Opened 5 years ago

Closed 5 years ago

#3996 closed defect (fixed)

dirac: crash with forced format and -max_alloc

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: dirac crash SIGSEGV oom
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

http://www.datafilehost.com/d/52b0cb1c

(gdb) r -f dirac -max_alloc 1000000 -i i.avi
Starting program: D:\MinGW\msys\1.0\ffmpeg\ffmpeg_g.exe -f dirac -max_alloc 1000
000 -i i.avi
[New Thread 1128.0xb1c]
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 21 2014 13:25:12 with gcc 4.6.2 (GCC)
  configuration: --disable-pthreads --disable-yasm --enable-gpl --disable-ffprob
e
  libavutil      54.  5.100 / 54.  5.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  0.100 / 53.  0.100
[dirac @ 059ee9e0] Warning: not compiled with thread support, using thread emula
tion

Program received signal SIGSEGV, Segmentation fault.
0x008aa8e0 in dirac_combine_frame (buf_size=<synthetic pointer>,
    buf=<synthetic pointer>, next=-1, s=0x59eee00, avctx=<optimized out>)
    at libavcodec/dirac_parser.c:143
143             memcpy(pc->buffer+pc->index, (*buf + pc->sync_offset),
(gdb) bt
#0  0x008aa8e0 in dirac_combine_frame (buf_size=<synthetic pointer>,
    buf=<synthetic pointer>, next=-1, s=0x59eee00, avctx=<optimized out>)
    at libavcodec/dirac_parser.c:143
#1  dirac_parse (s=0x59eee00, avctx=0x59ee9e0, poutbuf=0x22f5e8,
    poutbuf_size=0x22f5ec,
    buf=0x5ae0060 "\200\200\201\201\177\177\200\200\177\200\201\201\201\201\201\
201\201\201\200\200\200\200\200\200\200\200\200\201\200\201\201\201\201\200\201\
201\201\201\201\201\200\200\200\200\200\200\200\200\200\177\200\200\200\200\200\
200\200\200\200", '\177' <repeats 14 times>, "\200\200\200\200\177\177", '\200'
<repeats 35 times>, '\177' <repeats 15 times>, '\200' <repeats 18 times>, "\177\
177\177\177\177\177\200\200\200\200\200\200\200\200\201\201\201\200\200\200\200\
200\200\201\201\201\201\201\201\201\201\201\200\201\200\200\201\200\201\201\201\
201\201\201\200\201\200\201\201\201\201\200\200"..., buf_size=1024)
    at libavcodec/dirac_parser.c:237
#2  0x005f2063 in av_parser_parse2 (s=0x59eee00, avctx=0x59ee9e0,
    poutbuf=0x22f5e8, poutbuf_size=0x22f5ec,
    buf=0x5ae0060 "\200\200\201\201\177\177\200\200\177\200\201\201\201\201\201\
201\201\201\200\200\200\200\200\200\200\200\200\201\200\201\201\201\201\200\201\
201\201\201\201\201\200\200\200\200\200\200\200\200\200\177\200\200\200\200\200\
200\200\200\200", '\177' <repeats 14 times>, "\200\200\200\200\177\177", '\200'
<repeats 35 times>, '\177' <repeats 15 times>, '\200' <repeats 18 times>, "\177\
177\177\177\177\177\200\200\200\200\200\200\200\200\201\201\201\200\200\200\200\
200\200\201\201\201\201\201\201\201\201\201\200\201\200\200\201\200\201\201\201\
201\201\201\200\201\200\201\201\201\201\200\200"..., buf_size=1024,
    pts=-9223372036854775808, dts=-9223372036854775808, pos=1486848)
    at libavcodec/parser.c:160
#3  0x004bff39 in parse_packet (s=0x59e5e40, pkt=0x22f6f8,
    stream_index=<optimized out>) at libavformat/utils.c:1160
#4  0x004c264a in read_frame_internal (s=<optimized out>, pkt=0x22f9f8)
    at libavformat/utils.c:1333
#5  0x004c639c in avformat_find_stream_info (ic=0x59e5e40, options=0x59eedc0)
    at libavformat/utils.c:3100
#6  0x0040b8e5 in open_input_file (o=0x22fb80, filename=<optimized out>)
    at ffmpeg_opt.c:884
#7  0x00409234 in open_files (inout=0xd1432f "input",
    open_file=0x40b4b4 <open_input_file>, l=<optimized out>)
    at ffmpeg_opt.c:2671
#8  0x004101cf in ffmpeg_parse_options (argc=7, argv=0x5902548)
    at ffmpeg_opt.c:2708
#9  0x00c8ec65 in main (argc=7, argv=<optimized out>) at ffmpeg.c:3829
(gdb)

Attachments (2)

patchdiracoom.diff (629 bytes) - added by cehoyos 5 years ago.
patchdiracoom2.diff (1.1 KB) - added by cehoyos 5 years ago.

Download all attachments as: .zip

Change History (8)

Changed 5 years ago by cehoyos

comment:1 follow-up: Changed 5 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords dirac crash SIGSEGV added
  • Priority changed from normal to important
  • Version changed from unspecified to git-master

Could you test attached patch?

comment:2 in reply to: ↑ 1 ; follow-up: Changed 5 years ago by ami_stuff

Replying to cehoyos:

Could you test attached patch?

still crashes here

comment:3 in reply to: ↑ 2 Changed 5 years ago by ami_stuff

Replying to ami_stuff:

Replying to cehoyos:

Could you test attached patch?

still crashes here

(gdb) r -f dirac -max_alloc 1000000 -i i.avi
Starting program: D:\MinGW\msys\1.0\ffmpeg\ffmpeg_g.exe -f dirac -max_alloc 1000
000 -i i.avi
[New Thread 3072.0xb28]
ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
  built on Aug 21 2014 13:25:12 with gcc 4.6.2 (GCC)
  configuration: --disable-pthreads --disable-yasm --enable-gpl --disable-ffprob
e
  libavutil      54.  5.100 / 54.  5.100
  libavcodec     56.  0.101 / 56.  0.101
  libavformat    56.  1.100 / 56.  1.100
  libavdevice    56.  0.100 / 56.  0.100
  libavfilter     5.  0.100 /  5.  0.100
  libswscale      3.  0.100 /  3.  0.100
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  0.100 / 53.  0.100
[dirac @ 059ee9e0] Warning: not compiled with thread support, using thread emula
tion

Program received signal SIGSEGV, Segmentation fault.
0x008aa5b6 in dirac_combine_frame (buf_size=<synthetic pointer>,
    buf=<synthetic pointer>, next=807, s=0x59eee00, avctx=<optimized out>)
    at libavcodec/dirac_parser.c:155
155             memcpy(pc->buffer + pc->index, *buf, next);
(gdb) bt
#0  0x008aa5b6 in dirac_combine_frame (buf_size=<synthetic pointer>,
    buf=<synthetic pointer>, next=807, s=0x59eee00, avctx=<optimized out>)
    at libavcodec/dirac_parser.c:155
#1  dirac_parse (s=0x59eee00, avctx=0x59ee9e0, poutbuf=0x22f5e8,
    poutbuf_size=0x22f5ec,
    buf=0x5ae0060 "ćäääůéç\210őîçĆôĺĆîŐőőÄÄŹîîőőŹĆĹôôôĺĺĆĺĺĹĺÄőŹ\201őë\177wk]O>?
B??ABDDAFO\\lvpmmmkjdc`YY]]ZTPVkwvfYKAADC?979998778999:=>=<=>??@AA@BBCB8>@>A@=:5
3367:<==CIKKKKJNQUYb[8\022RQPMNNPQRTUTTUUVZZ\\[[\\]]__^_^^^]_^]_^a]\\ba`_ba"...,
 buf_size=1024) at libavcodec/dirac_parser.c:238
#2  0x005f2063 in av_parser_parse2 (s=0x59eee00, avctx=0x59ee9e0,
    poutbuf=0x22f5e8, poutbuf_size=0x22f5ec,
    buf=0x5ae0060 "ćäääůéç\210őîçĆôĺĆîŐőőÄÄŹîîőőŹĆĹôôôĺĺĆĺĺĹĺÄőŹ\201őë\177wk]O>?
B??ABDDAFO\\lvpmmmkjdc`YY]]ZTPVkwvfYKAADC?979998778999:=>=<=>??@AA@BBCB8>@>A@=:5
3367:<==CIKKKKJNQUYb[8\022RQPMNNPQRTUTTUUVZZ\\[[\\]]__^_^^^]_^]_^a]\\ba`_ba"...,
 buf_size=1024, pts=-9223372036854775808, dts=-9223372036854775808,
    pos=1539072) at libavcodec/parser.c:160
#3  0x004bff39 in parse_packet (s=0x59e5e40, pkt=0x22f6f8,
    stream_index=<optimized out>) at libavformat/utils.c:1160
#4  0x004c264a in read_frame_internal (s=<optimized out>, pkt=0x22f9f8)
    at libavformat/utils.c:1333
#5  0x004c639c in avformat_find_stream_info (ic=0x59e5e40, options=0x59eedc0)
    at libavformat/utils.c:3100
#6  0x0040b8e5 in open_input_file (o=0x22fb80, filename=<optimized out>)
    at ffmpeg_opt.c:884
#7  0x00409234 in open_files (inout=0xd1432f "input",
    open_file=0x40b4b4 <open_input_file>, l=<optimized out>)
    at ffmpeg_opt.c:2671
#8  0x004101cf in ffmpeg_parse_options (argc=7, argv=0x5902548)
    at ffmpeg_opt.c:2708
#9  0x00c8ec75 in main (argc=7, argv=<optimized out>) at ffmpeg.c:3829
(gdb)

Changed 5 years ago by cehoyos

comment:4 follow-up: Changed 5 years ago by cehoyos

Could you also test the new patch I attached?

comment:5 in reply to: ↑ 4 Changed 5 years ago by ami_stuff

Replying to cehoyos:

Could you also test the new patch I attached?

Tested, your new patch fixes the crashes.

comment:6 Changed 5 years ago by cehoyos

  • Keywords oom added
  • Resolution set to fixed
  • Status changed from new to closed

Pushed as 80ca627a
Thank you for the report and the testing!

Note: See TracTickets for help on using tickets.