[FFmpeg-trac] #7079(avformat:new): Remuxing mp4 with data streams leads to crash
FFmpeg
trac at avcodec.org
Sun Mar 11 06:39:04 EET 2018
#7079: Remuxing mp4 with data streams leads to crash
-------------------------------------+-------------------------------------
Reporter: mkver | Type: defect
Status: new | Priority: important
Component: avformat | Version:
Keywords: mp4 crash | unspecified
SIGSEGV | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
If I try to remux a data stream (of type "rtp / 0x20707472") from an mp4
file to another mp4 file ffmpeg produces a segfault.
{{{
"I:\\ffmpeg-debug\\ffmpeg.exe" -report -loglevel 99 -i
Data.Stream.included.mp4 -map 0:2 -c copy output.mp4
ffmpeg version N-90288-g2536bd8632 Copyright (c) 2000-2018 the FFmpeg
developers
built with gcc 7.3.0 (Rev1, Built by MSYS2 project)
configuration: --disable-static --enable-shared --disable-amf --disable-
cuda --disable-cuvid --disable-d3d11va --disable-nvenc --disable-filters
--disable-devices --enable-debug --disable-encoders --enable-libfdk-aac
--enable-gpl --enable-nonfree --disable-stripping --shlibdir=/local64/bin-
video
libavutil 56. 9.100 / 56. 9.100
libavcodec 58. 14.100 / 58. 14.100
libavformat 58. 10.100 / 58. 10.100
libavdevice 58. 2.100 / 58. 2.100
libavfilter 7. 12.100 / 7. 12.100
libswscale 5. 0.102 / 5. 0.102
libswresample 3. 0.101 / 3. 0.101
libpostproc 55. 0.100 / 55. 0.100
Splitting the commandline.
Reading option '-report' ... matched as option 'report' (generate a
report) with argument '1'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as input url with argument
'Data.Stream.included.mp4'.
Reading option '-map' ... matched as option 'map' (set input stream
mapping) with argument '0:2'.
Reading option '-c' ... matched as option 'c' (codec name) with argument
'copy'.
Reading option 'output.mp4' ... matched as output url.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option report (generate a report) with argument 1.
Applying option loglevel (set logging level) with argument 99.
Successfully parsed a group of options.
Parsing a group of options: input url Data.Stream.included.mp4.
Successfully parsed a group of options.
Opening an input file: Data.Stream.included.mp4.
[NULL @ 0000000000327280] Opening 'Data.Stream.included.mp4' for reading
[file @ 0000000000327d00] Setting default whitelist 'file,crypto'
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Format
mov,mp4,m4a,3gp,3g2,mj2 probed with size=2048 and score=100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] ISO: File Type Major Brand:
mp42
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Unknown dref type 0x206c7275
size 12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Setting codecpar->delay to 1
for stream st: 0
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Unknown dref type 0x206c7275
size 12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Unknown dref type 0x206c7275
size 12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Unknown dref type 0x206c7275
size 12
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] Before
avformat_find_stream_info() pos: 1552246 bytes read:43167 seeks:1
nb_streams:4
[h264 @ 0000000001f60ac0] nal_unit_type: 7, nal_ref_idc: 3
[h264 @ 0000000001f60ac0] nal_unit_type: 8, nal_ref_idc: 3
[h264 @ 0000000001f60ac0] nal_unit_type: 9, nal_ref_idc: 0
[h264 @ 0000000001f60ac0] nal_unit_type: 7, nal_ref_idc: 3
[h264 @ 0000000001f60ac0] nal_unit_type: 8, nal_ref_idc: 3
[h264 @ 0000000001f60ac0] nal_unit_type: 6, nal_ref_idc: 0
[h264 @ 0000000001f60ac0] nal_unit_type: 5, nal_ref_idc: 3
[h264 @ 0000000001f60ac0] ct_type:1 pic_struct:0
[h264 @ 0000000001f60ac0] Format yuv420p chosen by get_format().
[h264 @ 0000000001f60ac0] Reinit context to 640x368, pix_fmt: yuv420p
[h264 @ 0000000001f60ac0] no picture
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] All info found
[mov,mp4,m4a,3gp,3g2,mj2 @ 0000000000327280] After
avformat_find_stream_info() pos: 128195 bytes read:192761 seeks:2
frames:14
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'Data.Stream.included.mp4':
Metadata:
major_brand : mp42
minor_version : 0
compatible_brands: mp42isom
creation_time : 2018-03-10T17:16:55.000000Z
Duration: 00:00:11.28, start: 0.000000, bitrate: 1100 kb/s
Stream #0:0(und), 13, 1/25000: Video: h264 (Main), 1 reference frame
(avc1 / 0x31637661), yuv420p(tv, left), 640x360 (640x368) [SAR 1:1 DAR
16:9], 0/1, 831 kb/s, 25 fps, 25 tbr, 25k tbn, 50 tbc (default)
Metadata:
handler_name : Telestream, LLC Telestream Media Framework -
Release TXGP 2016.80.216804
encoder : AVC
Stream #0:1(und), 1, 1/48000: Audio: aac (LC) (mp4a / 0x6134706D),
48000 Hz, stereo, fltp, 192 kb/s (default)
Metadata:
handler_name : Telestream, LLC Telestream Media Framework -
Release TXGP 2016.80.216804
Stream #0:2(und), 0, 1/90000: Data: none (rtp / 0x20707472), 0/1, 50
kb/s (default)
Metadata:
creation_time : 2018-03-09T16:17:03.000000Z
handler_name : GPAC ISO Hint Handler
Stream #0:3(und), 0, 1/48000: Data: none (rtp / 0x20707472), 0/1, 11
kb/s (default)
Metadata:
creation_time : 2018-03-09T16:17:03.000000Z
handler_name : GPAC ISO Hint Handler
Successfully opened the file.
Parsing a group of options: output url output.mp4.
Applying option map (set input stream mapping) with argument 0:2.
Applying option c (codec name) with argument copy.
Successfully parsed a group of options.
Opening an output file: output.mp4.
[file @ 000000000204e940] Setting default whitelist 'file,crypto'
Successfully opened the file.
Output #0, mp4, to 'output.mp4':
Metadata:
major_brand : mp42
minor_version : 0
compatible_brands: mp42isom
encoder : Lavf58.10.100
Stream #0:0(und), 0, 1/90000: Data: none (rtp / 0x20707472), 0/1, 50
kb/s (default)
Metadata:
creation_time : 2018-03-09T16:17:03.000000Z
handler_name : GPAC ISO Hint Handler
Stream mapping:
Stream #0:2 -> #0:0 (copy)
Press [q] to stop, [?] for help
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
cur_dts is invalid (this is harmless if it occurs once at the start per
stream)
size= 0kB time=00:00:01.52 bitrate= 0.2kbits/s speed=2.37x
size= 0kB time=00:00:03.32 bitrate= 0.1kbits/s speed=2.91x
size= 0kB time=00:00:04.96 bitrate= 0.1kbits/s speed=3.02x
size= 0kB time=00:00:07.28 bitrate= 0.0kbits/s speed=3.25x
size= 0kB time=00:00:09.64 bitrate= 0.0kbits/s speed=3.52x
size= 0kB time=00:00:10.80 bitrate= 0.0kbits/s speed=3.33x
No more output streams to write to, finishing.
}}}
gdb output:
{{{
Program received signal SIGSEGV, Segmentation fault.
0x000007fed7723c4e in mov_write_udta_sdp (pb=pb at entry=0x204ebc0,
track=track at entry=0x21676c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/movenc.c:2987
2987 ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0],
track->src_track,
(gdb) bt
#0 0x000007fed7723c4e in mov_write_udta_sdp (pb=pb at entry=0x204ebc0,
track=track at entry=0x21676c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/movenc.c:2987
#1 0x000007fed772e72e in mov_write_trak_tag (st=<optimized out>,
track=0x21676c0, mov=<optimized out>, pb=<optimized out>, s=0x204c0c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/movenc.c:3078
#2 mov_write_moov_tag (pb=<optimized out>, mov=0x204c880, s=0x204c0c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/movenc.c:3870
#3 0x000007fed773327a in mov_write_trailer (s=0x204c0c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/movenc.c:6537
#4 0x000007fed7750990 in av_write_trailer (s=0x204c0c0)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/libavformat/mux.c:1276
#5 0x0000000140023ed1 in transcode ()
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/fftools/ffmpeg.c:4675
#6 0x0000000140033732 in main (argc=<optimized out>, argv=<optimized
out>)
at I:/media-autobuild_suite-master_3/build/ffmpeg-
git/fftools/ffmpeg.c:4844
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7fed7723c2e to 0x7fed7723c6e:
0x000007fed7723c2e <mov_write_udta_sdp+30>: mov 0xc0(%rdx),%edx
0x000007fed7723c34 <mov_write_udta_sdp+36>: movq $0x0,0x50(%rsp)
0x000007fed7723c3d <mov_write_udta_sdp+45>: rep stos %rax,%es:(%rdi)
0x000007fed7723c40 <mov_write_udta_sdp+48>: movq $0x0,0x58(%rsp)
0x000007fed7723c49 <mov_write_udta_sdp+57>: lea 0x50(%rsp),%rsi
=> 0x000007fed7723c4e <mov_write_udta_sdp+62>: mov 0x30(%rdx),%rax
0x000007fed7723c52 <mov_write_udta_sdp+66>: mov %rdx,0x40(%rsp)
0x000007fed7723c57 <mov_write_udta_sdp+71>: mov %rsi,%rcx
0x000007fed7723c5a <mov_write_udta_sdp+74>: movl $0x0,0x38(%rsp)
0x000007fed7723c62 <mov_write_udta_sdp+82>: movl $0x0,0x30(%rsp)
0x000007fed7723c6a <mov_write_udta_sdp+90>: mov $0x3e8,%edx
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x21676c0 35026624
rcx 0x0 0
rdx 0x0 0
rsi 0x22ee60 2289248
rdi 0x22f248 2290248
rbp 0x204ebc0 0x204ebc0
rsp 0x22ee10 0x22ee10
r8 0x0 0
r9 0x1 1
r10 0x6cc 1740
r11 0x2151c60 34937952
r12 0x11a 282
r13 0x5bc 1468
r14 0x204c880 33867904
r15 0x204ebc0 33876928
rip 0x7fed7723c4e 0x7fed7723c4e <mov_write_udta_sdp+62>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st2 -nan(0x002000200) (raw 0xffff0000000002000200)
st3 -nan(0x200020002000200) (raw 0xffff0200020002000200)
st4 -nan(0x1111101010101010) (raw 0xffff1111101010101010)
st5 -nan(0x1111101010101010) (raw 0xffff1111101010101010)
st6 20.157732868574325 (raw 0x4003a1430973403f7800)
st7 3.3329433634497785 (raw 0x4000d54ef1ae5bf87800)
fctrl 0x20037f 2098047
fstat 0x20 32
ftag 0x0 0
fiseg 0x0 0
fioff 0xd96ecfd8 -647049256
foseg 0x0 0
fooff 0x22ea30 2288176
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {
0x3ff0000000000000, 0x0}, uint128 =
0x00000000000000003ff0000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x80, 0x0 <repeats 12 times>}, v8_int16 =
{0x0,
0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x80000000, 0x0,
0x0,
0x0}, v2_int64 = {0x80000000, 0x0},
uint128 = 0x00000000000000000000000080000000}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x80, 0x0 <repeats 12 times>}, v8_int16 =
{0x0,
0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x80000000, 0x0,
0x0,
0x0}, v2_int64 = {0x80000000, 0x0},
uint128 = 0x00000000000000000000000080000000}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0,
0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
}}}
I tested whether this is a regression by using old Zeranoe builds. Result:
The build until c885356 (from 2017-07-02) say that muxing these streams
into mp4 is currently not supported and abort. From 3b3501f (2017-07-06)
onwards one gets a crash. This means that probably the commits
[https://github.com/FFmpeg/FFmpeg/commit/e199d90da6473abc0d010797b14f2ae2c9811d34
e199d90da] and
[https://github.com/FFmpeg/FFmpeg/commit/38d808d72e393f9a769ef1543a7eff15fadc1980
38d808d7] are to be blamed.
PS: The sample is quite small so that it finishes pretty much
instantaneously; if one uses a bigger file (the website of the Austrian
channel ORF is full of such files; some are geoblocked though) one can see
that the crash happens at the end of the muxing process, probably during
the finalization.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7079>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list