[FFmpeg-trac] #4914(avformat:new): Segmentation fault creating MXF transcoded from mp2

FFmpeg trac at avcodec.org
Wed Oct 7 14:06:21 CEST 2015


#4914: Segmentation fault creating MXF transcoded from mp2
------------------------------------+------------------------------------
             Reporter:  wim_arbor   |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  important   |                Component:  avformat
              Version:  git-master  |               Resolution:
             Keywords:  mxf         |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+------------------------------------

Comment (by wim_arbor):

 rebuild ffmpeg using {{{--disable-optimizations}}}

 gdb output:
 {{{
 No more output streams to write to, finishing.
 [mxf @ 0x2106480] out st:1 dts:0
 [mxf @ 0x2106480] essence container count:2
     Last message repeated 1 times
 [mxf @ 0x2106480] package type:1
 [mxf @ 0x2106480] package type:2
 [mxf @ 0x2106480] -d10_channelcount requires MXF D-10 and will be ignored
     Last message repeated 7 times
 Program received signal SIGSEGV, Segmentation fault.
 0x00000000006b87fe in mxf_write_packet (s=0x2106480, pkt=0x7fffffffe1b0)
 at libavformat/mxfenc.c:2456
 2456                mxf->body_offset -
 mxf->index_entries[mxf->edit_units_count-1].offset;
 (gdb) bt
 #0  0x00000000006b87fe in mxf_write_packet (s=0x2106480,
 pkt=0x7fffffffe1b0) at libavformat/mxfenc.c:2456
 #1  0x00000000006a6d3f in write_packet (s=0x2106480, pkt=0x7fffffffe1b0)
 at libavformat/mux.c:660
 #2  0x00000000006a7fd3 in av_write_trailer (s=0x2106480) at
 libavformat/mux.c:998
 #3  0x000000000042b2e1 in transcode () at ffmpeg.c:4008
 #4  0x000000000042b6e9 in main (argc=38, argv=0x7fffffffe3e8) at
 ffmpeg.c:4157
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x6b87de to 0x6b881e:
    0x00000000006b87de <mxf_write_packet+1235>:  mov    0x20(%rax),%rdi
    0x00000000006b87e2 <mxf_write_packet+1239>:  mov    -0x18(%rbp),%rax
    0x00000000006b87e6 <mxf_write_packet+1243>:  mov    0x28(%rax),%eax
    0x00000000006b87e9 <mxf_write_packet+1246>:  sub    $0x1,%eax
    0x00000000006b87ec <mxf_write_packet+1249>:  mov    %eax,%edx
    0x00000000006b87ee <mxf_write_packet+1251>:  mov    %rdx,%rax
    0x00000000006b87f1 <mxf_write_packet+1254>:  add    %rax,%rax
    0x00000000006b87f4 <mxf_write_packet+1257>:  add    %rdx,%rax
    0x00000000006b87f7 <mxf_write_packet+1260>:  shl    $0x3,%rax
    0x00000000006b87fb <mxf_write_packet+1264>:  add    %rdi,%rax
 => 0x00000000006b87fe <mxf_write_packet+1267>:  mov    0x8(%rax),%rax
    0x00000000006b8802 <mxf_write_packet+1271>:  mov    %esi,%edx
    0x00000000006b8804 <mxf_write_packet+1273>:  sub    %eax,%edx
    0x00000000006b8806 <mxf_write_packet+1275>:  mov    %edx,%eax
    0x00000000006b8808 <mxf_write_packet+1277>:  mov    %eax,0x10(%rcx)
    0x00000000006b880b <mxf_write_packet+1280>:  mov    -0x58(%rbp),%rax
    0x00000000006b880f <mxf_write_packet+1284>:  mov    %rax,%rdi
    0x00000000006b8812 <mxf_write_packet+1287>:  callq  0x6b57d4
 <mxf_write_klv_fill>
    0x00000000006b8817 <mxf_write_packet+1292>:  mov    -0x30(%rbp),%rax
    0x00000000006b881b <mxf_write_packet+1296>:  lea    0x38(%rax),%rcx
 End of assembler dump.
 (gdb) info all-registers
 rax            0x1802312898     103115991192
 rbx            0x0      0
 rcx            0x1802312898     103115991192
 rdx            0xffffffff       4294967295
 rsi            0x0      0
 rdi            0x23128b0        36776112
 rbp            0x7fffffffe0c0   0x7fffffffe0c0
 rsp            0x7fffffffe060   0x7fffffffe060
 r8             0x61a0d5 6398165
 r9             0x7ffff6905440   140737330041920
 r10            0x0      0
 r11            0x246    582
 r12            0x406900 4221184
 r13            0x7fffffffe3e0   140737488348128
 r14            0x0      0
 r15            0x0      0
 rip            0x6b87fe 0x6b87fe <mxf_write_packet+1267>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 st0            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st1            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st2            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st3            -nan(0xb18afffdeb62)     (raw 0xffff0000b18afffdeb62)
 st4            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st5            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st6            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
 st7            -nan(0x6492fffed24a)     (raw 0xffff00006492fffed24a)
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
 ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x8000000000000000, 0x0,
     0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xffff,
 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xffff0000, 0xffffffff, 0x0,
 0x0, 0x0, 0x0}, v4_int64 = {0x0,
     0xffffffffffff0000, 0x0, 0x0}, v2_int128 =
 {0xffffffffffff00000000000000000000,
     0x00000000000000000000000000000000}}
 ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
 ---Type <return> to continue, or q <return> to quit---
     0x00000000000000000000000000000000}}
 ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
 v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000000000000000000000,
     0x00000000000000000000000000000000}}
 ymm8           {v8_float = {0x53500000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
   v32_int8 = {0x35, 0x55, 0x55, 0x55, 0x55, 0x55, 0xa5, 0x3f, 0x0 <repeats
 24 times>}, v16_int16 = {0x5535, 0x5555,
     0x5555, 0x3fa5, 0x0 <repeats 12 times>}, v8_int32 = {0x55555535,
 0x3fa55555, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v4_int64 = {0x3fa5555555555535, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003fa5555555555535,
     0x00000000000000000000000000000000}}
 ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x39, 0xe2, 0xd9, 0xed, 0x6b, 0xc1, 0x56, 0x3f, 0x0 <repeats 24
 times>}, v16_int16 = {0xe239, 0xedd9, 0xc16b,
     0x3f56, 0x0 <repeats 12 times>}, v8_int32 = {0xedd9e239, 0x3f56c16b,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0x3f56c16bedd9e239, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003f56c16bedd9e239,
     0x00000000000000000000000000000000}}
 ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0xe0, 0x11, 0x4a, 0xb3, 0xb5, 0xb6, 0x32, 0x3f, 0x0 <repeats 24
 times>}, v16_int16 = {0x11e0, 0xb34a, 0xb6b5,
     0x3f32, 0x0 <repeats 12 times>}, v8_int32 = {0xb34a11e0, 0x3f32b6b5,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0x3f32b6b5b34a11e0, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003f32b6b5b34a11e0,
     0x00000000000000000000000000000000}}
 ymm11          {v8_float = {0x9d810300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
   v32_int8 = {0x3, 0x81, 0x1d, 0x4f, 0xd0, 0xb7, 0x32, 0xbf, 0x0 <repeats
 24 times>}, v16_int16 = {0x8103, 0x4f1d,
     0xb7d0, 0xbf32, 0x0 <repeats 12 times>}, v8_int32 = {0x4f1d8103,
 0xbf32b7d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v4_int64 = {0xbf32b7d04f1d8103, 0x0, 0x0, 0x0}, v2_int128 =
 {0x0000000000000000bf32b7d04f1d8103,
     0x00000000000000000000000000000000}}
 ymm12          {v8_float = {0x33ad0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
   v32_int8 = {0x68, 0x9d, 0x99, 0x51, 0x66, 0xf7, 0x87, 0x3e, 0x0 <repeats
 24 times>}, v16_int16 = {0x9d68, 0x5199,
     0xf766, 0x3e87, 0x0 <repeats 12 times>}, v8_int32 = {0x51999d68,
 0x3e87f766, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v4_int64 = {0x3e87f76651999d68, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003e87f76651999d68,
     0x00000000000000000000000000000000}}
 ymm13          {v8_float = {0xc1e69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0},
   v32_int8 = {0x9d, 0xe6, 0x41, 0x49, 0x10, 0xa1, 0xd7, 0x39, 0x0 <repeats
 24 times>}, v16_int16 = {0xe69d, 0x4941,
     0xa110, 0x39d7, 0x0 <repeats 12 times>}, v8_int32 = {0x4941e69d,
 0x39d7a110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v4_int64 = {0x39d7a1104941e69d, 0x0, 0x0, 0x0}, v2_int128 =
 {0x000000000000000039d7a1104941e69d,
     0x00000000000000000000000000000000}}
 ymm14          {v8_float = {0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
   v32_int8 = {0x0, 0x88, 0x39, 0x52, 0x83, 0xb1, 0x3b, 0xbf, 0x0 <repeats
 24 times>}, v16_int16 = {0x8800, 0x5239,
     0xb183, 0xbf3b, 0x0 <repeats 12 times>}, v8_int32 = {0x52398800,
 0xbf3bb183, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   v4_int64 = {0xbf3bb18352398800, 0x0, 0x0, 0x0}, v2_int128 =
 {0x0000000000000000bf3bb18352398800,
     0x00000000000000000000000000000000}}
 ymm15          {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
     0x85, 0xce, 0x35, 0xa4, 0xc6, 0x97, 0xe7, 0x3f, 0x0 <repeats 24
 times>}, v16_int16 = {0xce85, 0xa435, 0x97c6,
     0x3fe7, 0x0 <repeats 12 times>}, v8_int32 = {0xa435ce85, 0x3fe797c6,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0x3fe797c6a435ce85, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003fe797c6a435ce85,
     0x00000000000000000000000000000000}}

 (gdb) print mxf->edit_units_count
 $1 = 0
 (gdb) print mxf->index_entries
 $2 = (MXFIndexEntry *) 0x23128b0
 (gdb) print mxf->edit_unit_byte_count
 $3 = 0
 (gdb) print  mxf->body_offset
 $4 = 0
 (gdb) print mxf->header_written
 $5 = 1
 (gdb) print mxf
 $6 = (MXFContext *) 0x2104a80
 }}}

 https://github.com/FFmpeg/FFmpeg/blob/a852db796edce2792525d88ab47cf78222e01512/libavformat/mxfenc.c#L2455
 {{{
 } else if (!mxf->edit_unit_byte_count && st->index == 1) {
     mxf->index_entries[mxf->edit_units_count-1].slice_offset =
         mxf->body_offset -
 mxf->index_entries[mxf->edit_units_count-1].offset;
 }
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4914#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list