[FFmpeg-trac] #4884(undetermined:new): Segfault processing audio when using -f lavfi

FFmpeg trac at avcodec.org
Sun Sep 27 05:38:06 CEST 2015


#4884: Segfault processing audio when using -f lavfi
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:  defect
  bobziuchkovski                     |                 Priority:  normal
               Status:  new          |                  Version:  git-
            Component:               |  master
  undetermined                       |               Blocked By:
             Keywords:  segfault     |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:

 I'm trying to use the semi-recent mpeg closed captioning support to
 convert a DVR mpeg2 capture to an mkv with the closed captions as
 subtitles.  I've used the same command on a few other DVR mpegs with
 success, but hit a file tonight that causes ffmpeg to segfault.  (See
 below).  If I run the same command, substituting {{{-f lavfi -i
 "movie=segfault.mpg:s=0+1[out0+subcc][out1]"}}} for {{{-i segfault.mpg}}},
 ffmpeg doesn't segfault, but of course I lose the closed caption
 processing.

 Ffmpeg segfaults at the very beginning of the file, so I trimmed the file
 to 2 seconds length and checked to ensure the trimmed copy, segfault.mpg,
 produces the same behavior (it does).  All commands and output below are
 run on this 2 second file.  I uploaded this file to the upload.ffmpeg.org
 FTP server as lavfi_audio_segfault.mpg.  I'm happy to attach to this
 ticket directly if that's preferred.

 As for the ffmpeg version, I built from master HEAD about an hour ago, but
 tested on a 2.7.x release as well.

 Exact command used:
 {{{
 $ ffmpeg  -f lavfi -i
 "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v
 rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
 ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with Apple LLVM version 7.0.0 (clang-700.0.72)
   configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared
 --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables
 --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-
 debug=3 --disable-optimizations --disable-mmx --disable-stripping
 --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc
 --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac
 --enable-libx265 --enable-nonfree --enable-vda
   libavutil      55.  2.100 / 55.  2.100
   libavcodec     57.  3.100 / 57.  3.100
   libavformat    57.  2.100 / 57.  2.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6.  8.100 /  6.  8.100
   libavresample   3.  0.  0 /  3.  0.  0
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.100 /  2.  0.100
   libpostproc    54.  0.100 / 54.  0.100
 [ac3 @ 0x7facbb808c00] exponent out-of-range
 [ac3 @ 0x7facbb808c00] error decoding the audio block
 [ac3 @ 0x7facbb808c00] frame sync error
 [Parsed_movie_0 @ 0x7facbad00000] Decode error: Invalid data found when
 processing input
 [ac3 @ 0x7facbb808c00] new coupling coordinates must be present in block 0
 [ac3 @ 0x7facbb808c00] error decoding the audio block
 [1]    3547 segmentation fault  ffmpeg -f lavfi -i  -c:v rawvideo -c:a
 pcm_f32le -c:s srt -f matroska
 }}}

 Info about the file:
 {{{
 $ ffmpeg -v 9 -loglevel 99 -i /Users/bobbyz/tmp/segfault.mpg
 [21:19:01]
 ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with Apple LLVM version 7.0.0 (clang-700.0.72)
   configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared
 --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables
 --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-
 debug=3 --disable-optimizations --disable-mmx --disable-stripping
 --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc
 --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac
 --enable-libx265 --enable-nonfree --enable-vda
   libavutil      55.  2.100 / 55.  2.100
   libavcodec     57.  3.100 / 57.  3.100
   libavformat    57.  2.100 / 57.  2.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6.  8.100 /  6.  8.100
   libavresample   3.  0.  0 /  3.  0.  0
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.100 /  2.  0.100
   libpostproc    54.  0.100 / 54.  0.100
 Splitting the commandline.
 Reading option '-v' ... matched as option 'v' (set logging level) with
 argument '9'.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-i' ... matched as input file with argument
 '/Users/bobbyz/tmp/segfault.mpg'.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option v (set logging level) with argument 9.
 Successfully parsed a group of options.
 Parsing a group of options: input file /Users/bobbyz/tmp/segfault.mpg.
 Successfully parsed a group of options.
 Opening an input file: /Users/bobbyz/tmp/segfault.mpg.
 Probing mp3 score:1 size:2048
 Probing mpeg score:26 size:2048
 [mpeg @ 0x7fb4c3000000] Format mpeg probed with size=2048 and score=26
 [mpeg @ 0x7fb4c3000000] Before avformat_find_stream_info() pos: 0 bytes
 read:32768 seeks:0
 [mpeg @ 0x7fb4c3000000] probing stream 1 pp:2500
 Probing aac score:1 size:2011
 Probing mp3 score:1 size:2011
 Probing mpegvideo score:25 size:2011
 [mpeg @ 0x7fb4c3000000] Probe with size=2011, packets=1 detected mpegvideo
 with score=25
 [mpeg @ 0x7fb4c3000000] probed stream 1
 [mpeg @ 0x7fb4c3000000] rfps: 60.000000 0.000021
     Last message repeated 1 times
 [mpeg @ 0x7fb4c3000000] rfps: 120.000000 0.000084
     Last message repeated 1 times
 [mpeg @ 0x7fb4c3000000] rfps: 240.000000 0.000338
     Last message repeated 1 times
 [mpeg @ 0x7fb4c3000000] rfps: 59.940060 0.000000
     Last message repeated 1 times
 [mpeg @ 0x7fb4c3000000] 0: start_time: 0.045 duration: 0.181
 [mpeg @ 0x7fb4c3000000] 1: start_time: 0.205 duration: 0.024
 [mpeg @ 0x7fb4c3000000] stream: start_time: 0.500 duration: 2.045
 bitrate=1546 kb/s
 [mpeg @ 0x7fb4c3000000] After avformat_find_stream_info() pos: 0 bytes
 read:645264 seeks:2 frames:71
 Input #0, mpeg, from '/Users/bobbyz/tmp/segfault.mpg':
   Duration: 00:00:02.05, start: 0.500000, bitrate: 1546 kb/s
     Stream #0:0[0x80], 54, 1/90000: Audio: ac3, 48000 Hz, 5.1(side), fltp,
 384 kb/s
     Stream #0:1[0x1e0], 17, 1/90000: Video: mpeg2video (Main), 1 reference
 frame, yuv420p(tv, left), 1280x720 [SAR 1:1 DAR 16:9], 1001/120000, Closed
 Captions, max. 20000 kb/s, 59.94 fps, 59.94 tbr, 90k tbn, 119.88 tbc
 Successfully opened the file.
 At least one output file must be specified
 [AVIOContext @ 0x7fb4c25001c0] Statistics: 645264 bytes read, 2 seeks
 }}}

 lldb output:
 {{{
  $ lldb /usr/local/bin/ffmpeg -- -f lavfi -i
 "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v
 rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
 (lldb) target create "/usr/local/bin/ffmpeg"
 Current executable set to '/usr/local/bin/ffmpeg' (x86_64).
 (lldb) settings set -- target.run-args  "-f" "lavfi" "-i"
 "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" "-c:v"
 "rawvideo" "-c:a" "pcm_f32le" "-c:s" "srt" "-f" "matroska"
 "/Users/bobbyz/tmp/test.mkv"
 (lldb) r
 Process 3609 launched: '/usr/local/bin/ffmpeg' (x86_64)
 ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with Apple LLVM version 7.0.0 (clang-700.0.72)
   configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared
 --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables
 --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-
 debug=3 --disable-optimizations --disable-mmx --disable-stripping
 --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc
 --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac
 --enable-libx265 --enable-nonfree --enable-vda
   libavutil      55.  2.100 / 55.  2.100
   libavcodec     57.  3.100 / 57.  3.100
   libavformat    57.  2.100 / 57.  2.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6.  8.100 /  6.  8.100
   libavresample   3.  0.  0 /  3.  0.  0
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.100 /  2.  0.100
   libpostproc    54.  0.100 / 54.  0.100
 [ac3 @ 0x103008c00] exponent out-of-range
 [ac3 @ 0x103008c00] error decoding the audio block
 [ac3 @ 0x103008c00] frame sync error
 [Parsed_movie_0 @ 0x102b00000] Decode error: Invalid data found when
 processing input
 [ac3 @ 0x103008c00] new coupling coordinates must be present in block 0
 [ac3 @ 0x103008c00] error decoding the audio block
 Process 3609 stopped
 * thread #1: tid = 0xd00d0, 0x00000001014aa5a2
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55,
 queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1,
 address=0x0)
     frame #0: 0x00000001014aa5a2
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT:
 ->  0x1014aa5a2 <+55>: movl   (%r14), %esi
     0x1014aa5a5 <+58>: movl   %esi, (%r15)
     0x1014aa5a8 <+61>: leaq   (%r14,%rax), %rsi
     0x1014aa5ac <+65>: movl   (%r14,%rax), %r12d
 (lldb) bt
 * thread #1: tid = 0xd00d0, 0x00000001014aa5a2
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55,
 queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1,
 address=0x0)
   * frame #0: 0x00000001014aa5a2
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
     frame #1: 0x00000001014a9421 libswresample.2.dylib`swri_audio_convert
 + 555
     frame #2: 0x00000001014b12c4
 libswresample.2.dylib`swr_convert_internal + 68
     frame #3: 0x00000001014b10f4 libswresample.2.dylib`swr_convert + 1050
     frame #4: 0x0000000100065d6c libavfilter.6.dylib`filter_frame + 387
     frame #5: 0x000000010008110a
 libavfilter.6.dylib`ff_filter_frame_framed + 497
     frame #6: 0x000000010008244c libavfilter.6.dylib`ff_filter_frame + 181
     frame #7: 0x00000001000936b2 libavfilter.6.dylib`movie_request_frame +
 482
     frame #8: 0x0000000100080eab libavfilter.6.dylib`ff_request_frame + 95
     frame #9: 0x0000000100084fbb
 libavfilter.6.dylib`av_buffersink_get_frame_flags + 96
     frame #10: 0x000000010004b14b libavdevice.57.dylib`lavfi_read_packet +
 229
     frame #11: 0x000000010027d839 libavformat.57.dylib`ff_read_packet +
 198
     frame #12: 0x000000010027e630 libavformat.57.dylib`read_frame_internal
 + 119
     frame #13: 0x0000000100281c6f
 libavformat.57.dylib`avformat_find_stream_info + 1368
     frame #14: 0x00000001000100b8 ffmpeg`open_input_file + 1544
     frame #15: 0x000000010000f917 ffmpeg`open_files + 287
     frame #16: 0x000000010000f680 ffmpeg`ffmpeg_parse_options + 183
     frame #17: 0x000000010001a272 ffmpeg`main + 190
     frame #18: 0x00007fff988495c9 libdyld.dylib`start + 1
 (lldb) register read --all
 General Purpose Registers:
        rax = 0x0000000000000004
        rbx = 0x0000000000000018
        rcx = 0x0000000000000018
        rdx = 0x0000000000000004
        rdi = 0x0000000104029210
        rsi = 0x0000000000000000
        rbp = 0x00007fff5fbfda60
        rsp = 0x00007fff5fbfda40
         r8 = 0x0000000104032210
         r9 = 0x0000000000000060
        r10 = 0x0000000000000010
        r11 = 0x00000001040321c8
        r12 = 0x0000000000000004
        r13 = 0x0000000104005828
        r14 = 0x0000000000000000
        r15 = 0x0000000104029210
        rip = 0x00000001014aa5a2
 libswresample.2.dylib`conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT + 55
     rflags = 0x0000000000010206
         cs = 0x000000000000002b
         fs = 0x0000000000000000
         gs = 0x0000000000000000
        eax = 0x00000004
        ebx = 0x00000018
        ecx = 0x00000018
        edx = 0x00000004
        edi = 0x04029210
        esi = 0x00000000
        ebp = 0x5fbfda60
        esp = 0x5fbfda40
        r8d = 0x04032210
        r9d = 0x00000060
       r10d = 0x00000010
       r11d = 0x040321c8
       r12d = 0x00000004
       r13d = 0x04005828
       r14d = 0x00000000
       r15d = 0x04029210
         ax = 0x0004
         bx = 0x0018
         cx = 0x0018
         dx = 0x0004
         di = 0x9210
         si = 0x0000
         bp = 0xda60
         sp = 0xda40
        r8w = 0x2210
        r9w = 0x0060
       r10w = 0x0010
       r11w = 0x21c8
       r12w = 0x0004
       r13w = 0x5828
       r14w = 0x0000
       r15w = 0x9210
         ah = 0x00
         bh = 0x00
         ch = 0x00
         dh = 0x00
         al = 0x04
         bl = 0x18
         cl = 0x18
         dl = 0x04
        dil = 0x10
        sil = 0x00
        bpl = 0x60
        spl = 0x40
        r8l = 0x10
        r9l = 0x60
       r10l = 0x10
       r11l = 0xc8
       r12l = 0x04
       r13l = 0x28
       r14l = 0x00
       r15l = 0x10

 Floating Point Registers:
      fctrl = 0x037f
      fstat = 0x0000
       ftag = 0x00
        fop = 0x0000
      fioff = 0x00000000
      fiseg = 0x0000
      fooff = 0x00000000
      foseg = 0x0000
      mxcsr = 0x00001fa0
   mxcsrmask = 0x0000ffff
      stmm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
      stmm1 = {0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
      stmm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      stmm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      stmm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00}
      stmm5 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff}
      stmm6 = {0x00 0x00 0x00 0x00 0x00 0x00 0x78 0xbb 0x0b 0x40}
      stmm7 = {0x00 0x00 0x00 0x00 0xfe 0xff 0xff 0xff 0x1d 0x40}
       ymm0 = {0x00 0x12 0x01 0x04 0x01 0x00 0x00 0x00 0x00 0x36 0x02 0x04
 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm1 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x00 0x00 0x00
 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm5 = {0x00 0x00 0x80 0x3f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm6 = {0x00 0x00 0x00 0x34 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm8 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm9 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm10 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm11 = {0x00 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm12 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm13 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm14 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
      ymm15 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       xmm0 = {0x00 0x12 0x01 0x04 0x01 0x00 0x00 0x00 0x00 0x36 0x02 0x04
 0x01 0x00 0x00 0x00}
       xmm1 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm2 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm3 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm4 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x00 0x00 0x00
 0x04 0x00 0x00 0x00}
       xmm5 = {0x00 0x00 0x80 0x3f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm6 = {0x00 0x00 0x00 0x34 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm8 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm9 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm10 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm11 = {0x00 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm12 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm13 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm14 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
      xmm15 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}

 Exception State Registers:
     trapno = 0x0000000e
        err = 0x00000004
   faultvaddr = 0x0000000000000000
 }}}

 Valgrind output:
 {{{
 $ valgrind ffmpeg  -f lavfi -i
 "movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1]" -c:v
 rawvideo -c:a pcm_f32le -c:s srt -f matroska ~/tmp/test.mkv
 ==3625== Memcheck, a memory error detector
 ==3625== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
 ==3625== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright
 info
 ==3625== Command: ffmpeg -f lavfi -i
 movie=/Users/bobbyz/tmp/segfault.mpg:s=0+1[out0+subcc][out1] -c:v rawvideo
 -c:a pcm_f32le -c:s srt -f matroska /Users/bobbyz/tmp/test.mkv
 ==3625==
 ffmpeg version N-42425-g08a7510 Copyright (c) 2000-2015 the FFmpeg
 developers
   built with Apple LLVM version 7.0.0 (clang-700.0.72)
   configuration: --prefix=/usr/local/Cellar/ffmpeg/HEAD --enable-shared
 --enable-pthreads --enable-gpl --enable-version3 --enable-hardcoded-tables
 --enable-avresample --cc=clang --host-cflags=-g --host-ldflags= --enable-
 debug=3 --disable-optimizations --disable-mmx --disable-stripping
 --enable-opencl --enable-libx264 --enable-libmp3lame --enable-libvo-aacenc
 --enable-libxvid --enable-libvorbis --enable-libvpx --enable-libfdk-aac
 --enable-libx265 --enable-nonfree --enable-vda
   libavutil      55.  2.100 / 55.  2.100
   libavcodec     57.  3.100 / 57.  3.100
   libavformat    57.  2.100 / 57.  2.100
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6.  8.100 /  6.  8.100
   libavresample   3.  0.  0 /  3.  0.  0
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.100 /  2.  0.100
   libpostproc    54.  0.100 / 54.  0.100
 ==3625== Conditional jump or move depends on uninitialised value(s)
 ==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100768D6C: ff_init_buffer_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006C4DC6: ff_thread_get_buffer (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x10065F30D: ff_alloc_picture (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006629DC: alloc_picture (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006621D6: ff_mpv_frame_start (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006326F9: decode_chunks (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100630425: mpeg_decode_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x10076B36B: avcodec_decode_video2 (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100290491: try_decode_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==    by 0x10028F0D6: avformat_find_stream_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==    by 0x10009FB59: movie_common_init (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==
 ==3625== Conditional jump or move depends on uninitialised value(s)
 ==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100768D6C: ff_init_buffer_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100769022: ff_get_buffer (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006C4DDD: ff_thread_get_buffer (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x10065F30D: ff_alloc_picture (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006629DC: alloc_picture (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006621D6: ff_mpv_frame_start (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1006326F9: decode_chunks (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100630425: mpeg_decode_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x10076B36B: avcodec_decode_video2 (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100290491: try_decode_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==    by 0x10028F0D6: avformat_find_stream_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==
 ==3625== Conditional jump or move depends on uninitialised value(s)
 ==3625==    at 0x1003B4F5B: av_packet_unpack_dictionary (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100768D6C: ff_init_buffer_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x100769022: ff_get_buffer (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1003795CB: ac3_decode_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x10076B9B2: avcodec_decode_audio4 (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavcodec.57.3.100.dylib)
 ==3625==    by 0x1000A097F: movie_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008DEAA: ff_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10005814A: lavfi_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
 ==3625==    by 0x10028A838: ff_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==    by 0x10028B62F: read_frame_internal (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==    by 0x10028EC6E: avformat_find_stream_info (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==
 [ac3 @ 0x10cfc5220] exponent out-of-range
 [ac3 @ 0x10cfc5220] error decoding the audio block
 [ac3 @ 0x10cfc5220] frame sync error
 [Parsed_movie_0 @ 0x10cfb2700] Decode error: Invalid data found when
 processing input
 [ac3 @ 0x10cfc5220] new coupling coordinates must be present in block 0
 [ac3 @ 0x10cfc5220] error decoding the audio block
 ==3625== Invalid read of size 4
 ==3625==    at 0x1014B75A2: conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT
 (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014B6420: swri_audio_convert (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014BE2C3: swr_convert_internal (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014BE0F3: swr_convert (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x100072D6B: filter_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008E109: ff_filter_frame_framed (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008F44B: ff_filter_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x1000A06B1: movie_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008DEAA: ff_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10005814A: lavfi_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
 ==3625==    by 0x10028A838: ff_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
 ==3625==
 ==3625==
 ==3625== Process terminating with default action of signal 11 (SIGSEGV)
 ==3625==  Access not within mapped region at address 0x0
 ==3625==    at 0x1014B75A2: conv_AV_SAMPLE_FMT_FLT_to_AV_SAMPLE_FMT_FLT
 (in /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014B6420: swri_audio_convert (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014BE2C3: swr_convert_internal (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x1014BE0F3: swr_convert (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libswresample.2.0.100.dylib)
 ==3625==    by 0x100072D6B: filter_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008E109: ff_filter_frame_framed (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008F44B: ff_filter_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x1000A06B1: movie_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10008DEAA: ff_request_frame (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x100091FBA: av_buffersink_get_frame_flags (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavfilter.6.8.100.dylib)
 ==3625==    by 0x10005814A: lavfi_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavdevice.57.0.100.dylib)
 ==3625==    by 0x10028A838: ff_read_packet (in
 /usr/local/Cellar/ffmpeg/HEAD/lib/libavformat.57.2.100.dylib)
 ==3625==  If you believe this happened as a result of a stack
 ==3625==  overflow in your program's main thread (unlikely but
 ==3625==  possible), you can try to increase the size of the
 ==3625==  main thread stack using the --main-stacksize= flag.
 ==3625==  The main thread stack size used in this run was 8388608.
 ==3625==
 ==3625== HEAP SUMMARY:
 ==3625==     in use at exit: 1,848,291 bytes in 2,782 blocks
 ==3625==   total heap usage: 5,754 allocs, 2,972 frees, 7,681,510 bytes
 allocated
 ==3625==
 ==3625== LEAK SUMMARY:
 ==3625==    definitely lost: 3,518 bytes in 48 blocks
 ==3625==    indirectly lost: 5,624 bytes in 30 blocks
 ==3625==      possibly lost: 20,008 bytes in 147 blocks
 ==3625==    still reachable: 469,956 bytes in 1,078 blocks
 ==3625==         suppressed: 1,349,185 bytes in 1,479 blocks
 ==3625== Rerun with --leak-check=full to see details of leaked memory
 ==3625==
 ==3625== For counts of detected and suppressed errors, rerun with: -v
 ==3625== Use --track-origins=yes to see where uninitialised values come
 from
 ==3625== ERROR SUMMARY: 5 errors from 4 contexts (suppressed: 0 from 0)
 [1]    3625 killed     valgrind ffmpeg -f lavfi -i  -c:v rawvideo -c:a
 pcm_f32le -c:s srt -f matrosk
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4884>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list