Opened 11 years ago

Closed 11 years ago

#3120 closed defect (fixed)

Crash when converting internal SSA to SRT

Reported by: eelco Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: ass crash
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: yes

Description

Summary of the bug:

ffmpeg can crash when extracting an SSA subtitle to an SRT file.

How to reproduce:

% ffmpeg -i ssa-2-srt-fails.mkv out.srt
ffmpeg version N-57932-g89a3be8 Copyright (c) 2000-2013 the FFmpeg developers
  built on Nov  5 2013 16:30:18 with Apple LLVM version 5.0 (clang-500.2.78) (based on LLVM 3.3svn)
  configuration: --prefix=/Users/eelco/Projects/Beamer/FFmpeg/build --disable-shared
  libavutil      52. 52.100 / 52. 52.100
  libavcodec     55. 41.100 / 55. 41.100
  libavformat    55. 21.100 / 55. 21.100
  libavdevice    55.  5.100 / 55.  5.100
  libavfilter     3. 90.102 /  3. 90.102
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
[matroska,webm @ 0x7fd09b817a00] Unknown entry 0x437E
    Last message repeated 4 times
Input #0, matroska,webm, from 'ssa-2-srt-fails.mkv':
  Metadata:
    creation_time   : 2013-04-07 06:15:26
  Duration: 00:24:06.45, start: 0.000000, bitrate: 3041 kb/s
    Chapter #0.0: start 0.033000, end 123.498375
    Metadata:
      title           : Intro
    Chapter #0.1: start 123.498375, end 214.964750
    Metadata:
      title           : OP
    Chapter #0.2: start 214.964750, end 752.793708
    Metadata:
      title           : Part A
    Chapter #0.3: start 752.793708, end 1431.596833
    Metadata:
      title           : Part B
    Chapter #0.4: start 1431.596833, end 1446.445000
    Metadata:
      title           : Preview
    Stream #0:0(eng): Video: h264 (High 10), yuv420p10le, 1280x720, SAR 1:1 DAR 16:9, 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
    Stream #0:1(jpn): Audio: aac, 48000 Hz, stereo, fltp (default)
    Metadata:
      title           : Commie
    Stream #0:2(eng): Subtitle: ssa (default)
Codec 0x18000 is not in the full list.
    Stream #0:3: Attachment: unknown_codec
    Metadata:
      filename        : Comfortaa-Regular.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:4: Attachment: unknown_codec
    Metadata:
      filename        : LT.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:5: Attachment: unknown_codec
    Metadata:
      filename        : LTFinnegan_MediumItalic.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:6: Attachment: unknown_codec
    Metadata:
      filename        : Cavalier.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:7: Attachment: unknown_codec
    Metadata:
      filename        : Comfortaa-Bold.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:8: Attachment: unknown_codec
    Metadata:
      filename        : DSFetteKanzlei.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:9: Attachment: unknown_codec
    Metadata:
      filename        : KaiserzeitGotisch.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:10: Attachment: unknown_codec
    Metadata:
      filename        : Mothproof_Script.ttf
      mimetype        : application/x-truetype-font
Output #0, srt, to 'out.srt':
  Metadata:
    encoder         : Lavf55.21.100
    Chapter #0.0: start 0.033000, end 123.498375
    Metadata:
      title           : Intro
    Chapter #0.1: start 123.498375, end 214.964750
    Metadata:
      title           : OP
    Chapter #0.2: start 214.964750, end 752.793708
    Metadata:
      title           : Part A
    Chapter #0.3: start 752.793708, end 1431.596833
    Metadata:
      title           : Part B
    Chapter #0.4: start 1431.596833, end 1446.445000
    Metadata:
      title           : Preview
    Stream #0:0(eng): Subtitle: subrip (default)
Stream mapping:
  Stream #0:2 -> #0:0 (ssa -> subrip)
Press [q] to stop, [?] for help
ffmpeg(11976,0x7fff77cc8310) malloc: *** error for object 0x7fd09b8a6e08: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
fish: Job 1, 'ffmpeg -i ssa-2-srt-fails.mkv out.srt' terminated by signal SIGABRT (Abort)

Note that the crash does not seem to occur at the same point in the file between different runs.

File will be uploaded to the FTP.

Attachments (1)

3120-ssa-2-srt-fails-001.mkv (2.0 MB ) - added by Carl Eugen Hoyos 11 years ago.

Change History (8)

comment:1 by Carl Eugen Hoyos, 11 years ago

Keywords: crash added
Priority: normalimportant
Version: unspecifiedgit-master

Please provide a backtrace.

comment:2 by eelco, 11 years ago

* thread #1: tid = 0x2e10b6, 0x00007fff92b42866 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread, stop reason = signal SIGABRT
    frame #0: 0x00007fff92b42866 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff92be335c libsystem_pthread.dylib`pthread_kill + 92
    frame #2: 0x00007fff8d1d2bba libsystem_c.dylib`abort + 125
    frame #3: 0x00007fff868956a4 libsystem_malloc.dylib`szone_error + 587
    frame #4: 0x00007fff8689b708 libsystem_malloc.dylib`small_malloc_from_free_list + 1162
    frame #5: 0x00007fff8689a7c6 libsystem_malloc.dylib`szone_malloc_should_clear + 1327
    frame #6: 0x00007fff868910cc libsystem_malloc.dylib`szone_realloc + 2035
    frame #7: 0x00007fff8689cc71 libsystem_malloc.dylib`malloc_zone_realloc + 79
    frame #8: 0x00007fff8689d3a7 libsystem_malloc.dylib`realloc + 174
    frame #9: 0x000000010019d3d0 ffmpeg_g`ass_split_section [inlined] realloc_section_array(ctx=0x0000000101204860) + 38 at ass_split.c:181
    frame #10: 0x000000010019d3aa ffmpeg_g`ass_split_section(ctx=0x0000000101204860, buf=<unavailable>) + 922 at ass_split.c:241
    frame #11: 0x000000010019c415 ffmpeg_g`ass_split(ctx=0x0000000101204860, buf=0x000000010182dbb2) + 53 at ass_split.c:284
    frame #12: 0x000000010019c64c ffmpeg_g`ff_ass_split_dialog(ctx=0x0000000101204860, buf=0x000000010182dbb2, cache=<unavailable>, number=0x0000000000000000) + 108 at ass_split.c:350
    frame #13: 0x000000010019d820 ffmpeg_g`ssa_decode_frame(avctx=0x0000000102090a00, data=0x00007fff5fbf9950, got_sub_ptr=0x00007fff5fbf986c, avpkt=0x00007fff5fbf9668) + 64 at assdec.c:60
    frame #14: 0x0000000100533de9 ffmpeg_g`avcodec_decode_subtitle2(avctx=0x0000000102090a00, sub=0x00007fff5fbf9950, got_sub_ptr=0x00007fff5fbf986c, avpkt=0x00007fff5fbf9808) + 777 at utils.c:2462
    frame #15: 0x0000000100011d87 ffmpeg_g`output_packet [inlined] transcode_subtitles(got_output=0x5fbf992800000000, pkt=0x0000000101206980, ist=<unavailable>) + 8 at ffmpeg.c:1766
    frame #16: 0x0000000100011d7f ffmpeg_g`output_packet(ist=0x0000000102b011a0, pkt=0x00007fff5fbfa5c0) + 575 at ffmpeg.c:1889
    frame #17: 0x0000000100010583 ffmpeg_g`transcode [inlined] process_input + 4720 at ffmpeg.c:3115
    frame #18: 0x000000010000f313 ffmpeg_g`transcode [inlined] transcode_step at ffmpeg.c:3211
    frame #19: 0x000000010000f313 ffmpeg_g`transcode + 11939 at ffmpeg.c:3263
    frame #20: 0x000000010000beb6 ffmpeg_g`main(argc=<unavailable>, argv=<unavailable>) + 342 at ffmpeg.c:3441
    frame #21: 0x00007fff91bb05fd libdyld.dylib`start + 1

comment:3 by eelco, 11 years ago

File is uploaded as 3120-ssa-2-srt-fails.mkv.

by Carl Eugen Hoyos, 11 years ago

comment:4 by Carl Eugen Hoyos, 11 years ago

Component: undeterminedavcodec
Keywords: ass added
Reproduced by developer: set
Status: newopen

comment:5 by Carl Eugen Hoyos, 11 years ago

$ valgrind ffmpeg_g -i 3120-ssa-2-srt-fails-001.mkv -scodec subrip -vn -an -f null -
==2085== Memcheck, a memory error detector
==2085== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==2085== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==2085== Command: ffmpeg_g -i 3120-ssa-2-srt-fails-001.mkv -scodec subrip -vn -an -f null -
==2085==
ffmpeg version N-58040-g6d90a5c Copyright (c) 2000-2013 the FFmpeg developers
  built on Nov 12 2013 14:42:08 with gcc 4.7 (SUSE Linux)
  configuration: --disable-optimizations --disable-asm
  libavutil      52. 52.100 / 52. 52.100
  libavcodec     55. 41.100 / 55. 41.100
  libavformat    55. 21.100 / 55. 21.100
  libavdevice    55.  5.100 / 55.  5.100
  libavfilter     3. 90.102 /  3. 90.102
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
[matroska,webm @ 0x7236b80] Unknown entry 0x437E
    Last message repeated 1 times
Input #0, matroska,webm, from '3120-ssa-2-srt-fails-001.mkv':
  Metadata:
    creation_time   : 2013-11-05 16:43:47
  Duration: 00:01:44.94, start: 0.000000, bitrate: 160 kb/s
    Chapter #0.0: start 0.000000, end 97.918375
    Metadata:
      title           : Intro
    Chapter #0.1: start 97.918375, end 104.940000
    Metadata:
      title           : OP
    Stream #0:0(eng): Subtitle: ssa (default)
Codec 0x18000 is not in the full list.
    Stream #0:1: Attachment: unknown_codec
    Metadata:
      filename        : Comfortaa-Regular.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:2: Attachment: unknown_codec
    Metadata:
      filename        : LT.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:3: Attachment: unknown_codec
    Metadata:
      filename        : LTFinnegan_MediumItalic.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:4: Attachment: unknown_codec
    Metadata:
      filename        : Cavalier.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:5: Attachment: unknown_codec
    Metadata:
      filename        : Comfortaa-Bold.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:6: Attachment: unknown_codec
    Metadata:
      filename        : DSFetteKanzlei.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:7: Attachment: unknown_codec
    Metadata:
      filename        : KaiserzeitGotisch.ttf
      mimetype        : application/x-truetype-font
Codec 0x18000 is not in the full list.
    Stream #0:8: Attachment: unknown_codec
    Metadata:
      filename        : Mothproof_Script.ttf
      mimetype        : application/x-truetype-font
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.21.100
    Chapter #0.0: start 0.000000, end 97.918375
    Metadata:
      title           : Intro
    Chapter #0.1: start 97.918375, end 104.940000
    Metadata:
      title           : OP
    Stream #0:0(eng): Subtitle: subrip (default)
Stream mapping:
  Stream #0:0 -> #0:0 (ssa -> subrip)
Press [q] to stop, [?] for help
==2085== Invalid write of size 1
==2085==    at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085==    by 0x68991CD: vfprintf (in /lib64/libc-2.15.so)
==2085==    by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==  Address 0x73e9068 is 0 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085==    by 0x68990E7: vfprintf (in /lib64/libc-2.15.so)
==2085==    by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==  Address 0x73e906b is 3 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==  Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==  Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085==    by 0x6897667: vfprintf (in /lib64/libc-2.15.so)
==2085==    by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==  Address 0x73e906c is 4 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x689BB10: vfprintf (in /lib64/libc-2.15.so)
==2085==    by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F1A6: srt_close_tag (srtenc.c:82)
==2085==    by 0xA7F209: srt_stack_push_pop (srtenc.c:92)
==2085==    by 0xA7F8DB: srt_end_cb (srtenc.c:223)
==2085==    by 0xC856C1: ff_ass_split_override_codes (ass_split.c:461)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==  Address 0x73e906e is 6 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F2ED: srt_style_apply (srtenc.c:105)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e9073 is 11 bytes after a block of size 2,168 alloc'd
==2085==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE8161: av_malloc (mem.c:93)
==2085==    by 0xDE83F1: av_mallocz (mem.c:243)
==2085==    by 0x9DF3A1: avcodec_get_context_defaults3 (options.c:121)
==2085==    by 0x409A88: new_output_stream (ffmpeg_opt.c:1035)
==2085==    by 0x40BEED: new_subtitle_stream (ffmpeg_opt.c:1419)
==2085==    by 0x40D48A: open_output_file (ffmpeg_opt.c:1767)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F2ED: srt_style_apply (srtenc.c:105)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e9078 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F331: srt_style_apply (srtenc.c:107)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e9078 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F331: srt_style_apply (srtenc.c:107)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e9091 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e9091 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C9314: _IO_default_xsputn (in /lib64/libc-2.15.so)
==2085==    by 0x6899921: vfprintf (in /lib64/libc-2.15.so)
==2085==    by 0x68C50E4: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==  Address 0x73e9098 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F35A: srt_style_apply (srtenc.c:109)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e909b is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F3B3: srt_style_apply (srtenc.c:113)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e909b is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F3B3: srt_style_apply (srtenc.c:113)
==2085==    by 0xA7FBCD: srt_encode_frame (srtenc.c:274)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e909c is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50CE: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F654: srt_color_cb (srtenc.c:169)
==2085==    by 0xC85008: ff_ass_split_override_codes (ass_split.c:405)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==  Address 0x73e909c is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0xDD899B: av_strlcpy (avstring.c:86)
==2085==    by 0xA7F54F: srt_text_cb (srtenc.c:147)
==2085==    by 0xC8569A: ff_ass_split_override_codes (ass_split.c:459)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e90c0 is 0 bytes after a block of size 16 alloc'd
==2085==    at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0x4C2AD6F: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2085==    by 0xDE81E2: av_realloc (mem.c:164)
==2085==    by 0xDE8239: av_realloc_f (mem.c:177)
==2085==    by 0x40C250: copy_chapters (ffmpeg_opt.c:1470)
==2085==    by 0x40E2E9: open_output_file (ffmpeg_opt.c:1973)
==2085==    by 0x410314: open_files (ffmpeg_opt.c:2539)
==2085==    by 0x4104A7: ffmpeg_parse_options (ffmpeg_opt.c:2583)
==2085==    by 0x4202AB: main (ffmpeg.c:3422)
==2085==
==2085== Invalid write of size 1
==2085==    at 0xDD89CF: av_strlcpy (avstring.c:88)
==2085==    by 0xA7F54F: srt_text_cb (srtenc.c:147)
==2085==    by 0xC8569A: ff_ass_split_override_codes (ass_split.c:459)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x73e919a is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid write of size 1
==2085==    at 0x68C50F1: vsnprintf (in /lib64/libc-2.15.so)
==2085==    by 0xA7F062: srt_print (srtenc.c:52)
==2085==    by 0xA7F654: srt_color_cb (srtenc.c:169)
==2085==    by 0xC85008: ff_ass_split_override_codes (ass_split.c:405)
==2085==    by 0xA7FBE6: srt_encode_frame (srtenc.c:275)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==  Address 0x73e91e7 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085== Invalid read of size 8
==2085==    at 0xDE83C2: av_freep (mem.c:237)
==2085==    by 0xC84ADD: free_section (ass_split.c:330)
==2085==    by 0xC84BF3: ff_ass_split_dialog (ass_split.c:346)
==2085==    by 0xA7F9EA: srt_encode_frame (srtenc.c:258)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==  Address 0x2062203620393646 is not stack'd, malloc'd or (recently) free'd
==2085==
==2085==
==2085== Process terminating with default action of signal 11 (SIGSEGV)
==2085==  General Protection Fault
==2085==    at 0xDE83C2: av_freep (mem.c:237)
==2085==    by 0xC84ADD: free_section (ass_split.c:330)
==2085==    by 0xC84BF3: ff_ass_split_dialog (ass_split.c:346)
==2085==    by 0xA7F9EA: srt_encode_frame (srtenc.c:258)
==2085==    by 0xAC347C: avcodec_encode_subtitle (utils.c:1929)
==2085==    by 0x415B3B: do_subtitle_out (ffmpeg.c:770)
==2085==    by 0x41A26E: transcode_subtitles (ffmpeg.c:1808)
==2085==    by 0x41A8AC: output_packet (ffmpeg.c:1892)
==2085==    by 0x41F9C7: process_input (ffmpeg.c:3118)
==2085==    by 0x41FD23: transcode_step (ffmpeg.c:3214)
==2085==    by 0x41FE30: transcode (ffmpeg.c:3266)
==2085==    by 0x420344: main (ffmpeg.c:3444)
==2085==
==2085== HEAP SUMMARY:
==2085==     in use at exit: 4,247,342 bytes in 709 blocks
==2085==   total heap usage: 112,497 allocs, 111,788 frees, 935,264,585 bytes allocated
==2085==
==2085== LEAK SUMMARY:
==2085==    definitely lost: 901 bytes in 19 blocks
==2085==    indirectly lost: 541 bytes in 20 blocks
==2085==      possibly lost: 0 bytes in 0 blocks
==2085==    still reachable: 4,245,900 bytes in 670 blocks
==2085==         suppressed: 0 bytes in 0 blocks
==2085== Rerun with --leak-check=full to see details of leaked memory
==2085==
==2085== For counts of detected and suppressed errors, rerun with: -v
==2085== ERROR SUMMARY: 2449 errors from 20 contexts (suppressed: 2 from 2)
Segmentation fault

comment:6 by Cigaes, 11 years ago

Analyzed by developer: set

The problem is that srt_print uses a fixed-size buffer and does not check for overflow with the vsnprintf return value.

The easy solution is to add that kind of check and reject overly long lines. The good solution is to use a dynamic buffer, possibly AVBPrint.

comment:7 by Carl Eugen Hoyos, 11 years ago

Resolution: fixed
Status: openclosed

Fixed by Nicolas George in 98a65784 / 4b1c9b72

Note: See TracTickets for help on using tickets.