[FFmpeg-trac] #7557(avfilter:open): crash when overlaying image partially-offscreen
FFmpeg
trac at avcodec.org
Wed Nov 21 00:29:45 EET 2018
#7557: crash when overlaying image partially-offscreen
-------------------------------------+-------------------------------------
Reporter: kennethav | Owner:
Type: defect | Status: open
Priority: important | Component: avfilter
Version: git-master | Resolution:
Keywords: overlay | Blocked By:
crash SIGSEGV regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avfilter
* priority: normal => important
* version: unspecified => git-master
* keywords: => overlay crash SIGSEGV regression
Comment:
Regression since d54014d1573ec6e958e9c9e802e613c73c7f7ba5
{{{
(gdb) r -cpuflags 0 -i pig.jpg -i tooth.mp4 -filter_complex
"[1:v][0:v]overlay=x=5:y=-5" -f null -
Starting program: ffmpeg_g -cpuflags 0 -i pig.jpg -i tooth.mp4
-filter_complex "[1:v][0:v]overlay=x=5:y=-5" -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-92494-ge3a9630 Copyright (c) 2000-2018 the FFmpeg
developers
built with gcc 6.4.0 (GCC)
configuration: --enable-gpl --enable-gnutls --enable-libxml2
libavutil 56. 23.101 / 56. 23.101
libavcodec 58. 39.100 / 58. 39.100
libavformat 58. 22.100 / 58. 22.100
libavdevice 58. 6.100 / 58. 6.100
libavfilter 7. 46.100 / 7. 46.100
libswscale 5. 4.100 / 5. 4.100
libswresample 3. 4.100 / 3. 4.100
libpostproc 55. 4.100 / 55. 4.100
Input #0, image2, from 'pig.jpg':
Duration: 00:00:00.04, start: 0.000000, bitrate: 31845 kb/s
Stream #0:0: Video: mjpeg (Baseline), yuvj420p(pc,
bt470bg/unknown/unknown), 1920x1080 [SAR 1:1 DAR 16:9], 25 tbr, 25 tbn, 25
tbc
Input #1, mov,mp4,m4a,3gp,3g2,mj2, from 'tooth.mp4':
Metadata:
major_brand : isom
minor_version : 512
compatible_brands: isomiso2avc1mp41
encoder : Lavf57.83.100
Duration: 00:01:02.50, start: 0.000000, bitrate: 256 kb/s
Stream #1:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p,
1920x1080 [SAR 1:1 DAR 16:9], 253 kb/s, 24 fps, 24 tbr, 12288 tbn, 48 tbc
(default)
Metadata:
handler_name : VideoHandler
[New Thread 0x7ffff3de6700 (LWP 10127)]
[New Thread 0x7ffff35e5700 (LWP 10128)]
[New Thread 0x7ffff2de4700 (LWP 10129)]
[New Thread 0x7ffff25e3700 (LWP 10130)]
[New Thread 0x7ffff1de2700 (LWP 10131)]
[New Thread 0x7ffff15e1700 (LWP 10132)]
[New Thread 0x7ffff0de0700 (LWP 10133)]
[New Thread 0x7ffff05df700 (LWP 10134)]
[New Thread 0x7fffefdde700 (LWP 10135)]
Stream mapping:
Stream #0:0 (mjpeg) -> overlay:overlay
Stream #1:0 (h264) -> overlay:main
overlay -> Stream #0:0 (wrapped_avframe)
Press [q] to stop, [?] for help
[New Thread 0x7fffef5dd700 (LWP 10136)]
[Thread 0x7fffef5dd700 (LWP 10136) exited]
[New Thread 0x7fffeeddc700 (LWP 10137)]
[New Thread 0x7fffecfe6700 (LWP 10138)]
[New Thread 0x7fffc7fff700 (LWP 10139)]
[New Thread 0x7fffc77fe700 (LWP 10140)]
[New Thread 0x7fffc6ffd700 (LWP 10141)]
[New Thread 0x7fffc67fc700 (LWP 10142)]
[New Thread 0x7fffc5ffb700 (LWP 10143)]
[New Thread 0x7fffc57fa700 (LWP 10144)]
[New Thread 0x7fffc4ff9700 (LWP 10145)]
[swscaler @ 0x2c166c0] deprecated pixel format used, make sure you did set
range correctly
Program received signal SIGSEGV, Segmentation fault.
blend_plane (nb_jobs=9, jobnr=0, yuv=1, straight=1, dst_step=1,
dst_offset=<optimized out>,
dst_plane=<optimized out>, main_has_alpha=0, y=-6, x=4, vsub=0,
hsub=0, i=0, dst_h=1080, dst_w=1920, src_h=1080,
src_w=1920, src=0x2c52b00, dst=0x2191cc0, ctx=0x21918c0) at
libavfilter/vf_overlay.c:534
534 *d = FAST_DIV255(*d * (255 - alpha) + *s * alpha);
(gdb) bt
#0 blend_plane (nb_jobs=9, jobnr=0, yuv=1, straight=1, dst_step=1,
dst_offset=<optimized out>,
dst_plane=<optimized out>, main_has_alpha=0, y=-6, x=4, vsub=0,
hsub=0, i=0, dst_h=1080, dst_w=1920, src_h=1080,
src_w=1920, src=0x2c52b00, dst=0x2191cc0, ctx=0x21918c0) at
libavfilter/vf_overlay.c:534
#1 blend_slice_yuv (nb_jobs=9, jobnr=0, is_straight=1, y=-6, x=4,
main_has_alpha=0, vsub=1, hsub=1, src=0x2c52b00,
dst=0x2191cc0, ctx=0x21918c0) at libavfilter/vf_overlay.c:615
#2 blend_slice_yuv420 (ctx=0x21918c0, arg=<optimized out>, jobnr=0,
nb_jobs=9) at libavfilter/vf_overlay.c:662
#3 0x00000000004ddcd9 in worker_func (priv=0x28ee2c0, jobnr=0,
threadnr=<optimized out>, nb_jobs=<optimized out>,
nb_threads=<optimized out>) at libavfilter/pthread.c:50
#4 0x0000000001166db6 in run_jobs (ctx=0x2820040) at
libavutil/slicethread.c:61
#5 avpriv_slicethread_execute (ctx=0x2820040, nb_jobs=<optimized out>,
execute_main=<optimized out>)
at libavutil/slicethread.c:188
#6 0x00000000004ddd22 in thread_execute (ctx=<optimized out>,
func=<optimized out>, arg=<optimized out>,
ret=<optimized out>, nb_jobs=<optimized out>) at
libavfilter/pthread.c:72
#7 0x000000000057622c in do_blend (fs=<optimized out>) at
libavfilter/vf_overlay.c:970
#8 0x00000000004db1c0 in ff_framesync_activate (fs=0x2191a28) at
libavfilter/framesync.c:353
#9 0x00000000004c8c6c in ff_filter_activate (filter=0x21918c0) at
libavfilter/avfilter.c:1429
#10 0x00000000004cc6cc in ff_filter_graph_run_once
(graph=graph at entry=0x218f3c0) at libavfilter/avfiltergraph.c:1454
#11 0x00000000004cd73c in push_frame (graph=0x218f3c0) at
libavfilter/buffersrc.c:181
#12 av_buffersrc_add_frame_internal (ctx=ctx at entry=0x2193900,
frame=frame at entry=0x2192100, flags=flags at entry=4)
at libavfilter/buffersrc.c:255
#13 0x00000000004cdbed in av_buffersrc_add_frame_flags (ctx=0x2193900,
frame=frame at entry=0x2192100,
flags=flags at entry=4) at libavfilter/buffersrc.c:164
#14 0x00000000004a2e61 in ifilter_send_frame (frame=0x2192100,
ifilter=0x21534c0) at fftools/ffmpeg.c:2197
#15 send_frame_to_filters (ist=ist at entry=0x2140bc0,
decoded_frame=decoded_frame at entry=0x2192100)
at fftools/ffmpeg.c:2271
#16 0x00000000004a360e in decode_video (ist=ist at entry=0x2140bc0,
pkt=pkt at entry=0x7fffffffd2c0,
got_output=<optimized out>, duration_pts=<optimized out>,
eof=<optimized out>, decode_failed=<optimized out>)
at fftools/ffmpeg.c:2470
#17 0x00000000004a492b in process_input_packet (ist=0x2140bc0,
pkt=0x7fffffffd6e0, no_eof=0) at fftools/ffmpeg.c:2624
#18 0x00000000004a6517 in process_input (file_index=<optimized out>) at
fftools/ffmpeg.c:4514
#19 transcode_step () at fftools/ffmpeg.c:4634
#20 transcode () at fftools/ffmpeg.c:4688
#21 0x0000000000484853 in main (argc=<optimized out>, argv=0x7fffffffdcb8)
at fftools/ffmpeg.c:4895
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x56bdb5 to 0x56bdf5:
0x000000000056bdb5 <blend_slice_yuv420+597>: (bad)
0x000000000056bdb6 <blend_slice_yuv420+598>: cmp 0x4c(%rsp),%edx
0x000000000056bdba <blend_slice_yuv420+602>: jge 0x56be07
<blend_slice_yuv420+679>
0x000000000056bdbc <blend_slice_yuv420+604>: mov 0x60(%rsp),%esi
0x000000000056bdc0 <blend_slice_yuv420+608>: xor %ecx,%ecx
0x000000000056bdc2 <blend_slice_yuv420+610>: sub %edx,%esi
0x000000000056bdc4 <blend_slice_yuv420+612>: add $0x1,%rsi
0x000000000056bdc8 <blend_slice_yuv420+616>: nopl 0x0(%rax,%rax,1)
0x000000000056bdd0 <blend_slice_yuv420+624>: movzbl (%r12,%rcx,1),%edi
=> 0x000000000056bdd5 <blend_slice_yuv420+629>: movzbl (%rbx),%edx
0x000000000056bdd8 <blend_slice_yuv420+632>: mov %r13d,%eax
0x000000000056bddb <blend_slice_yuv420+635>: sub %edi,%eax
0x000000000056bddd <blend_slice_yuv420+637>: imul %eax,%edx
0x000000000056bde0 <blend_slice_yuv420+640>: movzbl
0x0(%rbp,%rcx,1),%eax
0x000000000056bde5 <blend_slice_yuv420+645>: add $0x1,%rcx
0x000000000056bde9 <blend_slice_yuv420+649>: imul %edi,%eax
0x000000000056bdec <blend_slice_yuv420+652>: lea
0x80(%rdx,%rax,1),%edx
0x000000000056bdf3 <blend_slice_yuv420+659>: mov %edx,%eax
End of assembler dump.
(gdb) info register
rax 0x0 0
rbx 0x7fffec4e5344 140737157944132
rcx 0x0 0
rdx 0x0 0
rsi 0x77c 1916
rdi 0xff 255
rbp 0x2c52d40 0x2c52d40
rsp 0x7fffffffccf0 0x7fffffffccf0
r8 0x0 0
r9 0x780 1920
r10 0x2f4fec0 49610432
r11 0x2c52d40 46476608
r12 0x2f4fec0 49610432
r13 0xff 255
r14 0x7fffec4e5340 140737157944128
r15 0x1 1
rip 0x56bdd5 0x56bdd5 <blend_slice_yuv420+629>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7557#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list