Opened 13 years ago
Closed 13 years ago
#569 closed defect (fixed)
segfault trying to identify flv with no audio channels
| Reported by: | Andrew Ryan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
We have some flv files with 1 video and 0 audio channels which immediately segfault ffmpeg when it tries to identify them ("ffmpeg -i filename.flv"). This happens with latest version bd4ebbbbed47761df65dd574dce6d3c56d29e2e7 from Oct 14 2011.
This used to work. For example here is the flv file working with an old build (I can't provide flv file source in question, sorry.):
ffmpeg -i ~andrewr/local/bad-videos/flv-segfault-identify/251336914908174.flv
FFmpeg version ffmpeg-r19369, Copyright (c) 2000-2009 Fabrice Bellard, et al.
configuration: --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libgsm --enable-libopenjpeg --disable-devices --disable-ffserver --disable-ffplay --enable-libxvid --enable-libx264 --enable-pthreads --disable-shared --enable-nonfree --enable-static --enable-libfaac --enable-gpl --enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libschroedinger --enable-libspeex
libavutil 50. 3. 0 / 50. 3. 0
libavcodec 52.32. 0 / 52.32. 0
libavformat 52.36. 0 / 52.36. 0
libavdevice 52. 2. 0 / 52. 2. 0
libswscale 0. 7. 1 / 0. 7. 1
built on Jul 7 2009 17:57:47, gcc: 4.0.1 20050727 (Red Hat 4.0.1-5)
[flv @ 0x1107370]invalid stream
Seems stream 1 codec frame rate differs from container frame rate: inf (1/0) -> 24.00 (24/1)
FPS=24.00
Input #0, flv, from '/home/andrewr/local/bad-videos/flv-segfault-identify/251336914908174.flv':
Duration: 00:00:39.79, start: 0.000000, bitrate: N/A
DURATION=39.79
AUDIO_CODEC=0x0000
AUDIO_SAMPLE_FMT=s16
AUDIO_CHANNELS=0
STREAM_ID=0.0
Stream #0.0: Audio: 0x0000, 0 channels, s16
VIDEO_CODEC=flv
PIX_FMT=yuv420p
WIDTH=512
HEIGHT=272
STREAM_ID=0.1
Stream #0.1: Video: flv, yuv420p, 512x272, 24 tbr, 1k tbn
At least one output file must be specified
Here's the debug information requested from ffmpeg_g:
Program received signal SIGSEGV, Segmentation fault.
0x00007fa3e5af16f8 in ff_add_index_entry ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
(gdb) bt
#0 0x00007fa3e5af16f8 in ff_add_index_entry ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#1 0x00007fa3e5af1896 in av_add_index_entry ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#2 0x00007fa3e5a7e356 in ?? ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#3 0x00007fa3e5a7df80 in ?? ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#4 0x00007fa3e5a7e933 in ?? ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#5 0x00007fa3e5af0cd7 in av_read_packet ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#6 0x00007fa3e5af1927 in ?? ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#7 0x00007fa3e5af31b9 in avformat_find_stream_info ()
from /tmp/binary-dist-ffmpeg-6e6306c.us7i8a/gcc-4.6.0-glibc-2.13/libavformat.so.53
#8 0x000000000040e0c5 in opt_input_file (o=0x7fffc0ee2540,
opt=<value optimized out>, filename=<value optimized out>)
at ffmpeg.c:3137
#9 0x0000000000413257 in parse_option (optctx=0x7fffc0ee2540,
opt=0x7fffc0ee481a "i",
arg=0x7fffc0ee481c "/home/andrewr/local/bad-videos/flv-segfault-identify/251336914908174.flv", options=0x619060) at cmdutils.c:275
#10 0x00000000004133e5 in parse_options (optctx=0x7fffc0ee2540, argc=3,
argv=0x7fffc0ee28a8, options=0x619060,
parse_arg_function=0x40f420 <opt_output_file>) at cmdutils.c:308
#11 0x0000000000404bf0 in main (argc=3, argv=0x7fffc0ee28a8) at ffmpeg.c:4369
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7fa3e5af16d8 to 0x7fa3e5af1718:
0x00007fa3e5af16d8 <ff_add_index_entry+8>: mov %rbp,-0x28(%rsp)
0x00007fa3e5af16dd <ff_add_index_entry+13>: mov %r12,-0x20(%rsp)
0x00007fa3e5af16e2 <ff_add_index_entry+18>: mov %r13,-0x18(%rsp)
0x00007fa3e5af16e7 <ff_add_index_entry+23>: mov %rdi,%rbp
0x00007fa3e5af16ea <ff_add_index_entry+26>: mov %r15,-0x8(%rsp)
0x00007fa3e5af16ef <ff_add_index_entry+31>: mov %r14,-0x10(%rsp)
0x00007fa3e5af16f4 <ff_add_index_entry+36>: sub $0x48,%rsp
=> 0x00007fa3e5af16f8 <ff_add_index_entry+40>: mov (%rbx),%eax
0x00007fa3e5af16fa <ff_add_index_entry+42>: mov %rdx,%rsi
0x00007fa3e5af16fd <ff_add_index_entry+45>: mov %rcx,%r13
0x00007fa3e5af1700 <ff_add_index_entry+48>: mov %r8,%r12
0x00007fa3e5af1703 <ff_add_index_entry+51>: mov %r9d,%r15d
0x00007fa3e5af1706 <ff_add_index_entry+54>: add $0x1,%eax
0x00007fa3e5af1709 <ff_add_index_entry+57>: cmp $0xaaaaaa9,%eax
0x00007fa3e5af170e <ff_add_index_entry+62>: ja 0x7fa3e5af1850 <ff_add_index_entry+384>
0x00007fa3e5af1714 <ff_add_index_entry+68>: cltq
0x00007fa3e5af1716 <ff_add_index_entry+70>: mov (%rdi),%rdi
End of assembler dump.
(gdb) info all-registers
rax 0xe63 3683
rbx 0x98 152
rcx 0xe63 3683
rdx 0x9c 156
rsi 0x98 152
rdi 0x90 144
rbp 0x90 0x90
rsp 0x7fffc0ee16e0 0x7fffc0ee16e0
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0x0 0
r12 0x47d 1149
r13 0x1 1
r14 0x3 3
r15 0x7fffc0ee1a80 140736430217856
rip 0x7fa3e5af16f8 0x7fa3e5af16f8 <ff_add_index_entry+40>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 = 0x00000000000000004043600000000000}
xmm1 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 = 0x00000000000000004043600000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xff, 0x0, 0x0}, v8_int16 = {0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xff00,
0x0}, v4_int32 = {0xff0000, 0x0, 0x0, 0xff00}, v2_int64 = {0xff0000,
0xff0000000000}, uint128 = 0x0000ff00000000000000000000ff0000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x0}, v16_int8 = {0x65, 0x73, 0x74, 0x5f, 0x73, 0x61,
0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x6d, 0x74, 0x0, 0x38}, v8_int16 = {
0x7365, 0x5f74, 0x6173, 0x706d, 0x656c, 0x665f, 0x746d, 0x3800},
v4_int32 = {0x5f747365, 0x706d6173, 0x665f656c, 0x3800746d}, v2_int64 = {
0x706d61735f747365, 0x3800746d665f656c},
uint128 = 0x3800746d665f656c706d61735f747365}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0},
v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d}
xmm6 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e, 0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xaa5b,
0x2aa2, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x2aa2aa5b,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e2aa2aa5b, 0x0},
uint128 = 0x0000000000000000c047069e2aa2aa5b}
xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {
0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000}
xmm8 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe6e0,
0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e6735e6e0, 0x0},
uint128 = 0x0000000000000000c047069e6735e6e0}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {
0x3bbcc86800000000, 0x0}, uint128 = 0x00000000000000003bbcc86800000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0},
v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000}
xmm11 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea,
0x8f, 0xbd, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0xff}, v8_int16 = {
0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0xffff, 0xffff, 0xff, 0xffff},
v4_int32 = {0x5065a26a, 0xbd8feaf2, 0xffffffff, 0xffff00ff}, v2_int64 = {
0xbd8feaf25065a26a, 0xffff00ffffffffff},
uint128 = 0xffff00ffffffffffbd8feaf25065a26a}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3cc40000, 0x0, 0x0}, v2_int64 = {
0x3cc4000000000000, 0x0}, uint128 = 0x00000000000000003cc4000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0xbc598000, 0x0, 0x0}, v2_int64 = {
0xbc59800000000000, 0x0}, uint128 = 0x0000000000000000bc59800000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0},
v2_int64 = {0x3c5324f0e883858e, 0x0},
uint128 = 0x00000000000000003c5324f0e883858e}
xmm15 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0},
v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0}
mxcsr 0x1fa2 [ DE PE IM DM ZM OM UM PM ]
Change History (8)
comment:1 by , 13 years ago
| Component: | undetermined → avformat |
|---|
follow-ups: 3 4 comment:2 by , 13 years ago
Sorry about the formatting, I haven't used trac much and I didn't know about the Code block, maybe you could add it to the bug reporting instructions (http://ffmpeg.org/bugreports.html).
Unfortunately the difference between the working version and today's trunk is about 2 years, so it's not practical to bisect to find the offending commit. I have recompiled with --disable-shared and --disable-optimizations, which seems to have given more information:
$ gdb /tmp/binary-dist-ffmpeg-107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g Detected executable built for fbcode's gcc-4.6.0-glibc-2.13 platform
Running from "/usr/local/fbcode/gcc-4.6.0-glibc-2.13/bin/gdb"
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-facebook-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /tmp/binary-dist-ffmpeg-107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g...done.
<bad-videos/flv-segfault-identify/251336914908174.flv
Starting program: /tmp/binary-dist-ffmpeg-107460c.MWfEKO/gcc-4.6.0-glibc-2.13/ffmpeg_g -i ~andrewr/local/bad-videos/flv-segfault-identify/251336914908174.flv
[Thread debugging using libthread_db enabled]
ffmpeg version fb-107460c_ffmpeg, Copyright (c) 2000-2011 the FFmpeg developers
built on Oct 18 2011 10:21:12 with gcc 4.6.0 20110331 (Red Hat 4.6.0-2)
configuration: --prefix --enable-shared --prefix=/home/engshare/third-party/gcc-4.6.0-glibc-2.13/ffmpeg/ffmpeg-107460c --enable-libfaac --enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libschroedinger --enable-libspeex --enable-libgsm --enable-libopenjpeg --enable-libxvid --enable-libx264 --enable-bzlib --enable-zlib --disable-devices --disable-ffserver --disable-ffplay --enable-pthreads --enable-static --enable-nonfree --enable-version3 --enable-gpl --disable-shared --disable-optimizations --enable-libopencore-amrnb --enable-libopencore-amrwb --disable-decoder=amrnb --disable-decoder=amrwb
libavutil 51. 21. 0 / 51. 21. 0
libavcodec 53. 20. 1 / 53. 20. 1
libavformat 53. 16. 0 / 53. 16. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 43. 6 / 2. 43. 6
libswscale 2. 1. 0 / 2. 1. 0
libpostproc 51. 2. 0 / 51. 2. 0
Program received signal SIGSEGV, Segmentation fault.
ff_add_index_entry (index_entries=0x90, nb_index_entries=0x98,
index_entries_allocated_size=0x9c, pos=3683, timestamp=0, size=0,
distance=0, flags=1) at libavformat/utils.c:1462
1462 if((unsigned)*nb_index_entries + 1 >= UINT_MAX / sizeof(AVIndexEntry))
(gdb) bt
#0 ff_add_index_entry (index_entries=0x90, nb_index_entries=0x98,
index_entries_allocated_size=0x9c, pos=3683, timestamp=0, size=0,
distance=0, flags=1) at libavformat/utils.c:1462
#1 0x0000000000529526 in av_add_index_entry (st=<value optimized out>,
pos=<value optimized out>, timestamp=<value optimized out>,
size=<value optimized out>, distance=<value optimized out>,
flags=<value optimized out>) at libavformat/utils.c:1503
#2 0x00000000004c45e5 in parse_keyframes_index (s=0x0, astream=0x11c4e40,
vstream=0x0, key=<value optimized out>, max_pos=1149, depth=1)
at libavformat/flvdec.c:196
#3 amf_parse_object (s=0x0, astream=0x11c4e40, vstream=0x0,
key=<value optimized out>, max_pos=1149, depth=1)
at libavformat/flvdec.c:232
#4 0x00000000004c424b in amf_parse_object (s=0x11c4780, astream=0x11c4e40,
vstream=0x0, key=0x7fff9d966920 "onMetaData", max_pos=1149, depth=0)
at libavformat/flvdec.c:252
#5 0x00000000004c4cf3 in flv_read_metabody (s=0x11c4780, pkt=0x7fff9d966a30)
at libavformat/flvdec.c:343
#6 flv_read_packet (s=0x11c4780, pkt=0x7fff9d966a30)
at libavformat/flvdec.c:452
#7 0x0000000000528bb7 in av_read_packet (s=0x11c4780, pkt=0x7fff9d966a30)
at libavformat/utils.c:744
#8 0x00000000005295b9 in read_frame_internal (s=0x11c4780,
pkt=0x7fff9d966cb0) at libavformat/utils.c:1219
#9 0x000000000052ad66 in avformat_find_stream_info (ic=0x11c4780,
options=0x11cb0a0) at libavformat/utils.c:2412
#10 0x000000000045eeb6 in opt_input_file (o=0x7fff9d9670c0,
opt=<value optimized out>, filename=<value optimized out>)
at ffmpeg.c:3146
#11 0x000000000046940c in parse_option (optctx=0x7fff9d9670c0,
opt=0x7fff9d967808 "i",
arg=0x7fff9d96780a "/home/andrewr/local/bad-videos/flv-segfault-identify/251336914908174.flv", options=<value optimized out>) at cmdutils.c:275
#12 0x0000000000469584 in parse_options (optctx=0x7fff9d9670c0, argc=3,
argv=0x7fff9d967428, options=0xc137c0,
parse_arg_function=0x465bf0 <opt_output_file>) at cmdutils.c:308
#13 0x000000000045bb20 in main (argc=3, argv=0x7fff9d967428) at ffmpeg.c:4378
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x529368 to 0x5293a8:
0x0000000000529368 <ff_add_index_entry+8>: mov %rbp,-0x28(%rsp)
0x000000000052936d <ff_add_index_entry+13>: mov %r12,-0x20(%rsp)
0x0000000000529372 <ff_add_index_entry+18>: mov %r13,-0x18(%rsp)
0x0000000000529377 <ff_add_index_entry+23>: mov %rdi,%rbp
0x000000000052937a <ff_add_index_entry+26>: mov %r15,-0x8(%rsp)
0x000000000052937f <ff_add_index_entry+31>: mov %r14,-0x10(%rsp)
0x0000000000529384 <ff_add_index_entry+36>: sub $0x48,%rsp
=> 0x0000000000529388 <ff_add_index_entry+40>: mov (%rbx),%eax
0x000000000052938a <ff_add_index_entry+42>: mov %rdx,%rsi
0x000000000052938d <ff_add_index_entry+45>: mov %rcx,%r13
0x0000000000529390 <ff_add_index_entry+48>: mov %r8,%r12
0x0000000000529393 <ff_add_index_entry+51>: mov %r9d,%r15d
0x0000000000529396 <ff_add_index_entry+54>: add $0x1,%eax
0x0000000000529399 <ff_add_index_entry+57>: cmp $0xaaaaaa9,%eax
0x000000000052939e <ff_add_index_entry+62>: ja 0x5294e0 <ff_add_index_entry+384>
0x00000000005293a4 <ff_add_index_entry+68>: cltq
0x00000000005293a6 <ff_add_index_entry+70>: mov (%rdi),%rdi
End of assembler dump.
(gdb) info all-registers
rax 0xe63 3683
rbx 0x98 152
rcx 0xe63 3683
rdx 0x9c 156
rsi 0x98 152
rdi 0x90 144
rbp 0x90 0x90
rsp 0x7fff9d9662a0 0x7fff9d9662a0
r8 0x0 0
r9 0x0 0
r10 0x0 0
r11 0x0 0
r12 0x47d 1149
r13 0x1 1
r14 0x3 3
r15 0x7fff9d966660 140735837267552
rip 0x529388 0x529388 <ff_add_index_entry+40>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 = 0x00000000000000004043600000000000}
xmm1 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x26, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x43, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6000, 0x4043, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x40436000, 0x0, 0x0}, v2_int64 = {
0x4043600000000000, 0x0}, uint128 = 0x00000000000000004043600000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xff, 0x0, 0xff, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0xff, 0xff, 0x0}, v2_int64 = {0xff00000000, 0xff},
uint128 = 0x00000000000000ff000000ff00000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x5f, 0x73, 0x61,
0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x6d, 0x74, 0x0, 0x38, 0x2d, 0x62,
0x69}, v8_int16 = {0x735f, 0x6d61, 0x6c70, 0x5f65, 0x6d66, 0x74, 0x2d38,
0x6962}, v4_int32 = {0x6d61735f, 0x5f656c70, 0x746d66, 0x69622d38},
v2_int64 = {0x5f656c706d61735f, 0x69622d3800746d66},
uint128 = 0x69622d3800746d665f656c706d61735f}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0},
v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d}
xmm6 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e, 0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xaa5b,
0x2aa2, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x2aa2aa5b,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e2aa2aa5b, 0x0},
uint128 = 0x0000000000000000c047069e2aa2aa5b}
xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {
0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000}
xmm8 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {
0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6,
0x47, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe6e0,
0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0,
0xc047069e, 0x0, 0x0}, v2_int64 = {0xc047069e6735e6e0, 0x0},
uint128 = 0x0000000000000000c047069e6735e6e0}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {
0x3bbcc86800000000, 0x0}, uint128 = 0x00000000000000003bbcc86800000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0},
v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000}
xmm11 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea,
0x8f, 0xbd, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0xff, 0xff}, v8_int16 = {
0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0xffff, 0xffff, 0xff, 0xffff},
v4_int32 = {0x5065a26a, 0xbd8feaf2, 0xffffffff, 0xffff00ff}, v2_int64 = {
0xbd8feaf25065a26a, 0xffff00ffffffffff},
uint128 = 0xffff00ffffffffffbd8feaf25065a26a}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x3cc40000, 0x0, 0x0}, v2_int64 = {
0x3cc4000000000000, 0x0}, uint128 = 0x00000000000000003cc4000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0xbc598000, 0x0, 0x0}, v2_int64 = {
0xbc59800000000000, 0x0}, uint128 = 0x0000000000000000bc59800000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0},
v2_int64 = {0x3c5324f0e883858e, 0x0},
uint128 = 0x00000000000000003c5324f0e883858e}
xmm15 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0},
v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0}
mxcsr 0x1fa2 [ DE PE IM DM ZM OM UM PM ]
comment:3 by , 13 years ago
Replying to andrewr:
Unfortunately the difference between the working version and today's trunk is about 2 years, so it's not practical to bisect to find the offending commit.
I believe c76d1bb29f2d1dddbe633e701ca5252f26b65e3e is a good version to start.
comment:4 by , 13 years ago
Replying to andrewr:
built on Oct 18 2011 10:21:12 with gcc 4.6.0 20110331 (Red Hat 4.6.0-2)
And I completely missed:
Please test a decent compiler (I would suggest gcc-4.5.3), unfortunately 4.6.0 is known to be buggy.
comment:5 by , 13 years ago
The other compiler I have ready access to is gcc 4.4.5. I built with that and got a segfault in the same exact place. The traceback is virtually identical, I can paste it though in if that might help.
c76d1bb29f2d1dddbe633e701ca5252f26b65e3e corresponds to version r17723 (Mar 2 2009). I've confirmed that version r19369, or 5c56e7469799c2b820bfc24f952931ead77e053b (Jul 7 2009). There have been 13,570 git commits since 5c56e74. So I built a test script to binary-search through them, compiling and testing at each rev. Here's what I found. It looks like the problem was introduced in cb7e2c1ca864a2ff44c851689ba8a2d4a81dfd27, worked again in 1caa4123bd83f8b1f8a4e11a8d8539be7d54b105, and fails from 7f6e05cdfd1242a6774e89283b6e2cefde191590 onwards.
... everything after this fails with segv...
commit 7087ce08c84dd20404ba258096530cc547d25c15 fail
commit 2f97b12eaf8ada30b3884604d66dbdf51e727b67 fail
commit 7f6e05cdfd1242a6774e89283b6e2cefde191590 fail
commit 1caa4123bd83f8b1f8a4e11a8d8539be7d54b105 works
commit cb7e2c1ca864a2ff44c851689ba8a2d4a81dfd27 fail
commit 9dd94f8379a0f7b3c820bf73c45fa888971c7432 works
commit 8b8bf89e52bc3bf4be1a9f10eb1eb153a443172f works
commit 93dfda88968c5e4d3f596f35a446fb7c238e96b2 works
...everything before this succeeds...
comment:6 by , 13 years ago
Could you try this patch please?
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -228,7 +228,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *as
case AMF_DATA_TYPE_OBJECT: {
unsigned int keylen;
- if (ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth ==
+ if (vstream && ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key)
if (parse_keyframes_index(s, ioc, vstream, max_pos) < 0)
av_log(s, AV_LOG_ERROR, "Keyframe index parsing failed\n");
comment:7 by , 13 years ago
The above patch doesn't apply cleanly. But this modified one does, is this what you meant? In particular there was a missing parens and I'm not sure if the '&& depth == 1' needs to be preserved.
This patch below does fix the issue!
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -228,7 +228,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *as
case AMF_DATA_TYPE_OBJECT: {
unsigned int keylen;
- if (ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1)
+ if (vstream && ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key))
if (parse_keyframes_index(s, ioc, vstream, max_pos) < 0)
av_log(s, AV_LOG_ERROR, "Keyframe index parsing failed\n");
comment:8 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
| Version: | unspecified → git-master |
This should be fixed iiuc.
Replying to andrewr:
If you cannot provide a sample, please use git bisect to find the commit that introduced the crash, please provide complete output (including version etc) and please consider compiling with --disable-shared --disable-optimizations, that might improve the backtrace (and please use Code block to make the backtrace more readable)