Opened 4 years ago

Closed 13 months ago

#5752 closed defect (fixed)

Crash when muxing webm_chunk

Reported by: cehoyos Owned by:
Priority: important Component: avformat
Version: git-master Keywords: crash SIGSEGV mkv
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description (last modified by cehoyos)
A user provided ac3 audio that crashes the webm_chunk muxer.

(gdb) r -i out.ac3 -map 0:a:0 -strict -2 -acodec vorbis -ac 2 -header header out%d.chk
Starting program: ffmpeg_g -i out.ac3 -map 0:a:0 -strict -2 -acodec vorbis -ac 2 -header header out%d.chk
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/".
ffmpeg version N-81244-g8916ad9 Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-libvpx --enable-libvorbis
  libavutil      55. 28.100 / 55. 28.100
  libavcodec     57. 51.100 / 57. 51.100
  libavformat    57. 44.100 / 57. 44.100
  libavdevice    57.  0.102 / 57.  0.102
  libavfilter     6. 49.100 /  6. 49.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  1.100 /  2.  1.100
[ac3 @ 0x1e31560] Format ac3 detected only with low score of 25, misdetection possible!
[ac3 @ 0x1e31560] Estimating duration from bitrate, this may be inaccurate
Input #0, ac3, from 'out.ac3':
  Duration: 00:00:26.68, start: 0.000000, bitrate: 384 kb/s
    Stream #0:0: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
[New Thread 0x7ffff11fb700 (LWP 30131)]
[New Thread 0x7ffff09fa700 (LWP 30132)]
[New Thread 0x7ffff01f9700 (LWP 30133)]
[New Thread 0x7fffef9f8700 (LWP 30134)]
[New Thread 0x7fffef1f7700 (LWP 30135)]
[New Thread 0x7fffee9f6700 (LWP 30136)]
[New Thread 0x7fffee1f5700 (LWP 30137)]
[New Thread 0x7fffed9f4700 (LWP 30138)]
[New Thread 0x7fffed1f3700 (LWP 30139)]
[webm_chunk @ 0x1e33aa0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, webm_chunk, to 'out%d.chk':
    encoder         : Lavf57.44.100
    Stream #0:0: Audio: vorbis, 48000 Hz, stereo, fltp
      encoder         : Lavc57.51.100 vorbis
Stream mapping:
  Stream #0:0 -> #0:0 (ac3 (native) -> vorbis (native))
Press [q] to stop, [?] for help
[ac3 @ 0x1e33320] frame sync error
Error while decoding stream #0:0: Invalid data found when processing input

Program received signal SIGSEGV, Segmentation fault.
0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20, pkt=0x7fffffffd2b0)
    at libavformat/matroskaenc.c:2111
2111        if (s->pb->seekable)
(gdb) bt
#0  0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20, pkt=0x7fffffffd2b0)
    at libavformat/matroskaenc.c:2111
#1  0x00000000006c6cb6 in webm_chunk_write_packet (s=0x1e33aa0, pkt=0x7fffffffd2b0)
    at libavformat/webm_chunk.c:210
#2  0x000000000063df2d in write_packet (s=s@entry=0x1e33aa0, pkt=pkt@entry=0x7fffffffd2b0)
    at libavformat/mux.c:732
#3  0x000000000064022e in av_interleaved_write_frame (s=s@entry=0x1e33aa0, pkt=0x0,
    pkt@entry=0x7fffffffd610) at libavformat/mux.c:1184
#4  0x0000000000493b0d in write_frame (s=s@entry=0x1e33aa0, pkt=pkt@entry=0x7fffffffd610,
    ost=ost@entry=0x1e68d20) at ffmpeg.c:762
#5  0x0000000000498807 in do_audio_out (frame=0x1e34e60, ost=0x1e68d20, s=0x1e33aa0)
    at ffmpeg.c:840
#6  reap_filters (flush=flush@entry=0) at ffmpeg.c:1376
#7  0x000000000049be1a in transcode_step () at ffmpeg.c:4119
#8  transcode () at ffmpeg.c:4163
#9  0x000000000047e36b in main (argc=<optimized out>, argv=0x7fffffffdcc8) at ffmpeg.c:4356
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x600960 to 0x6009a0:
   0x0000000000600960 <mkv_write_flush_packet+16>:      and    $0xe0,%al
   0x0000000000600962 <mkv_write_flush_packet+18>:      mov    %r13,-0x18(%rsp)
   0x0000000000600967 <mkv_write_flush_packet+23>:      mov    %rsi,%r12
   0x000000000060096a <mkv_write_flush_packet+26>:      mov    %r14,-0x10(%rsp)
   0x000000000060096f <mkv_write_flush_packet+31>:      mov    %r15,-0x8(%rsp)
   0x0000000000600974 <mkv_write_flush_packet+36>:      sub    $0x58,%rsp
   0x0000000000600978 <mkv_write_flush_packet+40>:      mov    0x18(%rdi),%rbx
   0x000000000060097c <mkv_write_flush_packet+44>:      mov    0x20(%rdi),%rdi
=> 0x0000000000600980 <mkv_write_flush_packet+48>:      mov    0x90(%rdi),%edx
   0x0000000000600986 <mkv_write_flush_packet+54>:      mov    %rdi,%r13
   0x0000000000600989 <mkv_write_flush_packet+57>:      test   %edx,%edx
   0x000000000060098b <mkv_write_flush_packet+59>:      jne    0x600991 <mkv_write_flush_packet+65>
   0x000000000060098d <mkv_write_flush_packet+61>:      mov    0x10(%rbx),%r13
   0x0000000000600991 <mkv_write_flush_packet+65>:      test   %r12,%r12
   0x0000000000600994 <mkv_write_flush_packet+68>:      je     0x600bb0 <mkv_write_flush_packet+608>
   0x000000000060099a <mkv_write_flush_packet+74>:      movslq 0x24(%r12),%rax
   0x000000000060099f <mkv_write_flush_packet+79>:      mov    0x30(%rbp),%rcx
End of assembler dump.
(gdb) info register
rax            0x16a3d00        23739648
rbx            0x1eae440        32171072
rcx            0x5      5
rdx            0x5dc0   24000
rsi            0x7fffffffd2b0   140737488343728
rdi            0x0      0
rbp            0x1eade20        0x1eade20
rsp            0x7fffffffd110   0x7fffffffd110
r8             0x1eaef10        32173840
r9             0x5dc0   24000
r10            0x1      1
r11            0x8000000000000001       -9223372036854775807
r12            0x7fffffffd2b0   140737488343728
r13            0x1eade20        32169504
r14            0x20     32
r15            0x600    1536
rip            0x600980 0x600980 <mkv_write_flush_packet+48>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

Attachments (2)

capture_cut.ts (2.4 MB) - added by cehoyos 4 years ago.
out.ac3 (1.2 MB) - added by cehoyos 4 years ago.

Change History (6)

Changed 4 years ago by cehoyos

Changed 4 years ago by cehoyos

comment:1 Changed 4 years ago by cehoyos

  • Description modified (diff)

comment:2 Changed 4 years ago by cehoyos

  • Description modified (diff)

comment:3 Changed 4 years ago by cehoyos

  • Description modified (diff)

comment:4 Changed 13 months ago by mkver

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.