[FFmpeg-trac] #7336(avformat:open): crash when the dash stream only has audio-pid

FFmpeg trac at avcodec.org
Tue Jul 31 22:38:59 EEST 2018 

#7336: crash when the dash stream only has audio-pid
-------------------------------------+-------------------------------------
             Reporter:  satbaby      |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avformat
              Version:  git-master   |               Resolution:
             Keywords:  dash crash   |               Blocked By:
  SIGSEGV                            |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:  dash => dash crash SIGSEGV
 * priority:  normal => important
 * status:  new => open
 * reproduced:  0 => 1


Comment:

 For future tickets: Please remember not to use `ffprobe` if the issue is
 reproducible with `ffmpeg`.
 {{{
 (gdb) r -i
 https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_two.mpd
 Starting program: ffmpeg_g -i
 https://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/d
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-91545-gd36b839 Copyright (c) 2000-2018 the FFmpeg
 developers
   built with gcc 6.4.0 (GCC)
   configuration: --enable-gpl --enable-gnutls --enable-libxml2
   libavutil      56. 18.102 / 56. 18.102
   libavcodec     58. 22.100 / 58. 22.100
   libavformat    58. 17.101 / 58. 17.101
   libavdevice    58.  4.101 / 58.  4.101
   libavfilter     7. 26.100 /  7. 26.100
   libswscale      5.  2.100 /  5.  2.100
   libswresample   3.  2.100 /  3.  2.100
   libpostproc    55.  2.100 / 55.  2.100

 Program received signal SIGSEGV, Segmentation fault.
 dash_read_header (s=0x20d2500) at libavformat/dashdec.c:1939
 1939        c->is_init_section_common_video =
 is_common_init_section_exist(c->videos, c->n_videos);
 Missing separate debuginfos, use: zypper install nss-mdns-
 debuginfo-0.10-55.5.1.x86_64
 (gdb) bt
 #0  dash_read_header (s=0x20d2500) at libavformat/dashdec.c:1939
 #1  0x000000000076c6ed in avformat_open_input (ps=ps at entry=0x7fffffffd650,
 filename=filename at entry=0x7fffffffe197 "https://a.files.bbci.c
     at libavformat/utils.c:631
 #2  0x0000000000487a5c in open_input_file (o=o at entry=0x7fffffffd7f0,
 filename=<optimized out>) at fftools/ffmpeg_opt.c:1069
 #3  0x00000000004892bf in open_files (l=0x20d2398, l=0x20d2398,
 open_file=0x486040 <open_input_file>, inout=0x120e491 "input") at fftools
 #4  ffmpeg_parse_options (argc=argc at entry=3,
 argv=argv at entry=0x7fffffffdcf8) at fftools/ffmpeg_opt.c:3259
 #5  0x00000000004818ad in main (argc=3, argv=0x7fffffffdcf8) at
 fftools/ffmpeg.c:4859
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x65d16e to 0x65d1ae:
    0x000000000065d16e <dash_read_header+430>:   in     (%dx),%eax
    0x000000000065d16f <dash_read_header+431>:   jne    0x65d137
 <dash_read_header+375>
    0x000000000065d171 <dash_read_header+433>:   mov    0x78(%rbx),%eax
    0x000000000065d174 <dash_read_header+436>:   test   %eax,%eax
    0x000000000065d176 <dash_read_header+438>:   jne    0x65d187
 <dash_read_header+455>
    0x000000000065d178 <dash_read_header+440>:   imul
 $0xf4240,0x30(%rbx),%rax
    0x000000000065d180 <dash_read_header+448>:   mov    %rax,0x448(%rbp)
    0x000000000065d187 <dash_read_header+455>:   mov    0x18(%rbx),%rdx
    0x000000000065d18b <dash_read_header+459>:   mov    0x10(%rbx),%ecx
 => 0x000000000065d18e <dash_read_header+462>:   mov    (%rdx),%rax
    0x000000000065d191 <dash_read_header+465>:   mov    0x228(%rax),%rax
    0x000000000065d198 <dash_read_header+472>:   test   %rax,%rax
    0x000000000065d19b <dash_read_header+475>:   je     0x65d278
 <dash_read_header+696>
    0x000000000065d1a1 <dash_read_header+481>:   test   %ecx,%ecx
    0x000000000065d1a3 <dash_read_header+483>:   je     0x65d278
 <dash_read_header+696>
    0x000000000065d1a9 <dash_read_header+489>:   mov    0x10(%rax),%rsi
    0x000000000065d1ad <dash_read_header+493>:   test   %ecx,%ecx
 End of assembler dump.
 (gdb) info register
 rax            0x1      1
 rbx            0x20d9200        34443776
 rcx            0x0      0
 rdx            0x0      0
 rsi            0x0      0
 rdi            0x7ffff52a7620   140737306588704
 rbp            0x20d2500        0x20d2500
 rsp            0x7fffffffd4d0   0x7fffffffd4d0
 r8             0x20c40e0        34357472
 r9             0x0      0
 r10            0x7ffff50238f0   140737303951600
 r11            0x7ffff5071d60   140737304272224
 r12            0x0      0
 r13            0x0      0
 r14            0x7fffffffd520   140737488344352
 r15            0x20d92a8        34443944
 rip            0x65d18e 0x65d18e <dash_read_header+462>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/7336#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list