Opened 10 years ago
Closed 10 years ago
#3840 closed defect (fixed)
hevc: invalid read with fuzzed file
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | hevc crash SIGSEGV regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
(gdb) r -i h5f.ts -f null -
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /media/sdb1/ffmpeg-snapshot/ffmpeg_g -i h5f.ts -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
built on Aug 9 2014 12:01:59 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-ffprobe --disable-ffserver --disable-yasm --enable-gpl
libavutil 52. 98.100 / 52. 98.100
libavcodec 55. 73.101 / 55. 73.101
libavformat 55. 54.100 / 55. 54.100
libavdevice 55. 13.102 / 55. 13.102
libavfilter 4. 11.103 / 4. 11.103
libswscale 2. 6.101 / 2. 6.101
libswresample 0. 19.100 / 0. 19.100
libpostproc 52. 3.100 / 52. 3.100
[hevc @ 0x93b6480] Unknown HEVC profile: 0
Last message repeated 3 times
[mpegts @ 0x93b28a0] PES packet size mismatch
Last message repeated 3 times
Input #0, mpegts, from 'h5f.ts':
Duration: 00:00:12.64, start: 0.080000, bitrate: 424 kb/s
Program 1
Stream #0:0[0x12d]: Video: hevc (HEVC / 0x43564548), yuv420p(tv), 320x240, 24 tbr, 90k tbn, 90k tbc
[New Thread 0xb7df8b70 (LWP 12177)]
[New Thread 0xb75f8b70 (LWP 12178)]
[New Thread 0xb6df8b70 (LWP 12188)]
[New Thread 0xb65f8b70 (LWP 12189)]
[New Thread 0xb5df8b70 (LWP 12190)]
[New Thread 0xb55f8b70 (LWP 12191)]
[New Thread 0xb4df8b70 (LWP 12192)]
[New Thread 0xb45f8b70 (LWP 12193)]
[New Thread 0xb3df8b70 (LWP 12194)]
[hevc @ 0x939f040] Unknown HEVC profile: 0
[New Thread 0xb35f8b70 (LWP 12195)]
[New Thread 0xb2df8b70 (LWP 12196)]
[New Thread 0xb25f8b70 (LWP 12197)]
[New Thread 0xb1df8b70 (LWP 12198)]
[New Thread 0xb15f8b70 (LWP 12199)]
[New Thread 0xb0df8b70 (LWP 12200)]
[New Thread 0xb05f8b70 (LWP 12201)]
[New Thread 0xafdf8b70 (LWP 12202)]
[New Thread 0xaf5f8b70 (LWP 12203)]
Last message repeated 1 times
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.54.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 24 fps, 24 tbn, 24 tbc
Metadata:
encoder : Lavc55.73.101 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (hevc (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[NULL @ 0x93b6480] Unknown HEVC profile: 0
Last message repeated 1 times
[hevc @ 0x939f040] Unknown HEVC profile: 0
Last message repeated 1 times
[hevc @ 0x93a5960] Could not find ref with POC 2
[hevc @ 0x93a5960] Could not find ref with POC 7
[hevc @ 0x93a5960] Could not find ref with POC 12
[hevc @ 0x93a5960] Could not find ref with POC 15
[hevc @ 0x93decc0] Duplicate POC in a sequence: 2.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] Invalid number of merging MVP candidates: -7.
[hevc @ 0x93e53a0] Error parsing NAL unit #0.
[hevc @ 0x93fd820] Could not find ref with POC 5
[hevc @ 0x93fd820] Could not find ref with POC -212
[hevc @ 0x93fd820] Could not find ref with POC -240
[hevc @ 0x93fd820] Could not find ref with POC 14
[hevc @ 0x940cca0] Too many refs: 1/44.
[hevc @ 0x940cca0] Error parsing NAL unit #0.
[hevc @ 0x941c1c0] Could not find ref with POC 6
[hevc @ 0x941c1c0] Could not find ref with POC 2
[hevc @ 0x941c1c0] Could not find ref with POC 7
[hevc @ 0x941c1c0] Could not find ref with POC 8
[hevc @ 0x942b6e0] Duplicate POC in a sequence: 7.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[hevc @ 0x943ac00] Zero refs for a frame with P or B slices.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[hevc @ 0x93a5960] Could not find ref with POC 11
[hevc @ 0x93a5960] Could not find ref with POC -212
[hevc @ 0x93a5960] Could not find ref with POC 0
[hevc @ 0x93a5960] Could not find ref with POC -222
[hevc @ 0x93decc0] Duplicate POC in a sequence: 11.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] Could not find ref with POC 7
[hevc @ 0x93e53a0] Could not find ref with POC -332
[hevc @ 0x93fd820] Invalid number of merging MVP candidates: -2.
[hevc @ 0x93fd820] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Encoder did not produce proper pts, making some up.
[hevc @ 0x940cca0] Could not find ref with POC -212
[hevc @ 0x940cca0] Could not find ref with POC -240
[hevc @ 0x940cca0] Could not find ref with POC -238
[hevc @ 0x942b6e0] Could not find ref with POC 2
[hevc @ 0x942b6e0] Could not find ref with POC -57
[hevc @ 0x942b6e0] Error constructing the frame RPS.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[hevc @ 0x943ac00] Too many refs: 1/72.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[mpegts @ 0x93b28a0] PES packet size mismatch
[hevc @ 0x939f040] Duplicate POC in a sequence: 2.
[hevc @ 0x939f040] Error parsing NAL unit #0.
[hevc @ 0x93a5960] Too many refs: 1/36.
[hevc @ 0x93a5960] Error parsing NAL unit #0.
[hevc @ 0x93decc0] Too many refs: 29/1.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] The slice_qp -107 is outside the valid range [0, 51].
[hevc @ 0x93e53a0] Error parsing NAL unit #0.
[hevc @ 0x93fd820] Could not find ref with POC 8
[hevc @ 0x93fd820] Could not find ref with POC -212
[hevc @ 0x93fd820] Could not find ref with POC -240
[hevc @ 0x93fd820] Could not find ref with POC -238
[hevc @ 0x93fd820] Could not find ref with POC 11
[hevc @ 0x940cca0] Duplicate POC in a sequence: 8.
[hevc @ 0x940cca0] Error parsing NAL unit #0.
[hevc @ 0x941c1c0] The slice_qp -70 is outside the valid range [0, 51].
[hevc @ 0x941c1c0] Error parsing NAL unit #0.
[hevc @ 0x943ac00] Duplicate POC in a sequence: 11.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[hevc @ 0x939f040] Invalid number of merging MVP candidates: -25.
[hevc @ 0x939f040] Error parsing NAL unit #0.
[hevc @ 0x93a5960] Invalid number of merging MVP candidates: -118.
[hevc @ 0x93a5960] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] Could not find ref with POC 2
[hevc @ 0x93e53a0] Could not find ref with POC -212
[hevc @ 0x93e53a0] Could not find ref with POC -222
[hevc @ 0x93e53a0] Could not find ref with POC 7
[hevc @ 0x93fd820] Zero refs for a frame with P or B slices.
[hevc @ 0x93fd820] Error parsing NAL unit #0.
[hevc @ 0x940cca0] Could not find ref with POC 3
[hevc @ 0x940cca0] Could not find ref with POC -7
[hevc @ 0x940cca0] Could not find ref with POC 10
[hevc @ 0x941c1c0] Could not find ref with POC 5
[hevc @ 0x941c1c0] Could not find ref with POC -212
[hevc @ 0x941c1c0] Could not find ref with POC -526
[hevc @ 0x941c1c0] Could not find ref with POC -560
[hevc @ 0x941c1c0] Could not find ref with POC 13
[hevc @ 0x942b6e0] Duplicate POC in a sequence: 5.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[hevc @ 0x943ac00] Could not find ref with POC 7
[hevc @ 0x943ac00] Could not find ref with POC -96
[hevc @ 0x943ac00] Could not find ref with POC -106
[hevc @ 0x939f040] Duplicate POC in a sequence: 7.
[hevc @ 0x939f040] Error parsing NAL unit #0.
[hevc @ 0x93a5960] Too many refs: 95/1.
[hevc @ 0x93a5960] Error parsing NAL unit #0.
[mpegts @ 0x93b28a0] PES packet size mismatch
[hevc @ 0x93decc0] Error constructing the frame RPS.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] The slice_qp -2 is outside the valid range [0, 51].
[hevc @ 0x93e53a0] Error parsing NAL unit #0.
[hevc @ 0x93fd820] The slice_qp -2 is outside the valid range [0, 51].
[hevc @ 0x93fd820] Error parsing NAL unit #0.
[hevc @ 0x940cca0] Could not find ref with POC -134
[hevc @ 0x940cca0] Could not find ref with POC -251
[hevc @ 0x941c1c0] Duplicate POC in a sequence: 9.
[hevc @ 0x941c1c0] Error parsing NAL unit #0.
[hevc @ 0x942b6e0] Zero refs for a frame with P or B slices.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[hevc @ 0x939f040] Could not find ref with POC 2
[hevc @ 0x939f040] Could not find ref with POC -41
[hevc @ 0x939f040] Could not find ref with POC 5
[hevc @ 0x939f040] Could not find ref with POC -39
[hevc @ 0x93a5960] Invalid number of merging MVP candidates: -118.
[hevc @ 0x93a5960] Error parsing NAL unit #0.
[hevc @ 0x93decc0] Zero refs for a frame with P or B slices.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[hevc @ 0x93e53a0] Could not find ref with POC 13
[mpegts @ 0x93b28a0] PES packet size mismatch
[hevc @ 0x93fd820] Could not find ref with POC -196
[hevc @ 0x93fd820] Could not find ref with POC -208
[hevc @ 0x93fd820] Could not find ref with POC -10
[hevc @ 0x940cca0] Invalid number of merging MVP candidates: -96.
[hevc @ 0x940cca0] Error parsing NAL unit #0.
[hevc @ 0x941c1c0] Invalid number of merging MVP candidates: -8.
[hevc @ 0x941c1c0] Error parsing NAL unit #0.
[hevc @ 0x942b6e0] Too many refs: 54/6.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[hevc @ 0x943ac00] Invalid number of merging MVP candidates: -36.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[hevc @ 0x939f040] Could not find ref with POC 11
[hevc @ 0x939f040] Could not find ref with POC -212
[hevc @ 0x939f040] Could not find ref with POC -256
[hevc @ 0x939f040] Could not find ref with POC 2
[hevc @ 0x939f040] Could not find ref with POC 8
[hevc @ 0x93a5960] Could not find ref with POC 7
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 190
[hevc @ 0x93decc0] Could not find ref with POC 14
[hevc @ 0x93decc0] Could not find ref with POC 0
[hevc @ 0x93decc0] Could not find ref with POC -224
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 192
[hevc @ 0x93e53a0] Duplicate POC in a sequence: 14.
[hevc @ 0x93e53a0] Error parsing NAL unit #0.
[hevc @ 0x93fd820] Could not find ref with POC 16
[hevc @ 0x93fd820] Could not find ref with POC 2
[hevc @ 0x93fd820] Could not find ref with POC 23
[hevc @ 0x93fd820] Could not find ref with POC 26
[hevc @ 0x940cca0] Could not find ref with POC 18
[hevc @ 0x940cca0] Could not find ref with POC -196
[hevc @ 0x940cca0] Could not find ref with POC -240
[hevc @ 0x941c1c0] Could not find ref with POC -25
[hevc @ 0x941c1c0] Could not find ref with POC -30
[hevc @ 0x941c1c0] Error constructing the frame RPS.
[hevc @ 0x941c1c0] Error parsing NAL unit #0.
[hevc @ 0x942b6e0] Could not find ref with POC 21
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x943ac00] Duplicate POC in a sequence: 21.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x939f040] Could not find ref with POC 2
[hevc @ 0x939f040] Could not find ref with POC 23
[hevc @ 0x939f040] Could not find ref with POC -37
[hevc @ 0x939f040] Could not find ref with POC -149
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x93a5960] Invalid number of merging MVP candidates: 0.
[hevc @ 0x93a5960] Error parsing NAL unit #0.
[hevc @ 0x93decc0] Zero refs for a frame with P or B slices.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x93e53a0] Could not find ref with POC -10
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 197
[hevc @ 0x93fd820] Could not find ref with POC 27
[hevc @ 0x93fd820] Could not find ref with POC -196
[hevc @ 0x93fd820] Could not find ref with POC -240
[hevc @ 0x93fd820] Could not find ref with POC 8
[hevc @ 0x940cca0] Duplicate POC in a sequence: 27.
[hevc @ 0x940cca0] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 200
[hevc @ 0x941c1c0] Could not find ref with POC 23
[hevc @ 0x941c1c0] Could not find ref with POC -9
[hevc @ 0x942b6e0] Could not find ref with POC 30
[hevc @ 0x942b6e0] Could not find ref with POC -196
[hevc @ 0x942b6e0] Could not find ref with POC 0
[hevc @ 0x942b6e0] Could not find ref with POC -208
[hevc @ 0x942b6e0] Could not find ref with POC -153
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 202
[hevc @ 0x943ac00] Duplicate POC in a sequence: 30.
[hevc @ 0x943ac00] Error parsing NAL unit #0.
[mpegts @ 0x93b28a0] PES packet size mismatch
[hevc @ 0x93a5960] Could not find ref with POC 2
[hevc @ 0x93a5960] Could not find ref with POC 7
[hevc @ 0x93a5960] Could not find ref with POC 6
[hevc @ 0x93a5960] Could not find ref with POC 5
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 205
[hevc @ 0x93decc0] Invalid number of merging MVP candidates: -55.
[hevc @ 0x93decc0] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 206
[hevc @ 0x93e53a0] Duplicate POC in a sequence: 6.
[hevc @ 0x93e53a0] Error parsing NAL unit #0.
[hevc @ 0x93fd820] Could not find ref with POC -212
[hevc @ 0x93fd820] Could not find ref with POC -76
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 208
[hevc @ 0x940cca0] Invalid number of merging MVP candidates: -3.
[hevc @ 0x940cca0] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 209
[mpegts @ 0x93b28a0] PES packet size mismatch
[hevc @ 0x941c1c0] Could not find ref with POC 6
[hevc @ 0x941c1c0] Could not find ref with POC 2
[hevc @ 0x941c1c0] Could not find ref with POC 7
[hevc @ 0x941c1c0] Could not find ref with POC -107
[hevc @ 0x942b6e0] Duplicate POC in a sequence: 7.
[hevc @ 0x942b6e0] Error parsing NAL unit #0.
[null @ 0x93b8ac0] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 211
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb05f8b70 (LWP 12201)]
0x084e3b8a in mv_mp_mode_mx_lt (s=s@entry=0x941c800, x=<optimized out>,
y=y@entry=-534749088, pred_flag_index=pred_flag_index@entry=0,
mv=mv@entry=0xb05f7e20, ref_idx_curr=ref_idx_curr@entry=0,
ref_idx=ref_idx@entry=0) at libavcodec/hevc_mvs.c:546
546 if ((TAB_MVF(x, y).pred_flag) & (1 << pred_flag_index)) {
(gdb) bt
#0 0x084e3b8a in mv_mp_mode_mx_lt (s=s@entry=0x941c800, x=<optimized out>,
y=y@entry=-534749088, pred_flag_index=pred_flag_index@entry=0,
mv=mv@entry=0xb05f7e20, ref_idx_curr=ref_idx_curr@entry=0,
ref_idx=ref_idx@entry=0) at libavcodec/hevc_mvs.c:546
#1 0x084e5d6f in ff_hevc_luma_mv_mvp_mode (s=s@entry=0x941c800,
x0=x0@entry=192, y0=y0@entry=64, nPbW=nPbW@entry=16, nPbH=nPbH@entry=16,
log2_cb_size=log2_cb_size@entry=4, part_idx=part_idx@entry=0,
merge_idx=merge_idx@entry=0, mv=mv@entry=0xb05f7ee4, mvp_lx_flag=1,
LX=LX@entry=0) at libavcodec/hevc_mvs.c:741
#2 0x084d3579 in hls_prediction_unit (s=s@entry=0x941c800, x0=x0@entry=192,
y0=y0@entry=64, nPbW=nPbW@entry=16, nPbH=nPbH@entry=16,
log2_cb_size=log2_cb_size@entry=4, partIdx=partIdx@entry=0,
idx=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at libavcodec/hevc.c:1659
#3 0x084d645a in hls_coding_unit (log2_cb_size=4, y0=64, x0=192,
s=<optimized out>) at libavcodec/hevc.c:2038
#4 hls_coding_quadtree (s=s@entry=0x941c800, x0=x0@entry=192, y0=y0@entry=64,
log2_cb_size=log2_cb_size@entry=4, cb_depth=cb_depth@entry=2)
at libavcodec/hevc.c:2180
#5 0x084d500a in hls_coding_quadtree (s=s@entry=0x941c800, x0=x0@entry=192,
y0=y0@entry=64, log2_cb_size=log2_cb_size@entry=5,
cb_depth=cb_depth@entry=1) at libavcodec/hevc.c:2149
#6 0x084d500a in hls_coding_quadtree (s=s@entry=0x941c800, x0=x0@entry=192,
---Type <return> to continue, or q <return> to quit---
y0=y0@entry=64, log2_cb_size=6, cb_depth=cb_depth@entry=0)
at libavcodec/hevc.c:2149
#7 0x084d6e24 in hls_decode_entry (avctxt=0x941c1c0,
isFilterThread=0xb05f8280) at libavcodec/hevc.c:2284
#8 0x0873db69 in avcodec_default_execute (c=0x941c1c0,
func=0x84d6cf0 <hls_decode_entry>, arg=0xb05f8280, ret=0xb05f8288,
count=1, size=4) at libavcodec/utils.c:1108
#9 0x084db4c9 in hls_slice_data (s=<optimized out>) at libavcodec/hevc.c:2311
#10 decode_nal_unit (length=1151,
nal=0x985a79b "\002\001\324\304D\375\272\242%\371\031K\322\071\245]Q\374\t\373v\265\357\032\240\226\213b\206\371ʡ\032\246\211\277\314\335䴍An\032\232\221\242F\327\362\233\261\276w\222\005\231G\343%\a\234*\341\261\n\027|\361\357J\245\276\202\375\323\r\304H\214\330\367\070\342å\255z\373(\225`:\004\323C\375\307RT\320z\304\031 \320\351ȯ\261>\016\233{/\233Uy\372\305s\352\241S9ޥ\345\350\364p6\200z!N\247\313\004\366\034\f\r\030V\343\365d\373\371\304\324\n+\205\212GJPiP\242;G\275>\003\064\003\353\375\237\372%\233+\034\nm\335\006\227%\271\"I\274\017\306\024\272\243'\333\313\a\315'\243", <incomplete sequence \347>..., s=0x941c800)
at libavcodec/hevc.c:2704
#11 decode_nal_units (s=s@entry=0x941c800, buf=<optimized out>,
length=<optimized out>) at libavcodec/hevc.c:2941
#12 0x084dbafc in hevc_decode_frame (avctx=0x941c1c0, data=0x941c580,
got_output=0x93ba9f4, avpkt=0x93ba9a8) at libavcodec/hevc.c:3045
#13 0x0865e444 in frame_worker_thread (arg=0x93ba8d8)
---Type <return> to continue, or q <return> to quit---
at libavcodec/pthread_frame.c:158
#14 0xb7f87954 in start_thread (arg=0xb05f8b70) at pthread_create.c:304
#15 0xb7f0895e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-snapshot/ffmpeg_g -i h5f.ts -f null -
==28795== Memcheck, a memory error detector
==28795== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==28795== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==28795== Command: ffmpeg-snapshot/ffmpeg_g -i h5f.ts -f null -
==28795==
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
built on Aug 9 2014 12:01:59 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-ffprobe --disable-ffserver --disable-yasm --enable-gpl
libavutil 52. 98.100 / 52. 98.100
libavcodec 55. 73.101 / 55. 73.101
libavformat 55. 54.100 / 55. 54.100
libavdevice 55. 13.102 / 55. 13.102
libavfilter 4. 11.103 / 4. 11.103
libswscale 2. 6.101 / 2. 6.101
libswresample 0. 19.100 / 0. 19.100
libpostproc 52. 3.100 / 52. 3.100
[hevc @ 0x424d360] Unknown HEVC profile: 0
Last message repeated 3 times
[mpegts @ 0x422df80] PES packet size mismatch
Last message repeated 3 times
Input #0, mpegts, from 'h5f.ts':
Duration: 00:00:12.64, start: 0.080000, bitrate: 424 kb/s
Program 1
Stream #0:0[0x12d]: Video: hevc (HEVC / 0x43564548), yuv420p(tv), 320x240, 24 tbr, 90k tbn, 90k tbc
[hevc @ 0x4236360] Unknown HEVC profile: 0
Last message repeated 1 times
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.54.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 320x240, q=2-31, 200 kb/s, 24 fps, 24 tbn, 24 tbc
Metadata:
encoder : Lavc55.73.101 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (hevc (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[NULL @ 0x424d360] Unknown HEVC profile: 0
Last message repeated 1 times
[hevc @ 0x4236360] Unknown HEVC profile: 0
Last message repeated 1 times
[hevc @ 0x4e15da0] Could not find ref with POC 2
[hevc @ 0x4e15da0] Could not find ref with POC 7
[hevc @ 0x4e15da0] Could not find ref with POC 12
[hevc @ 0x4e15da0] Could not find ref with POC 15
[hevc @ 0x425c4e0] Duplicate POC in a sequence: 2.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] Invalid number of merging MVP candidates: -7.
[hevc @ 0x4b131a0] Error parsing NAL unit #0.
[hevc @ 0x4b1ed20] Could not find ref with POC 5
[hevc @ 0x4b1ed20] Could not find ref with POC -212
[hevc @ 0x4b1ed20] Could not find ref with POC -240
[hevc @ 0x4b1ed20] Could not find ref with POC 14
[hevc @ 0x4b2a8c0] Too many refs: 1/44.
[hevc @ 0x4b2a8c0] Error parsing NAL unit #0.
[hevc @ 0x4b36440] Could not find ref with POC 6.00 bitrate=N/A
[hevc @ 0x4b36440] Could not find ref with POC 2
[hevc @ 0x4b36440] Could not find ref with POC 7
[hevc @ 0x4b36440] Could not find ref with POC 8
[hevc @ 0x4b41fe0] Duplicate POC in a sequence: 7.
[hevc @ 0x4b41fe0] Error parsing NAL unit #0.
[hevc @ 0x4b4db60] Zero refs for a frame with P or B slices.
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[hevc @ 0x4e15da0] Could not find ref with POC 11
[hevc @ 0x4e15da0] Could not find ref with POC -212
[hevc @ 0x4e15da0] Could not find ref with POC 0
[hevc @ 0x4e15da0] Could not find ref with POC -222
[hevc @ 0x425c4e0] Duplicate POC in a sequence: 11.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] Could not find ref with POC 7
[hevc @ 0x4b131a0] Could not find ref with POC -332
[hevc @ 0x4b1ed20] Invalid number of merging MVP candidates: -2.
[hevc @ 0x4b1ed20] Error parsing NAL unit #0.
[null @ 0x43e6580] Encoder did not produce proper pts, making some up.
[hevc @ 0x4b2a8c0] Could not find ref with POC -212
[hevc @ 0x4b2a8c0] Could not find ref with POC -240
[hevc @ 0x4b2a8c0] Could not find ref with POC -238
[hevc @ 0x4b41fe0] Could not find ref with POC 2
[hevc @ 0x4b41fe0] Could not find ref with POC -57
[hevc @ 0x4b41fe0] Error constructing the frame RPS.
[hevc @ 0x4b41fe0] Error parsing NAL unit #0.
[hevc @ 0x4b4db60] Too many refs: 1/72.
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[mpegts @ 0x422df80] PES packet size mismatch
[hevc @ 0x4236360] Duplicate POC in a sequence: 2.
[hevc @ 0x4236360] Error parsing NAL unit #0.
[hevc @ 0x4e15da0] Too many refs: 1/36.
[hevc @ 0x4e15da0] Error parsing NAL unit #0.
[hevc @ 0x425c4e0] Too many refs: 29/1.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] The slice_qp -107 is outside the valid range [0, 51].
[hevc @ 0x4b131a0] Error parsing NAL unit #0.
[hevc @ 0x4b1ed20] Could not find ref with POC 8
[hevc @ 0x4b1ed20] Could not find ref with POC -212
[hevc @ 0x4b1ed20] Could not find ref with POC -240
[hevc @ 0x4b1ed20] Could not find ref with POC -238
[hevc @ 0x4b1ed20] Could not find ref with POC 11
[hevc @ 0x4b2a8c0] Duplicate POC in a sequence: 8.
[hevc @ 0x4b2a8c0] Error parsing NAL unit #0.
[hevc @ 0x4b36440] The slice_qp -70 is outside the valid range [0, 51].
[hevc @ 0x4b36440] Error parsing NAL unit #0.
[hevc @ 0x4b4db60] Duplicate POC in a sequence: 11. bitrate=N/A
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[hevc @ 0x4236360] Invalid number of merging MVP candidates: -25.
[hevc @ 0x4236360] Error parsing NAL unit #0.
[hevc @ 0x4e15da0] Invalid number of merging MVP candidates: -118.
[hevc @ 0x4e15da0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] Could not find ref with POC 2
[hevc @ 0x4b131a0] Could not find ref with POC -212
[hevc @ 0x4b131a0] Could not find ref with POC -222
[hevc @ 0x4b131a0] Could not find ref with POC 7
[hevc @ 0x4b1ed20] Zero refs for a frame with P or B slices.
[hevc @ 0x4b1ed20] Error parsing NAL unit #0.
[hevc @ 0x4b2a8c0] Could not find ref with POC 3
[hevc @ 0x4b2a8c0] Could not find ref with POC -7
[hevc @ 0x4b2a8c0] Could not find ref with POC 10
[hevc @ 0x4b36440] Could not find ref with POC 5
[hevc @ 0x4b36440] Could not find ref with POC -212
[hevc @ 0x4b36440] Could not find ref with POC -526
[hevc @ 0x4b36440] Could not find ref with POC -560
[hevc @ 0x4b36440] Could not find ref with POC 13
[hevc @ 0x4b41fe0] Duplicate POC in a sequence: 5.
[hevc @ 0x4b41fe0] Error parsing NAL unit #0.
[hevc @ 0x4b4db60] Could not find ref with POC 7
[hevc @ 0x4b4db60] Could not find ref with POC -96
[hevc @ 0x4b4db60] Could not find ref with POC -106
[hevc @ 0x4236360] Duplicate POC in a sequence: 7.
[hevc @ 0x4236360] Error parsing NAL unit #0.
[hevc @ 0x4e15da0] Too many refs: 95/1.
[hevc @ 0x4e15da0] Error parsing NAL unit #0.
[mpegts @ 0x422df80] PES packet size mismatch
[hevc @ 0x425c4e0] Error constructing the frame RPS.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] The slice_qp -2 is outside the valid range [0, 51].
[hevc @ 0x4b131a0] Error parsing NAL unit #0.
[hevc @ 0x4b1ed20] The slice_qp -2 is outside the valid range [0, 51].
[hevc @ 0x4b1ed20] Error parsing NAL unit #0.
[hevc @ 0x4b2a8c0] Could not find ref with POC -134
[hevc @ 0x4b2a8c0] Could not find ref with POC -251
[hevc @ 0x4b36440] Duplicate POC in a sequence: 9.
[hevc @ 0x4b36440] Error parsing NAL unit #0.
[hevc @ 0x4b41fe0] Zero refs for a frame with P or B slices.
[hevc @ 0x4b41fe0] Error parsing NAL unit #0.
[hevc @ 0x4236360] Could not find ref with POC 2
[hevc @ 0x4236360] Could not find ref with POC -41
[hevc @ 0x4236360] Could not find ref with POC 5
[hevc @ 0x4236360] Could not find ref with POC -39
[hevc @ 0x4e15da0] Invalid number of merging MVP candidates: -118.
[hevc @ 0x4e15da0] Error parsing NAL unit #0.
[hevc @ 0x425c4e0] Zero refs for a frame with P or B slices.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[hevc @ 0x4b131a0] Could not find ref with POC 13
[mpegts @ 0x422df80] PES packet size mismatch
[hevc @ 0x4b1ed20] Could not find ref with POC -196
[hevc @ 0x4b1ed20] Could not find ref with POC -208
[hevc @ 0x4b1ed20] Could not find ref with POC -10
[hevc @ 0x4b2a8c0] Invalid number of merging MVP candidates: -96.
[hevc @ 0x4b2a8c0] Error parsing NAL unit #0.
[hevc @ 0x4b36440] Invalid number of merging MVP candidates: -8.
[hevc @ 0x4b36440] Error parsing NAL unit #0.
[hevc @ 0x4b41fe0] Too many refs: 54/6.
[hevc @ 0x4b41fe0] Error parsing NAL unit #0.
[hevc @ 0x4b4db60] Invalid number of merging MVP candidates: -36.
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[hevc @ 0x4236360] Could not find ref with POC 11
[hevc @ 0x4236360] Could not find ref with POC -212
[hevc @ 0x4236360] Could not find ref with POC -256
[hevc @ 0x4236360] Could not find ref with POC 2
[hevc @ 0x4236360] Could not find ref with POC 8
[hevc @ 0x4e15da0] Could not find ref with POC 7.33 bitrate=N/A
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 190
[hevc @ 0x425c4e0] Could not find ref with POC 14
[hevc @ 0x425c4e0] Could not find ref with POC 0
[hevc @ 0x425c4e0] Could not find ref with POC -224
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 192
[hevc @ 0x4b131a0] Duplicate POC in a sequence: 14.
[hevc @ 0x4b131a0] Error parsing NAL unit #0.
[hevc @ 0x4b1ed20] Could not find ref with POC 16
[hevc @ 0x4b1ed20] Could not find ref with POC 2
[hevc @ 0x4b1ed20] Could not find ref with POC 23
[hevc @ 0x4b1ed20] Could not find ref with POC 26
[hevc @ 0x4b2a8c0] Could not find ref with POC 18
[hevc @ 0x4b2a8c0] Could not find ref with POC -196
[hevc @ 0x4b2a8c0] Could not find ref with POC -240
[hevc @ 0x4b36440] Could not find ref with POC -25
[hevc @ 0x4b36440] Could not find ref with POC -30
[hevc @ 0x4b36440] Error constructing the frame RPS.
[hevc @ 0x4b36440] Error parsing NAL unit #0.
[hevc @ 0x4b41fe0] Could not find ref with POC 21
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x4b4db60] Duplicate POC in a sequence: 21.
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x4236360] Could not find ref with POC 2
[hevc @ 0x4236360] Could not find ref with POC 23
[hevc @ 0x4236360] Could not find ref with POC -37
[hevc @ 0x4236360] Could not find ref with POC -149
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x4e15da0] Invalid number of merging MVP candidates: 0.
[hevc @ 0x4e15da0] Error parsing NAL unit #0.
[hevc @ 0x425c4e0] Zero refs for a frame with P or B slices.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 196
[hevc @ 0x4b131a0] Could not find ref with POC -10
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 197
[hevc @ 0x4b1ed20] Could not find ref with POC 27
[hevc @ 0x4b1ed20] Could not find ref with POC -196
[hevc @ 0x4b1ed20] Could not find ref with POC -240
[hevc @ 0x4b1ed20] Could not find ref with POC 8
[hevc @ 0x4b2a8c0] Duplicate POC in a sequence: 27.
[hevc @ 0x4b2a8c0] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 200
[hevc @ 0x4b36440] Could not find ref with POC 23
[hevc @ 0x4b36440] Could not find ref with POC -9
[hevc @ 0x4b41fe0] Could not find ref with POC 30
[hevc @ 0x4b41fe0] Could not find ref with POC -196
[hevc @ 0x4b41fe0] Could not find ref with POC 0
[hevc @ 0x4b41fe0] Could not find ref with POC -208
[hevc @ 0x4b41fe0] Could not find ref with POC -153
[hevc @ 0x4b4db60] Duplicate POC in a sequence: 30.
[hevc @ 0x4b4db60] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 202
[mpegts @ 0x422df80] PES packet size mismatch
[hevc @ 0x4e15da0] Could not find ref with POC 2
[hevc @ 0x4e15da0] Could not find ref with POC 7
[hevc @ 0x4e15da0] Could not find ref with POC 6
[hevc @ 0x4e15da0] Could not find ref with POC 5
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 205
[hevc @ 0x425c4e0] Invalid number of merging MVP candidates: -55.
[hevc @ 0x425c4e0] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 206
[hevc @ 0x4b131a0] Duplicate POC in a sequence: 6.
[hevc @ 0x4b131a0] Error parsing NAL unit #0.
[hevc @ 0x4b1ed20] Could not find ref with POC -212
[hevc @ 0x4b1ed20] Could not find ref with POC -76
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 208
[hevc @ 0x4b2a8c0] Invalid number of merging MVP candidates: -3.
[hevc @ 0x4b2a8c0] Error parsing NAL unit #0.
[null @ 0x43e6580] Application provided invalid, non monotonically increasing dts to muxer in stream 0: 572839 >= 209
[hevc @ 0x4b36440] Could not find ref with POC 6
[hevc @ 0x4b36440] Could not find ref with POC 2
[hevc @ 0x4b36440] Could not find ref with POC 7
[hevc @ 0x4b36440] Could not find ref with POC -107
==28795== Thread 17:
==28795== Conditional jump or move depends on uninitialised value(s)
==28795== at 0x84E5D15: ff_hevc_luma_mv_mvp_mode (hevc_mvs.c:734)
==28795== by 0x84D3578: hls_prediction_unit.isra.16 (hevc.c:1659)
==28795== by 0x84D6459: hls_coding_quadtree (hevc.c:2038)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D6E23: hls_decode_entry (hevc.c:2284)
==28795== by 0x873DB68: avcodec_default_execute (utils.c:1108)
==28795== by 0x84DB4C8: decode_nal_units (hevc.c:2311)
==28795== by 0x84DBAFB: hevc_decode_frame (hevc.c:3045)
==28795== by 0x407B953: start_thread (pthread_create.c:304)
==28795== by 0x416395D: clone (clone.S:130)
==28795==
==28795== Use of uninitialised value of size 4
==28795== at 0x84E3B8A: mv_mp_mode_mx_lt (hevc_mvs.c:546)
==28795== by 0x84E5D6E: ff_hevc_luma_mv_mvp_mode (hevc_mvs.c:741)
==28795== by 0x84D3578: hls_prediction_unit.isra.16 (hevc.c:1659)
==28795== by 0x84D6459: hls_coding_quadtree (hevc.c:2038)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D6E23: hls_decode_entry (hevc.c:2284)
==28795== by 0x873DB68: avcodec_default_execute (utils.c:1108)
==28795== by 0x84DB4C8: decode_nal_units (hevc.c:2311)
==28795== by 0x84DBAFB: hevc_decode_frame (hevc.c:3045)
==28795== by 0x407B953: start_thread (pthread_create.c:304)
==28795== by 0x416395D: clone (clone.S:130)
==28795==
==28795== Invalid read of size 1
==28795== at 0x84E3B8A: mv_mp_mode_mx_lt (hevc_mvs.c:546)
==28795== by 0x84E5D6E: ff_hevc_luma_mv_mvp_mode (hevc_mvs.c:741)
==28795== by 0x84D3578: hls_prediction_unit.isra.16 (hevc.c:1659)
==28795== by 0x84D6459: hls_coding_quadtree (hevc.c:2038)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D6E23: hls_decode_entry (hevc.c:2284)
==28795== by 0x873DB68: avcodec_default_execute (utils.c:1108)
==28795== by 0x84DB4C8: decode_nal_units (hevc.c:2311)
==28795== by 0x84DBAFB: hevc_decode_frame (hevc.c:3045)
==28795== by 0x407B953: start_thread (pthread_create.c:304)
==28795== by 0x416395D: clone (clone.S:130)
==28795== Address 0xedcb04aa is not stack'd, malloc'd or (recently) free'd
==28795==
==28795==
==28795== Process terminating with default action of signal 11 (SIGSEGV)
==28795== Access not within mapped region at address 0xEDCB04AA
==28795== at 0x84E3B8A: mv_mp_mode_mx_lt (hevc_mvs.c:546)
==28795== by 0x84E5D6E: ff_hevc_luma_mv_mvp_mode (hevc_mvs.c:741)
==28795== by 0x84D3578: hls_prediction_unit.isra.16 (hevc.c:1659)
==28795== by 0x84D6459: hls_coding_quadtree (hevc.c:2038)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D5009: hls_coding_quadtree (hevc.c:2149)
==28795== by 0x84D6E23: hls_decode_entry (hevc.c:2284)
==28795== by 0x873DB68: avcodec_default_execute (utils.c:1108)
==28795== by 0x84DB4C8: decode_nal_units (hevc.c:2311)
==28795== by 0x84DBAFB: hevc_decode_frame (hevc.c:3045)
==28795== by 0x407B953: start_thread (pthread_create.c:304)
==28795== by 0x416395D: clone (clone.S:130)
==28795== If you believe this happened as a result of a stack
==28795== overflow in your program's main thread (unlikely but
==28795== possible), you can try to increase the size of the
==28795== main thread stack using the --main-stacksize= flag.
==28795== The main thread stack size used in this run was 8388608.
==28795==
==28795== HEAP SUMMARY:
==28795== in use at exit: 10,184,740 bytes in 2,099 blocks
==28795== total heap usage: 10,748 allocs, 8,649 frees, 58,622,817 bytes allocated
==28795==
==28795== Thread 1:
==28795== 1,296 bytes in 9 blocks are possibly lost in loss record 237 of 305
==28795== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==28795== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==28795== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==28795== by 0x80EC7F1: ff_graph_thread_init (pthread.c:187)
==28795== by 0x80E076F: avfilter_graph_alloc_filter (avfiltergraph.c:188)
==28795== by 0x4225EA7: ???
==28795==
==28795== 1,296 bytes in 9 blocks are possibly lost in loss record 238 of 305
==28795== at 0x4026A68: calloc (vg_replace_malloc.c:566)
==28795== by 0x40111FB: _dl_allocate_tls (dl-tls.c:300)
==28795== by 0x407C2A8: pthread_create@@GLIBC_2.1 (allocatestack.c:580)
==28795== by 0x865F5B0: ff_frame_thread_init (pthread_frame.c:702)
==28795== by 0x874333D: avcodec_open2 (utils.c:1443)
==28795== by 0x80C82E8: transcode_init (ffmpeg.c:2300)
==28795== by 0x80AF4EF: main (ffmpeg.c:3641)
==28795==
==28795== LEAK SUMMARY:
==28795== definitely lost: 0 bytes in 0 blocks
==28795== indirectly lost: 0 bytes in 0 blocks
==28795== possibly lost: 2,592 bytes in 18 blocks
==28795== still reachable: 10,182,148 bytes in 2,081 blocks
==28795== suppressed: 0 bytes in 0 blocks
==28795== Reachable blocks (those to which a pointer was found) are not shown.
==28795== To see them, rerun with: --leak-check=full --show-reachable=yes
==28795==
==28795== For counts of detected and suppressed errors, rerun with: -v
==28795== Use --track-origins=yes to see where uninitialised values come from
==28795== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 59 from 6)
Killed
Attachments (1)
Change History (3)
by , 10 years ago
comment:1 by , 10 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | hevc crash SIGSEGV regression added |
| Priority: | normal → important |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Fixed by Christophe Gisquet in 84bc4588
Note:
See TracTickets
for help on using tickets.
Regression since 3ad04608