Opened 9 years ago
Closed 9 years ago
#4537 closed defect (invalid)
segfault in av_buffer_unref when using Linphone 3.6.1
Reported by: | Jan Kundrát | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | undetermined |
Version: | 2.6.3 | Keywords: | |
Cc: | Michael Niedermayer | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
(this is about ffmpeg 2.6.2 which isn't available in the version combobox)
I've switched from libav back to ffmpeg on an amd64 Gentoo Linux machine, rebuilt linphone and tried to connect to our corporate videoconferencing solution via a testing room is publicly available at sip:950087999@cesnet.cz. When I join a meeting with video, linphone segfaults shortly after the video window pops up (with a black stuff from the VC bridge, and an image of myself from a webcam at the corner).
x264 [warning]: lookaheadless mb-tree requires intra refresh or infinite keyint x264 [warning]: frame MB size (40x30) > level limit (396) x264 [warning]: DPB size (3 frames, 3600 mbs) > level limit (1 frames, 2376 mbs) x264 [warning]: VBV bitrate (1835) > level limit (768) x264 [warning]: MB rate (30000) > level limit (11880) x264 [info]: using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX x264 [info]: profile Constrained Baseline, level 1.3 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe1c12700 (LWP 186997)] av_buffer_unref (buf=buf@entry=0x7fffe1c11a08) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c:129 129 /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c: No such file or directory. (gdb) bt #0 av_buffer_unref (buf=buf@entry=0x7fffe1c11a08) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/buffer.c:129 #1 0x00007fffef6f3b4e in av_frame_unref (frame=frame@entry=0x7fffe1c11830) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavutil/frame.c:384 #2 0x00007fffefd97eb1 in avcodec_decode_video2 (avctx=avctx@entry=0x7fffd4035510, picture=picture@entry=0x7fffe1c11830, got_picture_ptr=got_picture_ptr@entry=0x7fffe1c117cc, avpkt=avpkt@entry=0x7fffe1c117d0) at /var/tmp/portage/media-video/ffmpeg-2.6.2/work/ffmpeg-2.6.2/libavcodec/utils.c:2356 #3 0x00007ffff57fa180 in dec_process_frame (f=f@entry=0x7fffd40181a0, inm=<optimized out>) at videofilters/videodec.c:680 #4 0x00007ffff57fa74b in dec_process (f=0x7fffd40181a0) at videofilters/videodec.c:709 #5 0x00007ffff795adb3 in ms_filter_process (f=f@entry=0x7fffd40181a0) at base/msfilter.c:303 #6 0x00007ffff795bf12 in call_process (f=0x7fffd40181a0) at base/msticker.c:228 #7 run_graph (f=0x7fffd40181a0, s=s@entry=0x555556103520, unschedulable=unschedulable@entry=0x7fffe1c11ca0, force_schedule=force_schedule@entry=0 '\000') at base/msticker.c:242 #8 0x00007ffff795beca in run_graph (f=0x555555b29620, s=s@entry=0x555556103520, unschedulable=unschedulable@entry=0x7fffe1c11ca0, force_schedule=force_schedule@entry=0 '\000') at base/msticker.c:247 #9 0x00007ffff795bfe2 in run_graphs (s=s@entry=0x555556103520, execution_list=<optimized out>, force_schedule=force_schedule@entry=0 '\000') at base/msticker.c:261 #10 0x00007ffff795c517 in ms_ticker_run (arg=0x555556103520) at base/msticker.c:440 #11 0x00007ffff751325a in start_thread (arg=0x7fffe1c12700) at pthread_create.c:309 #12 0x00007ffff5b10ead in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x7fffef6ebae3 to 0x7fffef6ebb23: 0x00007fffef6ebae3 <av_buffer_unref+19>: and %dl,(%rax) 0x00007fffef6ebae5 <av_buffer_unref+21>: add %al,(%rax) 0x00007fffef6ebae7 <av_buffer_unref+23>: mov %fs:0x28,%rax 0x00007fffef6ebaf0 <av_buffer_unref+32>: mov %rax,-0x8(%rbp) 0x00007fffef6ebaf4 <av_buffer_unref+36>: xor %eax,%eax 0x00007fffef6ebaf6 <av_buffer_unref+38>: test %rdi,%rdi 0x00007fffef6ebaf9 <av_buffer_unref+41>: je 0x7fffef6ebb1a <av_buffer_unref+74> 0x00007fffef6ebafb <av_buffer_unref+43>: mov (%rdi),%rax 0x00007fffef6ebafe <av_buffer_unref+46>: test %rax,%rax 0x00007fffef6ebb01 <av_buffer_unref+49>: je 0x7fffef6ebb1a <av_buffer_unref+74> => 0x00007fffef6ebb03 <av_buffer_unref+51>: mov (%rax),%rax 0x00007fffef6ebb06 <av_buffer_unref+54>: mov %rax,-0x10(%rbp) 0x00007fffef6ebb0a <av_buffer_unref+58>: callq 0x7fffef6fa230 <av_freep> 0x00007fffef6ebb0f <av_buffer_unref+63>: mov -0x10(%rbp),%rax 0x00007fffef6ebb13 <av_buffer_unref+67>: lock subl $0x1,0xc(%rax) 0x00007fffef6ebb18 <av_buffer_unref+72>: je 0x7fffef6ebb30 <av_buffer_unref+96> 0x00007fffef6ebb1a <av_buffer_unref+74>: mov -0x8(%rbp),%rax 0x00007fffef6ebb1e <av_buffer_unref+78>: xor %fs:0x28,%rax End of assembler dump. (gdb) info all-registers rax 0x33e4b3022716cd00 3739310412451466496 rbx 0x10 16 rcx 0x555555b29250 93824998347344 rdx 0x555555b29990 93824998349200 rsi 0x7ffff5dc35f8 140737318237688 rdi 0x7fffe1c11a08 140736980916744 rbp 0x7fffe1c11650 0x7fffe1c11650 rsp 0x7fffe1c11640 0x7fffe1c11640 r8 0xffffffff 4294967295 r9 0x500 1280 r10 0x0 0 r11 0xac 172 r12 0x7fffe1c11830 140736980916272 r13 0x7fffe1c11a00 140736980916736 r14 0x7fffe1c117d0 140736980916176 r15 0x7fffd4035510 140736750376208 rip 0x7fffef6ebb03 0x7fffef6ebb03 <av_buffer_unref+51> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 st0 -nan(0x200020002fffd) (raw 0xffff000200020002fffd) st1 -nan(0x100010001000504) (raw 0xffff0100010001000504) st2 -nan(0xff00ff00ff00ff00) (raw 0xffffff00ff00ff00ff00) st3 -nan(0xfff5fffffffdfff7) (raw 0xfffffff5fffffffdfff7) st4 -nan(0xfffbfff9fff3fff9) (raw 0xfffffffbfff9fff3fff9) st5 -inf (raw 0xffff0000000000000000) st6 -inf (raw 0xffff0000000000000000) st7 -nan(0x8000800080008000) (raw 0xffff8000800080008000) fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x7fff 32767 fioff 0xf3646b0b -211522805 foseg 0x7fff 32767 fooff 0xffff8ca8 -29528 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 27 times>}, v16_int16 = { 0xffff, 0xffff, 0xff, 0x0 <repeats 13 times>}, v8_int32 = {0xffffffff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffff, 0x0, 0x0, 0x0}, v2_int128 = { 0x0000000000000000000000ffffffffff, 0x00000000000000000000000000000000}} ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x25 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2525252525252525, 0x2525252525252525, 0x0, 0x0}, v2_int128 = {0x25252525252525252525252525252525, 0x00000000000000000000000000000000}} ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x6f <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x6f6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6f6f6f6f, 0x6f6f6f6f, 0x6f6f6f6f, 0x6f6f6f6f, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6f6f6f6f6f6f6f6f, 0x6f6f6f6f6f6f6f6f, 0x0, 0x0}, v2_int128 = {0x6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f, 0x00000000000000000000000000000000}} ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 27 times>}, v16_int16 = { 0xffff, 0xffff, 0xff, 0x0 <repeats 13 times>}, v8_int32 = {0xffffffff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffff, 0x0, 0x0, 0x0}, v2_int128 = { 0x0000000000000000000000ffffffffff, 0x00000000000000000000000000000000}} ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xff00, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0xffffff00, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffffffffff00, 0x0, 0x0}, v2_int128 = { 0xffffffffffffff00ffffffffffffff00, 0x00000000000000000000000000000000}} ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0 <repeats 12 times>, 0xff, 0x0, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0x0, 0xffff00ff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0xffff00ff00000000, 0x0, 0x0}, v2_int128 = {0xffff00ff000000000000000000000000, 0x00000000000000000000000000000000}} ymm7 {v8_float = {0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0xffffffffffffffd2, 0x0, 0x0, 0x0}, v32_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e, 0x6, 0x47, 0xc0, 0x0 <repeats 24 times>}, v16_int16 = {0xaa5b, 0x2aa2, 0x69e, 0xc047, 0x0 <repeats 12 times>}, v8_int32 = {0x2aa2aa5b, 0xc047069e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = { 0xc047069e2aa2aa5b, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000c047069e2aa2aa5b, 0x00000000000000000000000000000000}} ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0xe0, 0x0, 0x0, 0xb5, 0xf, 0xff, 0xff, 0xe0, 0x0, 0x0, 0xb9, 0xf, 0xff, 0xff, 0xe0, 0x0 <repeats 17 times>}, v16_int16 = {0xe0, 0xb500, 0xff0f, 0xe0ff, 0x0, 0xfb9, 0xffff, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = { 0xb50000e0, 0xe0ffff0f, 0xfb90000, 0xe0ffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xe0ffff0fb50000e0, 0xe0ffff0fb90000, 0x0, 0x0}, v2_int128 = {0x00e0ffff0fb90000e0ffff0fb50000e0, 0x00000000000000000000000000000000}} ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x34, 0x29, 0x37, 0x3d, 0x9, 0xba, 0x38, 0xbc, 0x0 <repeats 24 times>}, v16_int16 = {0x2934, 0x3d37, 0xba09, 0xbc38, 0x0 <repeats 12 times>}, v8_int32 = {0x3d372934, 0xbc38ba09, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xbc38ba093d372934, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bc38ba093d372934, 0x00000000000000000000000000000000}} ymm10 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xf6, 0x8f, 0xee, 0x21, 0xa8, 0x74, 0xd3, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x8ff6, 0x21ee, 0x74a8, 0x3fd3, 0x0 <repeats 12 times>}, v8_int32 = {0x21ee8ff6, 0x3fd374a8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = { 0x3fd374a821ee8ff6, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fd374a821ee8ff6, 0x00000000000000000000000000000000}} ymm11 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x1, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3ff00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3ff0000000000000, 0x0, 0x0, 0x0}, v2_int128 = { 0x00000000000000003ff0000000000000, 0x00000000000000000000000000000000}} ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x23, 0x42, 0x92, 0xc, 0xa1, 0x9c, 0xc7, 0x3b, 0x0 <repeats 24 times>}, v16_int16 = {0x4223, 0xc92, 0x9ca1, 0x3bc7, 0x0 <repeats 12 times>}, v8_int32 = {0xc924223, 0x3bc79ca1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3bc79ca10c924223, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003bc79ca10c924223, 0x00000000000000000000000000000000}} ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 0x0 <repeats 24 times>}, v16_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0 <repeats 12 times>}, v8_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = { 0x3be64664175812b3, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003be64664175812b3, 0x00000000000000000000000000000000}} ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53, 0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = { 0x3c5324f0e883858e, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c5324f0e883858e, 0x00000000000000000000000000000000}} ymm15 {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2d, 0x0, 0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = { 0x4046dfb516f209c0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004046dfb516f209c0, 0x00000000000000000000000000000000}}
$ ffmpeg ffmpeg version 2.6.2 Copyright (c) 2000-2015 the FFmpeg developers built with gcc 4.8.3 (Gentoo Hardened 4.8.3 p1.1, pie-0.5.9) configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --mandir=/usr/share/man --enable-shared --cc=x86_64-pc-linux-gnu-gcc --cxx=x86_64-pc-linux-gnu-g++ --ar=x86_64-pc-linux-gnu-ar --optflags='-O2 -pipe -march=native -mavx -maes -ggdb' --extra-cflags='-O2 -pipe -march=native -mavx -maes -ggdb' --extra-cxxflags='-O2 -pipe -march=native -mavx -maes -ggdb' --disable-static --enable-avfilter --enable-avresample --disable-stripping --enable-version3 --enable-nonfree --disable-indev=oss --disable-indev=jack --disable-outdev=oss --disable-outdev=sdl --enable-bzlib --disable-runtime-cpudetect --disable-debug --disable-doc --disable-gnutls --enable-gpl --enable-hardcoded-tables --enable-iconv --enable-lzma --enable-network --disable-openssl --enable-postproc --disable-libsmbclient --disable-ffplay --enable-vaapi --enable-vdpau --enable-xlib --disable-libxcb --disable-libxcb-shm --disable-libxcb-xfixes --enable-zlib --disable-libcdio --disable-libiec61883 --disable-libdc1394 --disable-libcaca --disable-openal --enable-opengl --disable-libv4l2 --disable-libpulse --disable-libopencore-amrwb --disable-libopencore-amrnb --disable-libfdk-aac --disable-libopenjpeg --disable-libbluray --disable-libcelt --disable-libgme --enable-libgsm --disable-libmodplug --disable-libopus --disable-libquvi --disable-librtmp --disable-libssh --disable-libschroedinger --enable-libspeex --enable-libvorbis --disable-libvpx --disable-libzvbi --disable-libbs2b --disable-libflite --disable-frei0r --disable-libfribidi --enable-fontconfig --disable-ladspa --disable-libass --enable-libfreetype --disable-libsoxr --enable-pthreads --enable-libvo-aacenc --disable-libvo-amrwbenc --enable-libmp3lame --disable-libaacplus --enable-libfaac --enable-libtheora --disable-libtwolame --disable-libwavpack --disable-libwebp --enable-libx264 --disable-libx265 --enable-libxvid --enable-x11grab --disable-amd3dnow --disable-amd3dnowext --disable-avx2 --disable-fma3 --disable-fma4 --disable-xop --enable-pic --cpu=host libavutil 54. 20.100 / 54. 20.100 libavcodec 56. 26.100 / 56. 26.100 libavformat 56. 25.101 / 56. 25.101 libavdevice 56. 4.100 / 56. 4.100 libavfilter 5. 11.102 / 5. 11.102 libavresample 2. 1. 0 / 2. 1. 0 libswscale 3. 1.101 / 3. 1.101 libswresample 1. 1.100 / 1. 1.100 libpostproc 53. 3.100 / 53. 3.100 Hyper fast Audio and Video encoder
When running within valgrind, after a rather long sleeve of messages about uninitialized values from the GTK style, V4L2 and ffmpeg itself, I get this:
==191988== Invalid read of size 8 ==191988== at 0xD2EDB03: av_buffer_unref (buffer.c:110) ==191988== by 0xD2F5B4D: av_frame_unref (frame.c:384) ==191988== by 0xC629EB0: avcodec_decode_video2 (utils.c:2356) ==191988== by 0x722A17F: dec_process_frame (videodec.c:680) ==191988== by 0x722A74A: dec_process (videodec.c:709) ==191988== by 0x50B1DB2: ms_filter_process (msfilter.c:303) ==191988== by 0x50B2F11: run_graph (msticker.c:228) ==191988== by 0x50B2EC9: run_graph (msticker.c:247) ==191988== by 0x50B2FE1: run_graphs (msticker.c:261) ==191988== by 0x50B3516: ms_ticker_run (msticker.c:440) ==191988== by 0x54EF259: start_thread (pthread_create.c:309) ==191988== by 0x6F2FEAC: clone (clone.S:111) ==191988== Address 0x37bc279cb4ec7c00 is not stack'd, malloc'd or (recently) free'd ==191988== ==191988== ==191988== Process terminating with default action of signal 11 (SIGSEGV) ==191988== General Protection Fault ==191988== at 0xD2EDB03: av_buffer_unref (buffer.c:110) ==191988== by 0xD2F5B4D: av_frame_unref (frame.c:384) ==191988== by 0xC629EB0: avcodec_decode_video2 (utils.c:2356) ==191988== by 0x722A17F: dec_process_frame (videodec.c:680) ==191988== by 0x722A74A: dec_process (videodec.c:709) ==191988== by 0x50B1DB2: ms_filter_process (msfilter.c:303) ==191988== by 0x50B2F11: run_graph (msticker.c:228) ==191988== by 0x50B2EC9: run_graph (msticker.c:247) ==191988== by 0x50B2FE1: run_graphs (msticker.c:261) ==191988== by 0x50B3516: ms_ticker_run (msticker.c:440) ==191988== by 0x54EF259: start_thread (pthread_create.c:309) ==191988== by 0x6F2FEAC: clone (clone.S:111)
I have no idea how to extract the raw H.264 stream from the SIP channel, unfortunately, but I'll be happy to help you reproduce this by providing more data or by trying patches.
Change History (4)
follow-up: 3 comment:1 by , 9 years ago
comment:2 by , 9 years ago
Cc: | added |
---|---|
Version: | 2.6.1 → 2.6.2 |
follow-up: 4 comment:3 by , 9 years ago
Replying to michael:
With what version of libav was it working ?
I *think* that it was with libav-11.2 which I apparently installed on 2015-03-04, but that could be wrong. I remember it "always working", but I wasn't checking every month and I apparently don't have older logs from Portage.
Also what version of linphone and mediastreamer is this using ?
This (non-working) test is with Gentoo's linphone-3.6.1 and media-libs/mediastreamer-2.9.0-r1.
Sorry for a late response.
comment:4 by , 9 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Replying to jkt:
Replying to michael:
With what version of libav was it working ?
I *think* that it was with libav-11.2 which I apparently installed on 2015-03-04, but that could be wrong. I remember it "always working", but I wasn't checking every month and I apparently don't have older logs from Portage.
Also what version of linphone and mediastreamer is this using ?
This (non-working) test is with Gentoo's linphone-3.6.1 and media-libs/mediastreamer-2.9.0-r1.
Versions of mediastreamer before 2.11.0 are buggy and pass a uninitialized AVFrame into avcodec_decode_video2(), thats not correct for both FFmpeg and libav and both can crash as a result.
If one doesnt crash thats just luck that the uninitialized values happen not to cause a crash
So i suspect this bug is just that your mediastreamer is too old, iam closing it thus, but in case updating mediastreamer doesnt resolve it then please dont hesitate to reopen.
With what version of libav was it working ?
Also what version of linphone and mediastreamer is this using ?