[FFmpeg-devel] [RFC][PATCH] Avoid abort() on decoding mpeg video, just raise the error

Michael Niedermayer michaelni at gmx.at
Wed Dec 7 19:08:51 CET 2011

On Wed, Dec 07, 2011 at 06:15:53PM +0200, Andrey Utkin wrote:
> Any comments are appreciated.
> Can this patch be considered acceptable solution to make application
> survive on broken video streams?
> See issues
> http://trac.videolan.org/vlc/ticket/5620
> https://bugzilla.libav.org/show_bug.cgi?id=108

ive tried to reproduce this with latest vlc and ffmpeg but for me it
does not abort, nor does it crash inside the ffmpegs libs
and ffmpeg or ffplay on their own do not crash at all.

So it does not look like a ffmpeg bug to me at this point.

with valgrind i get
==1011== Invalid write of size 4
==1011==    at 0x50CC81A: PictureReleaseCallback (picture.c:97)
==1011==    by 0x50B0024: vout_ReleasePicture (vlc_picture.h:182)
==1011==    by 0x20DB5BEB: ffmpeg_ReleaseFrameBuf (video.c:1107)
==1011==    by 0x217D01DD: ff_thread_decode_frame (pthread.c:430)
==1011==    by 0x21855BE8: avcodec_decode_video2 (utils.c:957)
==1011==    by 0x20DB6E28: DecodeVideo (video.c:590)
==1011==    by 0x508A356: DecoderDecodeVideo (decoder.c:1512)
==1011==    by 0x5089DD6: DecoderProcess (decoder.c:1862)
==1011==    by 0x5089FDA: DecoderThread (decoder.c:938)
==1011==    by 0x5334EFB: start_thread (pthread_create.c:304)
==1011==    by 0x582F89C: clone (clone.S:112)
==1011==  Address 0x744bf8c is 268 bytes inside a block of size 336 free'd
==1011==    at 0x4C282E0: free (vg_replace_malloc.c:366)
==1011==    by 0x50CD9ED: picture_pool_Delete (vlc_picture.h:182)
==1011==    by 0x50ACE17: ThreadStop (video_output.c:1391)
==1011==    by 0x50AF532: Thread (video_output.c:1450)
==1011==    by 0x5334EFB: start_thread (pthread_create.c:304)
==1011==    by 0x582F89C: clone (clone.S:112)

with gdb

#0  0x00007ffff7945023 in picture_Release (p_picture=0x7fffcc2ecce0) at ../include/vlc_picture.h:182
#1  vout_ReleasePicture (vout=0x7fffec08a9d8, picture=0x7fffcc2ecce0) at video_output/video_output.c:436
#2  0x00007fffdaf41bec in ffmpeg_ReleaseFrameBuf (p_context=<optimized out>, p_ff_pic=0x7fffec099828) at video.c:1107
#3  0x00007fffda09f1de in release_delayed_buffers (p=0x7fffec098db8) at libavcodec/pthread.c:430
#4  submit_packet (avpkt=0x7fffd5654c90, p=0x7fffec098db8) at libavcodec/pthread.c:446
#5  ff_thread_decode_frame (avctx=0x7fffec022740, picture=0x7fffec022c40, got_picture_ptr=0x7fffd5654cec, avpkt=0x7fffd5654c90) at libavcodec/pthread.c:517
#6  0x00007fffda124be9 in avcodec_decode_video2 (avctx=0x7fffec022740, picture=0x7fffec022c40, got_picture_ptr=0x7fffd5654cec, avpkt=0x7fffd5654c90) at libavcodec/utils.c:957
#7  0x00007fffdaf42e29 in DecodeVideo (p_dec=0x842488, pp_block=<optimized out>) at video.c:590
#8  0x00007ffff791f357 in DecoderDecodeVideo (p_dec=0x842488, p_block=0x7fffec20e0e0) at input/decoder.c:1512
#9  0x00007ffff791edd7 in DecoderProcessVideo (b_flush=false, p_block=0x9a2bb0, p_dec=0x842488) at input/decoder.c:1862
#10 DecoderProcess (p_dec=0x842488, p_block=<optimized out>) at input/decoder.c:2052
#11 0x00007ffff791efdb in DecoderThread (p_data=0x842488) at input/decoder.c:938
#12 0x00007ffff76c8efc in start_thread (arg=0x7fffd5655700) at pthread_create.c:304
#13 0x00007ffff71ff89d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#14 0x0000000000000000 in ?? ()


Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

You can kill me, but you cannot change the truth.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111207/16f152c6/attachment.asc>

More information about the ffmpeg-devel mailing list