[FFmpeg-trac] #8299(undetermined:new): Segmentation fault in av_frame_ref at libavutil/frame.c:450
FFmpeg
trac at avcodec.org
Thu Oct 17 11:12:19 EEST 2019
#8299: Segmentation fault in av_frame_ref at libavutil/frame.c:450
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: important
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There is a Segmentation fault in av_frame_ref at libavutil/frame.c:450
How to reproduce:
{{{
% ffmpeg_g -y -i $PoC -filter_complex dedot -target dv50 -loglevel 0 -map
0 tmp.rpl
ffmpeg version N-95425-g1e35519fe0 Copyright (c) 2000-2019 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
}}}
Here's GDB log
{{{
libavutil/frame.c:450:32: runtime error: member access within null pointer
of type 'const AVFrame' (aka 'const struct AVFrame')
Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at
libavutil/frame.c:450
450 dst->format = src->format;
(gdb) bt
#0 0x0000000005903ad8 in av_frame_ref (dst=0x96a8e80, src=0x0) at
libavutil/frame.c:450
#1 0x0000000005908fc0 in av_frame_clone (src=0x0) at
libavutil/frame.c:547
#2 0x00000000008f31aa in activate (ctx=0x93edd80) at
libavfilter/vf_dedot.c:288
#3 0x00000000005ce2ec in ff_filter_activate (filter=<optimized out>) at
libavfilter/avfilter.c:1442
#4 0x00000000005eecd3 in get_frame_internal (ctx=0x93ee780,
frame=<optimized out>, flags=1,
samples=<optimized out>) at libavfilter/buffersink.c:110
#5 0x00000000005e254b in avfilter_graph_request_oldest (graph=0x93e8a80)
at libavfilter/avfiltergraph.c:1409
#6 0x000000000048c3a2 in transcode_from_filter (graph=0x93ae700,
best_ist=<optimized out>)
at fftools/ffmpeg.c:4531
#7 transcode_step () at fftools/ffmpeg.c:4606
#8 transcode () at fftools/ffmpeg.c:4682
#9 0x0000000000487da4 in main (argc=13, argv=<optimized out>) at
fftools/ffmpeg.c:4884
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5903ab8 to 0x5903af8:
0x0000000005903ab8 <av_frame_ref+24>: xchg %eax,%ebp
0x0000000005903ab9 <av_frame_ref+25>: rolb $0xc7,-0xa(%rcx)
0x0000000005903abd <av_frame_ref+29>: (bad)
0x0000000005903abe <av_frame_ref+30>: sete %r12b
0x0000000005903ac2 <av_frame_ref+34>: and %al,%r12b
0x0000000005903ac5 <av_frame_ref+37>: je 0x5903e72
<av_frame_ref+978>
0x0000000005903acb <av_frame_ref+43>: lea 0x74(%r15),%rbx
0x0000000005903acf <av_frame_ref+47>: test $0x3,%bl
0x0000000005903ad2 <av_frame_ref+50>: jne 0x5903e8c
<av_frame_ref+1004>
=> 0x0000000005903ad8 <av_frame_ref+56>: mov (%rbx),%ebp
0x0000000005903ada <av_frame_ref+58>: test %r14,%r14
0x0000000005903add <av_frame_ref+61>: setne %al
0x0000000005903ae0 <av_frame_ref+64>: test $0x7,%r14b
0x0000000005903ae4 <av_frame_ref+68>: sete %cl
0x0000000005903ae7 <av_frame_ref+71>: and %al,%cl
0x0000000005903ae9 <av_frame_ref+73>: mov %cl,0x6(%rsp)
0x0000000005903aed <av_frame_ref+77>: je 0x5903e9e
<av_frame_ref+1022>
0x0000000005903af3 <av_frame_ref+83>: lea 0x74(%r14),%rbx
0x0000000005903af7 <av_frame_ref+87>: test $0x3,%bl
End of assembler dump.
}}}
Please confirm.
Thanks
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8299>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list