Opened 4 years ago
Closed 3 years ago
#8251 closed defect (fixed)
Segmentation fault in sws_scale at libswscale/swscale.c:850
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avfilter |
Version: | git-master | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There is a Segmentation fault in sws_scale at libswscale/swscale.c:850
Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault. 0x00000000013030bd in sws_scale (c=0x22d09c0, srcSlice=0x7fffffffc5e0, srcStride=0x7fffffffc5b0, srcSliceY=0, srcSliceH=<optimized out>, dst=0x7fffffffc5c0, dstStride=0x7fffffffc5a0) at libswscale/swscale.c:850 850 uint32_t p = ((const uint32_t *)(srcSlice[1]))[i]; (gdb) bt #0 0x00000000013030bd in sws_scale (c=0x22d09c0, srcSlice=0x7fffffffc5e0, srcStride=0x7fffffffc5b0, srcSliceY=0, srcSliceH=<optimized out>, dst=0x7fffffffc5c0, dstStride=0x7fffffffc5a0) at libswscale/swscale.c:850 #1 0x000000000052e350 in scale_slice (link=<optimized out>, out_buf=<optimized out>, cur_pic=<optimized out>, sws=<optimized out>, y=<optimized out>, h=<optimized out>, mul=<optimized out>, field=<optimized out>) at libavfilter/vf_scale.c:411 #2 scale_frame (link=<optimized out>, in=<optimized out>, frame_out=<optimized out>) at libavfilter/vf_scale.c:535 #3 filter_frame (link=0x22cca40, in=<optimized out>) at libavfilter/vf_scale.c:549 #4 0x00000000004520a5 in ff_filter_frame_framed (link=<optimized out>, frame=<optimized out>) at libavfilter/avfilter.c:1071 #5 ff_filter_frame_to_filter (link=<optimized out>) at libavfilter/avfilter.c:1219 #6 ff_filter_activate_default (filter=<optimized out>) at libavfilter/avfilter.c:1268 #7 ff_filter_activate (filter=<optimized out>) at libavfilter/avfilter.c:1430 #8 0x00000000004576ca in push_frame (graph=0x22b3700) at libavfilter/buffersrc.c:187 #9 av_buffersrc_add_frame_internal (ctx=0x22cae00, frame=<optimized out>, flags=4) at libavfilter/buffersrc.c:261 #10 0x00000000004571e8 in av_buffersrc_add_frame_flags (ctx=0x22cae00, frame=0x22c5440, flags=4) at libavfilter/buffersrc.c:170 #11 0x0000000000425fd8 in ifilter_send_frame (ifilter=<optimized out>, frame=<optimized out>) at fftools/ffmpeg.c:2196 #12 send_frame_to_filters (ist=<optimized out>, decoded_frame=<optimized out>) at fftools/ffmpeg.c:2270 #13 0x0000000000420f69 in decode_video (ist=<optimized out>, pkt=<optimized out>, got_output=<optimized out>, duration_pts=<optimized out>, eof=<optimized out>, decode_failed=<optimized out>) at fftools/ffmpeg.c:2469 #14 process_input_packet (ist=<optimized out>, pkt=<optimized out>, no_eof=<optimized out>) at fftools/ffmpeg.c:2623 #15 0x000000000041d40f in process_input (file_index=<optimized out>) at fftools/ffmpeg.c:4518 #16 transcode_step () at fftools/ffmpeg.c:4638 #17 transcode () at fftools/ffmpeg.c:4692 #18 0x0000000000419377 in main (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg.c:4894 (gdb) list 845 846 if (usePal(c->srcFormat)) { 847 for (i = 0; i < 256; i++) { 848 int r, g, b, y, u, v, a = 0xff; 849 if (c->srcFormat == AV_PIX_FMT_PAL8) { 850 uint32_t p = ((const uint32_t *)(srcSlice[1]))[i]; 851 a = (p >> 24) & 0xFF; 852 r = (p >> 16) & 0xFF; 853 g = (p >> 8) & 0xFF; 854 b = p & 0xFF; (gdb) print srcSlice[1] $1 = (const uint8_t * const) 0x0 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x130309d to 0x13030dd: 0x000000000130309d <sws_scale+925>: jmpq *0x17908f0(,%r9,8) 0x00000000013030a5 <sws_scale+933>: mov $0xff,%r10d 0x00000000013030ab <sws_scale+939>: mov %r11d,%esi 0x00000000013030ae <sws_scale+942>: mov %r11d,%ebp 0x00000000013030b1 <sws_scale+945>: mov %r11d,%ebx 0x00000000013030b4 <sws_scale+948>: jmpq 0x1303175 <sws_scale+1141> 0x00000000013030b9 <sws_scale+953>: mov 0x8(%r14),%rax => 0x00000000013030bd <sws_scale+957>: mov (%rax,%r11,4),%eax 0x00000000013030c1 <sws_scale+961>: mov %eax,%ecx 0x00000000013030c3 <sws_scale+963>: movzbl %ah,%ebp 0x00000000013030c6 <sws_scale+966>: movzbl %al,%esi 0x00000000013030c9 <sws_scale+969>: mov %eax,%r10d 0x00000000013030cc <sws_scale+972>: shr $0x18,%r10d 0x00000000013030d0 <sws_scale+976>: shr $0x10,%ecx 0x00000000013030d3 <sws_scale+979>: movzbl %cl,%ebx 0x00000000013030d6 <sws_scale+982>: jmpq 0x1303175 <sws_scale+1141> 0x00000000013030db <sws_scale+987>: mov %r11d,%eax End of assembler dump.
How to reproduce:
% ffmpeg_g -y -i $PoC -filter_complex shuffleplanes -target dvd -loglevel 99 tmp.mpegts ffmpeg version N-95314-g1331e00179 Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
Attachments (2)
Change History (3)
by , 4 years ago
Attachment: | gdb-sws_scale_850 added |
---|
by , 4 years ago
Attachment: | PoC_swscale_850.art added |
---|
comment:1 by , 3 years ago
Component: | undetermined → avfilter |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Fixed in 0528adbd85d6bf6733bab4be34e70544519f11dd.
Note:
See TracTickets
for help on using tickets.
poc