[FFmpeg-trac] #3188(avcodec:new): vp9 crash (fuzzed input, MT regression)

FFmpeg trac at avcodec.org
Mon Dec 2 11:59:55 CET 2013


#3188: vp9 crash (fuzzed input, MT regression)
-------------------------------------+-------------------------------------
               Reporter:  ubitux     |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  important  |              Component:  avcodec
                Version:  git-       |               Keywords:  vp9
  master                             |  regression
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 ☭ ./ffmpeg -threads 1 -f ivf -c:v vp9 -i ~/samples/vp9/fuzzed0.ivf -f null
 -
 ffmpeg version N-58699-ge3d7a39 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Dec  2 2013 11:55:32 with gcc 4.8.2 (GCC)
   configuration: --enable-gpl --enable-libx264 --enable-libmp3lame
 --enable-x11grab --enable-libvorbis --samples=/home/ux/fate-samples
 --enable-libfreetype --enable-libvpx --cpu=native --cc='ccache cc'
   libavutil      52. 56.100 / 52. 56.100
   libavcodec     55. 44.100 / 55. 44.100
   libavformat    55. 22.100 / 55. 22.100
   libavdevice    55.  5.102 / 55.  5.102
   libavfilter     3. 91.100 /  3. 91.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 17.104 /  0. 17.104
   libpostproc    52.  3.100 / 52.  3.100
 Truncating packet of size 402024711 to 1663093
 Input #0, ivf, from '/home/ux/samples/vp9/fuzzed0.ivf':
   Duration: N/A, start: 0.000001, bitrate: N/A
     Stream #0:0: Video: vp9 (vP[25]0 / 0x30195076), yuv420p, 256x244, 0k
 tbr, 0k tbn, 0k tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.22.100
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 256x244,
 q=2-31, 200 kb/s, 90k tbn, 0k tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (vp9 -> rawvideo)
 Press [q] to stop, [?] for help
 zsh: segmentation fault (core dumped)  ./ffmpeg -threads 1 -f ivf -c:v vp9
 -i ~/samples/vp9/fuzzed0.ivf -f null -
 }}}

 {{{
 ☭ gdb --args ./ffmpeg_g -threads 1 -f ivf -c:v vp9 -i
 ~/samples/vp9/fuzzed0.ivf -f null -
 GNU gdb (GDB) 7.6.1
 Copyright (C) 2013 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "x86_64-unknown-linux-gnu".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>...
 Reading symbols from /home/ux/src/ffmpeg/ffmpeg_g...done.
 (gdb) r
 Starting program: /home/ux/src/ffmpeg/./ffmpeg_g -threads 1 -f ivf -c:v
 vp9 -i /home/ux/samples/vp9/fuzzed0.ivf -f null -
 warning: no loadable sections found in added symbol-file system-supplied
 DSO at 0x7ffff7ffa000
 warning: Could not load shared library symbols for linux-vdso.so.1.
 Do you need "set solib-search-path" or "set sysroot"?
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/usr/lib/libthread_db.so.1".
 ffmpeg version N-58699-ge3d7a39 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Dec  2 2013 11:55:32 with gcc 4.8.2 (GCC)
   configuration: --enable-gpl --enable-libx264 --enable-libmp3lame
 --enable-x11grab --enable-libvorbis --samples=/home/ux/fate-samples
 --enable-libfreetype --enable-libvpx --cpu=native --cc='ccache cc'
   libavutil      52. 56.100 / 52. 56.100
   libavcodec     55. 44.100 / 55. 44.100
   libavformat    55. 22.100 / 55. 22.100
   libavdevice    55.  5.102 / 55.  5.102
   libavfilter     3. 91.100 /  3. 91.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 17.104 /  0. 17.104
   libpostproc    52.  3.100 / 52.  3.100
 Truncating packet of size 402024711 to 1663093
 Input #0, ivf, from '/home/ux/samples/vp9/fuzzed0.ivf':
   Duration: N/A, start: 0.000001, bitrate: N/A
     Stream #0:0: Video: vp9 (vP[25]0 / 0x30195076), yuv420p, 256x244, 0k
 tbr, 0k tbn, 0k tbc
 [New Thread 0x7ffff39a3700 (LWP 29856)]
 [New Thread 0x7ffff31a2700 (LWP 29857)]
 [New Thread 0x7ffff29a1700 (LWP 29858)]
 [New Thread 0x7ffff21a0700 (LWP 29859)]
 [New Thread 0x7ffff199f700 (LWP 29860)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.22.100
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 256x244,
 q=2-31, 200 kb/s, 90k tbn, 0k tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (vp9 -> rawvideo)
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 0x00007ffff4a3aa20 in __memcpy_sse2_unaligned () from /usr/lib/libc.so.6
 (gdb) bt
 #0  0x00007ffff4a3aa20 in __memcpy_sse2_unaligned () from
 /usr/lib/libc.so.6
 #1  0x00000000009cd0b1 in vp9_alloc_frame (f=0x16c4b18, ctx=0x16c3540)
     at libavcodec/vp9.c:268
 #2  vp9_decode_frame (ctx=0x16c3540, frame=0x16b6920,
     got_frame=0x7fffffffe1fc, pkt=<optimized out>) at
 libavcodec/vp9.c:3512
 #3  0x0000000000947e30 in avcodec_decode_video2 (avctx=0x16c3540,
     picture=picture at entry=0x16b6920,
     got_picture_ptr=got_picture_ptr at entry=0x7fffffffe1fc,
     avpkt=avpkt at entry=0x7fffffffe480) at libavcodec/utils.c:2064
 #4  0x00000000004787b3 in decode_video (ist=ist at entry=0x16c39a0,
     pkt=pkt at entry=0x7fffffffe480,
     got_output=got_output at entry=0x7fffffffe1fc) at ffmpeg.c:1695
 #5  0x000000000046639a in output_packet (pkt=0x7fffffffe420,
 ist=0x16c39a0)
     at ffmpeg.c:1908
 #6  process_input (file_index=<optimized out>) at ffmpeg.c:3216
 #7  transcode_step () at ffmpeg.c:3312
 #8  transcode () at ffmpeg.c:3364
 #9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3544
 (gdb)
 }}}

 {{{
 76bd878d959c79ef17ed90cc7d13dffea9327ee2 is the first bad commit
 commit 76bd878d959c79ef17ed90cc7d13dffea9327ee2
 Author: Ronald S. Bultje <rsbultje at gmail.com>
 Date:   Sat Nov 30 09:08:54 2013 -0500

     vp9: add a 2-pass decoding mode, and add frame-mt support.

     For a random 1080p sample, decoding time went from 9.7sec (1 threads)
     to 6.0sec (2 threads) and 5.2sec (4 threads) in 2-pass decoding mode.
     I don't have any samples that use the parallelmode feature, but the
     gains should be higher.
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3188>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list