Opened 5 years ago

Closed 4 years ago

#8135 closed defect (fixed)

ffprobe of mpd aborts with "pointer being freed was not allocated" in parse_programinformation()

Reported by: npryan Owned by:
Priority: important Component: avformat
Version: git-master Keywords: dash crash abort
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:

ffprobe aborts when parsing an MPEG DASH manifest file.

How to reproduce:

% ffprobe -I master.mpd

using the attached master.mpd.

ffprobe version is N-94895-g9e8ca329ed

Attachments (1)

master.mpd (74.8 KB ) - added by npryan 5 years ago.
MPEG DASH manifest causing ffprobe to abort

Download all attachments as: .zip

Change History (7)

by npryan, 5 years ago

Attachment: master.mpd added

MPEG DASH manifest causing ffprobe to abort

comment:2 by Carl Eugen Hoyos, 5 years ago

Keywords: abort added
Priority: normalimportant
Reproduced by developer: set
Status: newopen

For future tickets: Please always test ffmpeg (unless it does not allow to reproduce an issue) instead of ffplay or ffprobe and please provide the command line you tested together with the complete, uncut console output to make your tickets valid.

$ valgrind ffmpeg_g -i master.mpd 
==5400== Memcheck, a memory error detector
==5400== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==5400== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==5400== Command: /mnt/sdb6/cehoyos/android/linux64/ffmpeg_g -i master.mpd
==5400== 
ffmpeg version N-94842-ge26fb6a714 Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 8.0.1 (tags/RELEASE_801/final 366581)
  configuration: --cc=clang --enable-gpl --enable-gnutls --enable-libxml2 --enable-libx264 --enable-libx265 --enable-libvpx --enable-libaom
  libavutil      56. 35.100 / 56. 35.100
  libavcodec     58. 56.101 / 58. 56.101
  libavformat    58. 32.104 / 58. 32.104
  libavdevice    58.  9.100 / 58.  9.100
  libavfilter     7. 58.102 /  7. 58.102
  libswscale      5.  6.100 /  5.  6.100
  libswresample   3.  6.100 /  3.  6.100
  libpostproc    55.  6.100 / 55.  6.100
==5400== Invalid free() / delete / delete[] / realloc()
==5400==    at 0x48379AB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5400==    by 0x676276: parse_programinformation (dashdec.c:1197)
==5400==    by 0x676276: parse_manifest (dashdec.c:1352)
==5400==    by 0x674D80: dash_read_header (dashdec.c:2047)
==5400==    by 0x779FEE: avformat_open_input (utils.c:631)
==5400==    by 0x40BA74: open_input_file (ffmpeg_opt.c:1104)
==5400==    by 0x40B28F: open_files (ffmpeg_opt.c:3275)
==5400==    by 0x40B0A9: ffmpeg_parse_options (ffmpeg_opt.c:3315)
==5400==    by 0x41DDC9: main (ffmpeg.c:4872)
==5400==  Address 0x7461b30 is 0 bytes inside a block of size 66 free'd
==5400==    at 0x48379AB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5400==    by 0x676276: parse_programinformation (dashdec.c:1197)
==5400==    by 0x676276: parse_manifest (dashdec.c:1352)
==5400==    by 0x674D80: dash_read_header (dashdec.c:2047)
==5400==    by 0x779FEE: avformat_open_input (utils.c:631)
==5400==    by 0x40BA74: open_input_file (ffmpeg_opt.c:1104)
==5400==    by 0x40B28F: open_files (ffmpeg_opt.c:3275)
==5400==    by 0x40B0A9: ffmpeg_parse_options (ffmpeg_opt.c:3315)
==5400==    by 0x41DDC9: main (ffmpeg.c:4872)
==5400==  Block was alloc'd at
==5400==    at 0x483677F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5400==    by 0x4D007B3: xmlBufCreateSize (in /usr/lib64/libxml2.so.2.9.9)
==5400==    by 0x4D516E9: xmlNodeGetContent (in /usr/lib64/libxml2.so.2.9.9)
==5400==    by 0x676217: parse_programinformation (dashdec.c:1181)
==5400==    by 0x676217: parse_manifest (dashdec.c:1352)
==5400==    by 0x674D80: dash_read_header (dashdec.c:2047)
==5400==    by 0x779FEE: avformat_open_input (utils.c:631)
==5400==    by 0x40BA74: open_input_file (ffmpeg_opt.c:1104)
==5400==    by 0x40B28F: open_files (ffmpeg_opt.c:3275)
==5400==    by 0x40B0A9: ffmpeg_parse_options (ffmpeg_opt.c:3315)
==5400==    by 0x41DDC9: main (ffmpeg.c:4872)

Invalid reads and leaks are also reported for this input file.

comment:3 by vectronic, 5 years ago

Thanks for the above info on how to improve bug reports, will do from now on.

Improved patch:

https://patchwork.ffmpeg.org/patch/15063/

comment:4 by vectronic, 5 years ago

The issue manifests as:

ffmpeg version N-94942-g0623d41adf Copyright (c) 2000-2019 the FFmpeg developers
  built with Apple LLVM version 10.0.1 (clang-1001.0.46.4)
  configuration: --enable-version3 --enable-gpl --disable-postproc --enable-nonfree --disable-avdevice --disable-encoders --disable-muxers --enable-libxml2 --disable-doc --disable-stripping --disable-filters --disable-decoders --disable-demuxers --disable-protocols --disable-parsers --disable-bsfs --enable-debug=3 --disable-optimizations --enable-protocol=http --enable-protocol=https --enable-protocol=file --enable-demuxer=dash --enable-demuxer=hls --enable-demuxer=mov --enable-demuxer=mxf --enable-decoder=h264 --enable-decoder=aac --enable-parser=aac --enable-parser=h264 --enable-filter=setpts --enable-filter=select --enable-filter=scale --enable-muxer=image2 --enable-encoder=png
  libavutil      56. 35.100 / 56. 35.100
  libavcodec     58. 56.102 / 58. 56.102
  libavformat    58. 32.104 / 58. 32.104
  libavfilter     7. 58.102 /  7. 58.102
  libswscale      5.  6.100 /  5.  6.100
  libswresample   3.  6.100 /  3.  6.100
ffmpeg(9390,0x10cf245c0) malloc: *** error for object 0x7fbb06529620: pointer being freed was not allocated
ffmpeg(9390,0x10cf245c0) malloc: *** set a breakpoint in malloc_error_break to debug
Abort trap: 6

There is a secondary issue with this sample MPD after the above malloc issue is resolved, a segmentation fault occurs.

ffmpeg version N-94942-g0623d41adf Copyright (c) 2000-2019 the FFmpeg developers
  built with Apple LLVM version 10.0.1 (clang-1001.0.46.4)
  configuration: --enable-version3 --enable-gpl --disable-postproc --enable-nonfree --disable-avdevice --disable-encoders --disable-muxers --enable-libxml2 --disable-doc --disable-stripping --disable-filters --disable-decoders --disable-demuxers --disable-protocols --disable-parsers --disable-bsfs --enable-debug=3 --disable-optimizations --enable-protocol=http --enable-protocol=https --enable-protocol=file --enable-demuxer=dash --enable-demuxer=hls --enable-demuxer=mov --enable-demuxer=mxf --enable-decoder=h264 --enable-decoder=aac --enable-parser=aac --enable-parser=h264 --enable-filter=setpts --enable-filter=select --enable-filter=scale --enable-muxer=image2 --enable-encoder=png
  libavutil      56. 35.100 / 56. 35.100
  libavcodec     58. 56.102 / 58. 56.102
  libavformat    58. 32.104 / 58. 32.104
  libavfilter     7. 58.102 /  7. 58.102
  libswscale      5.  6.100 /  5.  6.100
  libswresample   3.  6.100 /  3.  6.100
Segmentation fault: 11

Updated patches for both issues will be submitted.

With these changes applied the following results are achieved:

ffmpeg version N-94942-g0623d41adf Copyright (c) 2000-2019 the FFmpeg developers
  built with Apple LLVM version 10.0.1 (clang-1001.0.46.4)
  configuration: --enable-version3 --enable-gpl --disable-postproc --enable-nonfree --disable-avdevice --disable-encoders --disable-muxers --enable-libxml2 --disable-doc --disable-stripping --disable-filters --disable-decoders --disable-demuxers --disable-protocols --disable-parsers --disable-bsfs --enable-debug=3 --disable-optimizations --enable-protocol=http --enable-protocol=https --enable-protocol=file --enable-demuxer=dash --enable-demuxer=hls --enable-demuxer=mov --enable-demuxer=mxf --enable-decoder=h264 --enable-decoder=aac --enable-parser=aac --enable-parser=h264 --enable-filter=setpts --enable-filter=select --enable-filter=scale --enable-muxer=image2 --enable-encoder=png
  libavutil      56. 35.100 / 56. 35.100
  libavcodec     58. 56.102 / 58. 56.102
  libavformat    58. 32.104 / 58. 32.104
  libavfilter     7. 58.102 /  7. 58.102
  libswscale      5.  6.100 /  5.  6.100
  libswresample   3.  6.100 /  3.  6.100
Invalid return value 0 for stream protocol
    Last message repeated 1 times
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7fe077000000] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Invalid return value 0 for stream protocol
    Last message repeated 9 times
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7fe078007600] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[dash @ 0x7fe078000e00] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, dash, from '/Users/nick/media/dash/5/master.mpd':
  Metadata:
    Title           : Generated by EVS
  Duration: 00:11:24.00, bitrate: 0 kb/s
  Program 0 
    Stream #0:0: Video: h264 (avc1 / 0x31637661), none, 720x576, 2500 tbr, 2500 tbn, 5k tbc
    Metadata:
      variant_bitrate : 2499584
      id              : 1
    Stream #0:1: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 2
    Stream #0:2: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 3
    Stream #0:3: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 4
    Stream #0:4: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 5
At least one output file must be specified

and

./ffmpeg_g -i /Users/nick/media/dash/5/master.mpd 
==23624== Memcheck, a memory error detector
==23624== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==23624== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
==23624== Command: ./ffmpeg_g -i /Users/nick/media/dash/5/master.mpd
==23624== 
--23624-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option
--23624-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 2 times)
--23624-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 4 times)
ffmpeg version N-94942-g0623d41adf Copyright (c) 2000-2019 the FFmpeg developers
  built with Apple LLVM version 10.0.1 (clang-1001.0.46.4)
  configuration: --enable-version3 --enable-gpl --disable-postproc --enable-nonfree --disable-avdevice --disable-encoders --disable-muxers --enable-libxml2 --disable-doc --disable-stripping --disable-filters --disable-decoders --disable-demuxers --disable-protocols --disable-parsers --disable-bsfs --enable-debug=3 --disable-optimizations --enable-protocol=http --enable-protocol=https --enable-protocol=file --enable-demuxer=dash --enable-demuxer=hls --enable-demuxer=mov --enable-demuxer=mxf --enable-decoder=h264 --enable-decoder=aac --enable-parser=aac --enable-parser=h264 --enable-filter=setpts --enable-filter=select --enable-filter=scale --enable-muxer=image2 --enable-encoder=png
  libavutil      56. 35.100 / 56. 35.100
  libavcodec     58. 56.102 / 58. 56.102
  libavformat    58. 32.104 / 58. 32.104
  libavfilter     7. 58.102 /  7. 58.102
  libswscale      5.  6.100 /  5.  6.100
  libswresample   3.  6.100 /  3.  6.100
Invalid return value 0 for stream protocol
    Last message repeated 1 times
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x10bcda080] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Invalid return value 0 for stream protocol
    Last message repeated 9 times
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x10c10cd00] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[dash @ 0x10b7df8c0] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 720x576): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, dash, from '/Users/nick/media/dash/5/master.mpd':
  Metadata:
    Title           : Generated by EVS
  Duration: 00:11:24.00, bitrate: 0 kb/s
  Program 0 
    Stream #0:0: Video: h264 (avc1 / 0x31637661), none, 720x576, 2500 tbr, 2500 tbn, 5k tbc
    Metadata:
      variant_bitrate : 2499584
      id              : 1
    Stream #0:1: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 2
    Stream #0:2: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 3
    Stream #0:3: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 4
    Stream #0:4: Audio: aac (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : 5
At least one output file must be specified
==23624== 
==23624== HEAP SUMMARY:
==23624==     in use at exit: 749,201 bytes in 765 blocks
==23624==   total heap usage: 25,059 allocs, 24,294 frees, 8,788,348 bytes allocated
==23624== 
==23624== LEAK SUMMARY:
==23624==    definitely lost: 55 bytes in 12 blocks
==23624==    indirectly lost: 0 bytes in 0 blocks
==23624==      possibly lost: 680,824 bytes in 179 blocks
==23624==    still reachable: 68,322 bytes in 574 blocks
==23624==         suppressed: 0 bytes in 0 blocks
==23624== Rerun with --leak-check=full to see details of leaked memory
==23624== 
==23624== For lists of detected and suppressed errors, rerun with: -s
==23624== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1589 from 11)
Last edited 5 years ago by vectronic (previous) (diff)

comment:6 by Carl Eugen Hoyos, 4 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.