Opened 9 years ago

Closed 9 years ago

#4537 closed defect (invalid)

segfault in av_buffer_unref when using Linphone 3.6.1

Reported by: Jan Kundrát Owned by:
Priority: normal Component: undetermined
Version: 2.6.3 Keywords:
Cc: Michael Niedermayer Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

(this is about ffmpeg 2.6.2 which isn't available in the version combobox)

I've switched from libav back to ffmpeg on an amd64 Gentoo Linux machine, rebuilt linphone and tried to connect to our corporate videoconferencing solution via a testing room is publicly available at sip:950087999@cesnet.cz. When I join a meeting with video, linphone segfaults shortly after the video window pops up (with a black stuff from the VC bridge, and an image of myself from a webcam at the corner).

x264 [warning]: lookaheadless mb-tree requires intra refresh or infinite keyint
x264 [warning]: frame MB size (40x30) > level limit (396)
x264 [warning]: DPB size (3 frames, 3600 mbs) > level limit (1 frames, 2376 mbs)
x264 [warning]: VBV bitrate (1835) > level limit (768)
x264 [warning]: MB rate (30000) > level limit (11880)
x264 [info]: using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX
x264 [info]: profile Constrained Baseline, level 1.3

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe1c12700 (LWP 186997)]
av_buffer_unref (buf=buf@entry=0x7fffe1c11a08) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c:129
129     /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c: No such file or directory.
(gdb) bt
#0  av_buffer_unref (buf=buf@entry=0x7fffe1c11a08) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c:129
#1  0x00007fffef6f3b4e in av_frame_unref (frame=frame@entry=0x7fffe1c11830) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/frame.c:384
#2  0x00007fffefd97eb1 in avcodec_decode_video2 (avctx=avctx@entry=0x7fffd4035510, picture=picture@entry=0x7fffe1c11830, got_picture_ptr=got_picture_ptr@entry=0x7fffe1c117cc, 
    avpkt=avpkt@entry=0x7fffe1c117d0) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavcodec/utils.c:2356
#3  0x00007ffff57fa180 in dec_process_frame (f=f@entry=0x7fffd40181a0, inm=<optimized out>) at videofilters/videodec.c:680
#4  0x00007ffff57fa74b in dec_process (f=0x7fffd40181a0) at videofilters/videodec.c:709
#5  0x00007ffff795adb3 in ms_filter_process (f=f@entry=0x7fffd40181a0) at base/msfilter.c:303
#6  0x00007ffff795bf12 in call_process (f=0x7fffd40181a0) at base/msticker.c:228
#7  run_graph (f=0x7fffd40181a0, s=s@entry=0x555556103520, unschedulable=unschedulable@entry=0x7fffe1c11ca0, force_schedule=force_schedule@entry=0 '\000') at base/msticker.c:242
#8  0x00007ffff795beca in run_graph (f=0x555555b29620, s=s@entry=0x555556103520, unschedulable=unschedulable@entry=0x7fffe1c11ca0, force_schedule=force_schedule@entry=0 '\000')
    at base/msticker.c:247
#9  0x00007ffff795bfe2 in run_graphs (s=s@entry=0x555556103520, execution_list=<optimized out>, force_schedule=force_schedule@entry=0 '\000') at base/msticker.c:261
#10 0x00007ffff795c517 in ms_ticker_run (arg=0x555556103520) at base/msticker.c:440
#11 0x00007ffff751325a in start_thread (arg=0x7fffe1c12700) at pthread_create.c:309
#12 0x00007ffff5b10ead in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7fffef6ebae3 to 0x7fffef6ebb23:
   0x00007fffef6ebae3 <av_buffer_unref+19>:     and    %dl,(%rax)
   0x00007fffef6ebae5 <av_buffer_unref+21>:     add    %al,(%rax)
   0x00007fffef6ebae7 <av_buffer_unref+23>:     mov    %fs:0x28,%rax
   0x00007fffef6ebaf0 <av_buffer_unref+32>:     mov    %rax,-0x8(%rbp)
   0x00007fffef6ebaf4 <av_buffer_unref+36>:     xor    %eax,%eax
   0x00007fffef6ebaf6 <av_buffer_unref+38>:     test   %rdi,%rdi
   0x00007fffef6ebaf9 <av_buffer_unref+41>:     je     0x7fffef6ebb1a <av_buffer_unref+74>
   0x00007fffef6ebafb <av_buffer_unref+43>:     mov    (%rdi),%rax
   0x00007fffef6ebafe <av_buffer_unref+46>:     test   %rax,%rax
   0x00007fffef6ebb01 <av_buffer_unref+49>:     je     0x7fffef6ebb1a <av_buffer_unref+74>
=> 0x00007fffef6ebb03 <av_buffer_unref+51>:     mov    (%rax),%rax
   0x00007fffef6ebb06 <av_buffer_unref+54>:     mov    %rax,-0x10(%rbp)
   0x00007fffef6ebb0a <av_buffer_unref+58>:     callq  0x7fffef6fa230 <av_freep>
   0x00007fffef6ebb0f <av_buffer_unref+63>:     mov    -0x10(%rbp),%rax
   0x00007fffef6ebb13 <av_buffer_unref+67>:     lock subl $0x1,0xc(%rax)
   0x00007fffef6ebb18 <av_buffer_unref+72>:     je     0x7fffef6ebb30 <av_buffer_unref+96>
   0x00007fffef6ebb1a <av_buffer_unref+74>:     mov    -0x8(%rbp),%rax
   0x00007fffef6ebb1e <av_buffer_unref+78>:     xor    %fs:0x28,%rax
End of assembler dump.
(gdb) info all-registers
rax            0x33e4b3022716cd00       3739310412451466496
rbx            0x10     16
rcx            0x555555b29250   93824998347344
rdx            0x555555b29990   93824998349200
rsi            0x7ffff5dc35f8   140737318237688
rdi            0x7fffe1c11a08   140736980916744
rbp            0x7fffe1c11650   0x7fffe1c11650
rsp            0x7fffe1c11640   0x7fffe1c11640
r8             0xffffffff       4294967295
r9             0x500    1280
r10            0x0      0
r11            0xac     172
r12            0x7fffe1c11830   140736980916272
r13            0x7fffe1c11a00   140736980916736
r14            0x7fffe1c117d0   140736980916176
r15            0x7fffd4035510   140736750376208
rip            0x7fffef6ebb03   0x7fffef6ebb03 <av_buffer_unref+51>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            -nan(0x200020002fffd)    (raw 0xffff000200020002fffd)
st1            -nan(0x100010001000504)  (raw 0xffff0100010001000504)
st2            -nan(0xff00ff00ff00ff00) (raw 0xffffff00ff00ff00ff00)
st3            -nan(0xfff5fffffffdfff7) (raw 0xfffffff5fffffffdfff7)
st4            -nan(0xfffbfff9fff3fff9) (raw 0xfffffffbfff9fff3fff9)
st5            -inf     (raw 0xffff0000000000000000)
st6            -inf     (raw 0xffff0000000000000000)
st7            -nan(0x8000800080008000) (raw 0xffff8000800080008000)
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x7fff   32767
fioff          0xf3646b0b       -211522805
foseg          0x7fff   32767
fooff          0xffff8ca8       -29528
fop            0x0      0
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 27 times>}, v16_int16 = {
    0xffff, 0xffff, 0xff, 0x0 <repeats 13 times>}, v8_int32 = {0xffffffff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffff, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000000000ffffffffff, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x25 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x2525, 
    0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x2525252525252525, 0x2525252525252525, 0x0, 0x0}, v2_int128 = {0x25252525252525252525252525252525, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x6f <repeats 16 times>, 
    0x0 <repeats 16 times>}, v16_int16 = {0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6f6f6f6f, 0x6f6f6f6f, 
    0x6f6f6f6f, 0x6f6f6f6f, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6f6f6f6f6f6f6f6f, 0x6f6f6f6f6f6f6f6f, 0x0, 0x0}, v2_int128 = {0x6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f, 
    0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, 
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 27 times>}, v16_int16 = {
    0xffff, 0xffff, 0xff, 0x0 <repeats 13 times>}, v8_int32 = {0xffffffff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffff, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000000000ffffffffff, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
    0xff, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xff00, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0xffffff00, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffffffffff00, 0x0, 0x0}, v2_int128 = {
    0xffffffffffffff00ffffffffffffff00, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0 <repeats 12 times>, 0xff, 0x0, 0xff, 0xff, 
    0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0x0, 0xffff00ff, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0xffff00ff00000000, 0x0, 0x0}, v2_int128 = {0xffff00ff000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0xffffffffffffffd2, 0x0, 0x0, 0x0}, v32_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e, 0x6, 0x47, 0xc0, 
    0x0 <repeats 24 times>}, v16_int16 = {0xaa5b, 0x2aa2, 0x69e, 0xc047, 0x0 <repeats 12 times>}, v8_int32 = {0x2aa2aa5b, 0xc047069e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xc047069e2aa2aa5b, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000c047069e2aa2aa5b, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0xe0, 0x0, 0x0, 0xb5, 0xf, 0xff, 0xff, 0xe0, 0x0, 0x0, 
    0xb9, 0xf, 0xff, 0xff, 0xe0, 0x0 <repeats 17 times>}, v16_int16 = {0xe0, 0xb500, 0xff0f, 0xe0ff, 0x0, 0xfb9, 0xffff, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
    0xb50000e0, 0xe0ffff0f, 0xfb90000, 0xe0ffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xe0ffff0fb50000e0, 0xe0ffff0fb90000, 0x0, 0x0}, v2_int128 = {0x00e0ffff0fb90000e0ffff0fb50000e0, 
    0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x34, 0x29, 0x37, 0x3d, 0x9, 0xba, 0x38, 0xbc, 0x0 <repeats 24 times>}, 
  v16_int16 = {0x2934, 0x3d37, 0xba09, 0xbc38, 0x0 <repeats 12 times>}, v8_int32 = {0x3d372934, 0xbc38ba09, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xbc38ba093d372934, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x0000000000000000bc38ba093d372934, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xf6, 0x8f, 0xee, 0x21, 0xa8, 0x74, 0xd3, 0x3f, 
    0x0 <repeats 24 times>}, v16_int16 = {0x8ff6, 0x21ee, 0x74a8, 0x3fd3, 0x0 <repeats 12 times>}, v8_int32 = {0x21ee8ff6, 0x3fd374a8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3fd374a821ee8ff6, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fd374a821ee8ff6, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x1, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0 <repeats 24 times>}, 
  v16_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3ff00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3ff0000000000000, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000003ff0000000000000, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x23, 0x42, 0x92, 0xc, 0xa1, 0x9c, 0xc7, 0x3b, 0x0 <repeats 24 times>}, 
  v16_int16 = {0x4223, 0xc92, 0x9ca1, 0x3bc7, 0x0 <repeats 12 times>}, v8_int32 = {0xc924223, 0x3bc79ca1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3bc79ca10c924223, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000003bc79ca10c924223, 0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 
    0x0 <repeats 24 times>}, v16_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0 <repeats 12 times>}, v8_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3be64664175812b3, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003be64664175812b3, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 
    0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53, 0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3c5324f0e883858e, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c5324f0e883858e, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2d, 0x0, 0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 
    0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x4046dfb516f209c0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004046dfb516f209c0, 0x00000000000000000000000000000000}}
$ ffmpeg
ffmpeg version 2.6.2 Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.8.3 (Gentoo Hardened 4.8.3 p1.1, pie-0.5.9)
  configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --mandir=/usr/share/man --enable-shared --cc=x86_64-pc-linux-gnu-gcc --cxx=x86_64-pc-linux-gnu-g++ --ar=x86_64-pc-linux-gnu-ar --optflags='-O2 -pipe -march=native -mavx -maes -ggdb' --extra-cflags='-O2 -pipe -march=native -mavx -maes -ggdb' --extra-cxxflags='-O2 -pipe -march=native -mavx -maes -ggdb' --disable-static --enable-avfilter --enable-avresample --disable-stripping --enable-version3 --enable-nonfree --disable-indev=oss --disable-indev=jack --disable-outdev=oss --disable-outdev=sdl --enable-bzlib --disable-runtime-cpudetect --disable-debug --disable-doc --disable-gnutls --enable-gpl --enable-hardcoded-tables --enable-iconv --enable-lzma --enable-network --disable-openssl --enable-postproc --disable-libsmbclient --disable-ffplay --enable-vaapi --enable-vdpau --enable-xlib --disable-libxcb --disable-libxcb-shm --disable-libxcb-xfixes --enable-zlib --disable-libcdio --disable-libiec61883 --disable-libdc1394 --disable-libcaca --disable-openal --enable-opengl --disable-libv4l2 --disable-libpulse --disable-libopencore-amrwb --disable-libopencore-amrnb --disable-libfdk-aac --disable-libopenjpeg --disable-libbluray --disable-libcelt --disable-libgme --enable-libgsm --disable-libmodplug --disable-libopus --disable-libquvi --disable-librtmp --disable-libssh --disable-libschroedinger --enable-libspeex --enable-libvorbis --disable-libvpx --disable-libzvbi --disable-libbs2b --disable-libflite --disable-frei0r --disable-libfribidi --enable-fontconfig --disable-ladspa --disable-libass --enable-libfreetype --disable-libsoxr --enable-pthreads --enable-libvo-aacenc --disable-libvo-amrwbenc --enable-libmp3lame --disable-libaacplus --enable-libfaac --enable-libtheora --disable-libtwolame --disable-libwavpack --disable-libwebp --enable-libx264 --disable-libx265 --enable-libxvid --enable-x11grab --disable-amd3dnow --disable-amd3dnowext --disable-avx2 --disable-fma3 --disable-fma4 --disable-xop --enable-pic --cpu=host
  libavutil      54. 20.100 / 54. 20.100
  libavcodec     56. 26.100 / 56. 26.100
  libavformat    56. 25.101 / 56. 25.101
  libavdevice    56.  4.100 / 56.  4.100
  libavfilter     5. 11.102 /  5. 11.102
  libavresample   2.  1.  0 /  2.  1.  0
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
Hyper fast Audio and Video encoder

When running within valgrind, after a rather long sleeve of messages about uninitialized values from the GTK style, V4L2 and ffmpeg itself, I get this:

==191988== Invalid read of size 8
==191988==    at 0xD2EDB03: av_buffer_unref (buffer.c:110)
==191988==    by 0xD2F5B4D: av_frame_unref (frame.c:384)
==191988==    by 0xC629EB0: avcodec_decode_video2 (utils.c:2356)
==191988==    by 0x722A17F: dec_process_frame (videodec.c:680)
==191988==    by 0x722A74A: dec_process (videodec.c:709)
==191988==    by 0x50B1DB2: ms_filter_process (msfilter.c:303)
==191988==    by 0x50B2F11: run_graph (msticker.c:228)
==191988==    by 0x50B2EC9: run_graph (msticker.c:247)
==191988==    by 0x50B2FE1: run_graphs (msticker.c:261)
==191988==    by 0x50B3516: ms_ticker_run (msticker.c:440)
==191988==    by 0x54EF259: start_thread (pthread_create.c:309)
==191988==    by 0x6F2FEAC: clone (clone.S:111)
==191988==  Address 0x37bc279cb4ec7c00 is not stack'd, malloc'd or (recently) free'd
==191988== 
==191988== 
==191988== Process terminating with default action of signal 11 (SIGSEGV)
==191988==  General Protection Fault
==191988==    at 0xD2EDB03: av_buffer_unref (buffer.c:110)
==191988==    by 0xD2F5B4D: av_frame_unref (frame.c:384)
==191988==    by 0xC629EB0: avcodec_decode_video2 (utils.c:2356)
==191988==    by 0x722A17F: dec_process_frame (videodec.c:680)
==191988==    by 0x722A74A: dec_process (videodec.c:709)
==191988==    by 0x50B1DB2: ms_filter_process (msfilter.c:303)
==191988==    by 0x50B2F11: run_graph (msticker.c:228)
==191988==    by 0x50B2EC9: run_graph (msticker.c:247)
==191988==    by 0x50B2FE1: run_graphs (msticker.c:261)
==191988==    by 0x50B3516: ms_ticker_run (msticker.c:440)
==191988==    by 0x54EF259: start_thread (pthread_create.c:309)
==191988==    by 0x6F2FEAC: clone (clone.S:111)

I have no idea how to extract the raw H.264 stream from the SIP channel, unfortunately, but I'll be happy to help you reproduce this by providing more data or by trying patches.

Change History (4)

comment:1 by Michael Niedermayer, 9 years ago

With what version of libav was it working ?
Also what version of linphone and mediastreamer is this using ?

comment:2 by Michael Niedermayer, 9 years ago

Cc: Michael Niedermayer added
Version: 2.6.12.6.2

in reply to:  1 ; comment:3 by Jan Kundrát, 9 years ago

Replying to michael:

With what version of libav was it working ?

I *think* that it was with libav-11.2 which I apparently installed on 2015-03-04, but that could be wrong. I remember it "always working", but I wasn't checking every month and I apparently don't have older logs from Portage.

Also what version of linphone and mediastreamer is this using ?

This (non-working) test is with Gentoo's linphone-3.6.1 and media-libs/mediastreamer-2.9.0-r1.

Sorry for a late response.

in reply to:  3 comment:4 by Michael Niedermayer, 9 years ago

Resolution: invalid
Status: newclosed

Replying to jkt:

Replying to michael:

With what version of libav was it working ?

I *think* that it was with libav-11.2 which I apparently installed on 2015-03-04, but that could be wrong. I remember it "always working", but I wasn't checking every month and I apparently don't have older logs from Portage.

Also what version of linphone and mediastreamer is this using ?

This (non-working) test is with Gentoo's linphone-3.6.1 and media-libs/mediastreamer-2.9.0-r1.

Versions of mediastreamer before 2.11.0 are buggy and pass a uninitialized AVFrame into avcodec_decode_video2(), thats not correct for both FFmpeg and libav and both can crash as a result.
If one doesnt crash thats just luck that the uninitialized values happen not to cause a crash

So i suspect this bug is just that your mediastreamer is too old, iam closing it thus, but in case updating mediastreamer doesnt resolve it then please dont hesitate to reopen.

Note: See TracTickets for help on using tickets.