Opened 11 years ago
Closed 11 years ago
#3120 closed defect (fixed)
Crash when converting internal SSA to SRT
| Reported by: | eelco | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | ass crash |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | yes |
Description
Summary of the bug:
ffmpeg can crash when extracting an SSA subtitle to an SRT file.
How to reproduce:
% ffmpeg -i ssa-2-srt-fails.mkv out.srt
ffmpeg version N-57932-g89a3be8 Copyright (c) 2000-2013 the FFmpeg developers
built on Nov 5 2013 16:30:18 with Apple LLVM version 5.0 (clang-500.2.78) (based on LLVM 3.3svn)
configuration: --prefix=/Users/eelco/Projects/Beamer/FFmpeg/build --disable-shared
libavutil 52. 52.100 / 52. 52.100
libavcodec 55. 41.100 / 55. 41.100
libavformat 55. 21.100 / 55. 21.100
libavdevice 55. 5.100 / 55. 5.100
libavfilter 3. 90.102 / 3. 90.102
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
[matroska,webm @ 0x7fd09b817a00] Unknown entry 0x437E
Last message repeated 4 times
Input #0, matroska,webm, from 'ssa-2-srt-fails.mkv':
Metadata:
creation_time : 2013-04-07 06:15:26
Duration: 00:24:06.45, start: 0.000000, bitrate: 3041 kb/s
Chapter #0.0: start 0.033000, end 123.498375
Metadata:
title : Intro
Chapter #0.1: start 123.498375, end 214.964750
Metadata:
title : OP
Chapter #0.2: start 214.964750, end 752.793708
Metadata:
title : Part A
Chapter #0.3: start 752.793708, end 1431.596833
Metadata:
title : Part B
Chapter #0.4: start 1431.596833, end 1446.445000
Metadata:
title : Preview
Stream #0:0(eng): Video: h264 (High 10), yuv420p10le, 1280x720, SAR 1:1 DAR 16:9, 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
Stream #0:1(jpn): Audio: aac, 48000 Hz, stereo, fltp (default)
Metadata:
title : Commie
Stream #0:2(eng): Subtitle: ssa (default)
Codec 0x18000 is not in the full list.
Stream #0:3: Attachment: unknown_codec
Metadata:
filename : Comfortaa-Regular.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:4: Attachment: unknown_codec
Metadata:
filename : LT.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:5: Attachment: unknown_codec
Metadata:
filename : LTFinnegan_MediumItalic.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:6: Attachment: unknown_codec
Metadata:
filename : Cavalier.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:7: Attachment: unknown_codec
Metadata:
filename : Comfortaa-Bold.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:8: Attachment: unknown_codec
Metadata:
filename : DSFetteKanzlei.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:9: Attachment: unknown_codec
Metadata:
filename : KaiserzeitGotisch.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:10: Attachment: unknown_codec
Metadata:
filename : Mothproof_Script.ttf
mimetype : application/x-truetype-font
Output #0, srt, to 'out.srt':
Metadata:
encoder : Lavf55.21.100
Chapter #0.0: start 0.033000, end 123.498375
Metadata:
title : Intro
Chapter #0.1: start 123.498375, end 214.964750
Metadata:
title : OP
Chapter #0.2: start 214.964750, end 752.793708
Metadata:
title : Part A
Chapter #0.3: start 752.793708, end 1431.596833
Metadata:
title : Part B
Chapter #0.4: start 1431.596833, end 1446.445000
Metadata:
title : Preview
Stream #0:0(eng): Subtitle: subrip (default)
Stream mapping:
Stream #0:2 -> #0:0 (ssa -> subrip)
Press [q] to stop, [?] for help
ffmpeg(11976,0x7fff77cc8310) malloc: *** error for object 0x7fd09b8a6e08: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
fish: Job 1, 'ffmpeg -i ssa-2-srt-fails.mkv out.srt' terminated by signal SIGABRT (Abort)
Note that the crash does not seem to occur at the same point in the file between different runs.
File will be uploaded to the FTP.
Attachments (1)
Change History (8)
comment:1 by , 11 years ago
| Keywords: | crash added |
|---|---|
| Priority: | normal → important |
| Version: | unspecified → git-master |
comment:2 by , 11 years ago
* thread #1: tid = 0x2e10b6, 0x00007fff92b42866 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread, stop reason = signal SIGABRT
frame #0: 0x00007fff92b42866 libsystem_kernel.dylib`__pthread_kill + 10
frame #1: 0x00007fff92be335c libsystem_pthread.dylib`pthread_kill + 92
frame #2: 0x00007fff8d1d2bba libsystem_c.dylib`abort + 125
frame #3: 0x00007fff868956a4 libsystem_malloc.dylib`szone_error + 587
frame #4: 0x00007fff8689b708 libsystem_malloc.dylib`small_malloc_from_free_list + 1162
frame #5: 0x00007fff8689a7c6 libsystem_malloc.dylib`szone_malloc_should_clear + 1327
frame #6: 0x00007fff868910cc libsystem_malloc.dylib`szone_realloc + 2035
frame #7: 0x00007fff8689cc71 libsystem_malloc.dylib`malloc_zone_realloc + 79
frame #8: 0x00007fff8689d3a7 libsystem_malloc.dylib`realloc + 174
frame #9: 0x000000010019d3d0 ffmpeg_g`ass_split_section [inlined] realloc_section_array(ctx=0x0000000101204860) + 38 at ass_split.c:181
frame #10: 0x000000010019d3aa ffmpeg_g`ass_split_section(ctx=0x0000000101204860, buf=<unavailable>) + 922 at ass_split.c:241
frame #11: 0x000000010019c415 ffmpeg_g`ass_split(ctx=0x0000000101204860, buf=0x000000010182dbb2) + 53 at ass_split.c:284
frame #12: 0x000000010019c64c ffmpeg_g`ff_ass_split_dialog(ctx=0x0000000101204860, buf=0x000000010182dbb2, cache=<unavailable>, number=0x0000000000000000) + 108 at ass_split.c:350
frame #13: 0x000000010019d820 ffmpeg_g`ssa_decode_frame(avctx=0x0000000102090a00, data=0x00007fff5fbf9950, got_sub_ptr=0x00007fff5fbf986c, avpkt=0x00007fff5fbf9668) + 64 at assdec.c:60
frame #14: 0x0000000100533de9 ffmpeg_g`avcodec_decode_subtitle2(avctx=0x0000000102090a00, sub=0x00007fff5fbf9950, got_sub_ptr=0x00007fff5fbf986c, avpkt=0x00007fff5fbf9808) + 777 at utils.c:2462
frame #15: 0x0000000100011d87 ffmpeg_g`output_packet [inlined] transcode_subtitles(got_output=0x5fbf992800000000, pkt=0x0000000101206980, ist=<unavailable>) + 8 at ffmpeg.c:1766
frame #16: 0x0000000100011d7f ffmpeg_g`output_packet(ist=0x0000000102b011a0, pkt=0x00007fff5fbfa5c0) + 575 at ffmpeg.c:1889
frame #17: 0x0000000100010583 ffmpeg_g`transcode [inlined] process_input + 4720 at ffmpeg.c:3115
frame #18: 0x000000010000f313 ffmpeg_g`transcode [inlined] transcode_step at ffmpeg.c:3211
frame #19: 0x000000010000f313 ffmpeg_g`transcode + 11939 at ffmpeg.c:3263
frame #20: 0x000000010000beb6 ffmpeg_g`main(argc=<unavailable>, argv=<unavailable>) + 342 at ffmpeg.c:3441
frame #21: 0x00007fff91bb05fd libdyld.dylib`start + 1
by , 11 years ago
| Attachment: | 3120-ssa-2-srt-fails-001.mkv added |
|---|
comment:4 by , 11 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | ass added |
| Reproduced by developer: | set |
| Status: | new → open |
comment:5 by , 11 years ago
$ valgrind ffmpeg_g -i 3120-ssa-2-srt-fails-001.mkv -scodec subrip -vn -an -f null -
==2085== Memcheck, a memory error detector
==2085== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2085== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2085== Command: ffmpeg_g -i 3120-ssa-2-srt-fails-001.mkv -scodec subrip -vn -an -f null -
==2085==
ffmpeg version N-58040-g6d90a5c Copyright (c) 2000-2013 the FFmpeg developers
built on Nov 12 2013 14:42:08 with gcc 4.7 (SUSE Linux)
configuration: --disable-optimizations --disable-asm
libavutil 52. 52.100 / 52. 52.100
libavcodec 55. 41.100 / 55. 41.100
libavformat 55. 21.100 / 55. 21.100
libavdevice 55. 5.100 / 55. 5.100
libavfilter 3. 90.102 / 3. 90.102
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
[matroska,webm @ 0x7236b80] Unknown entry 0x437E
Last message repeated 1 times
Input #0, matroska,webm, from '3120-ssa-2-srt-fails-001.mkv':
Metadata:
creation_time : 2013-11-05 16:43:47
Duration: 00:01:44.94, start: 0.000000, bitrate: 160 kb/s
Chapter #0.0: start 0.000000, end 97.918375
Metadata:
title : Intro
Chapter #0.1: start 97.918375, end 104.940000
Metadata:
title : OP
Stream #0:0(eng): Subtitle: ssa (default)
Codec 0x18000 is not in the full list.
Stream #0:1: Attachment: unknown_codec
Metadata:
filename : Comfortaa-Regular.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:2: Attachment: unknown_codec
Metadata:
filename : LT.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:3: Attachment: unknown_codec
Metadata:
filename : LTFinnegan_MediumItalic.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:4: Attachment: unknown_codec
Metadata:
filename : Cavalier.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:5: Attachment: unknown_codec
Metadata:
filename : Comfortaa-Bold.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:6: Attachment: unknown_codec
Metadata:
filename : DSFetteKanzlei.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:7: Attachment: unknown_codec
Metadata:
filename : KaiserzeitGotisch.ttf
mimetype : application/x-truetype-font
Codec 0x18000 is not in the full list.
Stream #0:8: Attachment: unknown_codec
Metadata:
filename : Mothproof_Script.ttf
mimetype : application/x-truetype-font
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.21.100
Chapter #0.0: start 0.000000, end 97.918375
Metadata:
title : Intro
Chapter #0.1: start 97.918375, end 104.940000
Metadata:
title : OP
Stream #0:0(eng): Subtitle: subrip (default)
Stream mapping:
Stream #0:0 -> #0:0 (ssa -> subrip)
Press [q] to stop, [?] for help
==2085== Invalid write of size 1
==2085== at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085== by 0x68991CD: vfprintf (in /lib64/libc-2.15.so)
==2085== by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== Address 0x73e9068 is 0 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085== by 0x68990E7: vfprintf (in /lib64/libc-2.15.so)
==2085== by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== Address 0x73e906b is 3 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085== by 0x6897667: vfprintf (in /lib64/libc-2.15.so)
==2085== by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x689BB10: vfprintf (in /lib64/libc-2.15.so)
==2085== by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085== by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085== by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085== by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== Address 0x73e906e is 6 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F2ED: srt_style_apply (srtenc.c:105)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e9073 is 11 bytes after a block of size 2,168 alloc'd
==2085== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE8161: av_malloc (mem.c:93)
==2085== by 0xDE83F1: av_mallocz (mem.c:243)
==2085== by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085== by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085== by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085== by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F2ED: srt_style_apply (srtenc.c:105)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e9078 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F331: srt_style_apply (srtenc.c:107)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e9078 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F331: srt_style_apply (srtenc.c:107)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e9091 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e9091 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085== by 0x6899921: vfprintf (in /lib64/libc-2.15.so)
==2085== by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== Address 0x73e9098 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e909b is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F3B3: srt_style_apply (srtenc.c:113)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e909b is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F3B3: srt_style_apply (srtenc.c:113)
==2085== by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e909c is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F654: srt_color_cb (srtenc.c:169)
==2085== by 0xC85008: ff_ass_split_override_codes (ass_split.c:405)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== Address 0x73e909c is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0xDD899B: av_strlcpy (avstring.c:86)
==2085== by 0xA7F54F: srt_text_cb (srtenc.c:147)
==2085== by 0xC8569A: ff_ass_split_override_codes (ass_split.c:459)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e90c0 is 0 bytes after a block of size 16 alloc'd
==2085== at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0x4C2AD6F: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085== by 0xDE81E2: av_realloc (mem.c:164)
==2085== by 0xDE8239: av_realloc_f (mem.c:177)
==2085== by 0x40C250: copy_chapters (ffmpeg_opt.c:1470)
==2085== by 0x40E2E9: open_output_file (ffmpeg_opt.c:1973)
==2085== by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085== by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085== by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085== at 0xDD89CF: av_strlcpy (avstring.c:88)
==2085== by 0xA7F54F: srt_text_cb (srtenc.c:147)
==2085== by 0xC8569A: ff_ass_split_override_codes (ass_split.c:459)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x73e919a is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085== at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085== by 0xA7F062: srt_print (srtenc.c:52)
==2085== by 0xA7F654: srt_color_cb (srtenc.c:169)
==2085== by 0xC85008: ff_ass_split_override_codes (ass_split.c:405)
==2085== by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== Address 0x73e91e7 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid read of size 8
==2085== at 0xDE83C2: av_freep (mem.c:237)
==2085== by 0xC84ADD: free_section (ass_split.c:330)
==2085== by 0xC84BF3: ff_ass_split_dialog (ass_split.c:346)
==2085== by 0xA7F9EA: srt_encode_frame (srtenc.c:258)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085== Address 0x2062203620393646 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085==
==2085== Process terminating with default action of signal 11 (SIGSEGV)
==2085== General Protection Fault
==2085== at 0xDE83C2: av_freep (mem.c:237)
==2085== by 0xC84ADD: free_section (ass_split.c:330)
==2085== by 0xC84BF3: ff_ass_split_dialog (ass_split.c:346)
==2085== by 0xA7F9EA: srt_encode_frame (srtenc.c:258)
==2085== by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085== by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085== by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085== by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085== by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085== by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085== by 0x41FE30: transcode (ffmpeg.c:3266)
==2085== by 0x420344: main (ffmpeg.c:3444)
==2085==
==2085== HEAP SUMMARY:
==2085== in use at exit: 4,247,342 bytes in 709 blocks
==2085== total heap usage: 112,497 allocs, 111,788 frees, 935,264,585 bytes allocated
==2085==
==2085== LEAK SUMMARY:
==2085== definitely lost: 901 bytes in 19 blocks
==2085== indirectly lost: 541 bytes in 20 blocks
==2085== possibly lost: 0 bytes in 0 blocks
==2085== still reachable: 4,245,900 bytes in 670 blocks
==2085== suppressed: 0 bytes in 0 blocks
==2085== Rerun with --leak-check=full to see details of leaked memory
==2085==
==2085== For counts of detected and suppressed errors, rerun with: -v
==2085== ERROR SUMMARY: 2449 errors from 20 contexts (suppressed: 2 from 2)
Segmentation fault
comment:6 by , 11 years ago
| Analyzed by developer: | set |
|---|
The problem is that srt_print uses a fixed-size buffer and does not check for overflow with the vsnprintf return value.
The easy solution is to add that kind of check and reject overly long lines. The good solution is to use a dynamic buffer, possibly AVBPrint.
comment:7 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Fixed by Nicolas George in 98a65784 / 4b1c9b72
Note:
See TracTickets
for help on using tickets.
Please provide a backtrace.