[FFmpeg-trac] #7441(avfilter:open): deshake filter crashes

FFmpeg trac at avcodec.org
Mon Sep 17 14:21:35 EEST 2018 

#7441: deshake filter crashes
-------------------------------------+-------------------------------------
             Reporter:  Chris        |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avfilter
              Version:  git-master   |               Resolution:
             Keywords:  deshake      |               Blocked By:
  crash SIGSEGV regression           |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:   => deshake crash SIGSEGV regression
 * priority:  normal => important
 * status:  new => open
 * component:  ffmpeg => avfilter
 * reproduced:  0 => 1


Comment:

 Regression since 8f86e6623811f7713d5e72c13797e20fffb3df62
 {{{
 $ ffmpeg -f lavfi -i testsrc=hd1080 -t 10 -pix_fmt yuv420p out.mov
 }}}
 {{{
 (gdb) r -i out.mov -filter:v deshake=blocksize=64 -f null -t 1 -
 Starting program: ffmpeg_g -i out.mov -filter:v deshake=blocksize=64 -f
 null -t 1 -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-91965-gb0cfb2c Copyright (c) 2000-2018 the FFmpeg
 developers
   built with gcc 6.4.0 (GCC)
   configuration: --enable-gpl --enable-gnutls --enable-libxml2
   libavutil      56. 19.101 / 56. 19.101
   libavcodec     58. 30.100 / 58. 30.100
   libavformat    58. 18.101 / 58. 18.101
   libavdevice    58.  4.103 / 58.  4.103
   libavfilter     7. 32.100 /  7. 32.100
   libswscale      5.  2.100 /  5.  2.100
   libswresample   3.  2.100 /  3.  2.100
   libpostproc    55.  2.100 / 55.  2.100
 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'out.mov':
   Metadata:
     major_brand     : qt
     minor_version   : 512
     compatible_brands: qt
     encoder         : Lavf55.48.100
   Duration: 00:00:10.00, start: 0.000000, bitrate: 166 kb/s
     Stream #0:0(eng): Video: h264 (High) (avc1 / 0x31637661), yuv420p,
 1920x1080 [SAR 1:1 DAR 16:9], 163 kb/s, 25 fps, 25 tbr, 12800 tbn, 50 tbc
 (default)
     Metadata:
       handler_name    : VideoHandler
       encoder         : Lavc55.69.100 libx264
 Stream mapping:
   Stream #0:0 -> #0:0 (h264 (native) -> wrapped_avframe (native))
 Press [q] to stop, [?] for help
 Output #0, null, to 'pipe:':
   Metadata:
     major_brand     : qt
     minor_version   : 512
     compatible_brands: qt
     encoder         : Lavf58.18.101
     Stream #0:0(eng): Video: wrapped_avframe, yuv420p, 1920x1080 [SAR 1:1
 DAR 16:9], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc (default)
     Metadata:
       handler_name    : VideoHandler
       encoder         : Lavc58.30.100 wrapped_avframe
 frame=   10 fps=8.9 q=-0.0 size=N/A time=00:00:00.40 bitrate=N/A
 speed=0.355x
 Program received signal SIGSEGV, Segmentation fault.
 block_contrast (blocksize=32, stride=1920, y=16, x=16, src=0x7fffc5bfe040
 '\020' <repeats 200 times>...)
     at libavfilter/vf_deshake.c:200
 200                 if (src[pos] < lowest)
 (gdb) bt
 #0  block_contrast (blocksize=32, stride=1920, y=16, x=16,
 src=0x7fffc5bfe040 '\020' <repeats 200 times>...)
     at libavfilter/vf_deshake.c:200
 #1  find_motion (deshake=deshake at entry=0x28a7c80, src1=0x7fffee20f040
 '\020' <repeats 200 times>...,
     src2=0x7fffc5bfe040 '\020' <repeats 200 times>..., width=1920,
 height=1080, stride=1920, t=0x7fffffffcdc0)
     at libavfilter/vf_deshake.c:263
 #2  0x000000000050d4b3 in filter_frame (link=link at entry=0x2121a80,
 in=<optimized out>) at libavfilter/vf_deshake.c:456
 #3  0x00000000004c4b5a in ff_filter_frame_framed (frame=<optimized out>,
 link=0x2121a80) at libavfilter/avfilter.c:1071
 #4  ff_filter_frame_to_filter (link=0x2121a80) at
 libavfilter/avfilter.c:1219
 #5  ff_filter_activate_default (filter=<optimized out>) at
 libavfilter/avfilter.c:1268
 #6  ff_filter_activate (filter=<optimized out>) at
 libavfilter/avfilter.c:1429
 #7  0x00000000004c82fc in ff_filter_graph_run_once
 (graph=graph at entry=0x2122dc0) at libavfilter/avfiltergraph.c:1454
 #8  0x00000000004c936c in push_frame (graph=0x2122dc0) at
 libavfilter/buffersrc.c:181
 #9  av_buffersrc_add_frame_internal (ctx=ctx at entry=0x2122700,
 frame=frame at entry=0x22339c0, flags=flags at entry=4)
     at libavfilter/buffersrc.c:255
 #10 0x00000000004c981d in av_buffersrc_add_frame_flags (ctx=0x2122700,
 frame=frame at entry=0x22339c0, flags=flags at entry=4)
     at libavfilter/buffersrc.c:164
 #11 0x00000000004a0697 in ifilter_send_frame (frame=0x22339c0,
 ifilter=0x2100340) at fftools/ffmpeg.c:2196
 #12 send_frame_to_filters (ist=ist at entry=0x20f5fc0,
 decoded_frame=decoded_frame at entry=0x22339c0) at fftools/ffmpeg.c:2270
 #13 0x00000000004a0f88 in decode_video (ist=ist at entry=0x20f5fc0,
 pkt=pkt at entry=0x7fffffffd300, got_output=<optimized out>,
     duration_pts=<optimized out>, eof=<optimized out>,
 decode_failed=<optimized out>) at fftools/ffmpeg.c:2471
 #14 0x00000000004a2cfb in process_input_packet (ist=0x20f5fc0,
 pkt=0x7fffffffd720, no_eof=0) at fftools/ffmpeg.c:2625
 #15 0x00000000004a48d7 in process_input (file_index=<optimized out>) at
 fftools/ffmpeg.c:4507
 #16 transcode_step () at fftools/ffmpeg.c:4627
 #17 transcode () at fftools/ffmpeg.c:4681
 #18 0x0000000000482c23 in main (argc=<optimized out>, argv=0x7fffffffdcf8)
 at fftools/ffmpeg.c:4888
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x50c8a0 to 0x50c8e0:
    0x000000000050c8a0 <find_motion+528>:        repz sub $0xa,%rbx
    0x000000000050c8a5 <find_motion+533>:        mov    %rdi,0x18(%rsp)
    0x000000000050c8aa <find_motion+538>:        mov    0x70(%rsp),%rdi
    0x000000000050c8af <find_motion+543>:        mov    %r13,0x70(%rsp)
    0x000000000050c8b4 <find_motion+548>:        mov    %rsi,%r13
    0x000000000050c8b7 <find_motion+551>:        nopw   0x0(%rax,%rax,1)
 => 0x000000000050c8c0 <find_motion+560>:        movzbl (%rdi),%ecx
    0x000000000050c8c3 <find_motion+563>:        cmp    %edx,%ecx
    0x000000000050c8c5 <find_motion+565>:        jl     0x50c8ce
 <find_motion+574>
    0x000000000050c8c7 <find_motion+567>:        cmp    %ecx,%eax
    0x000000000050c8c9 <find_motion+569>:        cmovl  %ecx,%eax
    0x000000000050c8cc <find_motion+572>:        mov    %edx,%ecx
    0x000000000050c8ce <find_motion+574>:        mov    %rdi,%rdx
    0x000000000050c8d1 <find_motion+577>:        sub    0x8(%rsp),%rdx
    0x000000000050c8d6 <find_motion+582>:        movzbl (%rdx,%r13,1),%esi
    0x000000000050c8db <find_motion+587>:        cmp    %esi,%ecx
    0x000000000050c8dd <find_motion+589>:        jg     0x50c8e6
 <find_motion+598>
    0x000000000050c8df <find_motion+591>:        cmp    %esi,%eax
 End of assembler dump.
 (gdb) info register
 rax            0x10     16
 rbx            0x6      6
 rcx            0x10     16
 rdx            0x10     16
 rsi            0x1      1
 rdi            0x7fffc5bfd8d0   140736511072464
 rbp            0xe      0xe
 rsp            0x7fffffffcc80   0x7fffffffcc80
 r8             0x11     17
 r9             0x3      3
 r10            0x4      4
 r11            0x5      5
 r12            0x8      8
 r13            0xf      15
 r14            0x9      9
 r15            0xa      10
 rip            0x50c8c0 0x50c8c0 <find_motion+560>
 eflags         0x10283  [ CF SF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/7441#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list