Opened 3 years ago

Closed 3 years ago

#2724 closed defect (fixed)

rv10 crash with low mem

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: crash SIGSEGV abort real
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

sorry for not providing bt, but gdb I compiled for knoppix says that ffmpeg_g have no symbols (it have them)

knoppix@Microknoppix:/media/sdb1$ ulimit -Sv 18900 
knoppix@Microknoppix:/media/sdb1$ ./ffmpeg3 -i rv1.rm -f null - 
ffmpeg version 1.1.git Copyright (c) 2000-2013 the FFmpeg developers 
  built on Jun 28 2013 16:46:26 with gcc 4.7 (Debian 4.7.2-4) 
  configuration: --disable-asm --enable-gpl --disable-ffprobe 
  libavutil      52. 37.101 / 52. 37.101 
  libavcodec     55. 17.100 / 55. 17.100 
  libavformat    55. 10.100 / 55. 10.100 
  libavdevice    55.  2.100 / 55.  2.100 
  libavfilter     3. 77.101 /  3. 77.101 
  libswscale      2.  3.100 /  2.  3.100 
  libswresample   0. 17.102 /  0. 17.102 
  libpostproc    52.  3.100 / 52.  3.100 
[rm @ 0x905cc50] Invalid stream index 1 for index at pos 1523773 
Input #0, rm, from 'rv1.rm': 
  Metadata: 
    Generated By    : Media Cleaner Pro 4.0 for Windows 
    Target Audiences: Corporate LAN (1000 Kbps); 
    Audio Format    : No Audio 
    Video Quality   : Normal Motion Video 
    Creation Date   : 4/20/2012 16:57:30 
    Modification Date: 4/20/2012 16:57:30 
    File ID         : 51c3d56c-137c-4ae5-b604-f74f5b5a25f3 
    title           : 
    author          : 
    copyright       : 
    comment         : 
  Duration: 00:00:15.01, start: 0.000000, bitrate: 812 kb/s 
    Stream #0:0: Video: rv10 (RV10 / 0x30315652), yuv420p, 320x240, 1000 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc 
Output #0, null, to 'pipe:': 
  Metadata: 
    Generated By    : Media Cleaner Pro 4.0 for Windows 
    Target Audiences: Corporate LAN (1000 Kbps); 
    Audio Format    : No Audio 
    Video Quality   : Normal Motion Video 
    Creation Date   : 4/20/2012 16:57:30 
    Modification Date: 4/20/2012 16:57:30 
    File ID         : 51c3d56c-137c-4ae5-b604-f74f5b5a25f3 
    title           : 
    author          : 
    copyright       : 
    comment         : 
    encoder         : Lavf55.10.100 
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 90k tbn, 15 tbc 
Stream mapping: 
  Stream #0:0 -> #0:0 (rv10 -> rawvideo) 
Press [q] to stop, [?] for help 
[null @ 0x9064cb0] Encoder did not produce proper pts, making some up. 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] marker missing 
[rv10 @ 0x905d4a0] pb frame is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented. 
[rv10 @ 0x905d4a0] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list. 
[rv10 @ 0x905d4a0] HEADER ERROR 
Segmentation fault 
knoppix@Microknoppix:/media/sdb1$

Attachments (1)

rv1.rm (1.5 MB) - added by ami_stuff 3 years ago.

Download all attachments as: .zip

Change History (9)

Changed 3 years ago by ami_stuff

comment:1 in reply to: ↑ description ; follow-ups: Changed 3 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords crash abort added
  • Priority changed from normal to important
  • Version changed from unspecified to git-master

Replying to ami_stuff:

sorry for not providing bt, but gdb I compiled for knoppix says that ffmpeg_g have no symbols

It may be simpler to install a distribution that comes with gdb but note that gdb does not play nice with ulimit, only with -max_alloc

I cannot reproduce above crash (it is possible to trigger both "pb frame is not implemented" and "HEADER ERROR" messages but ffmpeg quits normally after that), but the following assert:

$ ffmpeg_g -max_alloc 100000 -i rv1.rm -f null -
ffmpeg version N-54249-gfc736a9 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jun 29 2013 12:22:00 with gcc 4.7 (SUSE Linux)
  configuration:
  libavutil      52. 37.101 / 52. 37.101
  libavcodec     55. 17.100 / 55. 17.100
  libavformat    55. 10.100 / 55. 10.100
  libavdevice    55.  2.100 / 55.  2.100
  libavfilter     3. 77.101 /  3. 77.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
[rm @ 0x354b880] Invalid stream index 1 for index at pos 1523773
Assertion ret >= 0 failed at libavcodec/bitstream.c:285
Aborted

comment:2 in reply to: ↑ 1 Changed 3 years ago by ami_stuff

I cannot reproduce above crash (it is possible to trigger both "pb frame is not implemented" and "HEADER ERROR" messages but ffmpeg quits normally after that)

Ok, I will investigate it more later (maybe it crashes only with --disable-asm). In the meanwhile I created #2727 (maybe a duplicate of this ticket or not).

comment:3 in reply to: ↑ 1 Changed 3 years ago by cehoyos

Replying to cehoyos:

It may be simpler to install a distribution that comes with gdb

but note that gdb does not play nice with ulimit, only with -max_alloc

This is definitely nonsense, gdb can debug the coredump.

comment:4 Changed 3 years ago by ami_stuff

Only --disable-asm build crashes here.

comment:5 Changed 3 years ago by ami_stuff

knoppix@Microknoppix:/media/sdb1$ ulimit -c unlimited -Sv 18900 
knoppix@Microknoppix:/media/sdb1$ ./ffmpeg_g -i o/rv1.rm -f null - 
ffmpeg version 1.1.git Copyright (c) 2000-2013 the FFmpeg developers 
  built on Jun 30 2013 17:18:20 with gcc 4.7 (Debian 4.7.2-4) 
  configuration: --disable-asm --disable-ffprobe --disable-ffserver --enable-gpl 
  libavutil      52. 37.101 / 52. 37.101 
  libavcodec     55. 17.100 / 55. 17.100 
  libavformat    55. 10.100 / 55. 10.100 
  libavdevice    55.  2.100 / 55.  2.100 
  libavfilter     3. 77.101 /  3. 77.101 
  libswscale      2.  3.100 /  2.  3.100 
  libswresample   0. 17.102 /  0. 17.102 
  libpostproc    52.  3.100 / 52.  3.100 
[rm @ 0x905cc50] Invalid stream index 1 for index at pos 1523773 
Input #0, rm, from 'o/rv1.rm': 
  Metadata: 
    Generated By    : Media Cleaner Pro 4.0 for Windows 
    Target Audiences: Corporate LAN (1000 Kbps); 
    Audio Format    : No Audio 
    Video Quality   : Normal Motion Video 
    Creation Date   : 4/20/2012 16:57:30 
    Modification Date: 4/20/2012 16:57:30 
    File ID         : 51c3d56c-137c-4ae5-b604-f74f5b5a25f3 
    title           : 
    author          : 
    copyright       : 
    comment         : 
  Duration: 00:00:15.01, start: 0.000000, bitrate: 812 kb/s 
    Stream #0:0: Video: rv10 (RV10 / 0x30315652), yuv420p, 320x240, 1000 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc 
Output #0, null, to 'pipe:': 
  Metadata: 
    Generated By    : Media Cleaner Pro 4.0 for Windows 
    Target Audiences: Corporate LAN (1000 Kbps); 
    Audio Format    : No Audio 
    Video Quality   : Normal Motion Video 
    Creation Date   : 4/20/2012 16:57:30 
    Modification Date: 4/20/2012 16:57:30 
    File ID         : 51c3d56c-137c-4ae5-b604-f74f5b5a25f3 
    title           : 
    author          : 
    copyright       : 
    comment         : 
    encoder         : Lavf55.10.100 
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 90k tbn, 15 tbc 
Stream mapping: 
  Stream #0:0 -> #0:0 (rv10 -> rawvideo) 
Press [q] to stop, [?] for help 
[null @ 0x9064cb0] Encoder did not produce proper pts, making some up. 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] releasing zombie picture 
[rv10 @ 0x905d4a0] get_buffer() failed 
[rv10 @ 0x905d4a0] thread_get_buffer() failed 
[rv10 @ 0x905d4a0] get_buffer() failed (-12 (nil)) 
[rv10 @ 0x905d4a0] marker missing 
[rv10 @ 0x905d4a0] pb frame is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented. 
[rv10 @ 0x905d4a0] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list. 
[rv10 @ 0x905d4a0] HEADER ERROR 
Segmentation fault (core dumped) 
knoppix@Microknoppix:/media/sdb1$ ulimit -c unlimited -Sv 199999000knoppix@Microknoppix:/media/sdb1$ ./gdb -c core ffmpeg_g 

warning: Can not parse XML syscalls information; XML support was disabled at compile time. 
GNU gdb (GDB) 7.0.1-debian 
Copyright (C) 2009 Free Software Foundation, Inc. 
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> 
This is free software: you are free to change and redistribute it. 
There is NO WARRANTY, to the extent permitted by law.  Type "show copying" 
and "show warranty" for details. 
This GDB was configured as "i486-linux-gnu". 
For bug reporting instructions, please see: 
<http://www.gnu.org/software/gdb/bugs/>... 
Reading symbols from /media/sdb1/ffmpeg_g...done. 

warning: Can't read pathname for load map: Input/output error. 
Reading symbols from /lib/i386-linux-gnu/libm.so.6...(no debugging symbols found)...done. 
Loaded symbols for /lib/i386-linux-gnu/libm.so.6 
Reading symbols from /lib/i386-linux-gnu/librt.so.1...(no debugging symbols found)...done. 
Loaded symbols for /lib/i386-linux-gnu/librt.so.1 
Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...(no debugging symbols found)...done. 
Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 
Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done. 
Loaded symbols for /lib/i386-linux-gnu/libc.so.6 
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. 
Loaded symbols for /lib/ld-linux.so.2 
Failed to read a valid object file image from memory. 
Core was generated by `./ffmpeg_g -i o/rv1.rm -f null -'. 
Program terminated with signal 11, Segmentation fault. 
#0  0x081ea7b4 in rm_assemble_video_frame (s=0x905cc50, pb=0x9065230, 
    st=0x905d270, ast=0x905d880, len=1396, pkt=0xbfb3cff8, seq=0xbfb3ce48, 
    flags=0, timestamp=-9223372036854775808) at libavformat/rmdec.c:724 
724	    AV_WL32(vst->pkt.data - 7 + 8*vst->cur_slice, 1); 
(gdb) bt 
#0  0x081ea7b4 in rm_assemble_video_frame (s=0x905cc50, pb=0x9065230, 
    st=0x905d270, ast=0x905d880, len=1396, pkt=0xbfb3cff8, seq=0xbfb3ce48, 
    flags=0, timestamp=-9223372036854775808) at libavformat/rmdec.c:724 
#1  ff_rm_parse_packet (s=0x905cc50, pb=0x9065230, st=0x905d270, 
    ast=0x905d880, len=1396, pkt=0xbfb3cff8, seq=0xbfb3ce48, flags=0, 
    timestamp=-9223372036854775808) at libavformat/rmdec.c:779 
#2  0x081ead88 in rm_read_packet (s=0x905cc50, pkt=0xbfb3cff8) 
    at libavformat/rmdec.c:925 
#3  0x082270b7 in ff_read_packet (s=0x905cc50, pkt=0xbfb3cff8) 
    at libavformat/utils.c:642 
#4  0x08229a19 in read_frame_internal (s=0x905cc50, pkt=0xbfb3d3a8) 
    at libavformat/utils.c:1294 
#5  0x0822a65a in av_read_frame (s=0x905cc50, pkt=0xbfb3d3a8) 
    at libavformat/utils.c:1398 
#6  0x080b08d6 in get_input_packet (file_index=0) at ffmpeg.c:2853 
#7  process_input (file_index=0) at ffmpeg.c:2890 
#8  0x0809d7c0 in transcode_step (argc=<value optimized out>, 
    argv=<value optimized out>) at ffmpeg.c:3160 
#9  transcode (argc=<value optimized out>, argv=<value optimized out>) 
    at ffmpeg.c:3212 
#10 main (argc=<value optimized out>, argv=<value optimized out>) 
    at ffmpeg.c:3390 
(gdb) 

comment:6 Changed 3 years ago by cehoyos

  • Keywords SIGSEGV real added
  • Reproduced by developer set
  • Status changed from new to open

I can only reproduce the original crash with 32bit compilation.

$ ulimit -Sv 96800

...

Core was generated by `ffmpeg_g -i rv1.rm -f null -'.
Program terminated with signal 11, Segmentation fault.
#0  0x081cbe64 in rm_assemble_video_frame (timestamp=<synthetic pointer>, pseq=0xffac69b8,
    len=1385, pkt=0xffac6b68, vst=0x99a0880, pb=0x99a8240, s=0x999fca0, rm=<optimized out>)
    at libavformat/rmdec.c:724
724         AV_WL32(vst->pkt.data - 7 + 8*vst->cur_slice, 1);
(gdb) bt
#0  0x081cbe64 in rm_assemble_video_frame (timestamp=<synthetic pointer>, pseq=0xffac69b8,
    len=1385, pkt=0xffac6b68, vst=0x99a0880, pb=0x99a8240, s=0x999fca0, rm=<optimized out>)
    at libavformat/rmdec.c:724
#1  ff_rm_parse_packet (s=s@entry=0x999fca0, pb=0x99a8240, st=st@entry=0x99a0220,
    ast=0x99a0880, len=len@entry=1396, pkt=pkt@entry=0xffac6b68, seq=seq@entry=0xffac69b8,
    flags=0, timestamp=-9223372036854775808) at libavformat/rmdec.c:779
#2  0x081cc438 in rm_read_packet (s=0x999fca0, pkt=0xffac6b68) at libavformat/rmdec.c:925
#3  0x08209717 in ff_read_packet (s=s@entry=0x999fca0, pkt=pkt@entry=0xffac6b68)
    at libavformat/utils.c:642
#4  0x0820c079 in read_frame_internal (s=s@entry=0x999fca0, pkt=pkt@entry=0xffac6f18)
    at libavformat/utils.c:1294
#5  0x0820ccba in av_read_frame (s=0x999fca0, pkt=pkt@entry=0xffac6f18)
    at libavformat/utils.c:1398
#6  0x080bb026 in get_input_packet (pkt=0xffac6ef8, f=0x99a7d60) at ffmpeg.c:2852
#7  process_input (file_index=0) at ffmpeg.c:2889
#8  0x080a7f10 in transcode_step () at ffmpeg.c:3159
#9  transcode () at ffmpeg.c:3211
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
print vst->pkt
$2 = {buf = 0x0, pts = -9223372036854775808, dts = -9223372036854775808, data = 0x0,
  size = 0, stream_index = 0, flags = 0, side_data = 0x0, side_data_elems = 0, duration = 0,
  destruct = 0x0, priv = 0x0, pos = -1, convergence_duration = 0}

comment:7 Changed 3 years ago by ami_stuff

Are such reports are welcome or I shouldn't waste my time on them?

Version 0, edited 3 years ago by ami_stuff (next)

comment:8 Changed 3 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed

The original null pointer dereference was fixed in 161047f, the cause was fixed in aecb9d3, Michael fixed the assertion described in comment:1 in a9903f7.

Note: See TracTickets for help on using tickets.