1AE0D: start_thread (in /lib64/libpthread-2.15.so)
==21611==  Address 0x73f5ba0 is 1 bytes after a block of size 575 alloc'd
==21611==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21611==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21611==    by 0xBF9989: av_malloc (mem.c:93)
==21611==    by 0xBED6CD: av_buffer_allocz (buffer.c:70)
==21611==    by 0xBEDCAB: av_buffer_pool_get (buffer.c:305)
==21611==    by 0x9C7496: video_get_buffer (utils.c:550)
==21611==    by 0x9C8A9E: get_buffer_internal (utils.c:830)
==21611==    by 0x9C8FC5: ff_get_buffer (utils.c:842)
==21611==    by 0x923995: ff_thread_get_buffer (pthread.c:955)
==21611==    by 0x8CE3D2: ff_alloc_picture (mpegvideo.c:234)
==21611==    by 0x8D240F: ff_MPV_frame_start (mpegvideo.c:1550)
==21611==    by 0x6E5C4B: ff_h263_decode_frame (h263dec.c:649)

...
(gdb) r -vlowres 3 -i xvid.avi -an -f null -
Starting program: ffmpeg_g -vlowres 3 -i xvid.avi -an -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-54200-gda8c9b3 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jun 26 2013 00:26:34 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack
  libavutil      52. 37.101 / 52. 37.101
  libavcodec     55. 17.100 / 55. 17.100
  libavformat    55. 10.100 / 55. 10.100
  libavdevice    55.  2.100 / 55.  2.100
  libavfilter     3. 77.101 /  3. 77.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  3.100 / 52.  3.100
[mpeg4 @ 0x169a420] Invalid and inefficient vfw-avi packed B frames detected
Input #0, avi, from 'xvid.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 454 kb/s
    Stream #0:0: Video: mpeg4 (Advanced Simple Profile) (XVID / 0x44495658), yuv420p, 40x30 [SAR 1:1 DAR 4:3], 23.97 tbr, 23.97 tbn, 23.97 tbc
    Stream #0:1: Audio: mp3 (U[0][0][0] / 0x0055), 44100 Hz, stereo, s16p, 128 kb/s
[New Thread 0x7ffff59e7700 (LWP 21680)]
[New Thread 0x7ffff51e6700 (LWP 21681)]
[New Thread 0x7ffff49e5700 (LWP 21682)]
[New Thread 0x7ffff41e4700 (LWP 21683)]
[New Thread 0x7ffff39e3700 (LWP 21684)]
[New Thread 0x7ffff31e2700 (LWP 21685)]
[New Thread 0x7ffff29e1700 (LWP 21686)]
[New Thread 0x7ffff21e0700 (LWP 21687)]
[New Thread 0x7ffff19df700 (LWP 21688)]
[New Thread 0x7ffff11de700 (LWP 21689)]
[New Thread 0x7ffff09dd700 (LWP 21690)]
[New Thread 0x7ffff01dc700 (LWP 21691)]
[New Thread 0x7fffef9db700 (LWP 21692)]
[New Thread 0x7fffef1da700 (LWP 21693)]
[New Thread 0x7fffee9d9700 (LWP 21694)]
[New Thread 0x7fffee1d8700 (LWP 21695)]
[New Thread 0x7fffed9d7700 (LWP 21696)]
[New Thread 0x7fffed1d6700 (LWP 21697)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.10.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 40x30 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> rawvideo)
Press [q] to stop, [?] for help
[mpeg4 @ 0x1683be0] Invalid and inefficient vfw-avi packed B frames detected

Program received signal SIGSEGV, Segmentation fault.
av_buffer_ref (buf=0x7fffe80254a0) at libavutil/buffer.c:100
100         avpriv_atomic_int_add_and_fetch(&buf->buffer->refcount, 1);
(gdb) bt
#0  av_buffer_ref (buf=0x7fffe80254a0) at libavutil/buffer.c:100
#1  0x0000000000bf4a16 in av_frame_ref (dst=0x16c4780, src=0x7fffe80008c0)
    at libavutil/frame.c:269
#2  0x00000000009cf0d7 in ff_thread_ref_frame (dst=dst@entry=0x16c49e8,
    src=src@entry=0x7fffe8000b28) at libavcodec/utils.c:3091
#3  0x00000000008ced26 in ff_mpeg_ref_picture (s=s@entry=0x16afde0, dst=0x16c4780,
    src=0x7fffe80008c0) at libavcodec/mpegvideo.c:511
#4  0x00000000008d08d6 in ff_mpeg_update_thread_context (dst=<optimized out>,
    src=<optimized out>) at libavcodec/mpegvideo.c:707
#5  0x0000000000922a50 in update_context_from_thread (for_user=0, src=<optimized out>,
    dst=<optimized out>) at libavcodec/pthread.c:418
#6  submit_packet (avpkt=0x7fffffffd5d0, p=0x16adcf8) at libavcodec/pthread.c:516
#7  ff_thread_decode_frame (avctx=avctx@entry=0x169a420, picture=picture@entry=0x169e040,
    got_picture_ptr=got_picture_ptr@entry=0x7fffffffd84c, avpkt=avpkt@entry=0x7fffffffd5d0)
    at libavcodec/pthread.c:597
#8  0x00000000009ca969 in avcodec_decode_video2 (avctx=0x169a420,
    picture=picture@entry=0x169e040, got_picture_ptr=got_picture_ptr@entry=0x7fffffffd84c,
    avpkt=avpkt@entry=0x7fffffffdab0) at libavcodec/utils.c:1937
#9  0x000000000046ac00 in decode_video (ist=ist@entry=0x16a0220,
    pkt=pkt@entry=0x7fffffffdab0, got_output=got_output@entry=0x7fffffffd84c)
    at ffmpeg.c:1654
#10 0x000000000046d8f7 in output_packet (pkt=0x7fffffffda50, ist=0x16a0220) at ffmpeg.c:1852
#11 process_input (file_index=<optimized out>) at ffmpeg.c:3064
#12 0x000000000045c550 in transcode_step () at ffmpeg.c:3160
#13 transcode () at ffmpeg.c:3212
#14 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3390
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xbed789 to 0xbed7c9:
   0x0000000000bed789 <av_buffer_ref+9>:        callq  0xbf9bc0 <av_mallocz>
   0x0000000000bed78e <av_buffer_ref+14>:       test   %rax,%rax
   0x0000000000bed791 <av_buffer_ref+17>:       je     0xbed7ae <av_buffer_ref+46>
   0x0000000000bed793 <av_buffer_ref+19>:       mov    (%rbx),%rdx
   0x0000000000bed796 <av_buffer_ref+22>:       mov    %rdx,(%rax)
   0x0000000000bed799 <av_buffer_ref+25>:       mov    0x8(%rbx),%rcx
   0x0000000000bed79d <av_buffer_ref+29>:       mov    %rcx,0x8(%rax)
   0x0000000000bed7a1 <av_buffer_ref+33>:       mov    0x10(%rbx),%rcx
   0x0000000000bed7a5 <av_buffer_ref+37>:       mov    %rcx,0x10(%rax)
=> 0x0000000000bed7a9 <av_buffer_ref+41>:       lock addl $0x1,0xc(%rdx)
   0x0000000000bed7ae <av_buffer_ref+46>:       pop    %rbx
   0x0000000000bed7af <av_buffer_ref+47>:       retq
   0x0000000000bed7b0 <av_buffer_unref+0>:      test   %rdi,%rdi
   0x0000000000bed7b3 <av_buffer_unref+3>:      je     0xbed7de <av_buffer_unref+46>
   0x0000000000bed7b5 <av_buffer_unref+5>:      mov    (%rdi),%rax
   0x0000000000bed7b8 <av_buffer_unref+8>:      test   %rax,%rax
   0x0000000000bed7bb <av_buffer_unref+11>:     je     0xbed7de <av_buffer_unref+46>
   0x0000000000bed7bd <av_buffer_unref+13>:     sub    $0x18,%rsp
   0x0000000000bed7c1 <av_buffer_unref+17>:     mov    (%rax),%rax
   0x0000000000bed7c4 <av_buffer_unref+20>:     mov    %rax,0x8(%rsp)
End of assembler dump.
(gdb) info register
rax            0x16835c0        23606720
rbx            0x7fffe80254a0   140737085854880
rcx            0x1111101010101010       1229781834423865360
rdx            0x1111111111111111       1229782938247303441
rsi            0x0      0
rdi            0x16835d8        23606744
rbp            0x16c49e8        0x16c49e8
rsp            0x7fffffffd440   0x7fffffffd440
r8             0x18     24
r9             0x101010101010101        72340172838076673
r10            0x0      0
r11            0x7ffff6099112   140737321210130
r12            0x16c4780        23873408
r13            0x16c49e8        23874024
r14            0x16afde0        23789024
r15            0x16c4aa8        23874216
rip            0xbed7a9 0xbed7a9 <av_buffer_ref+41>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

Changed 4 years ago by cehoyos

comment:2 Changed 4 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.