Opened 10 years ago

Closed 10 years ago

#3213 closed defect (fixed)

h264 flv segfaults on seek beyond the end of the file

Reported by: Marton Balint Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: h264 seek crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:

h264 flv segfaults on seek after the end of the file

How to reproduce:
Press PgUp after starting ffplay:

% ffplay h264-seek-segfault.flv
ffplay version N-58942-gb6a8619 Copyright (c) 2003-2013 the FFmpeg developers
  built on Dec 10 2013 00:14:47 with gcc 4.8 (SUSE Linux)
  configuration: --disable-vaapi --enable-vdpau --enable-gpl --enable-libfreetype --enable-libzvbi --enable-libass --enable-frei0r
  libavutil      52. 58.100 / 52. 58.100
  libavcodec     55. 45.100 / 55. 45.100
  libavformat    55. 22.100 / 55. 22.100
  libavdevice    55.  5.102 / 55.  5.102
  libavfilter     3. 92.100 /  3. 92.100
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
[flv @ 0x313e4c0] Stream discovered after head already parsed=0/0   
Input #0, flv, from 'h264-seek-segfault.flv':
  Metadata:
    starttime       : 0
    totalduration   : 300
    totaldatarate   : 592
    bytelength      : 22252473
    canseekontime   : true
    sourcedata      : B4A7D6CA2HH1309108729288780
    purl            : 
    pmsg            : 
  Duration: 00:05:00.27, start: 0.000000, bitrate: 592 kb/s
    Stream #0:0: Video: h264 (Main), yuv420p, 480x360 [SAR 1:1 DAR 4:3], 548 kb/s, 29.97 tbr, 1k tbn, 59.94 tbc
    Stream #0:1: Audio: aac, 44100 Hz, mono, fltp, 49 kb/s
    Stream #0:2: Data: none
XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":0"
      after 123 requests (123 known processed) with 1 events remaining.

valgrind output:

==18023== Invalid read of size 8
==18023==    at 0x6E024B: decode_update_thread_context (h264.c:1854)
==18023==    by 0x89F45F: ff_thread_decode_frame (pthread_frame.c:229)
==18023==    by 0x93ABE2: avcodec_decode_video2 (utils.c:2111)
==18023==    by 0x46B2DE: video_thread (ffplay.c:1687)
==18023==    by 0x5CC8BF7: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4)
==18023==    by 0x5D08508: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4)
==18023==    by 0x5F570DA: start_thread (in /lib64/libpthread-2.18.so)
==18023==    by 0x70B990C: clone (in /lib64/libc-2.18.so)
==18023==  Address 0x1d0 is not stack'd, malloc'd or (recently) free'd
==18023==

Regression since a553c6a347d3d28d7ee44c3df3d5c4ee780dba23.

I have uploaded the flv to ftp://upload.ffmpeg.org/incoming/h264-seek-segfault.flv.

Change History (4)

comment:1 by Carl Eugen Hoyos, 10 years ago

Keywords: crash added

comment:2 by Carl Eugen Hoyos, 10 years ago

Reproduced by developer: set
Status: newopen

Only reproducible with -threads > 1

comment:3 by Michael Niedermayer, 10 years ago

cannot reproduce, maybe this was fixed in 4feca2214a0b69dcbe4d1c7cd145c3881459e867

comment:4 by Carl Eugen Hoyos, 10 years ago

Resolution: fixed
Status: openclosed

Fixed by Michael in d9339ab5

Note: See TracTickets for help on using tickets.