Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#410 closed defect (fixed)

Gwenview crashing with Ffmpeg 0.7.3

Reported by: Wonko Owned by:
Priority: important Component: avformat
Version: 0.7.3 Keywords: regression
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


KDE's image viewer Gwenview crashes when showing certain mpeg files sorted by date. And KDE's file manager Dolphin throws errors of kfilemetadatareader when the mouse is over such a file. I filed, but it seems it's not KDE's problem, as it only happens with 0.7.3, not with 0.7.2. I'd say about 10% of my files are affected, so this makes Gwenview unusable. Most (maybe all) of the files were downloaded with youtube-dl.

-- Backtrace:
Application: Gwenview (gwenview), signal: Segmentation fault
[Current thread is 1 (Thread 0x7faadcb07760 (LWP 6451))]

Thread 2 (Thread 0x7faacb412700 (LWP 6455)):

Thread 1 (Thread 0x7faadcb07760 (LWP 6451)):
[KCrash Handler]
#6 0x00007faaaf4da857 in av_open_input_stream () from
#7 0x00007faab03bd3a6 in FFMPEGEndAnalyzer::analyze(Strigi::AnalysisResult?&,
Strigi::StreamBase?<char>*) () from /usr/lib64/strigi/
#8 0x00007faad735556a in
Strigi::StreamBase?<char>*) () from /usr/lib64/
#9 0x00007faadc040765 in KFileMetaInfoPrivate::init(QIODevice&, KUrl const&,
long, QFlags<KFileMetaInfo::What>) () from /usr/lib64/
#10 0x00007faadc040fd7 in KFileMetaInfo::KFileMetaInfo(QString const&, QString
const&, QFlags<KFileMetaInfo::What>) () from /usr/lib64/
#11 0x00007faadc02c70a in KFileItem::metaInfo(bool, int) const () from

Attachments (4)

kfilemetadatareadercrash-cut.mp4 (57.0 KB) - added by Wonko 5 years ago.
Sample file to reproduce the crash
ffmpeg.log (1.2 KB) - added by Wonko 5 years ago.
ffmpeg -i output
gwenview-backtrace.log (7.9 KB) - added by Wonko 5 years ago.
Complete backtrace of Gwenview crash
gwenview-backtrace2.log (8.6 KB) - added by Wonko 5 years ago.
Shozuld be with --disable-optimizations --disable-asm now

Download all attachments as: .zip

Change History (15)

Changed 5 years ago by Wonko

Sample file to reproduce the crash

comment:1 Changed 5 years ago by Wonko

Sorry, I just see that I downgraded to 0.7_rc1, not to 0.7.2. I had 0.7.2 installed, and the error also happened then. I think I did not see this with 0.7.1.

comment:2 Changed 5 years ago by cehoyos

Complete, uncut output of ffmpeg -i yoursample missing and please provide a complete backtrace as explained on

Are you sure you provided the right sample? (It is unplayable, afaict.)

Changed 5 years ago by Wonko

ffmpeg -i output

Changed 5 years ago by Wonko

Complete backtrace of Gwenview crash

comment:3 Changed 5 years ago by Wonko

I had truncated the file to the minimum size that still gives the error in order to save bandwidth, so yes, it is unplayable now. But the problem is not with playing such a file, it's Gwenview crashing when it tries to get the modification time. Actually, it's Strigi calling FFMPEGEndAnalyzer::analyze(), and then the crash happens in Ffmpeg's av_open_input_stream(). Might also be a problem of Strigi, but as it does not show with an older Ffmpeg version, I reported here.
Another problem is when the mouse is over such a file in Dolphin, and it tries to give me a popup showing a thumbnail and other information. I get a crash in kfilemetadatareader, but the KDE crash handler does not show any backtrace at all.
I'm a Gentoo user running KDE 4.7.0 on amd64, I don't know if this error would happen with another KDE version. I hope someone of you can reproduce this. I re-compiled ffmpeg with debug information, but I don't see much of a difference - I thought I would get the exact line number in av_open_input_stream(). I'll attach this backlog anyway, it's from Gwenview, showing a directory with only the sample file I provided, after I set it to display the file's date.

comment:4 Changed 5 years ago by Wonko

Ah, I was being stupid. Re-compiled ffmped with real debug information this time. Hope this helps.

comment:5 Changed 5 years ago by cehoyos

Unfortunately, the backtrace still doesn't look useful (corrupt stack).

Could you try compiling with --disable-optimizations and/or --disable-asm and redo the backtrace?

Changed 5 years ago by Wonko

Shozuld be with --disable-optimizations --disable-asm now

comment:6 Changed 5 years ago by cehoyos

Could you confirm that line 543 in libavformat/utils.c really is "ic->pb = ic->pb ? ic->pb : pb;"?

And please provide output of "disass $pc-32,$pc+32" and "info registers" and print the variable ic.

comment:7 Changed 5 years ago by Wonko

Yes, that's line 543. It also has a comment "don't leak custom pb if it wasn't set above". Gentoo often introduces its own patches, but the version number should get a _rc<n> suffix then, which is not the case.

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7fffd5f8b8d7 to 0x7fffd5f8b917:
   0x00007fffd5f8b8d7 <av_open_input_stream+119>:       lea    0x48(%rsp),%r14
   0x00007fffd5f8b8dc <av_open_input_stream+124>:       lea    0x40(%rsp),%rdi
   0x00007fffd5f8b8e1 <av_open_input_stream+129>:       mov    %rbx,%rdx
   0x00007fffd5f8b8e4 <av_open_input_stream+132>:       mov    %r13,%rsi
   0x00007fffd5f8b8e7 <av_open_input_stream+135>:       mov    %r14,%rcx
   0x00007fffd5f8b8ea <av_open_input_stream+138>:       callq  0x7fffd5f8b460 <avformat_open_input>
   0x00007fffd5f8b8ef <av_open_input_stream+143>:       mov    0x40(%rsp),%rdi
   0x00007fffd5f8b8f4 <av_open_input_stream+148>:       mov    %eax,%r15d
=> 0x00007fffd5f8b8f7 <av_open_input_stream+151>:       mov    0x20(%rdi),%rax
   0x00007fffd5f8b8fb <av_open_input_stream+155>:       mov    %rdi,(%r12)
   0x00007fffd5f8b8ff <av_open_input_stream+159>:       test   %rax,%rax
   0x00007fffd5f8b902 <av_open_input_stream+162>:       cmove  %rbp,%rax
   0x00007fffd5f8b906 <av_open_input_stream+166>:       mov    %rax,0x20(%rdi)
   0x00007fffd5f8b90a <av_open_input_stream+170>:       callq  0x7fffd5f41c70 <ff_metadata_demux_compat>
   0x00007fffd5f8b90f <av_open_input_stream+175>:       mov    %r14,%rdi
   0x00007fffd5f8b912 <av_open_input_stream+178>:       callq  0x7fffd5f076e8 <av_dict_free@plt>
End of assembler dump.
(gdb) info registers
rax            0xffffffff       4294967295
rbx            0x7fffd61c1420   140736785552416
rcx            0xffffffff       4294967295
rdx            0x145ee80        21360256
rsi            0x0      0
rdi            0x0      0
rbp            0x7fffffff8570   0x7fffffff8570
rsp            0x7fffffff0170   0x7fffffff0170
r8             0x7ffff4ce0ea0   140737300532896
r9             0x7ffff4ce0ef0   140737300532976
r10            0x7ffff4ce0ef0   140737300532976
r11            0x7fffd5cdb900   140736780417280
r12            0x7fffffff88a8   140737488324776
r13            0x7fffd6e726a2   140736798860962
r14            0x7fffffff01b8   140737488290232
r15            0xffffffff       4294967295
rip            0x7fffd5f8b8f7   0x7fffd5f8b8f7 <av_open_input_stream+151>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) print ic
$1 = (AVFormatContext *) 0x0
(gdb) print filename
$2 = 0x7fffd6e726a2 ""
(gdb) print **ic_ptr
$6 = {av_class = 0x145ee80, iformat = 0x7ffff4ce0ef8, oformat = 0x0, priv_data = 0x0, 
  pb = 0x7fffffff8570, nb_streams = 2, streams = {0x13ce6e0, 0x145ee90, 
    0x0 <repeats 18 times>}, filename = '\000' <repeats 1023 times>, timestamp = 0, 
  title = '\000' <repeats 511 times>, author = '\000' <repeats 511 times>, 
  copyright = '\000' <repeats 511 times>, comment = '\000' <repeats 511 times>, 
  album = '\000' <repeats 511 times>, year = 0, track = 0, 
  genre = '\000' <repeats 31 times>, ctx_flags = 0, packet_buffer = 0x0, 
  start_time = -9223372036854775808, duration = -9223372036854775808, file_size = 0, 
  bit_rate = 0, cur_st = 0x0, cur_ptr_deprecated = 0x0, cur_len_deprecated = 0, 
  cur_pkt_deprecated = {pts = 0, dts = 0, data = 0x0, size = 0, stream_index = 0, 
    flags = 0, duration = 0, destruct = 0, priv = 0x0, pos = 0, 
    convergence_duration = 0}, data_offset = 0, index_built = 0, mux_rate = 0, 
  packet_size = 0, preload = 0, max_delay = 0, loop_output = 0, flags = 128, 
  loop_input = 0, probesize = 5000000, max_analyze_duration = 5000000, key = 0x0, 
  keylen = 0, nb_programs = 0, programs = 0x0, video_codec_id = CODEC_ID_NONE, 
  audio_codec_id = CODEC_ID_NONE, subtitle_codec_id = CODEC_ID_NONE, 
  max_index_size = 1048576, max_picture_buffer = 3041280, nb_chapters = 4294967295, 
  chapters = 0x0, debug = 0, raw_packet_buffer = 0x0, raw_packet_buffer_end = 0x0, 
  packet_buffer_end = 0x0, metadata = 0x0, raw_packet_buffer_remaining_size = 0, 
  start_time_realtime = 0, fps_probe_size = -1, ts_id = 0}
(gdb) print err
$10 = -1

comment:8 Changed 5 years ago by reimar

I sent a patch to the list.
It seems a change from master was forgotten to merge, thus the code would crash if it failed to open a file.

comment:9 Changed 5 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in 0.7 release branch (will become 0.7.4 somewhen I expect).

comment:10 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avformat
  • Keywords regression added
  • Priority changed from normal to important
  • Version changed from unspecified to 0.7.3

comment:11 Changed 5 years ago by Wonko

I can confirm that the patch is working. Both Gwenviewand kfilemetadatareader no longer crash. Thanks guys!

Note: See TracTickets for help on using tickets.