[FFmpeg-trac] #997(FFprobe:new): ffprobe -show_frames segfaults on h264 in mpegts

FFmpeg trac at avcodec.org
Mon Feb 13 18:04:48 CET 2012 

#997: ffprobe -show_frames segfaults on h264 in mpegts
-------------------------------------+-------------------------------------
               Reporter:  pettter    |                  Owner:  stefano
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:  FFprobe
                Version:  git-       |               Keywords:  h264,
  master                             |  mpegts
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 The file http://titan.codemill.se/~peteri/120210144737.ts
 produces a segfault when ffprobe -show_frames is run on it. See below for
 details.

 Given the backtraces shown below, I am pretty sure that
 avcodec_decode_video2 is called from get_decoded_frame at a time it
 shouldn't be, but I have not been able to decipher from ffmpeg.c/ffplay.c
 the exact conditions under which calls should be made or not. A simple
 (but probably wrong) fix would be to check s0->current_picture_ptr at some
 point in decode_slice_header, and return if set to NULL.

 The file further gives a number of... interesting effects, for the other
 ff* programs:

 ffplay plays it more or less correctly, but is unable to seek properly, in
 most cases.

 There are a number of known issues with the file, such as DTS
 discontinuities, but my knowledge of MPEG-TS and h264 is not deep enough
 to determine if they are actually enough to break any standards The fact
 that ffplay can play it properly speaks against this, but up until very
 recently, ffmpeg had issues transcoding this specific file: a visible
 audio lag. I do not have the time at this moment to bisect properly, but
 the issue was present in git 2cbe9121... at the very least.

 Configuration:
 ffprobe version N-37608-g0b717e2 Copyright (c) 2007-2012 the FFmpeg
 developers
   built on Feb 13 2012 10:19:14 with gcc 4.5.2
   configuration: --enable-shared --enable-debug --disable-stripping
 --enable-gpl --enable-version3 --enable-nonfree --enable-postproc
 --enable-libfaac --enable-libmp3lame --enable-libopencore-amrnb --enable-
 libopencore-amrwb --enable-libtheora --enable-libvorbis --enable-libx264
 --enable-libxvid --enable-x11grab --enable-libvorbis --enable-libvpx
 --enable-debug --disable-asm --disable-stripping
   libavutil      51. 39.100 / 51. 39.100
   libavcodec     54.  1.100 / 54.  1.100
   libavformat    54.  0.100 / 54.100.100
   libavdevice    53.  4.100 / 53.  4.100
   libavfilter     2. 62.100 /  2. 62.100
   libswscale      2.  1.100 /  2.  1.100
   libswresample   0.  6.100 /  0.  6.100
   libpostproc    52.  0.100 / 52.  0.100

 Backtrace from segfaulting thread
 {{{
 #0  0x00007f9356b4fc68 in decode_slice_header (h=0xb016f0, h0=<value
 optimized out>)
     at /home/pettter/dev/ffmpeg-official/libavcodec/h264.c:2945
 #1  0x00007f9356b5202f in decode_nal_units (h=0xb016f0, buf=0x13b8880 "",
 buf_size=3822)
     at /home/pettter/dev/ffmpeg-official/libavcodec/h264.c:3883
 #2  0x00007f9356b52d8e in decode_frame (avctx=0x90ebd0, data=0x999850,
 data_size=0x999a38,
     avpkt=<value optimized out>) at /home/pettter/dev/ffmpeg-
 official/libavcodec/h264.c:4095
 #3  0x00007f9356cbab3e in frame_worker_thread (arg=0x9996f0)
     at /home/pettter/dev/ffmpeg-official/libavcodec/pthread.c:385
 #4  0x00007f9355bf5d8c in start_thread (arg=0x7f934dcfa700) at
 pthread_create.c:304
 #5  0x00007f935594104d in clone () at
 ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
 #6  0x0000000000000000 in ?? ()
 }}}

 backtrace from main thread:
 {{{
 #0  pthread_cond_wait@@GLIBC_2.3.2 ()
     at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
 #1  0x00007f9356cba7bb in submit_packet (avctx=0x90bfa0,
 picture=0x7fffe4a3eab0,
     got_picture_ptr=0x7fffe4a3edbc, avpkt=<value optimized out>)
     at /home/pettter/dev/ffmpeg-official/libavcodec/pthread.c:551
 #2  ff_thread_decode_frame (avctx=0x90bfa0, picture=0x7fffe4a3eab0,
     got_picture_ptr=0x7fffe4a3edbc, avpkt=<value optimized out>)
     at /home/pettter/dev/ffmpeg-official/libavcodec/pthread.c:616
 #3  0x00007f9356d4c4b1 in avcodec_decode_video2 (avctx=0x90bfa0,
 picture=0x7fffe4a3eab0,
     got_picture_ptr=0x7fffe4a3edbc, avpkt=0x7fffe4a3eca0)
     at /home/pettter/dev/ffmpeg-official/libavcodec/utils.c:1338
 #4  0x0000000000405dc8 in get_decoded_frame (w=0x908340, fmt_ctx=0x9083a0)
     at /home/pettter/dev/ffmpeg-official/ffprobe.c:1352
 #5  show_packets (w=0x908340, fmt_ctx=0x9083a0) at /home/pettter/dev
 /ffmpeg-official/ffprobe.c:1378
 #6  0x0000000000407577 in probe_file (argc=<value optimized out>,
 argv=<value optimized out>)
     at /home/pettter/dev/ffmpeg-official/ffprobe.c:1618
 #7  main (argc=<value optimized out>, argv=<value optimized out>)
     at /home/pettter/dev/ffmpeg-official/ffprobe.c:1816
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/997>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list