[FFmpeg-devel] [PATCH 2/2] avcodec/v4l2: fix segmentation fault on codec exit

Jorge Ramirez-Ortiz jorge.ramirez-ortiz at linaro.org
Sat Oct 7 00:45:52 EEST 2017 

On 10/06/2017 11:38 PM, Jorge Ramirez-Ortiz wrote:
> On 10/06/2017 10:01 PM, Mark Thompson wrote:
>> On 06/10/17 20:53, Mark Thompson wrote:
>>> On 06/10/17 08:52, Jorge Ramirez-Ortiz wrote:
>>>> It occurs when the codec is closed while buffer references still
>>>> exist. This is a regression from the original patchset where support
>>>> for this use-case was implemented.
>>>>
>>>> The regression occurred while cleaning the code for the last patchset
>>>> (decoding was tested only with ffplay which disposes of the buffer
>>>> straightaway hence the feature went in broken/untested)
>>>> ---
>>>>   libavcodec/v4l2_m2m.c | 6 ++++--
>>>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/libavcodec/v4l2_m2m.c b/libavcodec/v4l2_m2m.c
>>>> index bd96a6d..5e85bcb 100644
>>>> --- a/libavcodec/v4l2_m2m.c
>>>> +++ b/libavcodec/v4l2_m2m.c
>>>> @@ -331,8 +331,10 @@ int ff_v4l2_m2m_codec_end(AVCodecContext *avctx)
>>>>         ff_v4l2_context_release(&s->output);
>>>>   -    if (atomic_load(&s->refcount))
>>>> -        av_log(avctx, AV_LOG_ERROR, "ff_v4l2m2m_codec_end leaving pending 
>>>> buffers\n");
>>>> +    if (atomic_load(&s->refcount)) {
>>>> +        av_log(avctx, AV_LOG_DEBUG, "ff_v4l2m2m_codec_end leaving pending 
>>>> buffers\n");
>>>> +        return 0;
>>>> +    }
>>>>         ff_v4l2_context_release(&s->capture);
>>>>       sem_destroy(&s->refsync);
>>>>
>>> Trying to test this, I segfault when decoding finishes with this patch 
>>> applied (exynos s5p-mfc):
>>>
>>> (gdb) r
>>> Starting program: /home/mrt/ffmpeg/v4l2/build/ffmpeg_g -threads 1 -v 55 -y 
>>> -c:v h264_v4l2m2m -i /home/mrt/bbb_1080_264.mp4 -an -frames:v 100 -f null -
>>> ...
>>> Output file #0 (pipe:):
>>>    Output stream #0:0 (video): 100 frames encoded; 100 packets muxed (40000 
>>> bytes);
>>>    Total: 100 packets (40000 bytes) muxed
>>> [h264_v4l2m2m @ 0x1403720] ff_v4l2m2m_codec_end leaving pending buffers
>>> 100 frames successfully decoded, 0 decoding errors
>>> ...
>>> Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
>>> ff_v4l2_context_set_status (ctx=ctx at entry=0x10fc, cmd=1074026003) at 
>>> src/libavcodec/v4l2_context.c:489
>>> 489         int type = ctx->type;
>>> (gdb) bt
>>> #0  ff_v4l2_context_set_status (ctx=ctx at entry=0x10fc, cmd=1074026003) at 
>>> src/libavcodec/v4l2_context.c:489
>>> #1  0x00798c24 in ff_v4l2_m2m_codec_end (avctx=0x1403720) at 
>>> src/libavcodec/v4l2_m2m.c:319
>>> #2  0x00835aba in buffer_replace (src=0x0, dst=<optimized out>) at 
>>> src/libavutil/buffer.c:120
>>> #3  av_buffer_unref (buf=buf at entry=0x14d8b2c) at src/libavutil/buffer.c:130
>>> #4  0x008417ac in av_frame_unref (frame=frame at entry=0x14d8a30) at 
>>> src/libavutil/frame.c:515
>>> #5  0x00841d58 in av_frame_unref (frame=<optimized out>) at 
>>> src/libavutil/frame.c:147
>>> #6  av_frame_free (frame=frame at entry=0x1403d9c) at src/libavutil/frame.c:168
>>> #7  0x00082bce in ffmpeg_cleanup (ret=0) at src/fftools/ffmpeg.c:541
>>> #8  0x00079c42 in exit_program (ret=0) at src/fftools/cmdutils.c:138
>>> #9  0x0006efba in main (argc=<optimized out>, argv=<optimized out>) at 
>>> src/fftools/ffmpeg.c:4793
>>> (gdb) p ctx
>>> $1 = (V4L2Context *) 0x10fc
>>> (gdb) f 1
>>> #1  0x00798c24 in ff_v4l2_m2m_codec_end (avctx=0x1403720) at 
>>> src/libavcodec/v4l2_m2m.c:319
>>> 319         ret = ff_v4l2_context_set_status(&s->output, VIDIOC_STREAMOFF);
>>> (gdb) p s
>>> $2 = (V4L2m2mContext *) 0x0
>>> (gdb)
>>>
>> To clarify, it segfaults in the same way without the patch as well.
>
> vow, very strange.
>
> would you mind doing a clean build with the patch applied?
> I am asking because that test works fine on my db410c and 820 (and hardware 
> shouldnt make a difference in this test)
>
> also the team at Kodi also tested the fix on their imx6
>
>

this is what I see when I run your command

linaro at db820 git.zoltan.ffmpeg (ffmpeg/master $)]$ ./ffmpeg_g -threads 1 -v 55 
-y -c:v h264_v4l2m2m -i ~/Videos/h264.FVDO_Freeway_720p.264 -an -frames:v 100 -f 
null -

[...]


[h264_v4l2m2m @ 0xaaaadd3bbb50] capture: NV12 20 buffers initialized: 1280x0736, 
sizeimage 01425408, bytesperline 00001280
cur_dts is invalid (this is harmless if it occurs once at the start per stream)
     Last message repeated 9 times
detected 4 logical cores
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'video_size' to value 
'1280x720'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'pix_fmt' to value '25'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'time_base' to value 
'1/1200000'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'pixel_aspect' to value 
'0/1'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'sws_param' to value 
'flags=2'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] Setting 'frame_rate' to value 
'25/1'
[graph 0 input from stream 0:0 @ 0xaaaadd419680] w:1280 h:720 pixfmt:nv12 
tb:1/1200000 fr:25/1 sar:0/1 sws_param:flags=2
[AVFilterGraph @ 0xaaaadd438530] query_formats: 3 queried, 2 merged, 0 already 
done, 0 delayed
Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.82.102
     Stream #0:0, 0, 1/25: Video: wrapped_avframe, 1 reference frame, 
nv12(left), 1280x720, 0/1, q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
     Metadata:
       encoder         : Lavc57.106.104 wrapped_avframe
No more output streams to write to, finishing.:00.04 bitrate=N/A speed=0.0398x
frame=  100 fps= 91 q=-0.0 Lsize=N/A time=00:00:00.04 bitrate=N/A speed=0.0363x
video:52kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing 
overhead: unknown
Input file #0 (/home/linaro/Videos/h264.FVDO_Freeway_720p.264):
   Input stream #0:0 (video): 209 packets read (4070226 bytes); 101 frames decoded;
   Total: 209 packets (4070226 bytes) demuxed
Output file #0 (pipe:):
   Output stream #0:0 (video): 100 frames encoded; 100 packets muxed (52800 bytes);
   Total: 100 packets (52800 bytes) muxed
[h264_v4l2m2m @ 0xaaaadd3bbb50] ff_v4l2m2m_codec_end leaving pending buffers   
<---------------------------------------
101 frames successfully decoded, 0 decoding errors
[AVIOContext @ 0xaaaadd366d70] Statistics: 4096000 bytes read, 0 seeks


>
>>
>> - Mark
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
>

More information about the ffmpeg-devel mailing list