Opened 12 years ago
Closed 12 years ago
#1986 closed defect (fixed)
ffserver crashes while playing h264 video from matroska container over rtsp
| Reported by: | sonntex | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | ffserver |
| Version: | git-master | Keywords: | crash SIGSEGV regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
I'm trying to play h264 video from matroska container over rtsp using ffserver and ffplay, and ffserver crashes on ffplay executing.
How to reproduce:
- Configuration file for ffserver:
Port 8090 RTSPPort 8554 BindAddress 0.0.0.0 MaxHTTPConnections 2000 MaxClients 1000 MaxBandwidth 1000 CustomLog - NoDaemon <Stream h264-cut.mkv> Format rtp File "h264-cut.mkv" </Stream>
- Execute ffserver:
% ./ffserver_g -v 9 -loglevel 99 -f ffserver.conf ffserver version 1.0 Copyright (c) 2000-2012 the FFmpeg developers built on Dec 3 2012 23:47:06 with gcc 4.7 (Debian 4.7.2-4) configuration: --disable-optimizations --enable-debug=3 libavutil 51. 73.101 / 51. 73.101 libavcodec 54. 59.100 / 54. 59.100 libavformat 54. 29.104 / 54. 29.104 libavdevice 54. 2.101 / 54. 2.101 libavfilter 3. 17.100 / 3. 17.100 libswscale 2. 1.101 / 2. 1.101 libswresample 0. 15.100 / 0. 15.100 Tue Dec 4 00:14:57 2012 Opening file 'h264-cut.mkv' Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]Format matroska,webm probed with size=2048 and score=100 Tue Dec 4 00:14:57 2012 st:0 removing common factor 1000000 from timebase Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]File position before avformat_find_stream_info() is 574 Tue Dec 4 00:14:57 2012 [h264 @ 0x35a1de0]Using externally provided dimensions Tue Dec 4 00:14:57 2012 [h264 @ 0x35a1de0]no picture Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]All info found Tue Dec 4 00:14:57 2012 [matroska,webm @ 0x359af40]File position after avformat_find_stream_info() is 113333 Tue Dec 4 00:14:57 2012 [AVIOContext @ 0x359b4c0]Statistics: 139214 bytes read, 0 seeks Tue Dec 4 00:14:57 2012 FFserver started. Segmentation fault (core dumped)
- Execute ffplay:
% ./ffplay_g -v 9 -loglevel 99 rtsp://localhost:8554/h264-cut.mkv ffplay version 1.0 Copyright (c) 2003-2012 the FFmpeg developers built on Dec 3 2012 23:47:06 with gcc 4.7 (Debian 4.7.2-4) configuration: --disable-optimizations --enable-debug=3 libavutil 51. 73.101 / 51. 73.101 libavcodec 54. 59.100 / 54. 59.100 libavformat 54. 29.104 / 54. 29.104 libavdevice 54. 2.101 / 54. 2.101 libavfilter 3. 17.100 / 3. 17.100 libswscale 2. 1.101 / 2. 1.101 libswresample 0. 15.100 / 0. 15.100 rtsp://localhost:8554/h264-cut.mkv: Invalid data found when processing input
Gdb:
% gdb ./ffserver_g core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/sonntex-devel/devel/ffmpeg-1.0/ffserver_g...done.
[New LWP 31838]
warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./ffserver_g -v 9 -loglevel 99 -f ffserver.conf'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000523e40 in sdp_write_media_attributes (
buff=0x35a36c0 "v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n", size=2048, c=0x35a2220, payload_type=96,
fmt=0x35a1940) at libavformat/sdp.c:405
405 if (fmt && fmt->oformat->priv_class &&
(gdb) bt
#0 0x0000000000523e40 in sdp_write_media_attributes (
buff=0x35a36c0 "v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n", size=2048, c=0x35a2220, payload_type=96,
fmt=0x35a1940) at libavformat/sdp.c:405
#1 0x00000000005246da in ff_sdp_write_media (buff=0x35a36c0 "v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n",
size=2048, c=0x35a2220, dest_addr=0x0, dest_type=0x7fff05c842e0 "IP4", port=0, ttl=0, fmt=0x35a1940) at libavformat/sdp.c:609
#2 0x00000000005249b0 in av_sdp_create (ac=0x7fff05c843c8, n_files=1,
buf=0x35a36c0 "v=0\r\no=- 0 0 IN IP4 127.0.0.1\r\ns=No Title\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=tool:libavformat 54.29.104\r\nm=video 0 RTP/AVP 96\r\n", size=2048) at libavformat/sdp.c:655
#3 0x000000000043d1cc in prepare_sdp_description (stream=0x3599320, pbuffer=0x7fff05c84448, my_ip=...) at ffserver.c:2969
#4 0x000000000043d41e in rtsp_cmd_describe (c=0x35a2640, url=0x7fff05c867a0 "rtsp://localhost:8554/h264-cut.mkv") at ffserver.c:3021
#5 0x000000000043cdf0 in rtsp_parse_request (c=0x35a2640) at ffserver.c:2908
#6 0x000000000043751e in handle_connection (c=0x35a2640) at ffserver.c:955
#7 0x0000000000436c97 in http_server () at ffserver.c:729
#8 0x00000000004429f9 in main (argc=7, argv=0x7fff05c86e28) at ffserver.c:4757
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x523e20 to 0x523e60:
0x0000000000523e20 <sdp_write_media_attributes+290>: test %dh,%cl
0x0000000000523e22 <sdp_write_media_attributes+292>: (bad)
0x0000000000523e23 <sdp_write_media_attributes+293>: add %al,(%rax)
0x0000000000523e25 <sdp_write_media_attributes+295>: jmpq 0x524598 <sdp_write_media_attributes+2202>
0x0000000000523e2a <sdp_write_media_attributes+300>: movl $0x1,-0xc(%rbp)
0x0000000000523e31 <sdp_write_media_attributes+307>: cmpq $0x0,-0x40(%rbp)
0x0000000000523e36 <sdp_write_media_attributes+312>: je 0x523e6e <sdp_write_media_attributes+368>
0x0000000000523e38 <sdp_write_media_attributes+314>: mov -0x40(%rbp),%rax
0x0000000000523e3c <sdp_write_media_attributes+318>: mov 0x10(%rax),%rax
=> 0x0000000000523e40 <sdp_write_media_attributes+322>: mov 0x38(%rax),%rax
0x0000000000523e44 <sdp_write_media_attributes+326>: test %rax,%rax
0x0000000000523e47 <sdp_write_media_attributes+329>: je 0x523e6e <sdp_write_media_attributes+368>
0x0000000000523e49 <sdp_write_media_attributes+331>: mov -0x40(%rbp),%rax
0x0000000000523e4d <sdp_write_media_attributes+335>: mov 0x18(%rax),%rax
0x0000000000523e51 <sdp_write_media_attributes+339>: mov $0xcc1d35,%edx
0x0000000000523e56 <sdp_write_media_attributes+344>: mov $0xcc1d40,%esi
0x0000000000523e5b <sdp_write_media_attributes+349>: mov %rax,%rdi
0x0000000000523e5e <sdp_write_media_attributes+352>: callq 0xc95a48 <av_opt_flag_is_set>
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x35a1940 56236352
rcx 0x60 96
rdx 0x35a2220 56238624
rsi 0x800 2048
rdi 0x35a36c0 56243904
rbp 0x7fff05c84250 0x7fff05c84250
rsp 0x7fff05c841f0 0x7fff05c841f0
r8 0x35a1940 56236352
r9 0x1 1
r10 0x0 0
r11 0xfffffffb 4294967291
r12 0x435d00 4414720
r13 0x7fff05c86e20 140733290409504
r14 0x0 0
r15 0x0 0
rip 0x523e40 0x523e40 <sdp_write_media_attributes+322>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st2 -nan(0x002000200) (raw 0xffff0000000002000200)
st3 -nan(0x200020002000200) (raw 0xffff0200020002000200)
st4 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st5 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st6 -nan(0x1010101010101010) (raw 0xffff1010101010101010)
st7 -inf (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x8000000000000000, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0xff000000, 0x0, 0x0},
v2_int64 = {0xff00000000000000, 0x0},
uint128 = 0x0000000000000000ff00000000000000
}
xmm1 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x25 <repeats 16 times>},
v8_int16 = {0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525},
v4_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525},
v2_int64 = {0x2525252525252525, 0x2525252525252525},
uint128 = 0x25252525252525252525252525252525
}
xmm2 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
xmm3 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xff00, 0x0, 0x0, 0x0, 0x0, 0xff00, 0x0, 0x0},
v4_int32 = {0xff00, 0x0, 0xff000000, 0x0},
v2_int64 = {0xff00, 0xff000000},
uint128 = 0x00000000ff000000000000000000ff00
}
xmm4 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x8000000000000000},
v16_int8 = {0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x61, 0x78, 0x20, 0x6d, 0x65, 0x6d, 0x6f},
v8_int16 = {0x6d, 0x0, 0x0, 0x0, 0x616d, 0x2078, 0x656d, 0x6f6d},
v4_int32 = {0x6d, 0x0, 0x2078616d, 0x6f6d656d},
v2_int64 = {0x6d, 0x6f6d656d2078616d},
uint128 = 0x6f6d656d2078616d000000000000006d
}
xmm5 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x95, 0x9c, 0xe7, 0x3f, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0},
---Type <return> to continue, or q <return> to quit---
v8_int16 = {0x0, 0xe000, 0x9c95, 0x3fe7, 0x1, 0x1, 0x1, 0x1},
v4_int32 = {0xe0000000, 0x3fe79c95, 0x10001, 0x10001},
v2_int64 = {0x3fe79c95e0000000, 0x1000100010001},
uint128 = 0x00010001000100013fe79c95e0000000
}
xmm6 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0},
v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d
}
xmm7 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x3bbcc868, 0x0, 0x0},
v2_int64 = {0x3bbcc86800000000, 0x0},
uint128 = 0x00000000000000003bbcc86800000000
}
xmm8 {
v4_float = {0x0, 0xfffffffd, 0x0, 0x0},
v2_double = {0xffffffffffffffd2, 0x0},
v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6, 0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xe6e0, 0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6735e6e0, 0xc047069e, 0x0, 0x0},
v2_int64 = {0xc047069e6735e6e0, 0x0},
uint128 = 0x0000000000000000c047069e6735e6e0
}
xmm9 {
v4_float = {0x0, 0x1, 0x0, 0x0},
v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0},
v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000
}
xmm10 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0},
v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000
}
xmm11 {
v4_float = {0x9689a800, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea, 0x8f, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x5065a26a, 0xbd8feaf2, 0x0, 0x0},
v2_int64 = {0xbd8feaf25065a26a, 0x0},
uint128 = 0x0000000000000000bd8feaf25065a26a
}
xmm12 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0x29, 0xf2, 0x88, 0x6c, 0xa6, 0x49, 0xde, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0xf229, 0x6c88, 0x49a6, 0x3ede, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6c88f229, 0x3ede49a6, 0x0, 0x0},
v2_int64 = {0x3ede49a66c88f229, 0x0},
uint128 = 0x00000000000000003ede49a66c88f229
}
xmm13 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
v16_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0},
v2_int64 = {0x3be64664175812b3, 0x0},
uint128 = 0x00000000000000003be64664175812b3
}
xmm14 {
v4_float = {0x0, 0x3, 0x0, 0x0},
v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0},
v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0
}
xmm15 {
v4_float = {0x0, 0x0, 0x0, 0x0},
v2_double = {0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000
}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
Attachments (1)
Change History (6)
by , 12 years ago
| Attachment: | h264-cut.mkv added |
|---|
comment:1 by , 12 years ago
| Component: | undetermined → FFserver |
|---|
follow-up: 3 comment:2 by , 12 years ago
| Keywords: | crash added |
|---|---|
| Priority: | normal → important |
| Version: | unspecified → 1.0 |
Does current git head also crash?
comment:4 by , 12 years ago
| Keywords: | SIGSEGV regression added |
|---|---|
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | 1.0 → git-master |
Regression since d77f4af / 82edf67.
Note:
See TracTickets
for help on using tickets.
this is cut down version of 85 mb file