[FFmpeg-trac] #5842(undetermined:new): "unsupported" mtaf file

FFmpeg trac at avcodec.org
Thu Sep 15 17:16:53 EEST 2016


#5842: "unsupported" mtaf file
-------------------------------------+-------------------------------------
             Reporter:  zhidd        |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  important    |                Component:
              Version:  git-master   |  undetermined
             Keywords:  crash        |               Resolution:
  SIGSEGV adpcm                      |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:  crash => crash SIGSEGV adpcm


Comment:

 I wonder what kind of proof you mean, if it does not crash for you, there
 most likely is no issue...
 {{{
 $ valgrind ffmpeg_g -i mg1_bgm03_main.mtaf -f null -
 ==22290== Memcheck, a memory error detector
 ==22290== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==22290== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
 info
 ==22290== Command: ffmpeg_g -i mg1_bgm03_main.mtaf -f null -
 ==22290==
 ffmpeg version N-81667-g0222602 Copyright (c) 2000-2016 the FFmpeg
 developers
   built with gcc 4.7 (SUSE Linux)
   configuration:
   libavutil      55. 29.100 / 55. 29.100
   libavcodec     57. 55.101 / 57. 55.101
   libavformat    57. 49.100 / 57. 49.100
   libavdevice    57.  0.102 / 57.  0.102
   libavfilter     6. 62.100 /  6. 62.100
   libswscale      4.  1.100 /  4.  1.100
   libswresample   2.  1.100 /  2.  1.100
 Guessed Channel Layout for Input Stream #0.0 : stereo
 Input #0, mtaf, from 'mg1_bgm03_main.mtaf':
   Duration: 00:01:40.23, bitrate: 408 kb/s
     Stream #0:0: Audio: adpcm_mtaf, 48000 Hz, 2 channels, s16p
 [null @ 0xb52cba0] Using AVStream.codec to pass codec parameters to muxers
 is deprecated, use AVStream.codecpar instead.
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.49.100
     Stream #0:0: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
     Metadata:
       encoder         : Lavc57.55.101 pcm_s16le
 Stream mapping:
   Stream #0:0 -> #0:0 (adpcm_mtaf (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help
 ==22290== Invalid read of size 2
 ==22290==    at 0xD9E872: adpcm_decode_frame (adpcm.c:352)
 ==22290==    by 0xAC8C0D: avcodec_decode_audio4 (utils.c:2326)
 ==22290==    by 0x499343: decode_audio (ffmpeg.c:1960)
 ==22290==    by 0x49D118: transcode (ffmpeg.c:2336)
 ==22290==    by 0x47EADF: main (ffmpeg.c:4313)
 ==22290==  Address 0x1569ea0 is not stack'd, malloc'd or (recently) free'd
 ==22290==
 ==22290==
 ==22290== Process terminating with default action of signal 11 (SIGSEGV)
 ==22290==  Access not within mapped region at address 0x1569EA0
 ==22290==    at 0xD9E872: adpcm_decode_frame (adpcm.c:352)
 ==22290==    by 0xAC8C0D: avcodec_decode_audio4 (utils.c:2326)
 ==22290==    by 0x499343: decode_audio (ffmpeg.c:1960)
 ==22290==    by 0x49D118: transcode (ffmpeg.c:2336)
 ==22290==    by 0x47EADF: main (ffmpeg.c:4313)
 ==22290==  If you believe this happened as a result of a stack
 ==22290==  overflow in your program's main thread (unlikely but
 ==22290==  possible), you can try to increase the size of the
 ==22290==  main thread stack using the --main-stacksize= flag.
 ==22290==  The main thread stack size used in this run was 8388608.
 ==22290==
 ==22290== HEAP SUMMARY:
 ==22290==     in use at exit: 132,185 bytes in 318 blocks
 ==22290==   total heap usage: 910 allocs, 592 frees, 239,934 bytes
 allocated
 ==22290==
 ==22290== LEAK SUMMARY:
 ==22290==    definitely lost: 0 bytes in 0 blocks
 ==22290==    indirectly lost: 0 bytes in 0 blocks
 ==22290==      possibly lost: 2,736 bytes in 9 blocks
 ==22290==    still reachable: 129,449 bytes in 309 blocks
 ==22290==         suppressed: 0 bytes in 0 blocks
 ==22290== Rerun with --leak-check=full to see details of leaked memory
 ==22290==
 ==22290== For counts of detected and suppressed errors, rerun with: -v
 ==22290== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
 Killed
 }}}
 {{{
 (gdb) r -i mg1_bgm03_main.mtaf -f null -
 Starting program: ffmpeg_g -i mg1_bgm03_main.mtaf -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-81667-g0222602 Copyright (c) 2000-2016 the FFmpeg
 developers
   built with gcc 4.7 (SUSE Linux)
   configuration:
   libavutil      55. 29.100 / 55. 29.100
   libavcodec     57. 55.101 / 57. 55.101
   libavformat    57. 49.100 / 57. 49.100
   libavdevice    57.  0.102 / 57.  0.102
   libavfilter     6. 62.100 /  6. 62.100
   libswscale      4.  1.100 /  4.  1.100
   libswresample   2.  1.100 /  2.  1.100
 Guessed Channel Layout for Input Stream #0.0 : stereo
 Input #0, mtaf, from 'mg1_bgm03_main.mtaf':
   Duration: 00:01:40.23, bitrate: 408 kb/s
     Stream #0:0: Audio: adpcm_mtaf, 48000 Hz, 2 channels, s16p
 [New Thread 0x7ffff1709700 (LWP 22331)]
 [New Thread 0x7ffff0f08700 (LWP 22332)]
 [New Thread 0x7ffff0707700 (LWP 22333)]
 [New Thread 0x7fffeff06700 (LWP 22334)]
 [New Thread 0x7fffef705700 (LWP 22335)]
 [New Thread 0x7fffeef04700 (LWP 22336)]
 [New Thread 0x7fffee703700 (LWP 22337)]
 [New Thread 0x7fffedf02700 (LWP 22338)]
 [New Thread 0x7fffed701700 (LWP 22339)]
 [null @ 0x1e75200] Using AVStream.codec to pass codec parameters to muxers
 is deprecated, use AVStream.codecpar instead.
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.49.100
     Stream #0:0: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
     Metadata:
       encoder         : Lavc57.55.101 pcm_s16le
 Stream mapping:
   Stream #0:0 -> #0:0 (adpcm_mtaf (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 0x0000000000d9e872 in adpcm_mtaf_expand_nibble (nibble=0 '\000',
 c=<optimized out>)
     at libavcodec/adpcm.c:352
 352         c->predictor += ff_adpcm_mtaf_stepsize[c->step][nibble];
 (gdb) bt
 #0  0x0000000000d9e872 in adpcm_mtaf_expand_nibble (nibble=0 '\000',
 c=<optimized out>)
     at libavcodec/adpcm.c:352
 #1  adpcm_decode_frame (avctx=0x1e60e20, data=0x1e85980,
 got_frame_ptr=0x7fffffffd7bc,
     avpkt=0x7fffffffd460) at libavcodec/adpcm.c:920
 #2  0x0000000000ac8c0e in avcodec_decode_audio4
 (avctx=avctx at entry=0x1e60e20,
     frame=frame at entry=0x1e85980,
 got_frame_ptr=got_frame_ptr at entry=0x7fffffffd7bc,
     avpkt=avpkt at entry=0x7fffffffdac0) at libavcodec/utils.c:2326
 #3  0x0000000000499344 in decode_audio (ist=ist at entry=0x1e61540,
     pkt=pkt at entry=0x7fffffffdac0,
 got_output=got_output at entry=0x7fffffffd7bc)
     at ffmpeg.c:1960
 #4  0x000000000049d119 in process_input_packet (no_eof=0,
 pkt=0x7fffffffda60, ist=0x1e61540)
     at ffmpeg.c:2336
 #5  process_input (file_index=2048) at ffmpeg.c:3976
 #6  transcode_step () at ffmpeg.c:4064
 #7  transcode () at ffmpeg.c:4118
 #8  0x000000000047eae0 in main (argc=<optimized out>, argv=0x7fffffffdd08)
 at ffmpeg.c:4313
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0xd9e852 to 0xd9e892:
    0x0000000000d9e852 <adpcm_decode_frame+6722>:        rex.WX clc
    0x0000000000d9e854 <adpcm_decode_frame+6724>:        lea
 (%r15,%rdx,4),%rcx
    0x0000000000d9e858 <adpcm_decode_frame+6728>:        movzbl
 (%r12,%rax,1),%r11d
    0x0000000000d9e85d <adpcm_decode_frame+6733>:        mov
 0x8(%rcx),%edi
    0x0000000000d9e860 <adpcm_decode_frame+6736>:        movslq %edi,%rdx
    0x0000000000d9e863 <adpcm_decode_frame+6739>:        shl    $0x4,%rdx
    0x0000000000d9e867 <adpcm_decode_frame+6743>:        movzbl %r11b,%r10d
    0x0000000000d9e86b <adpcm_decode_frame+6747>:        and    $0xf,%r11d
    0x0000000000d9e86f <adpcm_decode_frame+6751>:        add    %r11,%rdx
 => 0x0000000000d9e872 <adpcm_decode_frame+6754>:        movswl
 0x1371ba0(%rdx,%rdx,1),%edx
    0x0000000000d9e87a <adpcm_decode_frame+6762>:        add    (%rcx),%edx
    0x0000000000d9e87c <adpcm_decode_frame+6764>:        lea
 0x8000(%rdx),%r8d
    0x0000000000d9e883 <adpcm_decode_frame+6771>:        mov    %edx,%esi
    0x0000000000d9e885 <adpcm_decode_frame+6773>:        and
 $0xffff0000,%r8d
    0x0000000000d9e88c <adpcm_decode_frame+6780>:        je     0xd9e898
 <adpcm_decode_frame+6792>
    0x0000000000d9e88e <adpcm_decode_frame+6782>:        sar    $0x1f,%edx
    0x0000000000d9e891 <adpcm_decode_frame+6785>:        mov    %edx,%esi
 End of assembler dump.
 (gdb) info register
 rax            0x0      0
 rbx            0x1      1
 rcx            0x1e612c0        31855296
 rdx            0xfc180  1032576
 rsi            0x2      2
 rdi            0xfc18   64536
 rbp            0x1e612c0        0x1e612c0
 rsp            0x7fffffffcf60   0x7fffffffcf60
 r8             0x1e85988        32004488
 r9             0x1e85e00        32005632
 r10            0x0      0
 r11            0x0      0
 r12            0x1e63630        31864368
 r13            0x100    256
 r14            0x0      0
 r15            0x1e612c0        31855296
 rip            0xd9e872 0xd9e872 <adpcm_decode_frame+6754>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5842#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list