[FFmpeg-trac] #5844(avformat:new): FFMPEG HEAD+3.1.3 : Crash when using RTSP mux (ie RECORD method)
FFmpeg
trac at avcodec.org
Mon Sep 12 13:32:42 EEST 2016
#5844: FFMPEG HEAD+3.1.3 : Crash when using RTSP mux (ie RECORD method)
-------------------------------------+-------------------------------------
Reporter: LeRatier | Type: defect
Status: new | Priority: normal
Component: avformat | Version: git-
Keywords: rtsp, | master
RECORD | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
When using ffmpeg as a RTSP muxer to a RTSP proxy, FFMPEG HEAD and 3.1.3
are crashing (SEGFAULT). This does not happen in 2.8.7 version (not tested
with 3.0 branch).
How to reproduce:
Use the RTSP poxy server from here : https://github.com/revmischa/rtsp-
server
Once compiled, launch it with the following command :
{{{
./rtsp-server.pl -l 10 -c 8554 --source_listen_address 127.0.0.1 -s 8001
}}}
In another shell, launch the ffmpeg command, with a video file of your
choice :
{{{
gdb --args ./ffmpeg_g -loglevel 99 -re -i VIDEO_FILE -r 12 -vcodec libx264
-preset superfast -an -tune zerolatency -b:v 1000k -protocol_whitelist
pipe,file,udp,rtp,rtsp,tcp -f rtsp rtsp://127.0.0.1:8001/live0
}}}
Then ffmpeg segfaults with the following trace :
{{{
#0 0x00007ffff747e421 in do_packet_auto_bsf () from
./libavformat/libavformat.so.57
#1 0x00007ffff74800df in av_write_frame () from
./libavformat/libavformat.so.57
#2 0x00007ffff7481f74 in ff_write_chained () from
./libavformat/libavformat.so.57
#3 0x00007ffff74d92d8 in rtsp_write_packet () from
./libavformat/libavformat.so.57
#4 0x00007ffff7481455 in av_interleaved_write_frame () from
./libavformat/libavformat.so.57
#5 0x000000000041f20c in write_frame ()
#6 0x00000000004214d8 in do_video_out ()
#7 0x00000000004234bb in reap_filters ()
#8 0x0000000000408eda in main (
}}}
Disass output :
{{{
Dump of assembler code from 0x7ffff747e401 to 0x7ffff747e441:
0x00007ffff747e401 <do_packet_auto_bsf+1>: push %rdi
0x00007ffff747e402 <do_packet_auto_bsf+2>: push %r14
0x00007ffff747e404 <do_packet_auto_bsf+4>: push %r13
0x00007ffff747e406 <do_packet_auto_bsf+6>: mov %rsi,%r13
0x00007ffff747e409 <do_packet_auto_bsf+9>: push %r12
0x00007ffff747e40b <do_packet_auto_bsf+11>: push %rbp
0x00007ffff747e40c <do_packet_auto_bsf+12>: push %rbx
0x00007ffff747e40d <do_packet_auto_bsf+13>: sub $0x8,%rsp
0x00007ffff747e411 <do_packet_auto_bsf+17>: movslq 0x24(%rsi),%rdx
0x00007ffff747e415 <do_packet_auto_bsf+21>: mov 0x30(%rdi),%rax
0x00007ffff747e419 <do_packet_auto_bsf+25>: mov (%rax,%rdx,8),%r14
0x00007ffff747e41d <do_packet_auto_bsf+29>: mov 0x10(%rdi),%rax
=> 0x00007ffff747e421 <do_packet_auto_bsf+33>: mov 0xc0(%rax),%rdx
0x00007ffff747e428 <do_packet_auto_bsf+40>: mov 0x308(%r14),%rax
0x00007ffff747e42f <do_packet_auto_bsf+47>: test %rdx,%rdx
0x00007ffff747e432 <do_packet_auto_bsf+50>: je 0x7ffff747e43f
<do_packet_auto_bsf+63>
0x00007ffff747e434 <do_packet_auto_bsf+52>: mov 0x14(%rax),%ecx
0x00007ffff747e437 <do_packet_auto_bsf+55>: test %ecx,%ecx
0x00007ffff747e439 <do_packet_auto_bsf+57>: je 0x7ffff747e570
<do_packet_auto_bsf+368>
0x00007ffff747e43f <do_packet_auto_bsf+63>: mov 0x10(%rax),%edx
End of assembler dump.
}}}
And registers :
{{{
rax 0xf77a06a0 4151969440
rbx 0xd9c1a0 14270880
rcx 0x0 0
rdx 0x0 0
rsi 0x7fffffffae50 140737488334416
rdi 0xd9c1a0 14270880
rbp 0x7fffffffae50 0x7fffffffae50
rsp 0x7fffffffad70 0x7fffffffad70
r8 0x15f90 90000
r9 0x1 1
r10 0xafc8 45000
r11 0x15f90 90000
r12 0x0 0
r13 0x7fffffffae50 140737488334416
r14 0xd9c8c0 14272704
r15 0x0 0
rip 0x7ffff747e421 0x7ffff747e421 <do_packet_auto_bsf+33>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x4a4c4e4e52565b5a) (raw 0xffff4a4c4e4e52565b5a)
st1 -nan(0x4f4e4a4743434547) (raw 0xffff4f4e4a4743434547)
st2 -nan(0x4746474b5153504f) (raw 0xffff4746474b5153504f)
st3 -nan(0x4a4a484a4b4b4544) (raw 0xffff4a4a484a4b4b4544)
st4 -nan(0x545353524d4a4647) (raw 0xffff545353524d4a4647)
st5 -nan(0x5455545455555454) (raw 0xffff5455545455555454)
st6 -nan(0x4f4d4a4a4c505353) (raw 0xffff4f4d4a4a4c505353)
st7 -nan(0x71727576716a6058) (raw 0xffff71727576716a6058)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xff,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff,
0x0 <repeats 19 times>}, v16_int16 = {0x0, 0x0, 0xff, 0x0, 0x0, 0x0,
0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xff,
0x0, 0xff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0xff00000000, 0xff00000000, 0x0, 0x0}, v2_int128 =
{0x000000ff00000000000000ff00000000, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x25 <repeats 16 times>, 0x0
<repeats 16 times>}, v16_int16 = {0x2525, 0x2525, 0x2525,
0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v8_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2525252525252525,
0x2525252525252525, 0x0, 0x0}, v2_int128 =
{0x25252525252525252525252525252525, 0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x38, 0x20, 0x62, 0x79,
0x74, 0x65, 0x73, 0xa, 0x0 <repeats 24 times>}, v16_int16 = {
0x2038, 0x7962, 0x6574, 0xa73, 0x0 <repeats 12 times>}, v8_int32 =
{0x79622038, 0xa736574, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
{0xa73657479622038, 0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000000a73657479622038,
0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xff,
0x0 <repeats 27 times>}, v16_int16 = {0x0, 0x0, 0xff,
0x0 <repeats 13 times>}, v8_int32 = {0x0, 0xff, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0xff00000000, 0x0, 0x0, 0x0}, v2_int128 =
{0x0000000000000000000000ff00000000,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x40, 0x0
<repeats 28 times>}, v16_int16 = {0x0, 0x4000,
0x0 <repeats 14 times>}, v8_int32 = {0x40000000, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x40000000, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000000000000040000000,
---Type <return> to continue, or q <return> to quit---
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x2, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x1, 0x1, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x40, 0x22,
0xe8, 0xfa, 0x3f, 0x0, 0x0, 0x0, 0x40, 0x22, 0xe8, 0xfa,
0x3f, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x4000, 0xe822,
0x3ffa, 0x0, 0x4000, 0xe822, 0x3ffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int32 = {0x40000000, 0x3ffae822, 0x40000000,
0x3ffae822, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3ffae82240000000,
0x3ffae82240000000, 0x0, 0x0}, v2_int128 =
{0x3ffae822400000003ffae82240000000, 0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x17, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x37, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x0,
0x0, 0x0, 0x4037, 0x0 <repeats 12 times>}, v8_int32 = {0x0,
0x40370000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4037000000000000,
0x0, 0x0, 0x0}, v2_int128 = {
0x00000000000000004037000000000000,
0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0xff, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff,
0x0 <repeats 17 times>}, v16_int16 = {0xff00, 0x0, 0x0, 0x0, 0x0,
0xff, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
{0xff00, 0x0, 0xff0000, 0xff0000, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xff00, 0xff000000ff0000, 0x0, 0x0}, v2_int128 =
{0x00ff000000ff0000000000000000ff00, 0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>},
v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {0x00000000000000000000000000000000,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x1 <repeats 16 times>, 0x0
<repeats 16 times>}, v16_int16 = {0x101, 0x101, 0x101,
0x101, 0x101, 0x101, 0x101, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int32 = {0x1010101, 0x1010101, 0x1010101, 0x1010101, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x101010101010101,
0x101010101010101, 0x0, 0x0}, v2_int128 =
{0x01010101010101010101010101010101, 0x00000000000000000000000000000000}}
}}}
Note that in 3.1.3, the crash occurs in compute_muxer_pkt_fields().
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5844>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list