Opened 9 years ago
Closed 8 years ago
#4914 closed defect (fixed)
Segmentation fault creating MXF transcoded from mp2
| Reported by: | wim_arbor | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | mxf crash SIGSEGV regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
When I run the same command of #4913 with a 1 second input file, I get a Segmentation fault
How to reproduce:
Created xdcam8mp2-1s.ts using
./ffmpeg -i xdcam8mp2-2s.ts -c:v copy -c:a copy -t 1 -map 0:v -map 0:a xdcam8mp2-1s.ts
Executed:
ffmpeg started on 2015-10-07 at 13:10:59 Report written to "ffmpeg-20151007-131059.log" Command line: /home/arbor/src/ffmpegdebian/ffmpeg_g -report -v 9 -loglevel 99 -y -i xdcam8mp2-1s.ts -c:a pcm_s16le -map 0:v -c:v copy -filter_complex "[0:a:0]channelsplit=channel_layout=stereo[a0][a1];[0:a:1]channelsplit=channel_layout=stereo[a2][a3];[0:a:2]channelsplit=channel_layout=stereo[a4][a5];[0:a:3]channelsplit=channel_layout=stereo[a6][a7]" -map "[a0]" -map "[a1]" -map "[a2]" -map "[a3]" -map "[a4]" -map "[a5]" -map "[a6]" -map "[a7]" -f mxf -ss 1 xdcam8mp2-1s.mxf ffmpeg version N-75804-ga852db7 Copyright (c) 2000-2015 the FFmpeg developers built with gcc 4.7 (Debian 4.7.2-5) configuration: libavutil 55. 2.100 / 55. 2.100 libavcodec 57. 4.100 / 57. 4.100 libavformat 57. 3.100 / 57. 3.100 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 10.100 / 6. 10.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.100 / 2. 0.100
gdb output (last part):
No more output streams to write to, finishing.
[mxf @ 0x1c4f480] out st:1 dts:0
[mxf @ 0x1c4f480] essence container count:2
Last message repeated 1 times
[mxf @ 0x1c4f480] package type:1
[mxf @ 0x1c4f480] package type:2
[mxf @ 0x1c4f480] -d10_channelcount requires MXF D-10 and will be ignored
Last message repeated 7 times
Program received signal SIGSEGV, Segmentation fault.
0x00000000005f92ff in mxf_write_packet (s=<optimized out>, pkt=<optimized out>) at libavformat/mxfenc.c:2455
2455 mxf->index_entries[mxf->edit_units_count-1].slice_offset =
(gdb) bt
#0 0x00000000005f92ff in mxf_write_packet (s=<optimized out>, pkt=<optimized out>) at libavformat/mxfenc.c:2455
#1 0x00000000005e6bbd in write_packet (s=s@entry=0x1c4f480, pkt=pkt@entry=0x7fffffffdd80) at libavformat/mux.c:660
#2 0x00000000005e8f48 in av_write_trailer (s=0x1c4f480) at libavformat/mux.c:998
#3 0x00000000004907c2 in transcode () at ffmpeg.c:4008
#4 0x000000000047427b in main (argc=<optimized out>, argv=0x7fffffffe3e8) at ffmpeg.c:4157
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5f92df to 0x5f931f:
0x00000000005f92df <mxf_write_packet+1167>: add %ecx,(%rdi)
0x00000000005f92e1 <mxf_write_packet+1169>: test %ecx,%esi
0x00000000005f92e3 <mxf_write_packet+1171>: (bad)
0x00000000005f92e4 <mxf_write_packet+1172>: (bad)
0x00000000005f92e5 <mxf_write_packet+1173>: decl -0x177cd7bd(%rbx)
0x00000000005f92eb <mxf_write_packet+1179>: add %ecx,-0x73(%rax)
0x00000000005f92ee <mxf_write_packet+1182>: adc $0x40,%al
0x00000000005f92f0 <mxf_write_packet+1184>: mov 0x20(%rbx),%rax
0x00000000005f92f4 <mxf_write_packet+1188>: lea (%rax,%rdx,8),%rax
0x00000000005f92f8 <mxf_write_packet+1192>: mov 0x80(%rbx),%rdx
=> 0x00000000005f92ff <mxf_write_packet+1199>: sub 0x8(%rax),%edx
0x00000000005f9302 <mxf_write_packet+1202>: mov %edx,0x10(%rax)
0x00000000005f9305 <mxf_write_packet+1205>: jmpq 0x5f91b4 <mxf_write_packet+868>
0x00000000005f930a <mxf_write_packet+1210>: nopw 0x0(%rax,%rax,1)
0x00000000005f9310 <mxf_write_packet+1216>: and $0x1ff,%ebp
0x00000000005f9316 <mxf_write_packet+1222>: je 0x5f921e <mxf_write_packet+974>
0x00000000005f931c <mxf_write_packet+1228>: jmpq 0x5f91e0 <mxf_write_packet+912>
End of assembler dump.
(gdb) info all-registers
rax 0x1801e5b898 103111047320
rbx 0x1c4da80 29678208
rcx 0x7ffff6b7b180 140737332621696
rdx 0x0 0
rsi 0x1c507e0 29689824
rdi 0x9 9
rbp 0x0 0x0
rsp 0x7fffffffdc40 0x7fffffffdc40
r8 0x0 0
r9 0x1c66b00 29780736
r10 0x0 0
r11 0x246 582
r12 0x0 0
r13 0x0 0
r14 0x7fffffffdd80 140737488346496
r15 0x1c4f480 29684864
rip 0x5f92ff 0x5f92ff <mxf_write_packet+1199>
eflags 0x10297 [ CF PF AF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st1 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st2 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st3 -nan(0xb18afffdeb62) (raw 0xffff0000b18afffdeb62)
st4 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st5 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st6 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st7 -nan(0x6492fffed24a) (raw 0xffff00006492fffed24a)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0,
0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0xff,
0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xff0000, 0xffff0000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0xffff000000ff0000,
0x0, 0x0}, v2_int128 = {0xffff000000ff00000000000000000000, 0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x53500000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x35, 0x55, 0x55, 0x55, 0x55, 0x55, 0xa5, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x5535, 0x5555,
0x5555, 0x3fa5, 0x0 <repeats 12 times>}, v8_int32 = {0x55555535, 0x3fa55555, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x3fa5555555555535, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fa5555555555535,
0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x39, 0xe2, 0xd9, 0xed, 0x6b, 0xc1, 0x56, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0xe239, 0xedd9, 0xc16b,
0x3f56, 0x0 <repeats 12 times>}, v8_int32 = {0xedd9e239, 0x3f56c16b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3f56c16bedd9e239, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f56c16bedd9e239,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0xe0, 0x11, 0x4a, 0xb3, 0xb5, 0xb6, 0x32, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x11e0, 0xb34a, 0xb6b5,
0x3f32, 0x0 <repeats 12 times>}, v8_int32 = {0xb34a11e0, 0x3f32b6b5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3f32b6b5b34a11e0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f32b6b5b34a11e0,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x9d810300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x3, 0x81, 0x1d, 0x4f, 0xd0, 0xb7, 0x32, 0xbf, 0x0 <repeats 24 times>}, v16_int16 = {0x8103, 0x4f1d,
0xb7d0, 0xbf32, 0x0 <repeats 12 times>}, v8_int32 = {0x4f1d8103, 0xbf32b7d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xbf32b7d04f1d8103, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bf32b7d04f1d8103,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x33ad0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x68, 0x9d, 0x99, 0x51, 0x66, 0xf7, 0x87, 0x3e, 0x0 <repeats 24 times>}, v16_int16 = {0x9d68, 0x5199,
0xf766, 0x3e87, 0x0 <repeats 12 times>}, v8_int32 = {0x51999d68, 0x3e87f766, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x3e87f76651999d68, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003e87f76651999d68,
0x00000000000000000000000000000000}}
ymm13 {v8_float = {0xc1e69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x9d, 0xe6, 0x41, 0x49, 0x10, 0xa1, 0xd7, 0x39, 0x0 <repeats 24 times>}, v16_int16 = {0xe69d, 0x4941,
0xa110, 0x39d7, 0x0 <repeats 12 times>}, v8_int32 = {0x4941e69d, 0x39d7a110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x39d7a1104941e69d, 0x0, 0x0, 0x0}, v2_int128 = {0x000000000000000039d7a1104941e69d,
0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x0, 0x88, 0x39, 0x52, 0x83, 0xb1, 0x3b, 0xbf, 0x0 <repeats 24 times>}, v16_int16 = {0x8800, 0x5239,
0xb183, 0xbf3b, 0x0 <repeats 12 times>}, v8_int32 = {0x52398800, 0xbf3bb183, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xbf3bb18352398800, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bf3bb18352398800,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x85, 0xce, 0x35, 0xa4, 0xc6, 0x97, 0xe7, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0xce85, 0xa435, 0x97c6,
0x3fe7, 0x0 <repeats 12 times>}, v8_int32 = {0xa435ce85, 0x3fe797c6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3fe797c6a435ce85, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fe797c6a435ce85,
0x00000000000000000000000000000000}}
(gdb) print mxf->edit_units_count
value has been optimized out
valgrind output (last part):
No more output streams to write to, finishing.
[mxf @ 0xc457b00] out st:1 dts:0
[mxf @ 0xc457b00] essence container count:2
Last message repeated 1 times
[mxf @ 0xc457b00] package type:1
[mxf @ 0xc457b00] package type:2
[mxf @ 0xc457b00] -d10_channelcount requires MXF D-10 and will be ignored
==5581== Invalid read of size 4es
==5581== at 0x5F92FF: mxf_write_packet (mxfenc.c:2455)
==5581== by 0x5E6BBC: write_packet (mux.c:660)
==5581== by 0x5E8F47: av_write_trailer (mux.c:998)
==5581== by 0x4907C1: transcode (ffmpeg.c:4008)
==5581== by 0x47427A: main (ffmpeg.c:4157)
==5581== Address 0x180b19e260 is not stack'd, malloc'd or (recently) free'd
==5581==
==5581==
==5581== Process terminating with default action of signal 11 (SIGSEGV)
==5581== Access not within mapped region at address 0x180B19E260
==5581== at 0x5F92FF: mxf_write_packet (mxfenc.c:2455)
==5581== by 0x5E6BBC: write_packet (mux.c:660)
==5581== by 0x5E8F47: av_write_trailer (mux.c:998)
==5581== by 0x4907C1: transcode (ffmpeg.c:4008)
==5581== by 0x47427A: main (ffmpeg.c:4157)
==5581== If you believe this happened as a result of a stack
==5581== overflow in your program's main thread (unlikely but
==5581== possible), you can try to increase the size of the
==5581== main thread stack using the --main-stacksize= flag.
==5581== The main thread stack size used in this run was 8388608.
==5581==
==5581== HEAP SUMMARY:
==5581== in use at exit: 2,397,591 bytes in 782 blocks
==5581== total heap usage: 9,395 allocs, 8,613 frees, 37,104,789 bytes allocated
==5581==
==5581== LEAK SUMMARY:
==5581== definitely lost: 0 bytes in 0 blocks
==5581== indirectly lost: 0 bytes in 0 blocks
==5581== possibly lost: 0 bytes in 0 blocks
==5581== still reachable: 2,397,591 bytes in 782 blocks
==5581== suppressed: 0 bytes in 0 blocks
==5581== Rerun with --leak-check=full to see details of leaked memory
==5581==
==5581== For counts of detected and suppressed errors, rerun with: -v
==5581== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
Segmentation fault
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (1)
Change History (10)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
rebuild ffmpeg using --disable-optimizations
gdb output:
No more output streams to write to, finishing.
[mxf @ 0x2106480] out st:1 dts:0
[mxf @ 0x2106480] essence container count:2
Last message repeated 1 times
[mxf @ 0x2106480] package type:1
[mxf @ 0x2106480] package type:2
[mxf @ 0x2106480] -d10_channelcount requires MXF D-10 and will be ignored
Last message repeated 7 times
Program received signal SIGSEGV, Segmentation fault.
0x00000000006b87fe in mxf_write_packet (s=0x2106480, pkt=0x7fffffffe1b0) at libavformat/mxfenc.c:2456
2456 mxf->body_offset - mxf->index_entries[mxf->edit_units_count-1].offset;
(gdb) bt
#0 0x00000000006b87fe in mxf_write_packet (s=0x2106480, pkt=0x7fffffffe1b0) at libavformat/mxfenc.c:2456
#1 0x00000000006a6d3f in write_packet (s=0x2106480, pkt=0x7fffffffe1b0) at libavformat/mux.c:660
#2 0x00000000006a7fd3 in av_write_trailer (s=0x2106480) at libavformat/mux.c:998
#3 0x000000000042b2e1 in transcode () at ffmpeg.c:4008
#4 0x000000000042b6e9 in main (argc=38, argv=0x7fffffffe3e8) at ffmpeg.c:4157
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6b87de to 0x6b881e:
0x00000000006b87de <mxf_write_packet+1235>: mov 0x20(%rax),%rdi
0x00000000006b87e2 <mxf_write_packet+1239>: mov -0x18(%rbp),%rax
0x00000000006b87e6 <mxf_write_packet+1243>: mov 0x28(%rax),%eax
0x00000000006b87e9 <mxf_write_packet+1246>: sub $0x1,%eax
0x00000000006b87ec <mxf_write_packet+1249>: mov %eax,%edx
0x00000000006b87ee <mxf_write_packet+1251>: mov %rdx,%rax
0x00000000006b87f1 <mxf_write_packet+1254>: add %rax,%rax
0x00000000006b87f4 <mxf_write_packet+1257>: add %rdx,%rax
0x00000000006b87f7 <mxf_write_packet+1260>: shl $0x3,%rax
0x00000000006b87fb <mxf_write_packet+1264>: add %rdi,%rax
=> 0x00000000006b87fe <mxf_write_packet+1267>: mov 0x8(%rax),%rax
0x00000000006b8802 <mxf_write_packet+1271>: mov %esi,%edx
0x00000000006b8804 <mxf_write_packet+1273>: sub %eax,%edx
0x00000000006b8806 <mxf_write_packet+1275>: mov %edx,%eax
0x00000000006b8808 <mxf_write_packet+1277>: mov %eax,0x10(%rcx)
0x00000000006b880b <mxf_write_packet+1280>: mov -0x58(%rbp),%rax
0x00000000006b880f <mxf_write_packet+1284>: mov %rax,%rdi
0x00000000006b8812 <mxf_write_packet+1287>: callq 0x6b57d4 <mxf_write_klv_fill>
0x00000000006b8817 <mxf_write_packet+1292>: mov -0x30(%rbp),%rax
0x00000000006b881b <mxf_write_packet+1296>: lea 0x38(%rax),%rcx
End of assembler dump.
(gdb) info all-registers
rax 0x1802312898 103115991192
rbx 0x0 0
rcx 0x1802312898 103115991192
rdx 0xffffffff 4294967295
rsi 0x0 0
rdi 0x23128b0 36776112
rbp 0x7fffffffe0c0 0x7fffffffe0c0
rsp 0x7fffffffe060 0x7fffffffe060
r8 0x61a0d5 6398165
r9 0x7ffff6905440 140737330041920
r10 0x0 0
r11 0x246 582
r12 0x406900 4221184
r13 0x7fffffffe3e0 140737488348128
r14 0x0 0
r15 0x0 0
rip 0x6b87fe 0x6b87fe <mxf_write_packet+1267>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st1 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st2 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st3 -nan(0xb18afffdeb62) (raw 0xffff0000b18afffdeb62)
st4 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st5 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st6 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st7 -nan(0x6492fffed24a) (raw 0xffff00006492fffed24a)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0,
0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xffff0000, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
0xffffffffffff0000, 0x0, 0x0}, v2_int128 = {0xffffffffffff00000000000000000000,
0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
---Type <return> to continue, or q <return> to quit---
0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x53500000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x35, 0x55, 0x55, 0x55, 0x55, 0x55, 0xa5, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x5535, 0x5555,
0x5555, 0x3fa5, 0x0 <repeats 12 times>}, v8_int32 = {0x55555535, 0x3fa55555, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x3fa5555555555535, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fa5555555555535,
0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x39, 0xe2, 0xd9, 0xed, 0x6b, 0xc1, 0x56, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0xe239, 0xedd9, 0xc16b,
0x3f56, 0x0 <repeats 12 times>}, v8_int32 = {0xedd9e239, 0x3f56c16b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3f56c16bedd9e239, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f56c16bedd9e239,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0xe0, 0x11, 0x4a, 0xb3, 0xb5, 0xb6, 0x32, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x11e0, 0xb34a, 0xb6b5,
0x3f32, 0x0 <repeats 12 times>}, v8_int32 = {0xb34a11e0, 0x3f32b6b5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3f32b6b5b34a11e0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f32b6b5b34a11e0,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x9d810300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x3, 0x81, 0x1d, 0x4f, 0xd0, 0xb7, 0x32, 0xbf, 0x0 <repeats 24 times>}, v16_int16 = {0x8103, 0x4f1d,
0xb7d0, 0xbf32, 0x0 <repeats 12 times>}, v8_int32 = {0x4f1d8103, 0xbf32b7d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xbf32b7d04f1d8103, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bf32b7d04f1d8103,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x33ad0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x68, 0x9d, 0x99, 0x51, 0x66, 0xf7, 0x87, 0x3e, 0x0 <repeats 24 times>}, v16_int16 = {0x9d68, 0x5199,
0xf766, 0x3e87, 0x0 <repeats 12 times>}, v8_int32 = {0x51999d68, 0x3e87f766, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x3e87f76651999d68, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003e87f76651999d68,
0x00000000000000000000000000000000}}
ymm13 {v8_float = {0xc1e69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x9d, 0xe6, 0x41, 0x49, 0x10, 0xa1, 0xd7, 0x39, 0x0 <repeats 24 times>}, v16_int16 = {0xe69d, 0x4941,
0xa110, 0x39d7, 0x0 <repeats 12 times>}, v8_int32 = {0x4941e69d, 0x39d7a110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x39d7a1104941e69d, 0x0, 0x0, 0x0}, v2_int128 = {0x000000000000000039d7a1104941e69d,
0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
v32_int8 = {0x0, 0x88, 0x39, 0x52, 0x83, 0xb1, 0x3b, 0xbf, 0x0 <repeats 24 times>}, v16_int16 = {0x8800, 0x5239,
0xb183, 0xbf3b, 0x0 <repeats 12 times>}, v8_int32 = {0x52398800, 0xbf3bb183, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xbf3bb18352398800, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bf3bb18352398800,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x85, 0xce, 0x35, 0xa4, 0xc6, 0x97, 0xe7, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0xce85, 0xa435, 0x97c6,
0x3fe7, 0x0 <repeats 12 times>}, v8_int32 = {0xa435ce85, 0x3fe797c6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3fe797c6a435ce85, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fe797c6a435ce85,
0x00000000000000000000000000000000}}
(gdb) print mxf->edit_units_count
$1 = 0
(gdb) print mxf->index_entries
$2 = (MXFIndexEntry *) 0x23128b0
(gdb) print mxf->edit_unit_byte_count
$3 = 0
(gdb) print mxf->body_offset
$4 = 0
(gdb) print mxf->header_written
$5 = 1
(gdb) print mxf
$6 = (MXFContext *) 0x2104a80
} else if (!mxf->edit_unit_byte_count && st->index == 1) {
mxf->index_entries[mxf->edit_units_count-1].slice_offset =
mxf->body_offset - mxf->index_entries[mxf->edit_units_count-1].offset;
}
comment:4 by , 8 years ago
I have reuploaded xdcam8mp2-1s.ts to upload.ffmpeg.org
Attachement have a size limit of 2.5 MB xdcam8mp2-1s.ts is more than 5MB (the video bitrate is 50mb/s)
comment:5 by , 8 years ago
Thank you for uploading again, I don't know what happened to the original files!
Regression since 4818388e6c219bf48fa93bf76ee6ab3dc3fb1e8f
(gdb) r -i xdcam8mp2-1s_small.ts -c:a pcm_s16le -c:v copy -ss 1 out.mxf
Starting program: ffmpeg_g -i xdcam8mp2-1s_small.ts -c:a pcm_s16le -c:v copy -ss 1 out.mxf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-75984-gfcfb66b Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 55. 3.100 / 55. 3.100
libavcodec 57. 6.100 / 57. 6.100
libavformat 57. 3.100 / 57. 3.100
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 11.100 / 6. 11.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.100 / 2. 0.100
libpostproc 54. 0.100 / 54. 0.100
Input #0, mpegts, from 'xdcam8mp2-1s_small.ts':
Duration: 00:00:01.00, start: 1.400000, bitrate: 4058 kb/s
Program 1
Metadata:
service_name : Service01
service_provider: FFmpeg
Stream #0:0[0x100]: Video: mpeg2video (4:2:2) ([2][0][0][0] / 0x0002), yuv422p(tv), 480x270 [SAR 1:1 DAR 16:9], max. 104857 kb/s, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
Stream #0:1[0x101]: Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz, stereo, s16p, 384 kb/s
[New Thread 0x7ffff14f0700 (LWP 2050)]
[New Thread 0x7ffff0cef700 (LWP 2051)]
[New Thread 0x7ffff04ee700 (LWP 2052)]
[New Thread 0x7fffefced700 (LWP 2053)]
[New Thread 0x7fffef4ec700 (LWP 2054)]
[New Thread 0x7fffeeceb700 (LWP 2055)]
[New Thread 0x7fffee4ea700 (LWP 2056)]
[New Thread 0x7fffedce9700 (LWP 2057)]
[New Thread 0x7fffed4e8700 (LWP 2058)]
Output #0, mxf, to 'out.mxf':
Metadata:
encoder : Lavf57.3.100
Stream #0:0: Video: mpeg2video ([2][0][0][0] / 0x0002), yuv422p, 480x270 [SAR 1:1 DAR 16:9], q=2-31, max. 104857 kb/s, 29.97 fps, 29.97 tbr, 29.97 tbn, 29.97 tbc
Stream #0:1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
Metadata:
encoder : Lavc57.6.100 pcm_s16le
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (mp2 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[mxf @ 0x1cdd6c0] -d10_channelcount requires MXF D-10 and will be ignored
Program received signal SIGSEGV, Segmentation fault.
0x000000000062b5bf in mxf_write_packet (s=<optimized out>, pkt=<optimized out>) at libavformat/mxfenc.c:2455
2455 mxf->index_entries[mxf->edit_units_count-1].slice_offset =
(gdb) bt
#0 0x000000000062b5bf in mxf_write_packet (s=<optimized out>, pkt=<optimized out>) at libavformat/mxfenc.c:2455
#1 0x0000000000618e7d in write_packet (s=s@entry=0x1cdd6c0, pkt=pkt@entry=0x7fffffffd680) at libavformat/mux.c:660
#2 0x000000000061b208 in av_write_trailer (s=0x1cdd6c0) at libavformat/mux.c:998
#3 0x0000000000495392 in transcode () at ffmpeg.c:4002
#4 0x0000000000478c4b in main (argc=<optimized out>, argv=0x7fffffffdce8) at ffmpeg.c:4151
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x62b59f to 0x62b5df:
0x000000000062b59f <mxf_write_packet+1167>: add %ecx,(%rdi)
0x000000000062b5a1 <mxf_write_packet+1169>: test %ecx,%esi
0x000000000062b5a3 <mxf_write_packet+1171>: (bad)
0x000000000062b5a4 <mxf_write_packet+1172>: (bad)
0x000000000062b5a5 <mxf_write_packet+1173>: decl 0x408d2843(%rbx)
0x000000000062b5ab <mxf_write_packet+1179>: decl -0x73(%rax)
0x000000000062b5ae <mxf_write_packet+1182>: adc $0x40,%al
0x000000000062b5b0 <mxf_write_packet+1184>: mov 0x20(%rbx),%rax
0x000000000062b5b4 <mxf_write_packet+1188>: lea (%rax,%rdx,8),%rax
0x000000000062b5b8 <mxf_write_packet+1192>: mov 0x80(%rbx),%rdx
=> 0x000000000062b5bf <mxf_write_packet+1199>: sub 0x8(%rax),%edx
0x000000000062b5c2 <mxf_write_packet+1202>: mov %edx,0x10(%rax)
0x000000000062b5c5 <mxf_write_packet+1205>: jmpq 0x62b474 <mxf_write_packet+868>
0x000000000062b5ca <mxf_write_packet+1210>: nopw 0x0(%rax,%rax,1)
0x000000000062b5d0 <mxf_write_packet+1216>: and $0x1ff,%ebp
0x000000000062b5d6 <mxf_write_packet+1222>: je 0x62b4de <mxf_write_packet+974>
0x000000000062b5dc <mxf_write_packet+1228>: jmpq 0x62b4a0 <mxf_write_packet+912>
End of assembler dump.
(gdb) info register
rax 0x1801d22f38 103109766968
rbx 0x1cb7b20 30112544
rcx 0x7ffff627528d 140737323160205
rdx 0x0 0
rsi 0x1cdec20 30272544
rdi 0x0 0
rbp 0x0 0x0
rsp 0x7fffffffd540 0x7fffffffd540
r8 0x0 0
r9 0x1ceab00 30321408
r10 0x7fffffffd1b0 140737488343472
r11 0x0 0
r12 0x0 0
r13 0x0 0
r14 0x7fffffffd680 140737488344704
r15 0x1cdd6c0 30267072
rip 0x62b5bf 0x62b5bf <mxf_write_packet+1199>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
comment:6 by , 8 years ago
| Keywords: | crash SIGSEGV regression added |
|---|---|
| Reproduced by developer: | set |
| Status: | new → open |
by , 8 years ago
| Attachment: | xdcam8mp2-1s_small.ts added |
|---|
comment:7 by , 8 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | open → closed |
Sorry that I failed to find this before, but this looks very much like a duplicate of #4817. The valgrind output is basically identical.
But #4817 also segfaults on commit 76c1f9200fa3bf16a47042c0c2a1bd11e408b56c where my example does not segfault. (which is the commit preceeding 4818388e6c219bf48fa93bf76ee6ab3dc3fb1e8f)
I will close this ticket as duplicate, and when #4817 is fixed, I will validate if it also fixes my example. (but feel free to reopen if you don't agree)
comment:8 by , 8 years ago
| Resolution: | duplicate |
|---|---|
| Status: | closed → reopened |
comment:9 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Note:
See TracTickets
for help on using tickets.
I have uploaded xdcam8mp2-1s.ts to upload.ffmpeg.org/incoming