Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#3465 closed defect (fixed)

FFmpeg segfault with simple parameter combination

Reported by: ahthovaikied Owned by:
Priority: important Component: ffmpeg
Version: git-master Keywords: crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Using this simple command line, ffmpeg triggers a segfault:
ffmpeg -i any_mp3_file.mp3 -filter_complex channelsplit -map_channel 0.0.1 -f null /dev/null

More info with gdb:

/tmp/ffmpeg [master|✔] $ gdb --args ./ffmpeg -i any_mp3_file.mp3 -filter_complex channelsplit -map_channel 0.0.1 -f null /dev/null
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /tmp/ffmpeg/ffmpeg...done.
(gdb) run
Starting program: /tmp/ffmpeg/ffmpeg -i any_mp3_file.mp3 -filter_complex channelsplit -map_channel 0.0.1 -f null /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-61476-g847d8af Copyright (c) 2000-2014 the FFmpeg developers
  built on Mar 15 2014 13:55:39 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
  configuration: --enable-gpl --enable-version3 --enable-nonfree --enable-static --disable-runtime-cpudetect --disable-ffserver --disable-encoder=vorbis --disable-encoder=aac --enable-x11grab --enable-libfdk-aac --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopus --enable-librtmp --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-debug --disable-stripping --cpu=corei7
  libavutil      52. 66.101 / 52. 66.101
  libavcodec     55. 52.102 / 55. 52.102
  libavformat    55. 34.101 / 55. 34.101
  libavdevice    55. 11.100 / 55. 11.100
  libavfilter     4.  3.100 /  4.  3.100
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 18.100 /  0. 18.100
  libpostproc    52.  3.100 / 52.  3.100
[mp3 @ 0x18589c0] Estimating duration from bitrate, this may be inaccurate
Input #0, mp3, from '/media/Data/Documents/Virtual Barbershop.mp3':
  Metadata:
    ...
  Duration: 00:04:29.14, start: 0.000000, bitrate: 192 kb/s
    Stream #0:0: Audio: mp3, 44100 Hz, stereo, s16p, 192 kb/s
[New Thread 0x7fffefa52700 (LWP 30412)]
[New Thread 0x7fffef251700 (LWP 30413)]
[New Thread 0x7fffeea50700 (LWP 30414)]
[New Thread 0x7fffee24f700 (LWP 30415)]
[New Thread 0x7fffeda4e700 (LWP 30416)]
[New Thread 0x7fffed24d700 (LWP 30417)]
[New Thread 0x7fffeca4c700 (LWP 30418)]
[New Thread 0x7fffec24b700 (LWP 30419)]
[New Thread 0x7fffeba4a700 (LWP 30420)]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000474652 in new_audio_stream (o=0x7fffffffdb40, oc=<optimized out>, source_index=<optimized out>) at ffmpeg_opt.c:1434
1434              if ((map->channel_idx == -1 || (ist->file_index == map->file_idx && ist->st->index == map->stream_idx)) &&
(gdb) bt
#0  0x0000000000474652 in new_audio_stream (o=0x7fffffffdb40, oc=<optimized out>, source_index=<optimized out>) at ffmpeg_opt.c:1434
#1  0x0000000000477d70 in init_output_filter (ofilter=0x185bf00, o=0x7fffffffdb40, oc=0x1869620) at ffmpeg_opt.c:1614
#2  0x00000000004784b2 in open_output_file (o=0x7fffffffdb40, filename=0x7fffffffe508 "/dev/null") at ffmpeg_opt.c:1738
#3  0x00000000004735cd in open_files (inout=0xd11465 "output", open_file=0x477e00 <open_output_file>, l=<optimized out>) at ffmpeg_opt.c:2598
#4  0x000000000047a3d9 in ffmpeg_parse_options (argc=<optimized out>, argv=<optimized out>) at ffmpeg_opt.c:2642
#5  0x000000000046b378 in main (argc=10, argv=0x7fffffffe198) at ffmpeg.c:3600
(gdb)

Please ignore the parameters, they may be incorrect. I tried to reduce them to the minimum to reproduced the segfault.

Build compiled on Ubuntu 12.04 x64, with GCC 4.6.3.

Reproduced with normal and debug build from git master (commit 847d8af), and older builds from git master too.

Change History (3)

comment:1 Changed 5 years ago by cehoyos

  • Keywords crash SIGSEGV added; segfault removed
  • Reproduced by developer set
  • Status changed from new to open

Reproducible with:

$ ffmpeg -f s16le -ac 2 -i /dev/zero -filter_complex channelsplit -map_channel 0.0.1 -f null -

comment:2 Changed 5 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed

comment:3 Changed 5 years ago by ahthovaikied

Thanks, that was fast.

Do you guys have some sort of command line fuzzing tool to detect such bugs?

Note: See TracTickets for help on using tickets.