[FFmpeg-trac] #6491(avfilter:open): FFMPEG crashes when trying to crop 1080p60 video to 1440x1080 and interlace

FFmpeg trac at avcodec.org
Tue Jun 27 02:49:59 EEST 2017


#6491: FFMPEG crashes when trying to crop 1080p60 video to 1440x1080 and interlace
-------------------------------------+-------------------------------------
             Reporter:  alexpigment  |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  normal       |                Component:  avfilter
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV interlace                  |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by llogan):

 * keywords:  crash, ffmpeg, 1080i, 1440x1080, interlace, crop => crash
     SIGSEGV interlace
 * status:  new => open
 * version:  unspecified => git-master
 * component:  undetermined => avfilter
 * reproduced:  0 => 1


Comment:

 I didn't test for regression.

 {{{
 (gdb) r -f lavfi -i testsrc=s=hd1080,format=yuv420p -vf
 crop=1440:1080,interlace -f null -
 Starting program: ffmpeg_g -f lavfi -i testsrc=s=hd1080,format=yuv420p -vf
 crop=1440:1080,interlace -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/usr/lib/libthread_db.so.1".
 ffmpeg version N-86620-g3594788b71 Copyright (c) 2000-2017 the FFmpeg
 developers
   built with gcc 7.1.1 (GCC) 20170621
   configuration: --enable-gpl
   libavutil      55. 66.100 / 55. 66.100
   libavcodec     57. 99.102 / 57. 99.102
   libavformat    57. 75.100 / 57. 75.100
   libavdevice    57.  7.100 / 57.  7.100
   libavfilter     6. 94.100 /  6. 94.100
   libswscale      4.  7.101 /  4.  7.101
   libswresample   2.  8.100 /  2.  8.100
   libpostproc    54.  6.100 / 54.  6.100
 [New Thread 0x7ffff3ec0700 (LWP 15562)]
 [New Thread 0x7ffff36bf700 (LWP 15563)]
 [New Thread 0x7ffff2ebe700 (LWP 15564)]
 [New Thread 0x7ffff26bd700 (LWP 15565)]
 [New Thread 0x7ffff1ebc700 (LWP 15566)]
 [New Thread 0x7ffff16bb700 (LWP 15567)]
 [New Thread 0x7ffff0eba700 (LWP 15568)]
 [New Thread 0x7ffff06b9700 (LWP 15569)]
 [New Thread 0x7fffefeb8700 (LWP 15570)]
 Input #0, lavfi, from 'testsrc=s=hd1080,format=yuv420p':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 1920x1080
 [SAR 1:1 DAR 16:9], 25 tbr, 25 tbn, 25 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
 Press [q] to stop, [?] for help
 [New Thread 0x7fffeebc5700 (LWP 15571)]
 [New Thread 0x7fffee3c4700 (LWP 15572)]
 [New Thread 0x7fffedbc3700 (LWP 15573)]
 [New Thread 0x7fffed3c2700 (LWP 15574)]
 [New Thread 0x7fffecbc1700 (LWP 15575)]
 [New Thread 0x7fffec3c0700 (LWP 15576)]
 [New Thread 0x7fffebbbf700 (LWP 15577)]
 [New Thread 0x7fffeb3be700 (LWP 15578)]
 [New Thread 0x7fffeabbd700 (LWP 15579)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf57.75.100
     Stream #0:0: Video: wrapped_avframe, yuv420p, 1440x1080 [SAR 1:1 DAR
 4:3], q=2-31, 200 kb/s, 12.50 fps, 12.50 tbn, 12.50 tbc
     Metadata:
       encoder         : Lavc57.99.102 wrapped_avframe

 Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 0x00000000005f8b63 in ff_lowpass_line_sse2 ()
 (gdb) bt
 #0  0x00000000005f8b63 in ff_lowpass_line_sse2 ()
 #1  0x0000000000533a50 in copy_picture_field (src_frame=0x2046960,
 dst_frame=dst_frame at entry=0x2045720,
     inlink=inlink at entry=0x20443c0,
 field_type=field_type at entry=FIELD_UPPER, lowpass=1, s=<optimized out>)
     at libavfilter/vf_interlace.c:193
 #2  0x0000000000533bce in filter_frame (inlink=inlink at entry=0x20443c0,
 buf=<optimized out>) at libavfilter/vf_interlace.c:257
 #3  0x00000000004bd60b in ff_filter_frame_framed (frame=<optimized out>,
 link=0x20443c0) at libavfilter/avfilter.c:1116
 #4  ff_filter_frame_to_filter (link=0x20443c0) at
 libavfilter/avfilter.c:1264
 #5  ff_filter_activate_default (filter=<optimized out>) at
 libavfilter/avfilter.c:1315
 #6  ff_filter_activate (filter=<optimized out>) at
 libavfilter/avfilter.c:1476
 #7  0x00000000004c0bdc in ff_filter_graph_run_once (graph=<optimized out>)
 at libavfilter/avfiltergraph.c:1449
 #8  0x00000000004c1206 in get_frame_internal (samples=<optimized out>,
 flags=1, frame=<optimized out>, ctx=0x2045300)
     at libavfilter/buffersink.c:110
 #9  av_buffersink_get_frame_flags (ctx=0x2045300, frame=frame at entry=0x0,
 flags=flags at entry=1) at libavfilter/buffersink.c:121
 #10 0x00000000004c0929 in avfilter_graph_request_oldest (graph=0x2043400)
 at libavfilter/avfiltergraph.c:1402
 #11 0x000000000047e89b in transcode_from_filter (best_ist=<synthetic
 pointer>, graph=<optimized out>) at ffmpeg.c:4455
 #12 transcode_step () at ffmpeg.c:4521
 #13 transcode () at ffmpeg.c:4597
 #14 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4803

 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x5f8b43 to 0x5f8b83:
    0x00000000005f8b43:  nopl   %cs:0x0(%rax,%rax,1)
    0x00000000005f8b4c:  nopl   0x0(%rax)
    0x00000000005f8b50 <ff_lowpass_line_sse2+0>: add    %rsi,%rdi
    0x00000000005f8b53 <ff_lowpass_line_sse2+3>: add    %rsi,%rdx
    0x00000000005f8b56 <ff_lowpass_line_sse2+6>: add    %rdx,%rcx
    0x00000000005f8b59 <ff_lowpass_line_sse2+9>: add    %rdx,%r8
    0x00000000005f8b5c <ff_lowpass_line_sse2+12>:        neg    %rsi
    0x00000000005f8b5f <ff_lowpass_line_sse2+15>:        pcmpeqb
 %xmm6,%xmm6
 => 0x00000000005f8b63 <ff_lowpass_line_sse2+19>:        movdqa
 (%rcx,%rsi,1),%xmm0
    0x00000000005f8b68 <ff_lowpass_line_sse2+24>:        movdqa
 0x10(%rcx,%rsi,1),%xmm1
    0x00000000005f8b6e <ff_lowpass_line_sse2+30>:        pavgb
 (%r8,%rsi,1),%xmm0
    0x00000000005f8b74 <ff_lowpass_line_sse2+36>:        pavgb
 0x10(%r8,%rsi,1),%xmm1
    0x00000000005f8b7b <ff_lowpass_line_sse2+43>:        pxor   %xmm6,%xmm0
    0x00000000005f8b7f <ff_lowpass_line_sse2+47>:        pxor   %xmm6,%xmm1
 End of assembler dump.

 (gdb) info all-registers
 rax            0x2042260        33825376
 rbx            0x10e    270
 rcx            0x7fffeedc0758   140737200785240
 rdx            0x7fffeedc0758   140737200785240
 rsi            0xfffffffffffffd30       -720
 rdi            0x7ffff7e65310   140737352454928
 rbp            0x10e    0x10e
 rsp            0x7fffffffdfd8   0x7fffffffdfd8
 r8             0x7fffeedc0b18   140737200786200
 r9             0x10e    270
 r10            0x22     34
 r11            0x246    582
 r12            0x2d0    720
 r13            0x7ffff7e65040   140737352454208
 r14            0x2      2
 r15            0x7fffeedc0488   140737200784520
 rip            0x5f8b63 0x5f8b63 <ff_lowpass_line_sse2+19>
 eflags         0x10287  [ CF PF SF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 st0            0        (raw 0x00000000000000000000)
 st1            0        (raw 0x00000000000000000000)
 st2            0        (raw 0x00000000000000000000)
 st3            0        (raw 0x00000000000000000000)
 st4            0        (raw 0x00000000000000000000)
 st5            0        (raw 0x00000000000000000000)
 st6            0        (raw 0x00000000000000000000)
 st7            0        (raw 0x00000000000000000000)
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0xaa <repeats 16 times>}, v8_int16 = {
     0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa},
 v4_int32 = {0xaaaaaaaa, 0xaaaaaaaa, 0xaaaaaaaa,
     0xaaaaaaaa}, v2_int64 = {0xaaaaaaaaaaaaaaaa, 0xaaaaaaaaaaaaaaaa},
 uint128 = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa}
 xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0xaa <repeats 16 times>}, v8_int16 = {
     0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa, 0xaaaa},
 v4_int32 = {0xaaaaaaaa, 0xaaaaaaaa, 0xaaaaaaaa,
     0xaaaaaaaa}, v2_int64 = {0xaaaaaaaaaaaaaaaa, 0xaaaaaaaaaaaaaaaa},
 uint128 = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa}
 xmm2           {v4_float = {0x55500000, 0x55500000, 0x55500000,
 0x55500000}, v2_double = {0x8000000000000000,
     0x8000000000000000}, v16_int8 = {0x55 <repeats 16 times>}, v8_int16 =
 {0x5555, 0x5555, 0x5555, 0x5555, 0x5555, 0x5555,
     0x5555, 0x5555}, v4_int32 = {0x55555555, 0x55555555, 0x55555555,
 0x55555555}, v2_int64 = {0x5555555555555555,
     0x5555555555555555}, uint128 = 0x55555555555555555555555555555555}
 xmm3           {v4_float = {0x55500000, 0x55500000, 0x55500000,
 0x55500000}, v2_double = {0x8000000000000000,
     0x8000000000000000}, v16_int8 = {0x55 <repeats 16 times>}, v8_int16 =
 {0x5555, 0x5555, 0x5555, 0x5555, 0x5555, 0x5555,
 ---Type <return> to continue, or q <return> to quit---
     0x5555, 0x5555}, v4_int32 = {0x55555555, 0x55555555, 0x55555555,
 0x55555555}, v2_int64 = {0x5555555555555555,
     0x5555555555555555}, uint128 = 0x55555555555555555555555555555555}
 xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {
     0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080},
 v4_int32 = {0x80808080, 0x80808080, 0x80808080,
     0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
 uint128 = 0x80808080808080808080808080808080}
 xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {
     0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080},
 v4_int32 = {0x80808080, 0x80808080, 0x80808080,
     0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
 uint128 = 0x80808080808080808080808080808080}
 xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
 {0x8000000000000000, 0x8000000000000000}, v16_int8 = {
     0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {
     0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff}, v2_int64 =
 {0xffffffffffffffff, 0xffffffffffffffff},
   uint128 = 0xffffffffffffffffffffffffffffffff}
 xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0,
     0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0},
   uint128 = 0x00000000000000000000000000000000}
 xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x80 <repeats 16 times>}, v8_int16 = {
     0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080},
 v4_int32 = {0x80808080, 0x80808080, 0x80808080,
     0x80808080}, v2_int64 = {0x8080808080808080, 0x8080808080808080},
 uint128 = 0x80808080808080808080808080808080}
 xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x88, 0xc, 0x0, 0x0, 0x87, 0x40, 0x88, 0xc,
     0x88, 0xc, 0x0, 0x0, 0x87, 0x40, 0x88, 0xc}, v8_int16 = {0xc88, 0x0,
 0x4087, 0xc88, 0xc88, 0x0, 0x4087, 0xc88}, v4_int32 = {
     0xc88, 0xc884087, 0xc88, 0xc884087}, v2_int64 = {0xc88408700000c88,
 0xc88408700000c88},
   uint128 = 0x0c88408700000c880c88408700000c88}
 xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x2, 0x80, 0x3, 0x80, 0x4, 0x80, 0x5, 0x80,
     0x8, 0x80, 0x9, 0x80, 0xa, 0x80, 0xb, 0x80}, v8_int16 = {0x8002,
 0x8003, 0x8004, 0x8005, 0x8008, 0x8009, 0x800a, 0x800b},
   v4_int32 = {0x80038002, 0x80058004, 0x80098008, 0x800b800a}, v2_int64 =
 {0x8005800480038002, 0x800b800a80098008},
   uint128 = 0x800b800a800980088005800480038002}
 xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0,
     0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0}, v8_int16 = {0x0, 0xff00,
 0x0, 0x0, 0xff00, 0x0, 0xff00, 0x0}, v4_int32 = {
     0xff000000, 0x0, 0xff00, 0xff00}, v2_int64 = {0xff000000,
 0xff000000ff00}, uint128 = 0x0000ff000000ff0000000000ff000000}
 xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x66, 0x94, 0x48, 0xf, 0x11, 0x14, 0xe3,
     0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x9466,
 0xf48, 0x1411, 0xb9e3, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0xf489466, 0xb9e31411, 0x0, 0x0}, v2_int64 = {0xb9e314110f489466,
 0x0}, uint128 = 0x0000000000000000b9e314110f489466}
 xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x40, 0xfe, 0xe8, 0x3a, 0x73, 0x76, 0x56,
     0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xfe40,
 0x3ae8, 0x7673, 0xbc56, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x3ae8fe40, 0xbc567673, 0x0, 0x0}, v2_int64 = {0xbc5676733ae8fe40,
 0x0}, uint128 = 0x0000000000000000bc5676733ae8fe40}
 xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80,
     0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0,
 0x8000, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
     0x80000000, 0x0, 0x0}, v2_int64 = {0x8000000000000000, 0x0}, uint128 =
 0x00000000000000008000000000000000}
 xmm15          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
 v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80,
     0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0,
 0x8000, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
     0x80000000, 0x0, 0x0}, v2_int64 = {0x8000000000000000, 0x0}, uint128 =
 0x00000000000000008000000000000000}
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6491#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list