Attachments (1)
Change History (4)
by , 9 years ago
| Attachment: | fuzz11.opus added |
|---|
comment:1 by , 9 years ago
comment:2 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 by , 8 years ago
| Keywords: | crash opus SIGSEGV added |
|---|---|
| Priority: | normal → important |
| Reproduced by developer: | set |
| Version: | unspecified → git-master |
(gdb) r -i fuzz11.opus -f null -
Starting program: ffmpeg_g -i fuzz11.opus -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-76274-gdcb95ef Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 55. 4.100 / 55. 4.100
libavcodec 57. 10.100 / 57. 10.100
libavformat 57. 11.100 / 57. 11.100
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 14.100 / 6. 14.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.100 / 2. 0.100
libpostproc 54. 0.100 / 54. 0.100
[opus @ 0x1cbe0a0] Mapping type 200 is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented.
[opus @ 0x1cbe0a0] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org)
[ogg @ 0x1cbc3c0] Failed to open codec in av_find_stream_info
Guessed Channel Layout for Input Stream #0.0 : 6.1
Guessed Channel Layout for Input Stream #0.1 : stereo
Input #0, ogg, from 'fuzz11.opus':
Duration: 559936:28:37.59, start: 0.000000, bitrate: N/A
Stream #0:0: Audio: opus, 48000 Hz, 7 channels, fltp
Stream #0:1: Audio: opus, 48000 Hz, 2 channels, fltp
[New Thread 0x7ffff14f0700 (LWP 21896)]
[New Thread 0x7ffff0cef700 (LWP 21897)]
[New Thread 0x7ffff04ee700 (LWP 21898)]
[New Thread 0x7fffefced700 (LWP 21899)]
[New Thread 0x7fffef4ec700 (LWP 21900)]
[New Thread 0x7fffeeceb700 (LWP 21901)]
[New Thread 0x7fffee4ea700 (LWP 21902)]
[New Thread 0x7fffedce9700 (LWP 21903)]
[New Thread 0x7fffed4e8700 (LWP 21904)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf57.11.100
Stream #0:0: Audio: pcm_s16le, 48000 Hz, 6.1, s16, 5376 kb/s
Metadata:
encoder : Lavc57.10.100 pcm_s16le
Stream mapping:
Stream #0:0 -> #0:0 (opus (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
[opus @ 0x1cbee40] Error parsing the packet header.
Error while decoding stream #0:0: Invalid data found when processing input
Program received signal SIGSEGV, Segmentation fault.
ff_vector_fmul_scalar_sse.loop () at libavutil/x86/float_dsp.asm:149
149 VECTOR_FMUL_SCALAR
(gdb) bt
#0 ff_vector_fmul_scalar_sse.loop () at libavutil/x86/float_dsp.asm:149
#1 0x0000000000a42303 in opus_decode_packet (avctx=0x1cbee40, data=0x242b060, got_frame_ptr=0x7fffffffd63c, avpkt=0x7fffffffd3a0) at libavcodec/opusdec.c:589
#2 0x0000000000b47f61 in avcodec_decode_audio4 (avctx=avctx@entry=0x1cbee40, frame=frame@entry=0x242b060, got_frame_ptr=got_frame_ptr@entry=0x7fffffffd63c, avpkt=avpkt@entry=0x7fffffffd680)
at libavcodec/utils.c:2197
#3 0x00000000004938c4 in decode_audio (ist=ist@entry=0x1cbec40, pkt=pkt@entry=0x7fffffffd680, got_output=got_output@entry=0x7fffffffd63c) at ffmpeg.c:1958
#4 0x00000000004947a2 in process_input_packet (ist=0x1cbec40, no_eof=0, no_eof@entry=30148000, pkt=0x0) at ffmpeg.c:2330
#5 0x0000000000496167 in process_input (file_index=0) at ffmpeg.c:3745
#6 transcode_step () at ffmpeg.c:4034
#7 transcode () at ffmpeg.c:4088
#8 0x0000000000478abb in main (argc=<optimized out>, argv=0x7fffffffdd28) at ffmpeg.c:4281
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x1010c2d to 0x1010c6d:
0x0000000001010c2d <ff_vector_fmac_scalar_fma3.loop+41>: vzeroupper
0x0000000001010c30 <ff_vector_fmac_scalar_fma3.loop+44>: retq
0x0000000001010c31 <ff_vector_fmac_scalar_fma3.loop+45>: nopl 0x0(%rax)
0x0000000001010c38 <ff_vector_fmac_scalar_fma3.loop+52>: nopl 0x0(%rax,%rax,1)
0x0000000001010c40 <ff_vector_fmul_scalar_sse+0>: shufps $0x0,%xmm0,%xmm0
0x0000000001010c44 <ff_vector_fmul_scalar_sse+4>: lea -0x10(,%edx,4),%rdx
=> 0x0000000001010c4d <ff_vector_fmul_scalar_sse.loop+0>: movaps (%rsi,%rdx,1),%xmm1
0x0000000001010c51 <ff_vector_fmul_scalar_sse.loop+4>: mulps %xmm0,%xmm1
0x0000000001010c54 <ff_vector_fmul_scalar_sse.loop+7>: movaps %xmm1,(%rdi,%rdx,1)
0x0000000001010c58 <ff_vector_fmul_scalar_sse.loop+11>: sub $0x10,%rdx
0x0000000001010c5c <ff_vector_fmul_scalar_sse.loop+15>: jge 0x1010c4d <ff_vector_fmul_scalar_sse.loop>
0x0000000001010c5e <ff_vector_fmul_scalar_sse.loop+17>: repz retq
0x0000000001010c60 <ff_vector_dmul_scalar_sse2+0>: movlhps %xmm0,%xmm0
0x0000000001010c63 <ff_vector_dmul_scalar_sse2+3>: lea -0x20(,%edx,8),%rdx
0x0000000001010c6c <ff_vector_dmul_scalar_sse2.loop+0>: movaps (%rsi,%rdx,1),%xmm1
End of assembler dump.
(gdb) info all-register
rax 0x1cc32a0 30159520
rbx 0x0 0
rcx 0x0 0
rdx 0xfffffff0 4294967280
rsi 0x2353ee0 37043936
rdi 0x2353ee0 37043936
rbp 0x0 0x0
rsp 0x7fffffffd1a8 0x7fffffffd1a8
r8 0x0 0
r9 0x60 96
r10 0x0 0
r11 0x7ffff52deb20 140737306815264
r12 0x0 0
r13 0x0 0
r14 0x242b060 37924960
r15 0x1cbcfc0 30134208
rip 0x1010c4d 0x1010c4d <ff_vector_fmul_scalar_sse.loop>
eflags 0x10282 [ SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0.99991432757400702807529593862945205 (raw 0x3ffefffa62a7bb70e201)
st7 -0.013089595571344758588806973537838063 (raw 0xbff8d675be39650aff75)
fctrl 0x37f 895
fstat 0x220 544
ftag 0xffff 65535
fiseg 0x7fff 32767
fioff 0xf5f964a7 -168205145
foseg 0x7fff 32767
fooff 0xffffce78 -12680
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xf9, 0xad, 0x71, 0x3f, 0xf9, 0xad, 0x71, 0x3f, 0xf9, 0xad, 0x71, 0x3f, 0xf9, 0xad, 0x71,
0x3f, 0x0 <repeats 16 times>}, v16_int16 = {0xadf9, 0x3f71, 0xadf9, 0x3f71, 0xadf9, 0x3f71, 0xadf9, 0x3f71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x3f71adf9, 0x3f71adf9, 0x3f71adf9,
0x3f71adf9, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3f71adf93f71adf9, 0x3f71adf93f71adf9, 0x0, 0x0}, v2_int128 = {0x3f71adf93f71adf93f71adf93f71adf9, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xa1, 0x85, 0xba, 0xb7, 0x10, 0x9b, 0x8f, 0x37, 0x10, 0x9b, 0x8f, 0x37, 0x10, 0x9b, 0x8f,
0x37, 0x0 <repeats 16 times>}, v16_int16 = {0x85a1, 0xb7ba, 0x9b10, 0x378f, 0x9b10, 0x378f, 0x9b10, 0x378f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb7ba85a1, 0x378f9b10, 0x378f9b10,
0x378f9b10, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x378f9b10b7ba85a1, 0x378f9b10378f9b10, 0x0, 0x0}, v2_int128 = {0x378f9b10378f9b10378f9b10b7ba85a1, 0x00000000000000000000000000000000}}
==21911== Invalid read of size 8 ==21911== at 0x4C2C476: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==21911== by 0xFEE75E: av_fifo_generic_write (fifo.c:136) ==21911== by 0xFE5D97: av_audio_fifo_write (audio_fifo.c:130) ==21911== by 0xA423D3: opus_decode_packet (opusdec.c:570) ==21911== by 0xB47F60: avcodec_decode_audio4 (utils.c:2197) ==21911== by 0x4938C3: decode_audio (ffmpeg.c:1958) ==21911== by 0x4947A1: process_input_packet.constprop.20 (ffmpeg.c:2330) ==21911== by 0x496166: transcode (ffmpeg.c:3745) ==21911== by 0x478ABA: main (ffmpeg.c:4281) ==21911== Address 0x10e85060 is 0 bytes after a block of size 128 alloc'd ==21911== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==21911== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==21911== by 0xFF67D9: av_malloc (mem.c:97) ==21911== by 0xFE8267: av_buffer_alloc (buffer.c:71) ==21911== by 0xFE8B15: av_buffer_pool_get (buffer.c:329) ==21911== by 0xB45D55: avcodec_default_get_buffer2 (utils.c:632) ==21911== by 0xB4648A: get_buffer_internal (utils.c:877) ==21911== by 0xB46565: ff_get_buffer (utils.c:890) ==21911== by 0xA40E9A: opus_decode_packet (opusdec.c:489) ==21911== by 0xB47F60: avcodec_decode_audio4 (utils.c:2197) ==21911== by 0x4938C3: decode_audio (ffmpeg.c:1958) ==21911== by 0x4947A1: process_input_packet.constprop.20 (ffmpeg.c:2330)
Note:
See TracTickets
for help on using tickets.
Fixed in b3e5f15b95f04a35821f63f6fd89ddd60f666a59