[FFmpeg-devel] [PATCH] Added an Adobe HTTP Dynamic Streaming (HDS) demuxer

Ed Torbett ed.torbett at simulation-systems.co.uk
Mon Jan 27 13:53:00 CET 2014

I'm also getting a segmentation fault with a recorded stream. This is probably because the manifest xml is 181KB (I have no idea why) but I figure that we should be able to (at the very least) abort without segfaulting, even if we can't parse it and decode (though that would be preferable for me).

I've attached the manifest file that causes the problem and a full gdb stacktrace below. As this is reproducible with ffprobe, so I've run it with that for simplicity's sake.


[root at iow-cat-nvr1 ffmpeg]# gdb ./ffprobe_g
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
Reading symbols from /root/ffmpeg/ffmpeg_sources/ffmpeg/ffprobe_g...done.
(gdb) r '\20140126-00001.00103.stream.mp4/manifest.f4m'
Starting program: /root/ffmpeg/ffmpeg_sources/ffmpeg/ffprobe_g '\20140126-00001.00103.stream.mp4/manifest.f4m'
[Thread debugging using libthread_db enabled]
ffprobe version N-42478-g6369766 Copyright (c) 2007-2014 the FFmpeg developers
  built on Jan 27 2014 12:06:12 with gcc 4.4.7 (GCC) 20120313 (Red Hat 4.4.7-4)
  configuration: --prefix=/root/ffmpeg/ffmpeg_build --extra-cflags='-I/root/ffmpeg/ffmpeg_build/include -static' --extra-ldflags='-L/root/ffmpeg/ffmpeg_build/lib -static' --bindir=/root/ffmpeg/ffmpeg_build/bin --extra-libs='-ldl -lfreetype -lpng16 -lz -lbz2 -lm -lxml2 -lSDL' --enable-gpl --enable-nonfree --enable-libx264 --enable-libfreetype --disable-shared --enable-static
  libavutil      52. 63.100 / 52. 63.100
  libavcodec     55. 49.100 / 55. 49.100
  libavformat    55. 27.100 / 55. 27.100
  libavdevice    55.  5.102 / 55.  5.102
  libavfilter     4.  1.101 /  4.  1.101
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100

Program received signal SIGSEGV, Segmentation fault.
0x0000000001090055 in malloc_consolidate ()
(gdb) where
#0  0x0000000001090055 in malloc_consolidate ()
#1  0x000000000109353b in _int_malloc ()
#2  0x0000000001094a8f in _int_memalign ()
#3  0x000000000109517a in memalign ()
#4  0x0000000001095396 in posix_memalign ()
#5  0x0000000000d7789a in av_malloc (size=24) at libavutil/mem.c:94
#6  av_mallocz (size=24) at libavutil/mem.c:244
#7  0x00000000005f19eb in f4fbox_parse_afrt (in=0x1e4bde0, data_size=<value optimized out>, opague=<value optimized out>) at libavformat/f4fbox.c:104
#8  0x00000000005f1bee in f4fbox_parse_single_box (in=0x1e4bde0, opague=0x1e5ec00) at libavformat/f4fbox.c:224
#9  0x00000000005f1e84 in f4fbox_parse_abst (in=0x1e4bde0, data_size=<value optimized out>, opague=0x1e5ec00) at libavformat/f4fbox.c:171
#10 0x00000000005f1b96 in f4fbox_parse_single_box (in=0x1e4bde0, opague=0x1e5ec00) at libavformat/f4fbox.c:218
#11 0x00000000005f1c54 in f4fbox_parse (buffer=<value optimized out>, buffer_size=138334, box=0x1e5ec00) at libavformat/f4fbox.c:249
#12 ff_parse_f4f_box (buffer=<value optimized out>, buffer_size=138334, box=0x1e5ec00) at libavformat/f4fbox.c:268
#13 0x0000000000526213 in create_bootstrap_info (s=0x1e47a20) at libavformat/hdsdec.c:184
#14 initialize_context (s=0x1e47a20) at libavformat/hdsdec.c:308
#15 hds_read_header (s=0x1e47a20) at libavformat/hdsdec.c:369
#16 0x00000000005dd925 in avformat_open_input (ps=0x7fffffffdf78, filename=<value optimized out>, fmt=<value optimized out>, options=0x1d0ade8)
    at libavformat/utils.c:567
#17 0x00000000004655b3 in open_input_file (wctx=0x1e450a0,
    filename=0x7fffffffe799 "\\20140126-00001.00103.stream.mp4/manifest.f4m") at ffprobe.c:2285
#18 probe_file (wctx=0x1e450a0,
    filename=0x7fffffffe799 "\\20140126-00001.00103.stream.mp4/manifest.f4m") at ffprobe.c:2363
#19 0x0000000000466705 in main (argc=<value optimized out>, argv=<value optimized out>) at ffprobe.c:2968
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x1090035 to 0x1090075:
   0x0000000001090035 <malloc_consolidate+213>: or     %cl,-0x7b(%rbp)
   0x0000000001090038 <malloc_consolidate+216>: decl   -0x5(%rcx,%rcx,4)
   0x000000000109003c <malloc_consolidate+220>: je     0x10900c8 <malloc_consolidate+360>
   0x0000000001090042 <malloc_consolidate+226>: mov    0x8(%rbx),%rax
   0x0000000001090046 <malloc_consolidate+230>: mov    0x10(%rbx),%r15
   0x000000000109004a <malloc_consolidate+234>: mov    %rax,%rbp
   0x000000000109004d <malloc_consolidate+237>: and    $0xfffffffffffffffa,%rbp
   0x0000000001090051 <malloc_consolidate+241>: lea    (%rbx,%rbp,1),%r12
=> 0x0000000001090055 <malloc_consolidate+245>: mov    0x8(%r12),%r13
   0x000000000109005a <malloc_consolidate+250>: and    $0xfffffffffffffff8,%r13
   0x000000000109005e <malloc_consolidate+254>: test   $0x1,%al
   0x0000000001090060 <malloc_consolidate+256>: jne    0x10900a6 <malloc_consolidate+326>
   0x0000000001090062 <malloc_consolidate+258>: mov    (%rbx),%rax
   0x0000000001090065 <malloc_consolidate+261>: sub    %rax,%rbx
   0x0000000001090068 <malloc_consolidate+264>: add    %rax,%rbp
   0x000000000109006b <malloc_consolidate+267>: mov    0x10(%rbx),%rax
   0x000000000109006f <malloc_consolidate+271>: mov    0x18(%rbx),%rdx
   0x0000000001090073 <malloc_consolidate+275>: cmp    0x18(%rax),%rbx
End of assembler dump. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: manifest.f4m
Type: application/octet-stream
Size: 185584 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140127/01ce475d/attachment.obj>

More information about the ffmpeg-devel mailing list