Opened 12 years ago

Closed 12 years ago

#642 closed defect (worksforme)

double free or corruption fault when trying to extract still image with transpose

Reported by: danwax Owned by:
Priority: important Component: undetermined
Version: 0.8.6 Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This error occurs whenever I'm trying to extract a still image from a video. I'm running 0.8.6. It does actually export an image, which is green and lined. I will attached. Command and full output follow:-

COMMAND

ffmpeg -i /var/encode-input/input.MOV -ss 20 -s 480x272 -vf "transpose=1,pad=854:480:291:0" -vframes 1 /var/encode-output/output.jpg

OUTPUT

ffmpeg version 0.8.6, Copyright (c) 2000-2011 the FFmpeg developers
  built on Nov 11 2011 10:55:20 with gcc 4.4.5 20110214 (Red Hat 4.4.5-6)
  configuration: --disable-ffplay --disable-ffserver --enable-libxvid --enable-gpl --enable-nonfree --enable-pthreads --enable-libmp3lame --enable-libx264 --enable-libfaac --enable-zlib --enable-avfilter --enable-libfreetype
  libavutil    51.  9. 1 / 51.  9. 1
  libavcodec   53.  7. 0 / 53.  7. 0
  libavformat  53.  4. 0 / 53.  4. 0
  libavdevice  53.  1. 1 / 53.  1. 1
  libavfilter   2. 23. 0 /  2. 23. 0
  libswscale    2.  0. 0 /  2.  0. 0
  libpostproc  51.  2. 0 / 51.  2. 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x3296400] Format mov,mp4,m4a,3gp,3g2,mj2 probed with size=2048 and score=100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x3296400] ISO: File Type Major Brand: qt
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x3296400] All info found

Seems stream 1 codec frame rate differs from container frame rate: 1200.00 (1200/1) -> 30.00 (30/1)
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/var/encode-input/input.MOV':
  Metadata:
    major_brand     : qt
    minor_version   : 0
    compatible_brands: qt
    creation_time   : 2011-11-05 01:17:56
    encoder         : 4.2.1
    encoder-eng     : 4.2.1
    date            : 2011-06-29T12:22:51+0300
    date-eng        : 2011-06-29T12:22:51+0300
  Duration: 00:00:50.06, start: 0.000000, bitrate: 781 kb/s
    Stream #0.0(und), 44, 1/44100: Audio: aac, 44100 Hz, mono, s16, 63 kb/s
    Metadata:
      creation_time   : 2011-11-05 01:17:56
    Stream #0.1(und), 1, 1/600: Video: h264 (Baseline), yuv420p, 480x272, 1/1200, 714 kb/s, 30 fps, 30 tbr, 600 tbn, 1200 tbc
    Metadata:
      creation_time   : 2011-11-05 01:17:56
Incompatible pixel format 'yuv420p' for codec 'mjpeg', auto-selecting format 'yuvj420p'
[buffer @ 0x3290c00] w:480 h:272 pixfmt:yuv420p tb:1/1000000 sar:0/1 sws_param:
[pad @ 0x329cd80] auto-inserting filter 'auto-inserted scaler 0' between the filter 'Parsed filter 0 transpose' and the filter 'Parsed filter 1 pad'
[transpose @ 0x329c680] w:480 h:272 dir:1 -> w:272 h:480 rotation:clockwise vflip:0
[scale @ 0x329dac0] w:272 h:480 fmt:yuv420p -> w:272 h:480 fmt:yuvj420p flags:0x4
[pad @ 0x329cd80] w:272 h:480 -> w:854 h:480 x:290 y:0 color:0x108080FF[yuva]
Output #0, image2, to '/var/encode-output/output.jpg':
  Metadata:
    major_brand     : qt
    minor_version   : 0
    compatible_brands: qt
    creation_time   : 2011-11-05 01:17:56
    date-eng        : 2011-06-29T12:22:51+0300
    encoder-eng     : 4.2.1
    date            : 2011-06-29T12:22:51+0300
    encoder         : Lavf53.4.0
    Stream #0.0(und), 0, 1/90000: Video: mjpeg, yuvj420p, 854x480, 1/30, q=2-31, 200 kb/s, 90k tbn, 30 tbc
    Metadata:
      creation_time   : 2011-11-05 01:17:56
Stream mapping:
  Stream #0.1 -> #0.0
Press [q] to stop, [?] for help
frame=    1 fps=  0 q=5.3 Lsize=      -0kB time=00:00:00.03 bitrate=  -5.3kbits/s
video:37kB audio:0kB global headers:0kB muxing overhead -100.058692%
*** glibc detected *** ffmpeg: double free or corruption (out): 0x00007fa5c6b74040 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75146)[0x7fa5c6ea9146]
ffmpeg[0xa48c9c]
ffmpeg[0x441241]
ffmpeg[0x443073]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7fa5c6e52cdd]
ffmpeg[0x439db9]
======= Memory map: ========
00400000-00c92000 r-xp 00000000 ca:01 26865                              /usr/local/bin/ffmpeg
00e91000-00ec2000 rw-p 00891000 ca:01 26865                              /usr/local/bin/ffmpeg
00ec2000-0148c000 rw-p 00000000 00:00 0
0328f000-0340a000 rw-p 00000000 00:00 0                                  [heap]
7fa5c6955000-7fa5c696b000 r-xp 00000000 ca:01 15                         /lib64/libgcc_s-4.4.5-20110214.so.1
7fa5c696b000-7fa5c6b6a000 ---p 00016000 ca:01 15                         /lib64/libgcc_s-4.4.5-20110214.so.1
7fa5c6b6a000-7fa5c6b6b000 rw-p 00015000 ca:01 15                         /lib64/libgcc_s-4.4.5-20110214.so.1
7fa5c6b73000-7fa5c6e34000 rw-p 00000000 00:00 0
7fa5c6e34000-7fa5c6fba000 r-xp 00000000 ca:01 7609                       /lib64/libc-2.12.so
7fa5c6fba000-7fa5c71b9000 ---p 00186000 ca:01 7609                       /lib64/libc-2.12.so
7fa5c71b9000-7fa5c71bd000 r--p 00185000 ca:01 7609                       /lib64/libc-2.12.so
7fa5c71bd000-7fa5c71be000 rw-p 00189000 ca:01 7609                       /lib64/libc-2.12.so
7fa5c71be000-7fa5c71c3000 rw-p 00000000 00:00 0
7fa5c71c3000-7fa5c71da000 r-xp 00000000 ca:01 7633                       /lib64/libpthread-2.12.so
7fa5c71da000-7fa5c73d9000 ---p 00017000 ca:01 7633                       /lib64/libpthread-2.12.so
7fa5c73d9000-7fa5c73da000 r--p 00016000 ca:01 7633                       /lib64/libpthread-2.12.so
7fa5c73da000-7fa5c73db000 rw-p 00017000 ca:01 7633                       /lib64/libpthread-2.12.so
7fa5c73db000-7fa5c73df000 rw-p 00000000 00:00 0
7fa5c73df000-7fa5c73f4000 r-xp 00000000 ca:01 7917                       /lib64/libz.so.1.2.3
7fa5c73f4000-7fa5c75f3000 ---p 00015000 ca:01 7917                       /lib64/libz.so.1.2.3
7fa5c75f3000-7fa5c75f4000 rw-p 00014000 ca:01 7917                       /lib64/libz.so.1.2.3
7fa5c75f4000-7fa5c7677000 r-xp 00000000 ca:01 7617                       /lib64/libm-2.12.so
7fa5c7677000-7fa5c7876000 ---p 00083000 ca:01 7617                       /lib64/libm-2.12.so
7fa5c7876000-7fa5c7877000 r--p 00082000 ca:01 7617                       /lib64/libm-2.12.so
7fa5c7877000-7fa5c7878000 rw-p 00083000 ca:01 7617                       /lib64/libm-2.12.so
7fa5c7878000-7fa5c7887000 r-xp 00000000 ca:01 31502                      /usr/local/lib/libfaac.so.0.0.0
7fa5c7887000-7fa5c7a87000 ---p 0000f000 ca:01 31502                      /usr/local/lib/libfaac.so.0.0.0
7fa5c7a87000-7fa5c7a8a000 rw-p 0000f000 ca:01 31502                      /usr/local/lib/libfaac.so.0.0.0
7fa5c7a8a000-7fa5c7b10000 r-xp 00000000 ca:01 14584                      /usr/local/lib/libfreetype.so.6.7.2
7fa5c7b10000-7fa5c7d10000 ---p 00086000 ca:01 14584                      /usr/local/lib/libfreetype.so.6.7.2
7fa5c7d10000-7fa5c7d16000 rw-p 00086000 ca:01 14584                      /usr/local/lib/libfreetype.so.6.7.2
7fa5c7d16000-7fa5c7d6f000 r-xp 00000000 ca:01 24206                      /usr/local/lib/libmp3lame.so.0.0.0
7fa5c7d6f000-7fa5c7f6e000 ---p 00059000 ca:01 24206                      /usr/local/lib/libmp3lame.so.0.0.0
7fa5c7f6e000-7fa5c7f70000 rw-p 00058000 ca:01 24206                      /usr/local/lib/libmp3lame.so.0.0.0
7fa5c7f70000-7fa5c7fa0000 rw-p 00000000 00:00 0
7fa5c7fa0000-7fa5c80b4000 r-xp 00000000 ca:01 31544                      /usr/local/lib/libx264.so.119
7fa5c80b4000-7fa5c82b3000 ---p 00114000 ca:01 31544                      /usr/local/lib/libx264.so.119
7fa5c82b3000-7fa5c82b6000 rw-p 00113000 ca:01 31544                      /usr/local/lib/libx264.so.119
7fa5c82b6000-7fa5c82f1000 rw-p 00000000 00:00 0
7fa5c82f1000-7fa5c8311000 r-xp 00000000 ca:01 7602                       /lib64/ld-2.12.so
7fa5c8437000-7fa5c8493000 rw-p 00000000 00:00 0
7fa5c8502000-7fa5c8507000 rw-p 00000000 00:00 0
7fa5c850f000-7fa5c8510000 rw-p 00000000 00:00 0
7fa5c8510000-7fa5c8511000 r--p 0001f000 ca:01 7602                       /lib64/ld-2.12.so
7fa5c8511000-7fa5c8512000 rw-p 00020000 ca:01 7602                       /lib64/ld-2.12.so
7fa5c8512000-7fa5c8513000 rw-p 00000000 00:00 0
7fffbeb96000-7fffbebb7000 rw-p 00000000 00:00 0                          [stack]
7fffbebff000-7fffbec00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

Attachments (3)

output.jpg (33.7 KB ) - added by danwax 12 years ago.
Resulting still from encode
testvid.mp4 (14.0 KB ) - added by danwax 12 years ago.
Video that causes crashes
gdb_session.txt (10.2 KB ) - added by danwax 12 years ago.
Backtrace on testvid.mp4 crash

Download all attachments as: .zip

Change History (9)

by danwax, 12 years ago

Attachment: output.jpg added

Resulting still from encode

comment:1 by Carl Eugen Hoyos, 12 years ago

Cc: Carl Eugen Hoyos removed
Component: avfilterundetermined
Keywords: double free or corruption still removed

Is this reproducible with current git head?

Please add a backtrace (disass and registers are less important for double free).

comment:2 by danwax, 12 years ago

This has not been reproducible with current git head. It appears to be working fine. We'll run this snapshot separately for transposed stills until incorporated into stable release. Thanks.

backtrace (ffmpeg-0.8.5):

#0  0x00007ffff6952905 in raise () from /lib64/libc.so.6
#1 0x00007ffff69540e5 in abort () from /lib64/libc.so.6
#2 0x00007ffff698f827 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff6995146 in malloc_printerr () from /lib64/libc.so.6
#4 0x0000000000a4827c in av_free (ptr=<optimized out>) at libavutil/mem.c:167
#5  av_freep (arg=<optimized out>) at libavutil/mem.c:174
#6  0x0000000000441151 in transcode
(nb_output_files=1, input_files=0x149a7c0, nb_input_files=1,
stream_maps=0x0, nb_stream_maps=<optimized out>,
output_files=0xec21a0) at ffmpeg.c:2843
#7  0x0000000000442f83 in main
(argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4588
Last edited 12 years ago by danwax (previous) (diff)

comment:3 by Carl Eugen Hoyos, 12 years ago

Using above command line and a random sample, I am unable to reproduce your problem with FFmpeg 0.8.6 (and 0.8.5). Is a specific sample needed to trigger the crash?

comment:4 by Carl Eugen Hoyos, 12 years ago

And if possible please test the git branch release/0.8, if this is the same issue as ticket #371, I have just fixed it by back-porting the relevant patch.

by danwax, 12 years ago

Attachment: testvid.mp4 added

Video that causes crashes

by danwax, 12 years ago

Attachment: gdb_session.txt added

Backtrace on testvid.mp4 crash

comment:5 by danwax, 12 years ago

Hi cehoyos,

Attached is a video and full backtrace on a crash.

comment:6 by Carl Eugen Hoyos, 12 years ago

Resolution: worksforme
Status: newclosed

I can - to a limited degree - reproduce the problem with 0.8.6 (it only crashes with valgrind here, not without), but not with 0.8.7.

If you want to reopen this ticket, please either provide complete, uncut output of gdb or valgrind for 0.8.7 and / or use git bisect to find the commit that fixed the issue in master (so I can backport the fix if it is missing in branch release/0.8).

Note: See TracTickets for help on using tickets.