Context Navigation

#2609 closed defect (fixed)

av_seek_frame crashes on .nut file

Reported by:	hxuanyu	Owned by:
Priority:	important	Component:	avformat
Version:	1.1.5	Keywords:	nut crash SIGSEGV regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description (last modified by Carl Eugen Hoyos)

I'm building application with ffmpeg 1.1.3 http://ffmpeg.org/releases/ffmpeg-1.1.3.tar.gz. While opening a .nut file, av_seek_frame always crashes. I also wrote a simple test app, it also crashes every time.

The file I used is here https://dl.dropboxusercontent.com/u/89678527/Akon.nut. And below is the test code:

static int open_codec_context(int *stream_idx,
                              AVFormatContext *fmt_ctx, enum AVMediaType type)
{
    int ret;
    AVStream *st;
    AVCodecContext *dec_ctx = NULL;
    AVCodec *dec = NULL;

    ret = av_find_best_stream(fmt_ctx, type, -1, -1, NULL, 0);
    if (ret < 0) {
        //fprintf(stderr, "Could not find %s stream in input file '%s'\n",
        //        av_get_media_type_string(type), src_filename);
        return ret;
    } else {
        *stream_idx = ret;
        st = fmt_ctx->streams[*stream_idx];

        /* find decoder for the stream */
        dec_ctx = st->codec;
        dec = avcodec_find_decoder(dec_ctx->codec_id);
        if (!dec) {
            fprintf(stderr, "Failed to find %s codec\n",
                    av_get_media_type_string(type));
            return ret;
        }

        if ((ret = avcodec_open2(dec_ctx, dec, NULL)) < 0) {
            fprintf(stderr, "Failed to open %s codec\n",
                    av_get_media_type_string(type));
            return ret;
        }
    }

    return 0;
}

int main(int argc, char **argv)
{
    int ret;

    if (argc == 1) {
        printf("no argument provided, exit ************** \n");
        return 0;
    }
    const char *src_filename = argv[1];

    printf("to play %s\n", src_filename);
    
    avcodec_register_all();
    av_register_all();

    AVFormatContext *pFormatCtx = NULL;
    if (avformat_open_input(&pFormatCtx, src_filename, NULL, NULL) < 0) {
        fprintf(stderr, "Could not open source file %s\n", src_filename);
        exit(1);
    }

    if (avformat_find_stream_info(pFormatCtx, NULL) < 0) {
        fprintf(stderr, "Could not find stream information\n");
        exit(1);
    }

    int video_stream_idx = -1, audio_stream_idx = -1;
    AVStream *video_stream;
    AVCodecContext *pCodecCtx = NULL;
    if (open_codec_context(&video_stream_idx, pFormatCtx, AVMEDIA_TYPE_VIDEO) >= 0) {
        video_stream = pFormatCtx->streams[video_stream_idx];
        pCodecCtx = video_stream->codec;
        printf("video stream index = %d", video_stream_idx);
    }

    AVCodec* pCodec = avcodec_find_decoder(pCodecCtx->codec_id);
    avcodec_open(pCodecCtx, pCodec);

	
    AVFrame *frame = avcodec_alloc_frame();
    AVPacket pkt;	

    av_init_packet(&pkt);
    pkt.data = NULL;
    pkt.size = 0;
	
    int count = 0;
    while (av_read_frame(pFormatCtx, &pkt) >= 0) {
        printf("frame %d\n", count++);
        if (count == 100) av_seek_frame(pFormatCtx, video_stream_idx, 0, 0); // always crashes here.
    }
}

I tried to print out some trace, it's pretty much that crash happens in read_seek of nutdec.c

Attachments (1)

Akon_cut.nut (200.0 KB ) - added by Carl Eugen Hoyos 12 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 by Carl Eugen Hoyos, 12 years ago

Please test current git head and please provide a backtrace etc. as explained on http://ffmpeg.org/bugreports.html

comment:2 by Carl Eugen Hoyos, 12 years ago

Description:	modified (diff)

comment:3 by Carl Eugen Hoyos, 12 years ago

Keywords:	nut crash SIGSEGV regression added
Priority:	normal → important
Reproduced by developer:	set
Resolution:	→ fixed
Status:	new → closed
Version:	unspecified → 1.1.5

Fixed in origin/release/1.1, thank you for the report!

For future tickets: Please always also test with ffmpeg (first) and ffplay, if they allow to reproduce a problem, it is generally significantly easier to test / reproduce / fix the bug.

(gdb) r -ss 1 -i Akon.nut
Starting program: /home/cehoyos/test/cehoyos/FFmpeg/ffmpeg_g -ss 1 -i Akon.nut
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version 1.1.5 Copyright (c) 2000-2013 the FFmpeg developers
  built on May 30 2013 11:10:58 with gcc 4.7 (SUSE Linux)
  configuration:
  libavutil      52. 13.100 / 52. 13.100
  libavcodec     54. 86.100 / 54. 86.100
  libavformat    54. 59.106 / 54. 59.106
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 32.100 /  3. 32.100
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
[nut @ 0x1553540] no index at the end
[nut @ 0x1553540] read_timestamp failed.

Program received signal SIGSEGV, Segmentation fault.
ff_read_timestamp (read_timestamp=0x516660 <nut_read_timestamp>, pos_limit=9223372036854775807,
    ppos=0x7fffffffd388, stream_index=-1, s=0x1553540) at libavformat/utils.c:4347
4347    }
(gdb) bt
#0  ff_read_timestamp (read_timestamp=0x516660 <nut_read_timestamp>, pos_limit=9223372036854775807,
    ppos=0x7fffffffd388, stream_index=-1, s=0x1553540) at libavformat/utils.c:4347
#1  ff_gen_search (s=s@entry=0x1553540, stream_index=stream_index@entry=-1,
    target_ts=<optimized out>, pos_min=6522, pos_max=15065570, pos_limit=15065570, ts_min=0,
    ts_max=301768133, flags=flags@entry=1, ts_ret=ts_ret@entry=0x7fffffffd428,
    read_timestamp=read_timestamp@entry=0x516660 <nut_read_timestamp>) at libavformat/utils.c:1917
#2  0x0000000000515b24 in read_seek (s=0x1553540, stream_index=<optimized out>,
    pts=<optimized out>, flags=1) at libavformat/nutdec.c:985
#3  0x0000000000564279 in seek_frame_internal (s=s@entry=0x1553540, stream_index=0,
    stream_index@entry=-1, timestamp=30, timestamp@entry=1000000, flags=flags@entry=1)
    at libavformat/utils.c:2060
#4  0x0000000000564f29 in av_seek_frame (flags=1, timestamp=1000000, stream_index=-1, s=0x1553540)
    at libavformat/utils.c:2080
#5  avformat_seek_file (s=s@entry=0x1553540, stream_index=stream_index@entry=-1,
    min_ts=-9223372036854775808, ts=ts@entry=1000000, max_ts=max_ts@entry=1000000,
    flags=flags@entry=0) at libavformat/utils.c:2123
#6  0x0000000000451e29 in open_input_file (o=o@entry=0x7fffffffd7b0, filename=<optimized out>)
    at ffmpeg_opt.c:808
#7  0x000000000044ffd0 in open_files (inout=<optimized out>, inout@entry=0xbaba1f "input",
    open_file=open_file@entry=0x451080 <open_input_file>, l=<optimized out>, l=<optimized out>)
    at ffmpeg_opt.c:2293
#8  0x0000000000455989 in ffmpeg_parse_options (argc=argc@entry=5, argv=argv@entry=0x7fffffffdde8)
    at ffmpeg_opt.c:2330
#9  0x000000000044de18 in main (argc=5, argv=0x7fffffffdde8) at ffmpeg.c:3192
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5638f1 to 0x563931:
   0x00000000005638f1 <ff_gen_search+305>:      mov    0xc(%rsp),%esi
   0x00000000005638f5 <ff_gen_search+309>:      mov    0xa0(%rsp),%r8
   0x00000000005638fd <ff_gen_search+317>:      mov    %r12,%rdi
   0x0000000000563900 <ff_gen_search+320>:      callq  *%r8
   0x0000000000563903 <ff_gen_search+323>:      mov    0x30(%r12),%rdx
   0x0000000000563908 <ff_gen_search+328>:      mov    0x10(%rsp),%r8
   0x000000000056390d <ff_gen_search+333>:      mov    (%rdx,%r8,1),%rdx
=> 0x0000000000563911 <ff_gen_search+337>:      mov    0xd8(%rdx),%ecx
   0x0000000000563917 <ff_gen_search+343>:      mov    0x200(%rdx),%rsi
   0x000000000056391e <ff_gen_search+350>:      mov    0x208(%rdx),%edx
   0x0000000000563924 <ff_gen_search+356>:      test   %edx,%edx
   0x0000000000563926 <ff_gen_search+358>:      je     0x563950 <ff_gen_search+400>
   0x0000000000563928 <ff_gen_search+360>:      movabs $0x8000000000000000,%rdi
End of assembler dump.
(gdb) info register
rax            0xfc87e  1034366
rbx            0xf4628  1001000
rcx            0x7fffffffd208   140737488343560
rdx            0x20     32
rsi            0x30     48
rdi            0x1553540        22361408
rbp            0xdc9b   0xdc9b
rsp            0x7fffffffd350   0x7fffffffd350
r8             0xfffffffffffffff8       -8
r9             0x101010101010101        72340172838076673
r10            0x5b21   23329
r11            0x7ffff65a910e   140737326518542
r12            0x1553540        22361408
r13            0x197a   6522
r14            0x0      0
r15            0xe5e1e2 15065570
rip            0x563911 0x563911 <ff_gen_search+337>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

by Carl Eugen Hoyos, 12 years ago

Attachment:	Akon_cut.nut added

comment:4 by hxuanyu, 12 years ago

Hi, I checked both the master and release/1.1 branches here https://github.com/FFmpeg/FFmpeg/tree/master/libavformat,

seems nutdec.c hasn't been changed. Could you guys kindly tell me how to get the correct code?

Thanks

comment:5 by Carl Eugen Hoyos, 12 years ago

The crash did not happen in nutdec.c for me.
If you wanted to report another crash, please add backtrace etc. as I have done above.

comment:6 by Carl Eugen Hoyos, 12 years ago

This is the commit that fixed the crash that I could reproduce:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2416eff

Note: See TracTickets for help on using tickets.

Download in other formats: