Opened 5 years ago
Closed 5 years ago
#7557 closed defect (fixed)
crash when overlaying image partially-offscreen
| Reported by: | kennethav | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avfilter |
| Version: | git-master | Keywords: | overlay crash SIGSEGV regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
What you were trying to accomplish: a vertical wipe effect by overlaying an image on to a video with a y-expression based on the current frame. The command line pasted below doesn't bother with the expression, just to simplify things but it does still crash.
Note: I'm running this on CoreOS
How to reproduce:
ffmpeg -i pig.jpg -i tooth.mp4 -filter_complex "[1:v][0:v]overlay=x=5:y=-5" output.mov version info: ffmpeg version 4.1-static https://johnvansickle.com/ffmpeg/ Copyright (c) 2000-2018 the FFmpeg developers built with gcc 6.3.0 (Debian 6.3.0-18+deb9u1) 20170516 configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc-6 --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg libavutil 56. 22.100 / 56. 22.100 libavcodec 58. 35.100 / 58. 35.100 libavformat 58. 20.100 / 58. 20.100 libavdevice 58. 5.100 / 58. 5.100 libavfilter 7. 40.101 / 7. 40.101 libswscale 5. 3.100 / 5. 3.100 libswresample 3. 3.100 / 3. 3.100 libpostproc 55. 3.100 / 55. 3.100
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (2)
Change History (4)
by , 5 years ago
by , 5 years ago
comment:1 by , 5 years ago
| Component: | undetermined → avfilter |
|---|---|
| Keywords: | overlay crash SIGSEGV regression added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
I believe this issue was fixed.
Note:
See TracTickets
for help on using tickets.
Regression since d54014d1573ec6e958e9c9e802e613c73c7f7ba5
(gdb) r -cpuflags 0 -i pig.jpg -i tooth.mp4 -filter_complex "[1:v][0:v]overlay=x=5:y=-5" -f null - Starting program: ffmpeg_g -cpuflags 0 -i pig.jpg -i tooth.mp4 -filter_complex "[1:v][0:v]overlay=x=5:y=-5" -f null - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". ffmpeg version N-92494-ge3a9630 Copyright (c) 2000-2018 the FFmpeg developers built with gcc 6.4.0 (GCC) configuration: --enable-gpl --enable-gnutls --enable-libxml2 libavutil 56. 23.101 / 56. 23.101 libavcodec 58. 39.100 / 58. 39.100 libavformat 58. 22.100 / 58. 22.100 libavdevice 58. 6.100 / 58. 6.100 libavfilter 7. 46.100 / 7. 46.100 libswscale 5. 4.100 / 5. 4.100 libswresample 3. 4.100 / 3. 4.100 libpostproc 55. 4.100 / 55. 4.100 Input #0, image2, from 'pig.jpg': Duration: 00:00:00.04, start: 0.000000, bitrate: 31845 kb/s Stream #0:0: Video: mjpeg (Baseline), yuvj420p(pc, bt470bg/unknown/unknown), 1920x1080 [SAR 1:1 DAR 16:9], 25 tbr, 25 tbn, 25 tbc Input #1, mov,mp4,m4a,3gp,3g2,mj2, from 'tooth.mp4': Metadata: major_brand : isom minor_version : 512 compatible_brands: isomiso2avc1mp41 encoder : Lavf57.83.100 Duration: 00:01:02.50, start: 0.000000, bitrate: 256 kb/s Stream #1:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p, 1920x1080 [SAR 1:1 DAR 16:9], 253 kb/s, 24 fps, 24 tbr, 12288 tbn, 48 tbc (default) Metadata: handler_name : VideoHandler [New Thread 0x7ffff3de6700 (LWP 10127)] [New Thread 0x7ffff35e5700 (LWP 10128)] [New Thread 0x7ffff2de4700 (LWP 10129)] [New Thread 0x7ffff25e3700 (LWP 10130)] [New Thread 0x7ffff1de2700 (LWP 10131)] [New Thread 0x7ffff15e1700 (LWP 10132)] [New Thread 0x7ffff0de0700 (LWP 10133)] [New Thread 0x7ffff05df700 (LWP 10134)] [New Thread 0x7fffefdde700 (LWP 10135)] Stream mapping: Stream #0:0 (mjpeg) -> overlay:overlay Stream #1:0 (h264) -> overlay:main overlay -> Stream #0:0 (wrapped_avframe) Press [q] to stop, [?] for help [New Thread 0x7fffef5dd700 (LWP 10136)] [Thread 0x7fffef5dd700 (LWP 10136) exited] [New Thread 0x7fffeeddc700 (LWP 10137)] [New Thread 0x7fffecfe6700 (LWP 10138)] [New Thread 0x7fffc7fff700 (LWP 10139)] [New Thread 0x7fffc77fe700 (LWP 10140)] [New Thread 0x7fffc6ffd700 (LWP 10141)] [New Thread 0x7fffc67fc700 (LWP 10142)] [New Thread 0x7fffc5ffb700 (LWP 10143)] [New Thread 0x7fffc57fa700 (LWP 10144)] [New Thread 0x7fffc4ff9700 (LWP 10145)] [swscaler @ 0x2c166c0] deprecated pixel format used, make sure you did set range correctly Program received signal SIGSEGV, Segmentation fault. blend_plane (nb_jobs=9, jobnr=0, yuv=1, straight=1, dst_step=1, dst_offset=<optimized out>, dst_plane=<optimized out>, main_has_alpha=0, y=-6, x=4, vsub=0, hsub=0, i=0, dst_h=1080, dst_w=1920, src_h=1080, src_w=1920, src=0x2c52b00, dst=0x2191cc0, ctx=0x21918c0) at libavfilter/vf_overlay.c:534 534 *d = FAST_DIV255(*d * (255 - alpha) + *s * alpha); (gdb) bt #0 blend_plane (nb_jobs=9, jobnr=0, yuv=1, straight=1, dst_step=1, dst_offset=<optimized out>, dst_plane=<optimized out>, main_has_alpha=0, y=-6, x=4, vsub=0, hsub=0, i=0, dst_h=1080, dst_w=1920, src_h=1080, src_w=1920, src=0x2c52b00, dst=0x2191cc0, ctx=0x21918c0) at libavfilter/vf_overlay.c:534 #1 blend_slice_yuv (nb_jobs=9, jobnr=0, is_straight=1, y=-6, x=4, main_has_alpha=0, vsub=1, hsub=1, src=0x2c52b00, dst=0x2191cc0, ctx=0x21918c0) at libavfilter/vf_overlay.c:615 #2 blend_slice_yuv420 (ctx=0x21918c0, arg=<optimized out>, jobnr=0, nb_jobs=9) at libavfilter/vf_overlay.c:662 #3 0x00000000004ddcd9 in worker_func (priv=0x28ee2c0, jobnr=0, threadnr=<optimized out>, nb_jobs=<optimized out>, nb_threads=<optimized out>) at libavfilter/pthread.c:50 #4 0x0000000001166db6 in run_jobs (ctx=0x2820040) at libavutil/slicethread.c:61 #5 avpriv_slicethread_execute (ctx=0x2820040, nb_jobs=<optimized out>, execute_main=<optimized out>) at libavutil/slicethread.c:188 #6 0x00000000004ddd22 in thread_execute (ctx=<optimized out>, func=<optimized out>, arg=<optimized out>, ret=<optimized out>, nb_jobs=<optimized out>) at libavfilter/pthread.c:72 #7 0x000000000057622c in do_blend (fs=<optimized out>) at libavfilter/vf_overlay.c:970 #8 0x00000000004db1c0 in ff_framesync_activate (fs=0x2191a28) at libavfilter/framesync.c:353 #9 0x00000000004c8c6c in ff_filter_activate (filter=0x21918c0) at libavfilter/avfilter.c:1429 #10 0x00000000004cc6cc in ff_filter_graph_run_once (graph=graph@entry=0x218f3c0) at libavfilter/avfiltergraph.c:1454 #11 0x00000000004cd73c in push_frame (graph=0x218f3c0) at libavfilter/buffersrc.c:181 #12 av_buffersrc_add_frame_internal (ctx=ctx@entry=0x2193900, frame=frame@entry=0x2192100, flags=flags@entry=4) at libavfilter/buffersrc.c:255 #13 0x00000000004cdbed in av_buffersrc_add_frame_flags (ctx=0x2193900, frame=frame@entry=0x2192100, flags=flags@entry=4) at libavfilter/buffersrc.c:164 #14 0x00000000004a2e61 in ifilter_send_frame (frame=0x2192100, ifilter=0x21534c0) at fftools/ffmpeg.c:2197 #15 send_frame_to_filters (ist=ist@entry=0x2140bc0, decoded_frame=decoded_frame@entry=0x2192100) at fftools/ffmpeg.c:2271 #16 0x00000000004a360e in decode_video (ist=ist@entry=0x2140bc0, pkt=pkt@entry=0x7fffffffd2c0, got_output=<optimized out>, duration_pts=<optimized out>, eof=<optimized out>, decode_failed=<optimized out>) at fftools/ffmpeg.c:2470 #17 0x00000000004a492b in process_input_packet (ist=0x2140bc0, pkt=0x7fffffffd6e0, no_eof=0) at fftools/ffmpeg.c:2624 #18 0x00000000004a6517 in process_input (file_index=<optimized out>) at fftools/ffmpeg.c:4514 #19 transcode_step () at fftools/ffmpeg.c:4634 #20 transcode () at fftools/ffmpeg.c:4688 #21 0x0000000000484853 in main (argc=<optimized out>, argv=0x7fffffffdcb8) at fftools/ffmpeg.c:4895 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x56bdb5 to 0x56bdf5: 0x000000000056bdb5 <blend_slice_yuv420+597>: (bad) 0x000000000056bdb6 <blend_slice_yuv420+598>: cmp 0x4c(%rsp),%edx 0x000000000056bdba <blend_slice_yuv420+602>: jge 0x56be07 <blend_slice_yuv420+679> 0x000000000056bdbc <blend_slice_yuv420+604>: mov 0x60(%rsp),%esi 0x000000000056bdc0 <blend_slice_yuv420+608>: xor %ecx,%ecx 0x000000000056bdc2 <blend_slice_yuv420+610>: sub %edx,%esi 0x000000000056bdc4 <blend_slice_yuv420+612>: add $0x1,%rsi 0x000000000056bdc8 <blend_slice_yuv420+616>: nopl 0x0(%rax,%rax,1) 0x000000000056bdd0 <blend_slice_yuv420+624>: movzbl (%r12,%rcx,1),%edi => 0x000000000056bdd5 <blend_slice_yuv420+629>: movzbl (%rbx),%edx 0x000000000056bdd8 <blend_slice_yuv420+632>: mov %r13d,%eax 0x000000000056bddb <blend_slice_yuv420+635>: sub %edi,%eax 0x000000000056bddd <blend_slice_yuv420+637>: imul %eax,%edx 0x000000000056bde0 <blend_slice_yuv420+640>: movzbl 0x0(%rbp,%rcx,1),%eax 0x000000000056bde5 <blend_slice_yuv420+645>: add $0x1,%rcx 0x000000000056bde9 <blend_slice_yuv420+649>: imul %edi,%eax 0x000000000056bdec <blend_slice_yuv420+652>: lea 0x80(%rdx,%rax,1),%edx 0x000000000056bdf3 <blend_slice_yuv420+659>: mov %edx,%eax End of assembler dump. (gdb) info register rax 0x0 0 rbx 0x7fffec4e5344 140737157944132 rcx 0x0 0 rdx 0x0 0 rsi 0x77c 1916 rdi 0xff 255 rbp 0x2c52d40 0x2c52d40 rsp 0x7fffffffccf0 0x7fffffffccf0 r8 0x0 0 r9 0x780 1920 r10 0x2f4fec0 49610432 r11 0x2c52d40 46476608 r12 0x2f4fec0 49610432 r13 0xff 255 r14 0x7fffec4e5340 140737157944128 r15 0x1 1 rip 0x56bdd5 0x56bdd5 <blend_slice_yuv420+629> eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0