Context Navigation

#410 closed defect (fixed)

Gwenview crashing with Ffmpeg 0.7.3

Reported by:	Wonko	Owned by:
Priority:	important	Component:	avformat
Version:	0.7.3	Keywords:	regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	no

Description

KDE's image viewer Gwenview crashes when showing certain mpeg files sorted by date. And KDE's file manager Dolphin throws errors of kfilemetadatareader when the mouse is over such a file. I filed https://bugs.kde.org/show_bug.cgi?id=279624, but it seems it's not KDE's problem, as it only happens with 0.7.3, not with 0.7.2. I'd say about 10% of my files are affected, so this makes Gwenview unusable. Most (maybe all) of the files were downloaded with youtube-dl.

-- Backtrace:
Application: Gwenview (gwenview), signal: Segmentation fault
[Current thread is 1 (Thread 0x7faadcb07760 (LWP 6451))]

Thread 2 (Thread 0x7faacb412700 (LWP 6455)):
[...]

Thread 1 (Thread 0x7faadcb07760 (LWP 6451)):
[KCrash Handler]
#6 0x00007faaaf4da857 in av_open_input_stream () from
/usr/lib64/libavformat.so.52
#7 0x00007faab03bd3a6 in FFMPEGEndAnalyzer::analyze(Strigi::AnalysisResult&,
Strigi::StreamBase<char>*) () from /usr/lib64/strigi/strigiea_ffmpeg.so
#8 0x00007faad735556a in
Strigi::StreamAnalyzerPrivate::analyze(Strigi::AnalysisResult&,
Strigi::StreamBase<char>*) () from /usr/lib64/libstreamanalyzer.so.0
#9 0x00007faadc040765 in KFileMetaInfoPrivate::init(QIODevice&, KUrl const&,
long, QFlags<KFileMetaInfo::What>) () from /usr/lib64/libkio.so.5
#10 0x00007faadc040fd7 in KFileMetaInfo::KFileMetaInfo(QString const&, QString
const&, QFlags<KFileMetaInfo::What>) () from /usr/lib64/libkio.so.5
#11 0x00007faadc02c70a in KFileItem::metaInfo(bool, int) const () from
/usr/lib64/libkio.so.5

Attachments (4)

kfilemetadatareadercrash-cut.mp4 (57.0 KB ) - added by Wonko 13 years ago.: Sample file to reproduce the crash
ffmpeg.log (1.2 KB ) - added by Wonko 13 years ago.: ffmpeg -i output
gwenview-backtrace.log (7.9 KB ) - added by Wonko 13 years ago.: Complete backtrace of Gwenview crash
gwenview-backtrace2.log (8.6 KB ) - added by Wonko 13 years ago.: Shozuld be with --disable-optimizations --disable-asm now

Download all attachments as: .zip

Change History (15)

by Wonko, 13 years ago

Attachment:	kfilemetadatareadercrash-cut.mp4 added

Sample file to reproduce the crash

comment:1 by Wonko, 13 years ago

Sorry, I just see that I downgraded to 0.7_rc1, not to 0.7.2. I had 0.7.2 installed, and the error also happened then. I think I did not see this with 0.7.1.

comment:2 by Carl Eugen Hoyos, 13 years ago

Complete, uncut output of ffmpeg -i yoursample missing and please provide a complete backtrace as explained on http://ffmpeg.org/bugreports.html

Are you sure you provided the right sample? (It is unplayable, afaict.)

by Wonko, 13 years ago

Attachment:	ffmpeg.log added

ffmpeg -i output

by Wonko, 13 years ago

Attachment:	gwenview-backtrace.log added

Complete backtrace of Gwenview crash

comment:3 by Wonko, 13 years ago

I had truncated the file to the minimum size that still gives the error in order to save bandwidth, so yes, it is unplayable now. But the problem is not with playing such a file, it's Gwenview crashing when it tries to get the modification time. Actually, it's Strigi calling FFMPEGEndAnalyzer::analyze(), and then the crash happens in Ffmpeg's av_open_input_stream(). Might also be a problem of Strigi, but as it does not show with an older Ffmpeg version, I reported here.
Another problem is when the mouse is over such a file in Dolphin, and it tries to give me a popup showing a thumbnail and other information. I get a crash in kfilemetadatareader, but the KDE crash handler does not show any backtrace at all.
I'm a Gentoo user running KDE 4.7.0 on amd64, I don't know if this error would happen with another KDE version. I hope someone of you can reproduce this. I re-compiled ffmpeg with debug information, but I don't see much of a difference - I thought I would get the exact line number in av_open_input_stream(). I'll attach this backlog anyway, it's from Gwenview, showing a directory with only the sample file I provided, after I set it to display the file's date.

comment:4 by Wonko, 13 years ago

Ah, I was being stupid. Re-compiled ffmped with real debug information this time. Hope this helps.

comment:5 by Carl Eugen Hoyos, 13 years ago

Unfortunately, the backtrace still doesn't look useful (corrupt stack).

Could you try compiling with --disable-optimizations and/or --disable-asm and redo the backtrace?

by Wonko, 13 years ago

Attachment:	gwenview-backtrace2.log added

Shozuld be with --disable-optimizations --disable-asm now

comment:6 by Carl Eugen Hoyos, 13 years ago

Could you confirm that line 543 in libavformat/utils.c really is "ic->pb = ic->pb ? ic->pb : pb;"?

And please provide output of "disass $pc-32,$pc+32" and "info registers" and print the variable ic.

comment:7 by Wonko, 13 years ago

Yes, that's line 543. It also has a comment "don't leak custom pb if it wasn't set above". Gentoo often introduces its own patches, but the version number should get a _rc<n> suffix then, which is not the case.

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7fffd5f8b8d7 to 0x7fffd5f8b917:
   0x00007fffd5f8b8d7 <av_open_input_stream+119>:       lea    0x48(%rsp),%r14
   0x00007fffd5f8b8dc <av_open_input_stream+124>:       lea    0x40(%rsp),%rdi
   0x00007fffd5f8b8e1 <av_open_input_stream+129>:       mov    %rbx,%rdx
   0x00007fffd5f8b8e4 <av_open_input_stream+132>:       mov    %r13,%rsi
   0x00007fffd5f8b8e7 <av_open_input_stream+135>:       mov    %r14,%rcx
   0x00007fffd5f8b8ea <av_open_input_stream+138>:       callq  0x7fffd5f8b460 <avformat_open_input>
   0x00007fffd5f8b8ef <av_open_input_stream+143>:       mov    0x40(%rsp),%rdi
   0x00007fffd5f8b8f4 <av_open_input_stream+148>:       mov    %eax,%r15d
=> 0x00007fffd5f8b8f7 <av_open_input_stream+151>:       mov    0x20(%rdi),%rax
   0x00007fffd5f8b8fb <av_open_input_stream+155>:       mov    %rdi,(%r12)
   0x00007fffd5f8b8ff <av_open_input_stream+159>:       test   %rax,%rax
   0x00007fffd5f8b902 <av_open_input_stream+162>:       cmove  %rbp,%rax
   0x00007fffd5f8b906 <av_open_input_stream+166>:       mov    %rax,0x20(%rdi)
   0x00007fffd5f8b90a <av_open_input_stream+170>:       callq  0x7fffd5f41c70 <ff_metadata_demux_compat>
   0x00007fffd5f8b90f <av_open_input_stream+175>:       mov    %r14,%rdi
   0x00007fffd5f8b912 <av_open_input_stream+178>:       callq  0x7fffd5f076e8 <av_dict_free@plt>
End of assembler dump.
(gdb) info registers
rax            0xffffffff       4294967295
rbx            0x7fffd61c1420   140736785552416
rcx            0xffffffff       4294967295
rdx            0x145ee80        21360256
rsi            0x0      0
rdi            0x0      0
rbp            0x7fffffff8570   0x7fffffff8570
rsp            0x7fffffff0170   0x7fffffff0170
r8             0x7ffff4ce0ea0   140737300532896
r9             0x7ffff4ce0ef0   140737300532976
r10            0x7ffff4ce0ef0   140737300532976
r11            0x7fffd5cdb900   140736780417280
r12            0x7fffffff88a8   140737488324776
r13            0x7fffd6e726a2   140736798860962
r14            0x7fffffff01b8   140737488290232
r15            0xffffffff       4294967295
rip            0x7fffd5f8b8f7   0x7fffd5f8b8f7 <av_open_input_stream+151>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) print ic
$1 = (AVFormatContext *) 0x0
(gdb) print filename
$2 = 0x7fffd6e726a2 ""
(gdb) print **ic_ptr
$6 = {av_class = 0x145ee80, iformat = 0x7ffff4ce0ef8, oformat = 0x0, priv_data = 0x0, 
  pb = 0x7fffffff8570, nb_streams = 2, streams = {0x13ce6e0, 0x145ee90, 
    0x0 <repeats 18 times>}, filename = '\000' <repeats 1023 times>, timestamp = 0, 
  title = '\000' <repeats 511 times>, author = '\000' <repeats 511 times>, 
  copyright = '\000' <repeats 511 times>, comment = '\000' <repeats 511 times>, 
  album = '\000' <repeats 511 times>, year = 0, track = 0, 
  genre = '\000' <repeats 31 times>, ctx_flags = 0, packet_buffer = 0x0, 
  start_time = -9223372036854775808, duration = -9223372036854775808, file_size = 0, 
  bit_rate = 0, cur_st = 0x0, cur_ptr_deprecated = 0x0, cur_len_deprecated = 0, 
  cur_pkt_deprecated = {pts = 0, dts = 0, data = 0x0, size = 0, stream_index = 0, 
    flags = 0, duration = 0, destruct = 0, priv = 0x0, pos = 0, 
    convergence_duration = 0}, data_offset = 0, index_built = 0, mux_rate = 0, 
  packet_size = 0, preload = 0, max_delay = 0, loop_output = 0, flags = 128, 
  loop_input = 0, probesize = 5000000, max_analyze_duration = 5000000, key = 0x0, 
  keylen = 0, nb_programs = 0, programs = 0x0, video_codec_id = CODEC_ID_NONE, 
  audio_codec_id = CODEC_ID_NONE, subtitle_codec_id = CODEC_ID_NONE, 
  max_index_size = 1048576, max_picture_buffer = 3041280, nb_chapters = 4294967295, 
  chapters = 0x0, debug = 0, raw_packet_buffer = 0x0, raw_packet_buffer_end = 0x0, 
  packet_buffer_end = 0x0, metadata = 0x0, raw_packet_buffer_remaining_size = 0, 
  start_time_realtime = 0, fps_probe_size = -1, ts_id = 0}
(gdb) print err
$10 = -1

comment:8 by reimar, 13 years ago

I sent a patch to the list.
It seems a change from master was forgotten to merge, thus the code would crash if it failed to open a file.

comment:9 by reimar, 13 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed in 0.7 release branch (will become 0.7.4 somewhen I expect).

comment:10 by Carl Eugen Hoyos, 13 years ago

Component:	undetermined → avformat
Keywords:	regression added
Priority:	normal → important
Version:	unspecified → 0.7.3

You can manually apply the patch to 0.7.3:
http://ffmpeg.org/pipermail/ffmpeg-cvslog/2011-August/039825.html

comment:11 by Wonko, 13 years ago

I can confirm that the patch is working. Both Gwenviewand kfilemetadatareader no longer crash. Thanks guys!

Note: See TracTickets for help on using tickets.

Download in other formats: