[FFmpeg-trac] #8251(undetermined:new): Segmentation fault in sws_scale at libswscale/swscale.c:850

FFmpeg trac at avcodec.org
Fri Oct 11 08:13:55 EEST 2019 

#8251: Segmentation fault in sws_scale at libswscale/swscale.c:850
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 There is a Segmentation fault in sws_scale at libswscale/swscale.c:850

 {{{
 Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 0x00000000013030bd in sws_scale (c=0x22d09c0, srcSlice=0x7fffffffc5e0,
 srcStride=0x7fffffffc5b0,
     srcSliceY=0, srcSliceH=<optimized out>, dst=0x7fffffffc5c0,
 dstStride=0x7fffffffc5a0)
     at libswscale/swscale.c:850
 850                     uint32_t p = ((const uint32_t *)(srcSlice[1]))[i];
 (gdb) bt
 #0  0x00000000013030bd in sws_scale (c=0x22d09c0, srcSlice=0x7fffffffc5e0,
 srcStride=0x7fffffffc5b0,
     srcSliceY=0, srcSliceH=<optimized out>, dst=0x7fffffffc5c0,
 dstStride=0x7fffffffc5a0)
     at libswscale/swscale.c:850
 #1  0x000000000052e350 in scale_slice (link=<optimized out>,
 out_buf=<optimized out>,
     cur_pic=<optimized out>, sws=<optimized out>, y=<optimized out>,
 h=<optimized out>,
     mul=<optimized out>, field=<optimized out>) at
 libavfilter/vf_scale.c:411
 #2  scale_frame (link=<optimized out>, in=<optimized out>,
 frame_out=<optimized out>)
     at libavfilter/vf_scale.c:535
 #3  filter_frame (link=0x22cca40, in=<optimized out>) at
 libavfilter/vf_scale.c:549
 #4  0x00000000004520a5 in ff_filter_frame_framed (link=<optimized out>,
 frame=<optimized out>)
     at libavfilter/avfilter.c:1071
 #5  ff_filter_frame_to_filter (link=<optimized out>) at
 libavfilter/avfilter.c:1219
 #6  ff_filter_activate_default (filter=<optimized out>) at
 libavfilter/avfilter.c:1268
 #7  ff_filter_activate (filter=<optimized out>) at
 libavfilter/avfilter.c:1430
 #8  0x00000000004576ca in push_frame (graph=0x22b3700) at
 libavfilter/buffersrc.c:187
 #9  av_buffersrc_add_frame_internal (ctx=0x22cae00, frame=<optimized out>,
 flags=4)
     at libavfilter/buffersrc.c:261
 #10 0x00000000004571e8 in av_buffersrc_add_frame_flags (ctx=0x22cae00,
 frame=0x22c5440, flags=4)
     at libavfilter/buffersrc.c:170
 #11 0x0000000000425fd8 in ifilter_send_frame (ifilter=<optimized out>,
 frame=<optimized out>)
     at fftools/ffmpeg.c:2196
 #12 send_frame_to_filters (ist=<optimized out>, decoded_frame=<optimized
 out>) at fftools/ffmpeg.c:2270
 #13 0x0000000000420f69 in decode_video (ist=<optimized out>,
 pkt=<optimized out>,
     got_output=<optimized out>, duration_pts=<optimized out>,
 eof=<optimized out>,
     decode_failed=<optimized out>) at fftools/ffmpeg.c:2469
 #14 process_input_packet (ist=<optimized out>, pkt=<optimized out>,
 no_eof=<optimized out>)
     at fftools/ffmpeg.c:2623
 #15 0x000000000041d40f in process_input (file_index=<optimized out>) at
 fftools/ffmpeg.c:4518
 #16 transcode_step () at fftools/ffmpeg.c:4638
 #17 transcode () at fftools/ffmpeg.c:4692
 #18 0x0000000000419377 in main (argc=<optimized out>, argv=<optimized
 out>) at fftools/ffmpeg.c:4894
 (gdb) list
 845
 846         if (usePal(c->srcFormat)) {
 847             for (i = 0; i < 256; i++) {
 848                 int r, g, b, y, u, v, a = 0xff;
 849                 if (c->srcFormat == AV_PIX_FMT_PAL8) {
 850                     uint32_t p = ((const uint32_t *)(srcSlice[1]))[i];
 851                     a = (p >> 24) & 0xFF;
 852                     r = (p >> 16) & 0xFF;
 853                     g = (p >>  8) & 0xFF;
 854                     b =  p        & 0xFF;
 (gdb) print srcSlice[1]
 $1 = (const uint8_t * const) 0x0
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x130309d to 0x13030dd:
    0x000000000130309d <sws_scale+925>:  jmpq   *0x17908f0(,%r9,8)
    0x00000000013030a5 <sws_scale+933>:  mov    $0xff,%r10d
    0x00000000013030ab <sws_scale+939>:  mov    %r11d,%esi
    0x00000000013030ae <sws_scale+942>:  mov    %r11d,%ebp
    0x00000000013030b1 <sws_scale+945>:  mov    %r11d,%ebx
    0x00000000013030b4 <sws_scale+948>:  jmpq   0x1303175 <sws_scale+1141>
    0x00000000013030b9 <sws_scale+953>:  mov    0x8(%r14),%rax
 => 0x00000000013030bd <sws_scale+957>:  mov    (%rax,%r11,4),%eax
    0x00000000013030c1 <sws_scale+961>:  mov    %eax,%ecx
    0x00000000013030c3 <sws_scale+963>:  movzbl %ah,%ebp
    0x00000000013030c6 <sws_scale+966>:  movzbl %al,%esi
    0x00000000013030c9 <sws_scale+969>:  mov    %eax,%r10d
    0x00000000013030cc <sws_scale+972>:  shr    $0x18,%r10d
    0x00000000013030d0 <sws_scale+976>:  shr    $0x10,%ecx
    0x00000000013030d3 <sws_scale+979>:  movzbl %cl,%ebx
    0x00000000013030d6 <sws_scale+982>:  jmpq   0x1303175 <sws_scale+1141>
    0x00000000013030db <sws_scale+987>:  mov    %r11d,%eax
 End of assembler dump.

 }}}

 How to reproduce:
 {{{
 % ffmpeg_g -y -i $PoC -filter_complex shuffleplanes -target dvd -loglevel
 99  tmp.mpegts

 ffmpeg version N-95314-g1331e00179 Copyright (c) 2000-2019 the FFmpeg
 developers
   built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
   configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8251>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list