[FFmpeg-trac] #5752(avformat:new): Crash when muxing webm_chunk
FFmpeg
trac at avcodec.org
Wed Aug 3 21:35:19 EEST 2016
#5752: Crash when muxing webm_chunk
-------------------------------------+-------------------------------------
Reporter: cehoyos | Owner:
Type: defect | Status: new
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: crash | Blocked By:
SIGSEGV mkv | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Description changed by cehoyos:
Old description:
> http://ffmpeg.org/pipermail/ffmpeg-user/2016-August/033006.html
> A user provided ac3 audio that crashes the webm_chunk muxer.
> {{{
> (gdb) r -i out.ac3 -map 0:a:0 -strict -2 -acodec vorbis -ac 2 -header
> header out%d.chk
> Starting program: ffmpeg_g -i out.ac3 -map 0:a:0 -strict -2 -acodec
> vorbis -ac 2 -header header out%d.chk
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> ffmpeg version N-81244-g8916ad9 Copyright (c) 2000-2016 the FFmpeg
> developers
> built with gcc 4.7 (SUSE Linux)
> configuration: --enable-libvpx --enable-libvorbis
> libavutil 55. 28.100 / 55. 28.100
> libavcodec 57. 51.100 / 57. 51.100
> libavformat 57. 44.100 / 57. 44.100
> libavdevice 57. 0.102 / 57. 0.102
> libavfilter 6. 49.100 / 6. 49.100
> libswscale 4. 1.100 / 4. 1.100
> libswresample 2. 1.100 / 2. 1.100
> [ac3 @ 0x1e31560] Format ac3 detected only with low score of 25,
> misdetection possible!
> [ac3 @ 0x1e31560] Estimating duration from bitrate, this may be
> inaccurate
> Input #0, ac3, from 'out.ac3':
> Duration: 00:00:26.68, start: 0.000000, bitrate: 384 kb/s
> Stream #0:0: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
> [New Thread 0x7ffff11fb700 (LWP 30131)]
> [New Thread 0x7ffff09fa700 (LWP 30132)]
> [New Thread 0x7ffff01f9700 (LWP 30133)]
> [New Thread 0x7fffef9f8700 (LWP 30134)]
> [New Thread 0x7fffef1f7700 (LWP 30135)]
> [New Thread 0x7fffee9f6700 (LWP 30136)]
> [New Thread 0x7fffee1f5700 (LWP 30137)]
> [New Thread 0x7fffed9f4700 (LWP 30138)]
> [New Thread 0x7fffed1f3700 (LWP 30139)]
> [webm_chunk @ 0x1e33aa0] Using AVStream.codec to pass codec parameters to
> muxers is deprecated, use AVStream.codecpar instead.
> Output #0, webm_chunk, to 'chk/out%d.chk':
> Metadata:
> encoder : Lavf57.44.100
> Stream #0:0: Audio: vorbis, 48000 Hz, stereo, fltp
> Metadata:
> encoder : Lavc57.51.100 vorbis
> Stream mapping:
> Stream #0:0 -> #0:0 (ac3 (native) -> vorbis (native))
> Press [q] to stop, [?] for help
> [ac3 @ 0x1e33320] frame sync error
> Error while decoding stream #0:0: Invalid data found when processing
> input
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20,
> pkt=0x7fffffffd2b0)
> at libavformat/matroskaenc.c:2111
> 2111 if (s->pb->seekable)
> (gdb) bt
> #0 0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20,
> pkt=0x7fffffffd2b0)
> at libavformat/matroskaenc.c:2111
> #1 0x00000000006c6cb6 in webm_chunk_write_packet (s=0x1e33aa0,
> pkt=0x7fffffffd2b0)
> at libavformat/webm_chunk.c:210
> #2 0x000000000063df2d in write_packet (s=s at entry=0x1e33aa0,
> pkt=pkt at entry=0x7fffffffd2b0)
> at libavformat/mux.c:732
> #3 0x000000000064022e in av_interleaved_write_frame
> (s=s at entry=0x1e33aa0, pkt=0x0,
> pkt at entry=0x7fffffffd610) at libavformat/mux.c:1184
> #4 0x0000000000493b0d in write_frame (s=s at entry=0x1e33aa0,
> pkt=pkt at entry=0x7fffffffd610,
> ost=ost at entry=0x1e68d20) at ffmpeg.c:762
> #5 0x0000000000498807 in do_audio_out (frame=0x1e34e60, ost=0x1e68d20,
> s=0x1e33aa0)
> at ffmpeg.c:840
> #6 reap_filters (flush=flush at entry=0) at ffmpeg.c:1376
> #7 0x000000000049be1a in transcode_step () at ffmpeg.c:4119
> #8 transcode () at ffmpeg.c:4163
> #9 0x000000000047e36b in main (argc=<optimized out>,
> argv=0x7fffffffdcc8) at ffmpeg.c:4356
> (gdb) disass $pc-32,$pc+32
> Dump of assembler code from 0x600960 to 0x6009a0:
> 0x0000000000600960 <mkv_write_flush_packet+16>: and $0xe0,%al
> 0x0000000000600962 <mkv_write_flush_packet+18>: mov
> %r13,-0x18(%rsp)
> 0x0000000000600967 <mkv_write_flush_packet+23>: mov %rsi,%r12
> 0x000000000060096a <mkv_write_flush_packet+26>: mov
> %r14,-0x10(%rsp)
> 0x000000000060096f <mkv_write_flush_packet+31>: mov
> %r15,-0x8(%rsp)
> 0x0000000000600974 <mkv_write_flush_packet+36>: sub $0x58,%rsp
> 0x0000000000600978 <mkv_write_flush_packet+40>: mov
> 0x18(%rdi),%rbx
> 0x000000000060097c <mkv_write_flush_packet+44>: mov
> 0x20(%rdi),%rdi
> => 0x0000000000600980 <mkv_write_flush_packet+48>: mov
> 0x90(%rdi),%edx
> 0x0000000000600986 <mkv_write_flush_packet+54>: mov %rdi,%r13
> 0x0000000000600989 <mkv_write_flush_packet+57>: test %edx,%edx
> 0x000000000060098b <mkv_write_flush_packet+59>: jne 0x600991
> <mkv_write_flush_packet+65>
> 0x000000000060098d <mkv_write_flush_packet+61>: mov
> 0x10(%rbx),%r13
> 0x0000000000600991 <mkv_write_flush_packet+65>: test %r12,%r12
> 0x0000000000600994 <mkv_write_flush_packet+68>: je 0x600bb0
> <mkv_write_flush_packet+608>
> 0x000000000060099a <mkv_write_flush_packet+74>: movslq
> 0x24(%r12),%rax
> 0x000000000060099f <mkv_write_flush_packet+79>: mov
> 0x30(%rbp),%rcx
> End of assembler dump.
> (gdb) info register
> rax 0x16a3d00 23739648
> rbx 0x1eae440 32171072
> rcx 0x5 5
> rdx 0x5dc0 24000
> rsi 0x7fffffffd2b0 140737488343728
> rdi 0x0 0
> rbp 0x1eade20 0x1eade20
> rsp 0x7fffffffd110 0x7fffffffd110
> r8 0x1eaef10 32173840
> r9 0x5dc0 24000
> r10 0x1 1
> r11 0x8000000000000001 -9223372036854775807
> r12 0x7fffffffd2b0 140737488343728
> r13 0x1eade20 32169504
> r14 0x20 32
> r15 0x600 1536
> rip 0x600980 0x600980 <mkv_write_flush_packet+48>
> eflags 0x10202 [ IF RF ]
> cs 0x33 51
> ss 0x2b 43
> ds 0x0 0
> es 0x0 0
> fs 0x0 0
> gs 0x0 0
> }}}
New description:
http://ffmpeg.org/pipermail/ffmpeg-user/2016-August/033006.html
A user provided ac3 audio that crashes the webm_chunk muxer.
{{{
(gdb) r -i out.ac3 -map 0:a:0 -strict -2 -acodec vorbis -ac 2 -header
header out%d.chk
Starting program: ffmpeg_g -i out.ac3 -map 0:a:0 -strict -2 -acodec vorbis
-ac 2 -header header out%d.chk
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-81244-g8916ad9 Copyright (c) 2000-2016 the FFmpeg
developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-libvpx --enable-libvorbis
libavutil 55. 28.100 / 55. 28.100
libavcodec 57. 51.100 / 57. 51.100
libavformat 57. 44.100 / 57. 44.100
libavdevice 57. 0.102 / 57. 0.102
libavfilter 6. 49.100 / 6. 49.100
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 1.100 / 2. 1.100
[ac3 @ 0x1e31560] Format ac3 detected only with low score of 25,
misdetection possible!
[ac3 @ 0x1e31560] Estimating duration from bitrate, this may be inaccurate
Input #0, ac3, from 'out.ac3':
Duration: 00:00:26.68, start: 0.000000, bitrate: 384 kb/s
Stream #0:0: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
[New Thread 0x7ffff11fb700 (LWP 30131)]
[New Thread 0x7ffff09fa700 (LWP 30132)]
[New Thread 0x7ffff01f9700 (LWP 30133)]
[New Thread 0x7fffef9f8700 (LWP 30134)]
[New Thread 0x7fffef1f7700 (LWP 30135)]
[New Thread 0x7fffee9f6700 (LWP 30136)]
[New Thread 0x7fffee1f5700 (LWP 30137)]
[New Thread 0x7fffed9f4700 (LWP 30138)]
[New Thread 0x7fffed1f3700 (LWP 30139)]
[webm_chunk @ 0x1e33aa0] Using AVStream.codec to pass codec parameters to
muxers is deprecated, use AVStream.codecpar instead.
Output #0, webm_chunk, to 'out%d.chk':
Metadata:
encoder : Lavf57.44.100
Stream #0:0: Audio: vorbis, 48000 Hz, stereo, fltp
Metadata:
encoder : Lavc57.51.100 vorbis
Stream mapping:
Stream #0:0 -> #0:0 (ac3 (native) -> vorbis (native))
Press [q] to stop, [?] for help
[ac3 @ 0x1e33320] frame sync error
Error while decoding stream #0:0: Invalid data found when processing input
Program received signal SIGSEGV, Segmentation fault.
0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20,
pkt=0x7fffffffd2b0)
at libavformat/matroskaenc.c:2111
2111 if (s->pb->seekable)
(gdb) bt
#0 0x0000000000600980 in mkv_write_flush_packet (s=0x1eade20,
pkt=0x7fffffffd2b0)
at libavformat/matroskaenc.c:2111
#1 0x00000000006c6cb6 in webm_chunk_write_packet (s=0x1e33aa0,
pkt=0x7fffffffd2b0)
at libavformat/webm_chunk.c:210
#2 0x000000000063df2d in write_packet (s=s at entry=0x1e33aa0,
pkt=pkt at entry=0x7fffffffd2b0)
at libavformat/mux.c:732
#3 0x000000000064022e in av_interleaved_write_frame (s=s at entry=0x1e33aa0,
pkt=0x0,
pkt at entry=0x7fffffffd610) at libavformat/mux.c:1184
#4 0x0000000000493b0d in write_frame (s=s at entry=0x1e33aa0,
pkt=pkt at entry=0x7fffffffd610,
ost=ost at entry=0x1e68d20) at ffmpeg.c:762
#5 0x0000000000498807 in do_audio_out (frame=0x1e34e60, ost=0x1e68d20,
s=0x1e33aa0)
at ffmpeg.c:840
#6 reap_filters (flush=flush at entry=0) at ffmpeg.c:1376
#7 0x000000000049be1a in transcode_step () at ffmpeg.c:4119
#8 transcode () at ffmpeg.c:4163
#9 0x000000000047e36b in main (argc=<optimized out>, argv=0x7fffffffdcc8)
at ffmpeg.c:4356
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x600960 to 0x6009a0:
0x0000000000600960 <mkv_write_flush_packet+16>: and $0xe0,%al
0x0000000000600962 <mkv_write_flush_packet+18>: mov
%r13,-0x18(%rsp)
0x0000000000600967 <mkv_write_flush_packet+23>: mov %rsi,%r12
0x000000000060096a <mkv_write_flush_packet+26>: mov
%r14,-0x10(%rsp)
0x000000000060096f <mkv_write_flush_packet+31>: mov
%r15,-0x8(%rsp)
0x0000000000600974 <mkv_write_flush_packet+36>: sub $0x58,%rsp
0x0000000000600978 <mkv_write_flush_packet+40>: mov
0x18(%rdi),%rbx
0x000000000060097c <mkv_write_flush_packet+44>: mov
0x20(%rdi),%rdi
=> 0x0000000000600980 <mkv_write_flush_packet+48>: mov
0x90(%rdi),%edx
0x0000000000600986 <mkv_write_flush_packet+54>: mov %rdi,%r13
0x0000000000600989 <mkv_write_flush_packet+57>: test %edx,%edx
0x000000000060098b <mkv_write_flush_packet+59>: jne 0x600991
<mkv_write_flush_packet+65>
0x000000000060098d <mkv_write_flush_packet+61>: mov
0x10(%rbx),%r13
0x0000000000600991 <mkv_write_flush_packet+65>: test %r12,%r12
0x0000000000600994 <mkv_write_flush_packet+68>: je 0x600bb0
<mkv_write_flush_packet+608>
0x000000000060099a <mkv_write_flush_packet+74>: movslq
0x24(%r12),%rax
0x000000000060099f <mkv_write_flush_packet+79>: mov
0x30(%rbp),%rcx
End of assembler dump.
(gdb) info register
rax 0x16a3d00 23739648
rbx 0x1eae440 32171072
rcx 0x5 5
rdx 0x5dc0 24000
rsi 0x7fffffffd2b0 140737488343728
rdi 0x0 0
rbp 0x1eade20 0x1eade20
rsp 0x7fffffffd110 0x7fffffffd110
r8 0x1eaef10 32173840
r9 0x5dc0 24000
r10 0x1 1
r11 0x8000000000000001 -9223372036854775807
r12 0x7fffffffd2b0 140737488343728
r13 0x1eade20 32169504
r14 0x20 32
r15 0x600 1536
rip 0x600980 0x600980 <mkv_write_flush_packet+48>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5752#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list