Summary of the bug:
There is a Segmentation fault at libavfilter/vf_waveform.c:777
Thread 3 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff5069700 (LWP 12595)]
lowpass (s=<optimized out>, in=<optimized out>, out=0x230e940, intensity=10, column=1, mirror=1,
jobnr=<optimized out>, nb_jobs=<optimized out>, component=<optimized out>,
offset_y=<optimized out>, offset_x=<optimized out>) at libavfilter/vf_waveform.c:777
777 update(target, max, intensity);
(gdb) bt
#0 lowpass (s=<optimized out>, in=<optimized out>, out=0x230e940, intensity=10, column=1, mirror=1,
jobnr=<optimized out>, nb_jobs=<optimized out>, component=<optimized out>,
offset_y=<optimized out>, offset_x=<optimized out>) at libavfilter/vf_waveform.c:777
#1 lowpass_column_mirror (ctx=<optimized out>, arg=<optimized out>, jobnr=<optimized out>,
nb_jobs=<optimized out>) at libavfilter/vf_waveform.c:840
#2 0x0000000000468a95 in worker_func (priv=0x22b6880, jobnr=1, threadnr=<optimized out>, nb_jobs=0,
nb_threads=0) at libavfilter/pthread.c:50
#3 0x00000000013f4927 in run_jobs (ctx=<optimized out>) at libavutil/slicethread.c:61
#4 thread_worker (v=0x22bf5f0) at libavutil/slicethread.c:85
#5 0x00007ffff668e6db in start_thread (arg=0x7ffff5069700) at pthread_create.c:463
#6 0x00007ffff63b788f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) list
772 for (p = src_data + slicew_start; p < src_data_end; p++) {
773 uint8_t *target;
774 if (column) {
775 target = dst + dst_signed_linesize * *p;
776 dst += step;
777 update(target, max, intensity);
778 } else {
779 uint8_t *row = dst_data;
780 if (mirror)
781 target = row - *p - 1;
(gdb) print dst
$1 = (uint8_t *) 0x1 <error: Cannot access memory at address 0x1>
(gdb) print dst_signed_linesize
$2 = 0
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x555f47 to 0x555f87:
0x0000000000555f47 <lowpass_column_mirror+343>: lea (%r12,%rsi,1),%rsi
0x0000000000555f4b <lowpass_column_mirror+347>: lea (%r12,%r14,1),%rdi
0x0000000000555f4f <lowpass_column_mirror+351>: mov %r9,%rax
0x0000000000555f52 <lowpass_column_mirror+354>: data16 data16 data16 data16 nopw %cs:0x0(%rax,%rax,1)
0x0000000000555f60 <lowpass_column_mirror+368>: movzbl (%rdi),%edx
0x0000000000555f63 <lowpass_column_mirror+371>: imul %r8,%rdx
=> 0x0000000000555f67 <lowpass_column_mirror+375>: movzbl (%rax,%rdx,1),%ecx
0x0000000000555f6b <lowpass_column_mirror+379>: mov $0xff,%bl
0x0000000000555f6d <lowpass_column_mirror+381>: cmp %ecx,%r13d
0x0000000000555f70 <lowpass_column_mirror+384>: jl 0x555f77 <lowpass_column_mirror+391>
0x0000000000555f72 <lowpass_column_mirror+386>: add %r15b,%cl
0x0000000000555f75 <lowpass_column_mirror+389>: mov %ecx,%ebx
0x0000000000555f77 <lowpass_column_mirror+391>: mov %bl,(%rax,%rdx,1)
0x0000000000555f7a <lowpass_column_mirror+394>: add %rbp,%rax
0x0000000000555f7d <lowpass_column_mirror+397>: add $0x1,%rdi
0x0000000000555f81 <lowpass_column_mirror+401>: cmp %rsi,%rdi
0x0000000000555f84 <lowpass_column_mirror+404>: jb 0x555f60 <lowpass_column_mirror+368>
0x0000000000555f86 <lowpass_column_mirror+406>: add -0x40(%rsp),%r12
End of assembler dump.
How to reproduce:
% ffmpeg_g -y -r 101 -i $PoC -filter_complex waveform -target svcd -loglevel 99 tmp.hls
ffmpeg version N-95314-g1331e00179 Copyright (c) 2000-2019 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
poc