[FFmpeg-trac] #10027(avcodec:new): vp4 crash
FFmpeg
trac at avcodec.org
Sun Nov 27 20:08:24 EET 2022
#10027: vp4 crash
------------------------------------+-----------------------------------
Reporter: ami_stuff | Owner: (none)
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: vp4 crash | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Comment (by ami_stuff):
this has something to do with mmxext
{{{
valgrind --leak-check=full ./ffmpeg_g -i ot171_vp40.avi -f null -
==15147== Memcheck, a memory error detector
==15147== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15147== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
info
==15147== Command: ./ffmpeg_g -i ot171_vp40.avi -f null -
==15147==
ffmpeg version N-109227-g1a7efafd33 Copyright (c) 2000-2022 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration: --enable-libopenjpeg
libavutil 57. 43.100 / 57. 43.100
libavcodec 59. 54.100 / 59. 54.100
libavformat 59. 34.102 / 59. 34.102
libavdevice 59. 8.101 / 59. 8.101
libavfilter 8. 50.101 / 8. 50.101
libswscale 6. 8.112 / 6. 8.112
libswresample 4. 9.100 / 4. 9.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s,
15 fps, 15 tbr, 15 tbn
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1
channels, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
==15147== Thread 3 av:vp4:df1:
==15147== Use of uninitialised value of size 8
==15147== at 0x9F92A6: frame_worker_thread (pthread_frame.c:241)
==15147== by 0x502A608: start_thread (pthread_create.c:477)
==15147== by 0x5166132: clone (clone.S:95)
==15147==
==15147== Use of uninitialised value of size 8
==15147== at 0x9F92B0: frame_worker_thread (pthread_frame.c:243)
==15147== by 0x502A608: start_thread (pthread_create.c:477)
==15147== by 0x5166132: clone (clone.S:95)
==15147==
==15147== Use of uninitialised value of size 8
==15147== at 0x9F92E0: frame_worker_thread (pthread_frame.c:249)
==15147== by 0x502A608: start_thread (pthread_create.c:477)
==15147== by 0x5166132: clone (clone.S:95)
==15147==
==15147== Invalid read of size 8
==15147== at 0x9F92EA: frame_worker_thread (pthread_frame.c:260)
==15147== by 0x502A608: start_thread (pthread_create.c:477)
==15147== by 0x5166132: clone (clone.S:95)
==15147== Address 0x1060d5ed8 is not stack'd, malloc'd or (recently)
free'd
==15147==
==15147==
==15147== Process terminating with default action of signal 11 (SIGSEGV)
==15147== Access not within mapped region at address 0x1060D5ED8
==15147== at 0x9F92EA: frame_worker_thread (pthread_frame.c:260)
==15147== by 0x502A608: start_thread (pthread_create.c:477)
==15147== by 0x5166132: clone (clone.S:95)
==15147== If you believe this happened as a result of a stack
==15147== overflow in your program's main thread (unlikely but
==15147== possible), you can try to increase the size of the
==15147== main thread stack using the --main-stacksize= flag.
==15147== The main thread stack size used in this run was 8388608.
==15147==
==15147== HEAP SUMMARY:
==15147== in use at exit: 12,613,711 bytes in 1,348 blocks
==15147== total heap usage: 2,982 allocs, 1,634 frees, 20,265,448 bytes
allocated
==15147==
==15147== Thread 1:
==15147== 304 bytes in 1 blocks are possibly lost in loss record 152 of
240
==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==15147== by 0x502B322: allocate_stack (allocatestack.c:622)
==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5
(pthread_create.c:660)
==15147== by 0x2A51C9: thread_start (ffmpeg_demux.c:398)
==15147== by 0x2A51C9: ifile_get_packet (ffmpeg_demux.c:418)
==15147== by 0x2C9621: process_input (ffmpeg.c:3597)
==15147== by 0x2C9621: transcode_step (ffmpeg.c:3818)
==15147== by 0x2C9621: transcode (ffmpeg.c:3865)
==15147== by 0x2A14AA: main (ffmpeg.c:4010)
==15147==
==15147== 2,432 bytes in 8 blocks are possibly lost in loss record 208 of
240
==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==15147== by 0x502B322: allocate_stack (allocatestack.c:622)
==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5
(pthread_create.c:660)
==15147== by 0x10882C1: avpriv_slicethread_create (slicethread.c:151)
==15147== by 0x306829: thread_init_internal (pthread.c:77)
==15147== by 0x306829: ff_graph_thread_init (pthread.c:96)
==15147== by 0x2F30E4: avfilter_graph_alloc_filter
(avfiltergraph.c:175)
==15147== by 0x304DCE: create_filter (graphparser.c:132)
==15147== by 0x304DCE: parse_filter (graphparser.c:201)
==15147== by 0x305977: avfilter_graph_parse2 (graphparser.c:438)
==15147== by 0x2A6E3C: configure_filtergraph (ffmpeg_filter.c:1013)
==15147== by 0x2C732B: ifilter_send_frame (ffmpeg.c:1930)
==15147== by 0x2C732B: send_frame_to_filters.isra.0 (ffmpeg.c:2006)
==15147== by 0x2C76FF: decode_audio (ffmpeg.c:2072)
==15147== by 0x2CA114: process_input_packet (ffmpeg.c:2342)
==15147== by 0x2CA114: process_input (ffmpeg.c:3683)
==15147== by 0x2CA114: transcode_step (ffmpeg.c:3818)
==15147== by 0x2CA114: transcode (ffmpeg.c:3865)
==15147==
==15147== 2,736 bytes in 9 blocks are possibly lost in loss record 209 of
240
==15147== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind
/vgpreload_memcheck-amd64-linux.so)
==15147== by 0x40149DA: allocate_dtv (dl-tls.c:286)
==15147== by 0x40149DA: _dl_allocate_tls (dl-tls.c:532)
==15147== by 0x502B322: allocate_stack (allocatestack.c:622)
==15147== by 0x502B322: pthread_create@@GLIBC_2.2.5
(pthread_create.c:660)
==15147== by 0x25926D: init_thread (pthread_frame.c:871)
==15147== by 0x25926D: ff_frame_thread_init.cold (pthread_frame.c:927)
==15147== by 0x6EEFC6: avcodec_open2 (avcodec.c:304)
==15147== by 0x2C85EA: init_input_stream (ffmpeg.c:2577)
==15147== by 0x2C85EA: transcode_init (ffmpeg.c:3156)
==15147== by 0x2C8EA8: transcode (ffmpeg.c:3841)
==15147== by 0x2A14AA: main (ffmpeg.c:4010)
==15147==
==15147== LEAK SUMMARY:
==15147== definitely lost: 0 bytes in 0 blocks
==15147== indirectly lost: 0 bytes in 0 blocks
==15147== possibly lost: 5,472 bytes in 18 blocks
==15147== still reachable: 12,608,239 bytes in 1,330 blocks
==15147== suppressed: 0 bytes in 0 blocks
==15147== Reachable blocks (those to which a pointer was found) are not
shown.
==15147== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==15147==
==15147== Use --track-origins=yes to see where uninitialised values come
from
==15147== For lists of detected and suppressed errors, rerun with: -s
==15147== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
}}}
{{{
valgrind --leak-check=full ./ffmpeg_g -cpuflags -mmxext -i ot171_vp40.avi
-f null -
==15199== Memcheck, a memory error detector
==15199== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15199== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
info
==15199== Command: ./ffmpeg_g -cpuflags -mmxext -i ot171_vp40.avi -f null
-
==15199==
ffmpeg version N-109227-g1a7efafd33 Copyright (c) 2000-2022 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
configuration: --enable-libopenjpeg
libavutil 57. 43.100 / 57. 43.100
libavcodec 59. 54.100 / 59. 54.100
libavformat 59. 34.102 / 59. 34.102
libavdevice 59. 8.101 / 59. 8.101
libavfilter 8. 50.101 / 8. 50.101
libswscale 6. 8.112 / 6. 8.112
libswresample 4. 9.100 / 4. 9.100
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, avi, from 'ot171_vp40.avi':
Duration: 00:00:24.27, start: 0.000000, bitrate: 245 kb/s
Stream #0:0: Video: vp4 (VP40 / 0x30345056), yuv420p, 160x112, 147 kb/s,
15 fps, 15 tbr, 15 tbn
Stream #0:1: Audio: pcm_u8 ([1][0][0][0] / 0x0001), 11025 Hz, 1
channels, u8, 88 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (vp4 (native) -> wrapped_avframe (native))
Stream #0:1 -> #0:1 (pcm_u8 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf59.34.102
Stream #0:0: Video: wrapped_avframe, yuv420p(progressive), 160x112,
q=2-31, 200 kb/s, 15 fps, 15 tbn
Metadata:
encoder : Lavc59.54.100 wrapped_avframe
Stream #0:1: Audio: pcm_s16le, 11025 Hz, mono, s16, 176 kb/s
Metadata:
encoder : Lavc59.54.100 pcm_s16le
frame= 364 fps=139 q=-0.0 Lsize=N/A time=00:00:24.23 bitrate=N/A
speed=9.27x
video:171kB audio:523kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: unknown
==15199==
==15199== HEAP SUMMARY:
==15199== in use at exit: 0 bytes in 0 blocks
==15199== total heap usage: 27,801 allocs, 27,801 frees, 23,578,463
bytes allocated
==15199==
==15199== All heap blocks were freed -- no leaks are possible
==15199==
==15199== For lists of detected and suppressed errors, rerun with: -s
==15199== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10027#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list