Opened 4 years ago
Closed 4 years ago
#8299 closed defect (fixed)
Segmentation fault in av_frame_ref at libavutil/frame.c:450
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | important | Component: | undetermined |
Version: | git-master | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There is a Segmentation fault in av_frame_ref at libavutil/frame.c:450
How to reproduce:
% ffmpeg_g -y -i $PoC -filter_complex dedot -target dv50 -loglevel 0 -map 0 tmp.rpl ffmpeg version N-95425-g1e35519fe0 Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
Here's GDB log
libavutil/frame.c:450:32: runtime error: member access within null pointer of type 'const AVFrame' (aka 'const struct AVFrame') Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault. 0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at libavutil/frame.c:450 450 dst->format = src->format; (gdb) bt #0 0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at libavutil/frame.c:450 #1 0x0000000005908fc0 in av_frame_clone (src=0x0) at libavutil/frame.c:547 #2 0x00000000008f31aa in activate (ctx=0x93edd80) at libavfilter/vf_dedot.c:288 #3 0x00000000005ce2ec in ff_filter_activate (filter=<optimized out>) at libavfilter/avfilter.c:1442 #4 0x00000000005eecd3 in get_frame_internal (ctx=0x93ee780, frame=<optimized out>, flags=1, samples=<optimized out>) at libavfilter/buffersink.c:110 #5 0x00000000005e254b in avfilter_graph_request_oldest (graph=0x93e8a80) at libavfilter/avfiltergraph.c:1409 #6 0x000000000048c3a2 in transcode_from_filter (graph=0x93ae700, best_ist=<optimized out>) at fftools/ffmpeg.c:4531 #7 transcode_step () at fftools/ffmpeg.c:4606 #8 transcode () at fftools/ffmpeg.c:4682 #9 0x0000000000487da4 in main (argc=13, argv=<optimized out>) at fftools/ffmpeg.c:4884 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x5903ab8 to 0x5903af8: 0x0000000005903ab8 <av_frame_ref+24>: xchg %eax,%ebp 0x0000000005903ab9 <av_frame_ref+25>: rolb $0xc7,-0xa(%rcx) 0x0000000005903abd <av_frame_ref+29>: (bad) 0x0000000005903abe <av_frame_ref+30>: sete %r12b 0x0000000005903ac2 <av_frame_ref+34>: and %al,%r12b 0x0000000005903ac5 <av_frame_ref+37>: je 0x5903e72 <av_frame_ref+978> 0x0000000005903acb <av_frame_ref+43>: lea 0x74(%r15),%rbx 0x0000000005903acf <av_frame_ref+47>: test $0x3,%bl 0x0000000005903ad2 <av_frame_ref+50>: jne 0x5903e8c <av_frame_ref+1004> => 0x0000000005903ad8 <av_frame_ref+56>: mov (%rbx),%ebp 0x0000000005903ada <av_frame_ref+58>: test %r14,%r14 0x0000000005903add <av_frame_ref+61>: setne %al 0x0000000005903ae0 <av_frame_ref+64>: test $0x7,%r14b 0x0000000005903ae4 <av_frame_ref+68>: sete %cl 0x0000000005903ae7 <av_frame_ref+71>: and %al,%cl 0x0000000005903ae9 <av_frame_ref+73>: mov %cl,0x6(%rsp) 0x0000000005903aed <av_frame_ref+77>: je 0x5903e9e <av_frame_ref+1022> 0x0000000005903af3 <av_frame_ref+83>: lea 0x74(%r14),%rbx 0x0000000005903af7 <av_frame_ref+87>: test $0x3,%bl End of assembler dump.
Please confirm.
Thanks
Attachments (1)
Change History (2)
by , 4 years ago
Attachment: | PoC_frame_450 added |
---|
comment:1 by , 4 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
poc