Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#8235 closed defect (fixed)

Segmentation fault in request_frame at libavfilter/vf_random.c:102

Reported by: Suhwan Owned by:
Priority: important Component: avfilter
Version: git-master Keywords: random crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is a Segmentation fault in request_frame at libavfilter/vf_random.c:102

Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
0x00000000005256dd in request_frame (outlink=0x22cec40) at libavfilter/vf_random.c:102
102	        out->pts = s->pts[s->flush_idx++];
(gdb) bt
#0  0x00000000005256dd in request_frame (outlink=0x22cec40) at libavfilter/vf_random.c:102
#1  0x0000000000452f92 in ff_request_frame_to_filter (link=0x22cec40) at libavfilter/avfilter.c:458
#2  0x0000000000451e55 in forward_status_change (filter=<optimized out>, in=<optimized out>)
    at libavfilter/avfilter.c:1243
#3  ff_filter_activate_default (filter=<optimized out>) at libavfilter/avfilter.c:1274
#4  ff_filter_activate (filter=0x22cad40) at libavfilter/avfilter.c:1430
#5  0x0000000000457755 in push_frame (graph=0x22b5000) at libavfilter/buffersrc.c:187
#6  av_buffersrc_close (ctx=<optimized out>, pts=<optimized out>, flags=4) at libavfilter/buffersrc.c:275
#7  0x000000000041f8a7 in ifilter_send_eof (ifilter=0x0, pts=<optimized out>) at fftools/ffmpeg.c:2213
#8  send_filter_eof (ist=<optimized out>) at fftools/ffmpeg.c:2562
#9  process_input_packet (ist=<optimized out>, pkt=<optimized out>, no_eof=<optimized out>) at fftools/ffmpeg.c:2701
#10 0x000000000041c465 in process_input (file_index=<optimized out>) at fftools/ffmpeg.c:4313
#11 transcode_step () at fftools/ffmpeg.c:4638
#12 transcode () at fftools/ffmpeg.c:4692
#13 0x0000000000419377 in main (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg.c:4894
(gdb) list
97	
98	    ret = ff_request_frame(ctx->inputs[0]);
99	
100	    if (ret == AVERROR_EOF && !ctx->is_disabled && s->nb_frames > 0) {
101	        AVFrame *out = s->frames[s->nb_frames - 1];
102	        out->pts = s->pts[s->flush_idx++];
103	        ret = ff_filter_frame(outlink, out);
104	        s->frames[s->nb_frames - 1] = NULL;
105	        s->nb_frames--;
106	    }
(gdb) print out
$1 = (AVFrame *) 0x0

How to reproduce:

% ffmpeg_g -y -i $PoC -filter_complex random -target svcd -loglevel 99 -map 0 -vbsf dump_extra -disposition:s:9 jpeg2000 -disposition:v:213 msvideo1 -ab 710k tmp.dfa

ffmpeg version N-95291-g5345965b3f Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug

Attachments (2)

gdb-vf_random102 (26.3 KB ) - added by Suhwan 5 years ago.
PoC_vf_random_102.xwd (497 bytes ) - added by Suhwan 5 years ago.
poc

Download all attachments as: .zip

Change History (5)

by Suhwan, 5 years ago

Attachment: gdb-vf_random102 added

by Suhwan, 5 years ago

Attachment: PoC_vf_random_102.xwd added

poc

comment:1 by Elon Musk, 5 years ago

Resolution: fixed
Status: newclosed

comment:2 by James, 5 years ago

Component: undeterminedavfilter

Fixed in b67af536be1021f4babdffc548a14b4a68aadcb7

comment:3 by Carl Eugen Hoyos, 5 years ago

Keywords: random crash SIGSEGV added
Priority: normalimportant
Note: See TracTickets for help on using tickets.