Context Navigation

#1243 closed defect (fixed)

ffprobe -show_packets crashes with disabled aac decoder

Reported by:	Carl Eugen Hoyos	Owned by:
Priority:	important	Component:	ffprobe
Version:	git-master	Keywords:	crash SIGSEGV
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	yes

Description

I found another crash with the sample from ticket #997, only happens with --disable-decoder=aac.

(gdb) r -show_packets 120210144737.ts
Starting program: ffprobe_g -show_packets 120210144737.ts
[Thread debugging using libthread_db enabled]
[New Thread 0xb7bcc6c0 (LWP 27899)]
ffprobe version N-40058-g2e07f42 Copyright (c) 2007-2012 the FFmpeg developers
  built on Apr 22 2012 22:13:29 with gcc 4.3.2
  configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --disable-decoder=aac
  libavutil      51. 47.100 / 51. 47.100
  libavcodec     54. 15.100 / 54. 15.100
  libavformat    54.  3.100 / 54.  3.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 71.102 /  2. 71.102
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 11.100 /  0. 11.100
  libpostproc    52.  0.100 / 52.  0.100
[mpegts @ 0x8e9b440] Could not find codec parameters (Audio: aac ([15][0][0][0] / 0x000F), 0 channels, 122 kb/s)
Input #0, mpegts, from '120210144737.ts':
  Duration: 02:04:30.69, start: 5.000000, bitrate: 52 kb/s
  Program 1
    Stream #0:0[0x21]: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 720x576 [SAR 64:45 DAR 16:9], 25.43 fps, 50 tbr, 90k tbn, 50 tbc
    Stream #0:1[0x24]: Audio: aac ([15][0][0][0] / 0x000F), 0 channels, 122 kb/s
Unsupported codec with id 86018 for input stream 1
[PACKET]                                                                        

...

[PACKET]
codec_type=video
stream_index=0
pts=672811300
pts_time=7475.681111
dts=672811300
dts_time=7475.681111
duration=1800
duration_time=0.020000
size=4750
pos=48668876
flags=_
[/PACKET]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7ba26c0 (LWP 27725)]
0x08569085 in avcodec_decode_audio4 (avctx=0x8e9f8a0, frame=0xbfdcc35c,
    got_frame_ptr=0xbfdcc678, avpkt=0xbfdcc5fc) at libavcodec/utils.c:1529
1529        if (avctx->codec->type != AVMEDIA_TYPE_AUDIO) {
(gdb) bt
#0  0x08569085 in avcodec_decode_audio4 (avctx=0x8e9f8a0, frame=0xbfdcc35c,
    got_frame_ptr=0xbfdcc678, avpkt=0xbfdcc5fc) at libavcodec/utils.c:1529
#1  0x0804e442 in read_packets (w=0x8e9b3e0, fmt_ctx=0x8e9b440)
    at ffprobe.c:1259
#2  0x080501ed in main (argc=0, argv=0x80000000) at ffprobe.c:1543
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8569065 to 0x85690a5:
0x08569065 <avcodec_decode_audio4+53>:  mov    0xc(%ecx),%ecx
0x08569068 <avcodec_decode_audio4+56>:  mov    %eax,0x18(%esp)
0x0856906c <avcodec_decode_audio4+60>:  movl   $0x0,0x0(%ebp)
0x08569073 <avcodec_decode_audio4+67>:  mov    0x10(%ecx),%eax
0x08569076 <avcodec_decode_audio4+70>:  mov    %ecx,0x14(%esp)
0x0856907a <avcodec_decode_audio4+74>:  test   %eax,%eax
0x0856907c <avcodec_decode_audio4+76>:  je     0x8569288 <avcodec_decode_audio4+600>
0x08569082 <avcodec_decode_audio4+82>:  mov    0xc(%ebx),%eax
0x08569085 <avcodec_decode_audio4+85>:  cmpl   $0x1,0x8(%eax)
0x08569089 <avcodec_decode_audio4+89>:  jne    0x85692e8 <avcodec_decode_audio4+696>
0x0856908f <avcodec_decode_audio4+95>:  testb  $0x20,0x10(%eax)
0x08569093 <avcodec_decode_audio4+99>:  jne    0x85690d0 <avcodec_decode_audio4+160>
0x08569095 <avcodec_decode_audio4+101>: mov    0x14(%esp),%edx
0x08569099 <avcodec_decode_audio4+105>: xor    %edi,%edi
0x0856909b <avcodec_decode_audio4+107>: mov    0x14(%edx),%eax
0x0856909e <avcodec_decode_audio4+110>: test   %eax,%eax
0x085690a0 <avcodec_decode_audio4+112>: jne    0x85690d0 <avcodec_decode_audio4+160>
0x085690a2 <avcodec_decode_audio4+114>: mov    0x78(%esp),%ecx
End of assembler dump.
(gdb) info register
eax            0x0      0
ecx            0xbfdcc5fc       -1076050436
edx            0x0      0
ebx            0x8e9f8a0        149551264
esp            0xbfdcc290       0xbfdcc290
ebp            0xbfdcc678       0xbfdcc678
esi            0x1      1
edi            0xbfdcc678       -1076050312
eip            0x8569085        0x8569085 <avcodec_decode_audio4+85>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51

Change History (2)

comment:1 by Stefano Sabatini, 12 years ago

Component:	undetermined → FFprobe
Priority:	normal → important
Reproduced by developer:	set
Status:	new → open

comment:2 by Stefano Sabatini, 12 years ago

Analyzed by developer:	set
Reproduced by developer:	unset
Resolution:	→ fixed
Status:	open → closed

I could not reproduce the problem with -show_packets, but only with -show_frames (indeed with -show_packets it shouldn't even try to decode the frame...).

Latter crash should be fixed in:

commit 5626e812d2c1c202f749824905b70cdb8a845e7b
Author: Stefano Sabatini <stefasab@gmail.com>
Date:   Sun Jul 15 15:56:02 2012 +0200

    ffprobe: only decode frame if the codec is available
    
    Fix crash when a stream codec is unknown, in particular fix trac
    ticket #1243.

Note: See TracTickets for help on using tickets.

Download in other formats: