Opened 13 years ago
Closed 13 years ago
#329 closed defect (fixed)
Crash when decoding vob file
Reported by: | ralexand | Owned by: | Michael Niedermayer |
---|---|---|---|
Priority: | important | Component: | ffmpeg |
Version: | git-master | Keywords: | regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
The input file is a DVD rip from Blade Runner Final Cut. I was trying to recode it with just the main english audio track. I've had a bit of a look around and it seems somewhere the number of input streams gets increased during the packet decoding, so it thinks there are more input streams then actually exist (and are allocated for in memory) so it causes a segfault. I time limited to two minutes and the problem always happens at the end of the copy. However doing this on another DVD rip (LAW & ORDER, simple single video + audio streams) works okay.
mig27 15:26:23$ ./ffprobe /vobs/BRFC/vob/001/BRFC-001.vob
ffprobe version 0.8, Copyright (c) 2007-2011 the FFmpeg developers
built on Jul 5 2011 15:06:24 with gcc 4.6.1
configuration: --prefix=/usr --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libx264 --enable-gpl --enable-shared --enable-postproc --enable-libxvid --enable-pthreads --enable-nonfree --enable-libfaac --enable-libschroedinger --enable-libmp3lame
libavutil 51. 9. 1 / 51. 9. 1
libavcodec 53. 7. 0 / 53. 7. 0
libavformat 53. 4. 0 / 53. 4. 0
libavdevice 53. 1. 1 / 53. 1. 1
libavfilter 2. 23. 0 / 2. 23. 0
libswscale 2. 0. 0 / 2. 0. 0
libpostproc 51. 2. 0 / 51. 2. 0
[mpeg @ 0x9b53360] max_analyze_duration 5000000 reached at 5000000
Input #0, mpeg, from '/vobs/BRFC/vob/001/BRFC-001.vob':
Duration: 00:18:14.92, start: 0.287267, bitrate: 7845 kb/s
Stream #0.0[0x1e0]: Video: mpeg2video (Main), yuv420p, 720x576 [PAR 64:45 DAR 16:9], 9800 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc
Stream #0.1[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.2[0x81]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.3[0x82]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.4[0x83]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.5[0x84]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Stream #0.6[0x85]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Stream #0.7[0x86]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
mig27 15:26:26$ gdb ffmpeg_g
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /vobs/build/32/ffmpeg-0.8/ffmpeg_g...done.
(gdb) run -i /vobs/BRFC/vob/001/BRFC-001.vob -acodec copy -vcodec copy -t 00:02:00 -f mp4 -y brfc.mp4
Starting program: /vobs/build/32/ffmpeg-0.8/ffmpeg_g -i /vobs/BRFC/vob/001/BRFC-001.vob -acodec copy -vcodec copy -t 00:02:00 -f mp4 -y brfc.mp4
[Thread debugging using libthread_db enabled]
ffmpeg version 0.8, Copyright (c) 2000-2011 the FFmpeg developers
built on Jul 5 2011 15:06:24 with gcc 4.6.1
configuration: --prefix=/usr --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libx264 --enable-gpl --enable-shared --enable-postproc --enable-libxvid --enable-pthreads --enable-nonfree --enable-libfaac --enable-libschroedinger --enable-libmp3lame
libavutil 51. 9. 1 / 51. 9. 1
libavcodec 53. 7. 0 / 53. 7. 0
libavformat 53. 4. 0 / 53. 4. 0
libavdevice 53. 1. 1 / 53. 1. 1
libavfilter 2. 23. 0 / 2. 23. 0
libswscale 2. 0. 0 / 2. 0. 0
libpostproc 51. 2. 0 / 51. 2. 0
[mpeg @ 0x8068360] max_analyze_duration 5000000 reached at 5000000
Input #0, mpeg, from '/vobs/BRFC/vob/001/BRFC-001.vob':
Duration: 00:18:14.92, start: 0.287267, bitrate: 7845 kb/s
Stream #0.0[0x1e0]: Video: mpeg2video (Main), yuv420p, 720x576 [PAR 64:45 DAR 16:9], 9800 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc
Stream #0.1[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.2[0x81]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.3[0x82]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.4[0x83]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
Stream #0.5[0x84]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Stream #0.6[0x85]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Stream #0.7[0x86]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s
Output #0, mp4, to 'brfc.mp4':
Metadata:
encoder : Lavf53.4.0
Stream #0.0: Video: mpeg2video, yuv420p, 720x576 [PAR 64:45 DAR 16:9], q=2-31, 9800 kb/s, 25 tbn, 25 tbc
Stream #0.1: Audio: ac3, 48000 Hz, stereo, 192 kb/s
Stream mapping:
Press [q] to stop, ? for help
[mp4 @ 0x80690c0] pts has no value
Last message repeated 254 times
Program received signal SIGSEGV, Segmentation fault.
0x08053b49 in transcode (nb_output_files=1, input_files=0x8062028, nb_input_files=1,
stream_maps=0x0, nb_stream_maps=0, output_files=0x8060d00) at ffmpeg.c:2739
2739 pkt.dts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x8053b29 to 0x8053b69:
0x08053b29 <transcode+7945>: test %esi,-0x74fffffc(%eax)
0x08053b2f <transcode+7951>: mov $0xd4024,%esp
0x08053b34 <transcode+7956>: add %cl,0xd3c24b4(%ebx)
0x08053b3a <transcode+7962>: add %al,(%eax)
0x08053b3c <transcode+7964>: lea -0x80000000(%edi),%eax
0x08053b42 <transcode+7970>: or %esi,%eax
0x08053b44 <transcode+7972>: je 0x8053b95 <transcode+8053>
0x08053b46 <transcode+7974>: mov 0x4(%ebx),%eax
=> 0x08053b49 <transcode+7977>: mov 0x3c(%eax),%edx
0x08053b4c <transcode+7980>: mov 0x38(%eax),%eax
0x08053b4f <transcode+7983>: movl $0x1,0x8(%esp)
0x08053b57 <transcode+7991>: movl $0xf4240,0xc(%esp)
0x08053b5f <transcode+7999>: mov %edx,0x14(%esp)
0x08053b63 <transcode+8003>: mov %eax,0x10(%esp)
0x08053b67 <transcode+8007>: mov (%ebx),%eax
End of assembler dump.
(gdb) info all-registers
eax 0x5dc0 24000
ecx 0x9 9
edx 0x0 0
ebx 0x806f3c4 134673348
esp 0xffffbf50 0xffffbf50
ebp 0x0 0x0
esi 0x38f95e 3733854
edi 0x0 0
eip 0x8053b49 0x8053b49 <transcode+7977>
eflags 0x210282 [ SF IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st2 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st3 -1 (raw 0xbfff8000000000000000)
st4 -1 (raw 0xbfff8000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 1 (raw 0x3fff8000000000000000)
st7 1 (raw 0x3fff8000000000000000)
fctrl 0x37f 895
fstat 0x21 33
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0,
0x0, 0xff, 0x0 <repeats 11 times>}, v8_int16 = {0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0xff, 0x0, 0x0}, v2_int64 = {0xff00000000, 0x0},
uint128 = 0x0000000000000000000000ff00000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
---Type <return> to continue, or q <return> to quit---
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 0x80808080}, v4_int16 = {
0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm1 {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080}, v4_int16 = {0x80, 0x80,
0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0}}
mm2 {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 0x80808080}, v4_int16 = {
0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0,
0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0,
0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0,
0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0,
0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0,
0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
(gdb) bt
#0 0x08053b49 in transcode (nb_output_files=1, input_files=0x8062028, nb_input_files=1,
stream_maps=0x0, nb_stream_maps=0, output_files=0x8060d00) at ffmpeg.c:2739
#1 0x0804f6b7 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4576
(gdb) print ist->file_index
$1 = 0
(gdb) print input_files_ts_offset[0]
$2 = -287267
(gdb) print ist->st
$3 = (AVStream *) 0x5dc0
(gdb) list
2734 ist = &input_streams[ist_index];
2735 if (ist->discard)
2736 goto discard_packet;
2737
2738 if (pkt.dts != AV_NOPTS_VALUE)
2739 pkt.dts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);
2740 if (pkt.pts != AV_NOPTS_VALUE)
2741 pkt.pts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base);
2742
2743 if (pkt.stream_index < nb_input_files_ts_scale[file_index]
(gdb) print ist_index
$6 = 9
Attachments (1)
Change History (8)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
Status: | new → open |
---|
Please provide a sample on http://www.datafilehost.com/ and/or find the revision introducing the problem.
comment:3 by , 13 years ago
I've cut enough to get the segfault (about 43s). The link is http://www.datafilehost.com/download-0a2a0a66.html
If you can page showing me how I can do a revision bisect I can try to hunt down the revision. I was using the daily snapshots but they don't seem to be available now.
by , 13 years ago
comment:4 by , 13 years ago
Keywords: | regression added |
---|---|
Reproduced by developer: | set |
Summary: | Transcoding (including copy) from mpeg2ps to MP4 fails in 0.7 & 0.8 but works in 0.6.3 → Crash when decoding vob file |
Version: | 0.8 → git-master |
(gdb) r -i test.vob -f null - ffmpeg version N-31266-g3950376, Copyright (c) 2000-2011 the FFmpeg developers built on Jul 6 2011 10:20:08 with gcc 4.5.3 configuration: --cc=/usr/local/gcc-4.5.3/bin/gcc libavutil 51. 11. 0 / 51. 11. 0 libavcodec 53. 7. 0 / 53. 7. 0 libavformat 53. 5. 0 / 53. 5. 0 libavdevice 53. 2. 0 / 53. 2. 0 libavfilter 2. 24. 3 / 2. 24. 3 libswscale 2. 0. 0 / 2. 0. 0 [mpeg @ 0x1275400] max_analyze_duration 5000000 reached at 5000000 Input #0, mpeg, from 'test.vob': Duration: 00:00:06.69, start: 35.391267, bitrate: 3058 kb/s Stream #0.0[0x85]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s Stream #0.1[0x86]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s Stream #0.2[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s Stream #0.3[0x81]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s Stream #0.4[0x82]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s Stream #0.5[0x83]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s Stream #0.6[0x84]: Audio: ac3, 48000 Hz, stereo, s16, 192 kb/s Stream #0.7[0x1e0]: Video: mpeg2video (Main), yuv420p, 720x576 [PAR 64:45 DAR 16:9], 9800 kb/s, 25 fps, 25 tbr, 90k tbn, 50 tbc [buffer @ 0x1279520] w:720 h:576 pixfmt:yuv420p tb:1/1000000 sar:64/45 sws_param: Output #0, null, to 'pipe:': Metadata: encoder : Lavf53.5.0 Stream #0.0: Video: rawvideo, yuv420p, 720x576 [PAR 64:45 DAR 16:9], q=2-31, 200 kb/s, 90k tbn, 25 tbc Stream #0.1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s Stream mapping: Stream #0.7 -> #0.0 Stream #0.0 -> #0.1 Press [q] to stop, [?] for help [ac3 @ 0x1277520] frame sync error Error while decoding stream #0.0 Program received signal SIGSEGV, Segmentation fault. 0x000000000040b32f in transcode (nb_output_files=1, input_files=0x127bd80, nb_input_files=1, stream_maps=0x0, nb_stream_maps=<value optimized out>, output_files=0xd11fa0) at ffmpeg.c:2742 2742 pkt.dts += av_rescale_q(input_files_ts_offset[ist->file_index], AV_TIME_BASE_Q, ist->st->time_base); (gdb) bt #0 0x000000000040b32f in transcode (nb_output_files=1, input_files=0x127bd80, nb_input_files=1, stream_maps=0x0, nb_stream_maps=<value optimized out>, output_files=0xd11fa0) at ffmpeg.c:2742 #1 0x00000000004108eb in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4583 (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x40b30f to 0x40b34f: 0x000000000040b30f <transcode+5327>: test %ecx,0x4c000007(%rcx) 0x000000000040b315 <transcode+5333>: mov 0xd48(%rsp),%esp 0x000000000040b31c <transcode+5340>: cmp %rbx,%r12 0x000000000040b31f <transcode+5343>: je 0x40b350 <transcode+5392> 0x000000000040b321 <transcode+5345>: mov 0x8(%rbp),%rax 0x000000000040b325 <transcode+5349>: mov $0xf424000000001,%rsi 0x000000000040b32f <transcode+5359>: mov 0x40(%rax),%rdx 0x000000000040b333 <transcode+5363>: movslq 0x0(%rbp),%rax 0x000000000040b337 <transcode+5367>: mov 0xd12e40(,%rax,8),%rdi 0x000000000040b33f <transcode+5375>: callq 0x943190 <av_rescale_q> 0x000000000040b344 <transcode+5380>: lea (%rax,%r12,1),%r12 0x000000000040b348 <transcode+5384>: mov %r12,0xd48(%rsp) End of assembler dump. (gdb) info register rax 0x0 0 rbx 0x8000000000000000 -9223372036854775808 rcx 0x0 0 rdx 0x0 0 rsi 0xf424000000001 4294967296000001 rdi 0x7fffffffdaa4 140737488345764 rbp 0x127c1d8 0x127c1d8 rsp 0x7fffffffcd70 0x7fffffffcd70 r8 0x38f95e 3733854 r9 0x12789a0 19368352 r10 0x0 0 r11 0x0 0 r12 0x38f95e 3733854 r13 0x1275400 19354624 r14 0x0 0 r15 0x9 9 rip 0x40b32f 0x40b32f <transcode+5359> eflags 0x10a83 [ CF SF IF OF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
comment:5 by , 13 years ago
This is a regression since 07633154add3cf59f281ba0c9eb689df4284e2cb
I can get it to segfault around 00:00:41 (so if I limit the time to 00:00:40 don't get fault). If make a copy of the streams using ffmpeg 0.6.3 (same format ie mpeg, same streams and stream order) then I don't get these problems.