[FFmpeg-trac] #381(avutil:new): ffmpeg segfault on solaris due to null passed to vsnprintf

FFmpeg trac at avcodec.org
Thu Aug 4 12:40:50 CEST 2011


#381: ffmpeg segfault on solaris due to null passed to vsnprintf
------------------------------+-------------------------------
  Reporter:  alasdairlumsden  |      Owner:  michael
      Type:  defect           |     Status:  new
  Priority:  minor            |  Component:  avutil
   Version:  0.8              |   Keywords:  solaris vsnprintf
Blocked By:                   |   Blocking:
Reproduced:  0                |   Analyzed:  0
------------------------------+-------------------------------
 Hi,

 When I accidently ran "ffmpeg /tmp/engineering.mpg -ab 128 -b 400
 /tmp/al.mpg" by mistake, (missed out the -i) I got a segfault:

 {{{
 root ~ (ipstest01.alasdair): /ec/bin/ffmpeg /tmp/engineering.mpg -ab 128
 -b 400 /tmp/al.mpg
 ffmpeg version 0.8, Copyright (c) 2000-2011 the FFmpeg developers
   built on Jul 18 2011 14:36:32 with gcc 4.4.5
   configuration: --prefix=/ec --mandir=/ec/share/man --cc=/ec/bin/gcc
 --extra-cflags=-I/ec/include --disable-static --enable-shared --enable-pic
 --enable-nonfree --enable-version3 --enable-gpl --disable-ffplay
 --disable-ffserver --disable-mmx --enable-libfaac --enable-libmp3lame
 --enable-libx264 --enable-libopencore-amrnb --enable-librtmp --disable-
 libdirac --disable-libopenjpeg --disable-libschroedinger --disable-libxvid
 --disable-libgsm --disable-libspeex --disable-libvorbis --disable-
 libtheora --disable-avdevice --bindir=/ec/bin --libdir=/ec/lib
 --shlibdir=/ec/lib --cpu=i686 --extra-ldflags='-L/ec/lib -R/ec/lib'
   libavutil    51.  9. 1 / 51.  9. 1
   libavcodec   53.  7. 0 / 53.  7. 0
   libavformat  53.  4. 0 / 53.  4. 0
   libavfilter   2. 23. 0 /  2. 23. 0
   libswscale    2.  0. 0 /  2.  0. 0
   libpostproc  51.  2. 0 / 51.  2. 0
 Segmentation Fault (core dumped)
 }}}

 This is on Solaris 10. On Linux, the same command line arguments don't
 produce a segfault:

 {{{
 alasdair ~ (linux01): ffmpeg/bin/ffmpeg /tmp/engineering.mpg -ab 128 -b
 400 /tmp/al.mpg
 ffmpeg version 0.8, Copyright (c) 2000-2011 the FFmpeg developers
   built on Aug  3 2011 18:31:10 with gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
   configuration: --prefix=/home/alasdair/ffmpeg --extra-
 cflags='-I/home/alasdair/lame/include -I/home/alasdair/x264/include'
 --extra-ldflags='-L/home/alasdair/lame/lib -L/home/alasdair/x264/lib
 -R/home/alasdair/x264/lib' --enable-static --enable-shared --enable-pic
 --enable-nonfree --enable-version3 --enable-gpl --disable-ffplay
 --disable-ffserver --disable-mmx --enable-libx264 --disable-libdirac
 --disable-libopenjpeg --disable-libschroedinger --disable-libxvid
 --disable-libgsm --disable-libspeex --disable-libvorbis --disable-
 libtheora --disable-avdevice --enable-libmp3lame
   libavutil    51.  9. 1 / 51.  9. 1
   libavcodec   53.  7. 0 / 53.  7. 0
   libavformat  53.  4. 0 / 53.  4. 0
   libavfilter   2. 23. 0 /  2. 23. 0
   libswscale    2.  0. 0 /  2.  0. 0
   libpostproc  51.  2. 0 / 51.  2. 0
 Incompatible sample format '(null)' for codec 'mp2', auto-selecting format
 's16'
 File '/tmp/engineering.mpg' already exists. Overwrite ? [y/N] n
 Not overwriting - exiting
 }}}

 However I spotted the "(null)" in the print statement, and pstack against
 the core showed:

 {{{
 # pstack core
 core 'core' of 3366:    /ec/bin/ffmpeg /tmp/engineering.mpg -ab 128 -b 400
 /tmp/al.mpg
  feea5acc strlen   (806483a, 8047a4c, 80475a0, 0) + c
  fef03827 vsnprintf (80475e0, 400, 806481c, 8047a4c) + 73
  fee5a9fd av_log_default_callback () + 81
 }}}

 I rebuilt ffmpeg with debugging symbols, and running this through gdb
 shows:

 {{{
 # gdb /ec/bin/ffmpeg
 GNU gdb (GDB) 7.2
 Copyright (C) 2010 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "i386-pc-solaris2.10".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>...
 Reading symbols from /ec/bin/ffmpeg...done.
 (gdb) run /tmp/engineering.mpg -ab 128 -b 400 /tmp/al.mpg
 Starting program: /ec/bin/ffmpeg /tmp/engineering.mpg -ab 128 -b 400
 /tmp/al.mpg
 [Thread debugging using libthread_db enabled]
 [New Thread 1 (LWP 1)]
 ffmpeg version 0.8, Copyright (c) 2000-2011 the FFmpeg developers
   built on Aug  4 2011 10:51:17 with gcc 4.4.5
   configuration: --prefix=/ec --mandir=/ec/share/man --cc=/ec/bin/gcc
 --extra-cflags=-I/ec/include --enable-static --enable-shared --enable-pic
 --enable-nonfree --enable-version3 --enable-gpl --disable-ffplay
 --disable-ffserver --disable-mmx --enable-libfaac --enable-libmp3lame
 --enable-libx264 --enable-libopencore-amrnb --enable-librtmp --disable-
 libdirac --disable-libopenjpeg --disable-libschroedinger --disable-libxvid
 --disable-libgsm --disable-libspeex --disable-libvorbis --disable-
 libtheora --disable-avdevice --disable-stripping --bindir=/ec/bin
 --libdir=/ec/lib --shlibdir=/ec/lib --extra-ldflags='-L/ec/lib -R/ec/lib'
   libavutil    51.  9. 1 / 51.  9. 1
   libavcodec   53.  7. 0 / 53.  7. 0
   libavformat  53.  4. 0 / 53.  4. 0
   libavfilter   2. 23. 0 /  2. 23. 0
   libswscale    2.  0. 0 /  2.  0. 0
   libpostproc  51.  2. 0 / 51.  2. 0

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 1 (LWP 1)]
 0xfeea5acc in strlen () from /lib/libc.so.1
 (gdb) bt
 #0  0xfeea5acc in strlen () from /lib/libc.so.1
 #1  0xfef006f2 in _ndoprnt () from /lib/libc.so.1
 #2  0xfef03827 in vsnprintf () from /lib/libc.so.1
 #3  0xfee5a9fd in av_log_default_callback (ptr=0x0, level=24,
 fmt=0x806481c "Incompatible sample format '%s' for codec '%s', auto-
 selecting format '%s'\n", vl=0x8047a8c "")
     at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/libavutil/log.c:112
 #4  0xfee5a8be in av_vlog (avcl=0x0, level=24, fmt=0x806481c "Incompatible
 sample format '%s' for codec '%s', auto-selecting format '%s'\n",
 vl=0x8047a8c "")
     at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/libavutil/log.c:150
 #5  0xfee5a96c in av_log (avcl=0x0, level=115, fmt=0x806481c "Incompatible
 sample format '%s' for codec '%s', auto-selecting format '%s'\n")
     at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/libavutil/log.c:144
 #6  0x08054a87 in choose_sample_fmt (st=0x8084840, codec=<value optimized
 out>) at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/ffmpeg.c:623
 #7  0x0805ed34 in new_audio_stream (oc=0x807f540, file_idx=<value
 optimized out>) at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/ffmpeg.c:3729
 #8  0x0805fa66 in opt_output_file (opt=0x0, filename=0x0) at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/ffmpeg.c:3940
 #9  0x0806285a in parse_options (argc=7, argv=0x8047d14,
 options=0x8077760, parse_arg_function=0x805f1dc <opt_output_file>)
     at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/cmdutils.c:292
 #10 0x0805e0e5 in main (argc=7, argv=0x8047d14) at
 /export/home/s10-userland/s10-userland/components/ffmpeg/ffmpeg-0.8/ffmpeg.c:4556
 }}}

 From what I can gather, vsnprintf has been enhanced on Linux to print
 "(null)" for null values. On platforms without this enhancement, such as
 Solaris, instead you get a nice segfault.

 I imagine this is quite an easy fix.

 Cheers,

 Alasdair

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/381>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list