[FFmpeg-trac] #10027(undetermined:new): vp4 crash

FFmpeg trac at avcodec.org
Sat Nov 12 15:00:42 EET 2022 

#10027: vp4 crash
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:
  undetermined                       |  unspecified
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 http://samples.mplayerhq.hu/V-codecs/VP4/ot171_vp40.avi

 {{{
 valgrind --leak-check=full ./ffmpeg_g -i ot171_vp40.avi -f null -
 ==19766== Memcheck, a memory error detector
 ==19766== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
 ==19766== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
 info
 ==19766== Command: ./ffmpeg_g -i ot171_vp40.avi -f null -
 ==19766==
 ffmpeg version N-109064-gc124981b79 Copyright (c) 2000-2022 the FFmpeg
 developers
   built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
   configuration:
   libavutil      57. 42.100 / 57. 42.100
   libavcodec     59. 52.101 / 59. 52.101
   libavformat    59. 34.101 / 59. 34.101
   libavdevice    59.  8.101 / 59.  8.101
   libavfilter     8. 50.100 /  8. 50.100
   libswscale      6.  8.112 /  6.  8.112
   libswresample   4.  9.100 /  4.  9.100
 Guessed Channel Layout for Input Stream #0.1 : mono
 Input #0, avi, from 'ot171_vp40.avi':
   Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
   Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s,
 15 fps, 15 tbr, 15 tbn
   Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1
 channels, u8, 88 kb/s
 Stream mapping:
   Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native))
   Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help
 ==19766== Thread 3 av:vp4:df1:
 ==19766== Use of uninitialised value of size 8
 ==19766==    at 0x9F5D86: frame_worker_thread (pthread_frame.c:241)
 ==19766==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==19766==    by 0x50F6132: clone (clone.S:95)
 ==19766==
 ==19766== Use of uninitialised value of size 8
 ==19766==    at 0x9F5D90: frame_worker_thread (pthread_frame.c:243)
 ==19766==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==19766==    by 0x50F6132: clone (clone.S:95)
 ==19766==
 ==19766== Use of uninitialised value of size 8
 ==19766==    at 0x9F5DC0: frame_worker_thread (pthread_frame.c:249)
 ==19766==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==19766==    by 0x50F6132: clone (clone.S:95)
 ==19766==
 ==19766== Invalid read of size 8
 ==19766==    at 0x9F5DCA: frame_worker_thread (pthread_frame.c:260)
 ==19766==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==19766==    by 0x50F6132: clone (clone.S:95)
 ==19766==  Address 0x106064e58 is not stack'd, malloc'd or (recently)
 free'd
 ==19766==
 ==19766==
 ==19766== Process terminating with default action of signal 11 (SIGSEGV)
 ==19766==  Access not within mapped region at address 0x106064E58
 ==19766==    at 0x9F5DCA: frame_worker_thread (pthread_frame.c:260)
 ==19766==    by 0x4FBC608: start_thread (pthread_create.c:477)
 ==19766==    by 0x50F6132: clone (clone.S:95)
 ==19766==  If you believe this happened as a result of a stack
 ==19766==  overflow in your program's main thread (unlikely but
 ==19766==  possible), you can try to increase the size of the
 ==19766==  main thread stack using the --main-stacksize= flag.
 ==19766==  The main thread stack size used in this run was 8388608.
 ==19766==
 ==19766== HEAP SUMMARY:
 ==19766==     in use at exit: 12,612,355 bytes in 1,344 blocks
 ==19766==   total heap usage: 2,977 allocs, 1,633 frees, 20,264,076 bytes
 allocated
 ==19766==
 ==19766== Thread 1:
 ==19766== 304 bytes in 1 blocks are possibly lost in loss record 152 of
 240
 ==19766==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==19766==    by 0x40149DA: allocate_dtv (dl-tls.c:286)
 ==19766==    by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
 ==19766==    by 0x4FBD322: allocate_stack (allocatestack.c:622)
 ==19766==    by 0x4FBD322: pthread_create@@GLIBC_2.2.5
 (pthread_create.c:660)
 ==19766==    by 0x2A199A: thread_start (ffmpeg_demux.c:397)
 ==19766==    by 0x2A199A: ifile_get_packet (ffmpeg_demux.c:417)
 ==19766==    by 0x2C6142: process_input (ffmpeg.c:3637)
 ==19766==    by 0x2C6142: transcode_step (ffmpeg.c:3858)
 ==19766==    by 0x2C6142: transcode (ffmpeg.c:3905)
 ==19766==    by 0x29DC8A: main (ffmpeg.c:4052)
 ==19766==
 ==19766== 2,432 bytes in 8 blocks are possibly lost in loss record 209 of
 240
 ==19766==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==19766==    by 0x40149DA: allocate_dtv (dl-tls.c:286)
 ==19766==    by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
 ==19766==    by 0x4FBD322: allocate_stack (allocatestack.c:622)
 ==19766==    by 0x4FBD322: pthread_create@@GLIBC_2.2.5
 (pthread_create.c:660)
 ==19766==    by 0x1083EE1: avpriv_slicethread_create (slicethread.c:151)
 ==19766==    by 0x303389: thread_init_internal (pthread.c:77)
 ==19766==    by 0x303389: ff_graph_thread_init (pthread.c:96)
 ==19766==    by 0x2EFC44: avfilter_graph_alloc_filter
 (avfiltergraph.c:175)
 ==19766==    by 0x30192E: create_filter (graphparser.c:132)
 ==19766==    by 0x30192E: parse_filter (graphparser.c:201)
 ==19766==    by 0x3024D7: avfilter_graph_parse2 (graphparser.c:438)
 ==19766==    by 0x2A35DC: configure_filtergraph (ffmpeg_filter.c:1014)
 ==19766==    by 0x2C3B8B: ifilter_send_frame (ffmpeg.c:1945)
 ==19766==    by 0x2C3B8B: send_frame_to_filters.isra.0 (ffmpeg.c:2021)
 ==19766==    by 0x2C3F5F: decode_audio (ffmpeg.c:2087)
 ==19766==    by 0x2C6D34: process_input_packet (ffmpeg.c:2357)
 ==19766==    by 0x2C6D34: process_input (ffmpeg.c:3723)
 ==19766==    by 0x2C6D34: transcode_step (ffmpeg.c:3858)
 ==19766==    by 0x2C6D34: transcode (ffmpeg.c:3905)
 ==19766==
 ==19766== 2,736 bytes in 9 blocks are possibly lost in loss record 210 of
 240
 ==19766==    at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==19766==    by 0x40149DA: allocate_dtv (dl-tls.c:286)
 ==19766==    by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
 ==19766==    by 0x4FBD322: allocate_stack (allocatestack.c:622)
 ==19766==    by 0x4FBD322: pthread_create@@GLIBC_2.2.5
 (pthread_create.c:660)
 ==19766==    by 0x256F4D: init_thread (pthread_frame.c:871)
 ==19766==    by 0x256F4D: ff_frame_thread_init.cold (pthread_frame.c:927)
 ==19766==    by 0x6EDE06: avcodec_open2 (avcodec.c:304)
 ==19766==    by 0x2C4F3F: init_input_stream (ffmpeg.c:2593)
 ==19766==    by 0x2C4F3F: transcode_init (ffmpeg.c:3197)
 ==19766==    by 0x2C5848: transcode (ffmpeg.c:3881)
 ==19766==    by 0x29DC8A: main (ffmpeg.c:4052)
 ==19766==
 ==19766== LEAK SUMMARY:
 ==19766==    definitely lost: 0 bytes in 0 blocks
 ==19766==    indirectly lost: 0 bytes in 0 blocks
 ==19766==      possibly lost: 5,472 bytes in 18 blocks
 ==19766==    still reachable: 12,606,883 bytes in 1,326 blocks
 ==19766==         suppressed: 0 bytes in 0 blocks
 ==19766== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==19766== To see them, rerun with: --leak-check=full --show-leak-kinds=all
 ==19766==
 ==19766== Use --track-origins=yes to see where uninitialised values come
 from
 ==19766== For lists of detected and suppressed errors, rerun with: -s
 ==19766== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10027>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list