[FFmpeg-trac] #2140(avfilter:reopened): Crash using mp=il=i on gray input

FFmpeg trac at avcodec.org
Tue Feb 5 23:39:23 CET 2013 

#2140: Crash using mp=il=i on gray input
-------------------------------------+-------------------------------------
             Reporter:  cehoyos      |                    Owner:
                 Type:  defect       |                   Status:  reopened
             Priority:  important    |                Component:  avfilter
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV mp                         |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 {{{
 (gdb) r -i gray.png -vf mp=il=i gray2.png
 Starting program: ffmpeg_g -i gray.png -vf mp=il=i gray2.png
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-49616-gf0eacbc Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Feb  5 2013 23:36:50 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --disable-indev=jack
   libavutil      52. 17.101 / 52. 17.101
   libavcodec     54. 91.100 / 54. 91.100
   libavformat    54. 61.104 / 54. 61.104
   libavdevice    54.  3.103 / 54.  3.103
   libavfilter     3. 35.101 /  3. 35.101
   libswscale      2.  2.100 /  2.  2.100
   libswresample   0. 17.102 /  0. 17.102
   libpostproc    52.  2.100 / 52.  2.100
 Input #0, image2, from 'gray.png':
   Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: png, gray, 256x256, 25 tbr, 25 tbn, 25 tbc
 [Parsed_mp_0 @ 0x160f5c0] 'il' is a wrapped MPlayer filter (libmpcodecs).
 This filter may be removed
 once it has been ported to a native libavfilter.
 [New Thread 0x7ffff6563700 (LWP 23337)]
 [New Thread 0x7ffff5d62700 (LWP 23338)]
 [New Thread 0x7ffff5561700 (LWP 23339)]
 [New Thread 0x7ffff4d60700 (LWP 23340)]
 [New Thread 0x7fffe7fff700 (LWP 23341)]
 [New Thread 0x7fffe77fe700 (LWP 23342)]
 [New Thread 0x7fffe6ffd700 (LWP 23343)]
 [New Thread 0x7fffe67fc700 (LWP 23344)]
 Output #0, image2, to 'gray2.png':
   Metadata:
     encoder         : Lavf54.61.104
     Stream #0:0: Video: png, gray, 256x256, q=2-31, 200 kb/s, 90k tbn, 25
 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (png -> png)
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 0x0000000000bbdb60 in av_image_copy (dst_data=dst_data at entry=0x15e4288,
     dst_linesizes=dst_linesizes at entry=0x15e42d0,
 src_data=src_data at entry=0x15e32c8,
     src_linesizes=src_linesizes at entry=0x15e3310, pix_fmt=AV_PIX_FMT_GRAY8,
 width=256,
     height=256) at libavutil/imgutils.c:272
 272             memcpy(dst_data[1], src_data[1], 4*256);
 (gdb) bt
 #0  0x0000000000bbdb60 in av_image_copy
 (dst_data=dst_data at entry=0x15e4288,
     dst_linesizes=dst_linesizes at entry=0x15e42d0,
 src_data=src_data at entry=0x15e32c8,
     src_linesizes=src_linesizes at entry=0x15e3310, pix_fmt=AV_PIX_FMT_GRAY8,
 width=256,
     height=256) at libavutil/imgutils.c:272
 #1  0x000000000046e497 in ff_filter_frame_framed
 (link=link at entry=0x15fc960,
     frame=frame at entry=0x15e32c0) at libavfilter/avfilter.c:693
 #2  0x000000000046e8a1 in ff_filter_frame (frame=0x15e32c0,
 link=0x15fc960)
     at libavfilter/avfilter.c:791
 #3  default_filter_frame (link=<optimized out>, frame=0x15e32c0) at
 libavfilter/avfilter.c:638
 #4  0x000000000046e606 in ff_filter_frame_framed
 (link=link at entry=0x15fc2a0,
     frame=frame at entry=0x15e32c0) at libavfilter/avfilter.c:719
 #5  0x000000000047025b in ff_filter_frame (link=link at entry=0x15fc2a0,
     frame=frame at entry=0x15e32c0) at libavfilter/avfilter.c:791
 #6  0x000000000048923c in ff_vf_next_put_image (vf=0x160f660,
 mpi=0x15e3110, pts=0)
     at libavfilter/vf_mp.c:588
 #7  0x0000000000488ee2 in filter_frame (inlink=0x15fc880, inpic=0x15ff800)
     at libavfilter/vf_mp.c:824
 #8  0x000000000046e606 in ff_filter_frame_framed
 (link=link at entry=0x15fc880,
     frame=frame at entry=0x15ff800) at libavfilter/avfilter.c:719
 #9  0x000000000047025b in ff_filter_frame (link=link at entry=0x15fc880,
 frame=0x15ff800)
     at libavfilter/avfilter.c:791
 #10 0x0000000000473242 in request_frame (link=0x15fc880) at
 libavfilter/buffersrc.c:396
 #11 0x0000000000473694 in av_buffersrc_add_ref (s=0x160f4c0, buf=0x0,
 flags=flags at entry=7)
     at libavfilter/buffersrc.c:151
 #12 0x000000000045b76d in decode_video (ist=ist at entry=0x1606ce0,
     pkt=pkt at entry=0x7fffffffdb00,
 got_output=got_output at entry=0x7fffffffd89c) at ffmpeg.c:1715
 #13 0x000000000045e8bf in output_packet (pkt=0x7fffffffdaa0,
 ist=0x1606ce0) at ffmpeg.c:1835
 #14 process_input (file_index=<optimized out>) at ffmpeg.c:2988
 #15 0x000000000044ecc0 in transcode_step () at ffmpeg.c:3084
 #16 transcode () at ffmpeg.c:3136
 #17 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3311
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0xbbdb40 to 0xbbdb80:
    0x0000000000bbdb40 <av_image_copy+848>:      add    %al,(%rax)
    0x0000000000bbdb42 <av_image_copy+850>:      add    %al,-0xa(%rax)
    0x0000000000bbdb45 <av_image_copy+853>:      movl   $0x10d850f,(%rdx)
    0x0000000000bbdb4b <av_image_copy+859>:      add    %al,(%rax)
    0x0000000000bbdb4d <av_image_copy+861>:      test   $0x4,%dil
    0x0000000000bbdb51 <av_image_copy+865>:      jne    0xbbdc46
 <av_image_copy+1110>
    0x0000000000bbdb57 <av_image_copy+871>:      mov    %eax,%ecx
    0x0000000000bbdb59 <av_image_copy+873>:      xor    %edx,%edx
    0x0000000000bbdb5b <av_image_copy+875>:      shr    $0x3,%ecx
    0x0000000000bbdb5e <av_image_copy+878>:      test   $0x4,%al
 => 0x0000000000bbdb60 <av_image_copy+880>:      rep movsq
 %ds:(%rsi),%es:(%rdi)
    0x0000000000bbdb63 <av_image_copy+883>:      je     0xbbdb6e
 <av_image_copy+894>
    0x0000000000bbdb65 <av_image_copy+885>:      mov    (%rsi),%edx
    0x0000000000bbdb67 <av_image_copy+887>:      mov    %edx,(%rdi)
    0x0000000000bbdb69 <av_image_copy+889>:      mov    $0x4,%edx
    0x0000000000bbdb6e <av_image_copy+894>:      test   $0x2,%al
    0x0000000000bbdb70 <av_image_copy+896>:      je     0xbbdb7e
 <av_image_copy+910>
    0x0000000000bbdb72 <av_image_copy+898>:      movzwl (%rsi,%rdx,1),%ecx
    0x0000000000bbdb76 <av_image_copy+902>:      mov    %cx,(%rdi,%rdx,1)
    0x0000000000bbdb7a <av_image_copy+906>:      add    $0x2,%rdx
    0x0000000000bbdb7e <av_image_copy+910>:      test   $0x1,%al
 End of assembler dump.
 (gdb) info register
 rax            0x400    1024
 rbx            0x100    256
 rcx            0x80     128
 rdx            0x0      0
 rsi            0x0      0
 rdi            0x1656c40        23424064
 rbp            0x100    0x100
 rsp            0x7fffffffd1f0   0x7fffffffd1f0
 r8             0x1656c30        23424048
 r9             0x0      0
 r10            0x0      0
 r11            0x7ffff68d1b20   140737329830688
 r12            0x16469e0        23357920
 r13            0x1656c40        23424064
 r14            0x0      0
 r15            0x100    256
 rip            0xbbdb60 0xbbdb60 <av_image_copy+880>
 eflags         0x10246  [ PF ZF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2140#comment:2>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list