[FFmpeg-trac] #4957(avformat:open): Crash in libavformat/mux.c when processing a corrupted input stream
FFmpeg
trac at avcodec.org
Thu Oct 22 15:45:57 CEST 2015
#4957: Crash in libavformat/mux.c when processing a corrupted input stream
-------------------------------------+-------------------------------------
Reporter: jsnajdr | Owner:
Type: defect | Status: open
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: crash | Blocked By:
SIGSEGV regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* keywords: => crash SIGSEGV regression
* priority: normal => important
* version: unspecified => git-master
* status: new => open
* reproduced: 0 => 1
Comment:
For future tickets: Please remember to always post all requested
information that includes the console output, disassembly and register
content.
The crash is a regression since b84232694ef0c6897e82b52326c9ea4027c69ec4
{{{
(gdb) r -i stream.mpg -c copy out.m3u8
Starting program: ffmpeg_g -i stream.mpg -c copy out.m3u8
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-76179-g00efaa7 Copyright (c) 2000-2015 the FFmpeg
developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 55. 4.100 / 55. 4.100
libavcodec 57. 8.100 / 57. 8.100
libavformat 57. 10.101 / 57. 10.101
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 12.100 / 6. 12.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.100 / 2. 0.100
libpostproc 54. 0.100 / 54. 0.100
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 4 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 5 with DTS
2930794871, packet 6 with DTS 4731435029
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
[mpegts @ 0x1cb93c0] PES packet size mismatch
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
Last message repeated 1 times
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 2 times
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 1 times
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
Last message repeated 1 times
[mpegts @ 0x1cb93c0] PES packet size mismatch
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
[mpegts @ 0x1cb93c0] PES packet size mismatch
[mpeg2video @ 0x1cbd8c0] Invalid frame dimensions 0x0.
Last message repeated 1 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 12 with DTS
2930830871, packet 13 with DTS 7303702227
[mpeg2video @ 0x1cbd8c0] ac-tex damaged at 18 0
[mpeg2video @ 0x1cbd8c0] slice below image (88 >= 36)
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 7 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 17 with DTS
2930854052, packet 18 with DTS 10916851472
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 2 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 21 with DTS
2930881271, packet 22 with DTS 7081162585
[mpegts @ 0x1cb93c0] PES packet size mismatch
[mpegts @ 0x1cb93c0] DTS 2930920319 < 2930925911 out of order
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 2 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 27 with DTS
2930913671, packet 28 with DTS 9744219690
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 11 times
[mpegts @ 0x1cb93c0] DTS discontinuity in stream 4: packet 36 with DTS
2930960471, packet 37 with DTS 8428438919
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 13 times
[mpegts @ 0x1cb93c0] Could not find codec parameters for stream 3
(Unknown: none ([5][0][0][0] / 0x0005)): unknown codec
Consider increasing the value for the 'analyzeduration' and 'probesize'
options
[mpegts @ 0x1cb93c0] Could not find codec parameters for stream 5
(Unknown: none ([11][0][0][0] / 0x000B)): unknown codec
Consider increasing the value for the 'analyzeduration' and 'probesize'
options
Input #0, mpegts, from 'stream.mpg':
Duration: 00:00:07.26, start: 32564.147456, bitrate: 2519 kb/s
Program 257
Metadata:
service_name : CT 1
service_provider: Ceska televize
Stream #0:0[0x101]: Video: mpeg2video (Main) ([2][0][0][0] / 0x0002),
yuv420p(tv), 720x576 [SAR 64:45 DAR 16:9], max. 15000 kb/s, 25.83 fps, 25
tbr, 90k tbn, 50 tbc
Stream #0:1[0x111](cze): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz,
stereo, s16p, 192 kb/s
Stream #0:2[0x113](cze): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz,
mono, s16p, 64 kb/s (visual impaired)
Stream #0:3[0x370]: Unknown: none ([5][0][0][0] / 0x0005)
Stream #0:4[0x121](cze): Subtitle: dvb_teletext ([6][0][0][0] /
0x0006)
Stream #0:5[0x161]: Unknown: none ([11][0][0][0] / 0x000B)
[webvtt @ 0x1cf1a20] Exactly one WebVTT stream is needed.
Output #0, hls, to 'out.m3u8':
Metadata:
encoder : Lavf57.10.101
Stream #0:0: Video: mpeg2video ([2][0][0][0] / 0x0002), yuv420p,
720x576 [SAR 64:45 DAR 16:9], q=2-31, max. 15000 kb/s, 25.83 fps, 25 tbr,
90k tbn, 25 tbc
Stream #0:1(cze): Audio: mp2 ([3][0][0][0] / 0x0003), 48000 Hz,
stereo, 192 kb/s
Stream #0:2(cze): Subtitle: dvb_teletext ([6][0][0][0] / 0x0006)
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (copy)
Stream #0:4 -> #0:2 (copy)
Press [q] to stop, [?] for help
[mpegts @ 0x1cb93c0] PES packet size mismatch
Last message repeated 3 times
Program received signal SIGSEGV, Segmentation fault.
compute_pkt_fields2 (s=s at entry=0x1cf1a20, st=0x1cf3140,
pkt=pkt at entry=0x7fffffffd260)
at libavformat/mux.c:560
560 st->priv_pts->val = pkt->dts;
(gdb) bt
#0 compute_pkt_fields2 (s=s at entry=0x1cf1a20, st=0x1cf3140,
pkt=pkt at entry=0x7fffffffd260)
at libavformat/mux.c:560
#1 0x000000000061bc38 in av_write_frame (s=s at entry=0x1cf1a20,
pkt=pkt at entry=0x7fffffffd260) at libavformat/mux.c:716
#2 0x000000000061cab4 in ff_write_chained (dst=0x1cf1a20, dst_stream=0,
pkt=0x7fffffffd3d0, src=0x1cfb040, interleave=0) at
libavformat/mux.c:1063
#3 0x000000000061a49d in write_packet (s=s at entry=0x1cfb040,
pkt=pkt at entry=0x7fffffffd3d0)
at libavformat/mux.c:660
#4 0x000000000061c5be in av_interleaved_write_frame (s=s at entry=0x1cfb040,
pkt=0x0,
pkt at entry=0x7fffffffd610) at libavformat/mux.c:970
#5 0x000000000048feba in write_frame (s=0x1cfb040,
pkt=pkt at entry=0x7fffffffd610,
ost=ost at entry=0x1cf0700) at ffmpeg.c:774
#6 0x0000000000493e76 in do_streamcopy (ist=ist at entry=0x1d304a0,
ost=0x1cf0700,
pkt=pkt at entry=0x7fffffffda80) at ffmpeg.c:1905
#7 0x00000000004966b3 in process_input_packet (no_eof=0,
pkt=0x7fffffffda80,
ist=0x1d304a0) at ffmpeg.c:2427
#8 process_input (file_index=1800661758) at ffmpeg.c:3941
#9 transcode_step () at ffmpeg.c:4029
#10 transcode () at ffmpeg.c:4082
#11 0x000000000047885b in main (argc=<optimized out>, argv=0x7fffffffdd28)
at ffmpeg.c:4269
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x61a6b0 to 0x61a6f0:
0x000000000061a6b0 <compute_pkt_fields2+256>: rolb
(%rax,%rax,1)
0x000000000061a6b3 <compute_pkt_fields2+259>: add %al,(%rcx)
0x000000000061a6b5 <compute_pkt_fields2+261>: jne 0x61abd8
<compute_pkt_fields2+1576>
0x000000000061a6bb <compute_pkt_fields2+267>: mov
0x8(%rbx),%rdi
0x000000000061a6bf <compute_pkt_fields2+271>: mov
0x300(%rbx),%rsi
0x000000000061a6c6 <compute_pkt_fields2+278>: mov
%rcx,0xf0(%rbx)
0x000000000061a6cd <compute_pkt_fields2+285>: mov
0xc(%rdi),%eax
=> 0x000000000061a6d0 <compute_pkt_fields2+288>: mov %rcx,(%rsi)
0x000000000061a6d3 <compute_pkt_fields2+291>: test %eax,%eax
0x000000000061a6d5 <compute_pkt_fields2+293>: jne 0x61a718
<compute_pkt_fields2+360>
0x000000000061a6d7 <compute_pkt_fields2+295>: movslq
0x8c(%rdi),%rdx
0x000000000061a6de <compute_pkt_fields2+302>: movslq
0x34(%rbx),%rax
0x000000000061a6e2 <compute_pkt_fields2+306>: mov
0x10(%rsi),%rdi
0x000000000061a6e6 <compute_pkt_fields2+310>: imul %rdx,%rax
0x000000000061a6ea <compute_pkt_fields2+314>: add
0x8(%rsi),%rax
0x000000000061a6ee <compute_pkt_fields2+318>: js 0x61ad60
<compute_pkt_fields2+1968>
End of assembler dump.
(gdb) info register
rax 0x3 3
rbx 0x1cf3140 30355776
rcx 0x0 0
rdx 0x0 0
rsi 0x0 0
rdi 0x1cf3540 30356800
rbp 0x7fffffffd260 0x7fffffffd260
rsp 0x7fffffffd090 0x7fffffffd090
r8 0x0 0
r9 0x7fffffffd260 140737488343648
r10 0x0 0
r11 0xafc8 45000
r12 0x8000000000000000 -9223372036854775808
r13 0x1cfb040 30388288
r14 0x1cf1a20 30349856
r15 0x1ceff20 30342944
rip 0x61a6d0 0x61a6d0 <compute_pkt_fields2+288>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4957#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list