[FFmpeg-devel] segfault in af_afade.c::activate

Paul B Mahol onemda at gmail.com
Tue Oct 15 23:26:06 EEST 2019


On 10/15/19, Mark Niebur <mniebur at thuuz.com> wrote:
> Hello,
> I'm trying to debug an issue I'm seeing where the filter "acrossfade"
> produces a segfault.  This seemingly only happens in docker containers, and
> I am seeing it when running a rather large filter chain.  I'm trying to get
> to the bottom of it, but it would be really helpful to understand the
> context around how libavfilter fills the filter input fifos.  This is the
> code where I'm seeing the segfault:
> 449     AVFrame *in = NULL, *out, *cf[2] = { NULL };
> ...
> 474     if (ff_inlink_queued_samples(ctx->inputs[0]) > s->nb_samples) {
> 475         // consume some samples - this is not a crossfade overlap
> 486     } else if (ff_inlink_queued_samples(ctx->inputs[1]) >=
> s->nb_samples) {
> 487         if (s->overlap) {
> 488             out = ff_get_audio_buffer(outlink, s->nb_samples);
> 489             if (!out)
> 490                 return AVERROR(ENOMEM);
> 491             // NO CHECK IS DONE HERE THAT ENOUGH SAMPLES ARE PRESENT
> 491             // In our case, there are 0 samples, so
> ff_inlink_consume_samples returns early and does not set cf[0]
> 492             ret = ff_inlink_consume_samples(ctx->inputs[0],
> s->nb_samples, s->nb_samples, &cf[0]);
> 493             if (ret < 0) {
> 494                 av_frame_free(&out);
> 495                 return ret;
> 496             }
> 497             // SEGFAULT HERE
> 498             ret = ff_inlink_consume_samples(ctx->inputs[1],
> s->nb_samples, s->nb_samples, &cf[1]);
> 499             if (ret < 0) {
> 500                 av_frame_free(&out);
> 501                 return ret;
> 502             }
>
> How does avfilter add samples to an inlink?  Does it just fill it randomly
> or will it fill input 0 completely and then move on to input 1, 2, 3?  Even
> when I fix this segfault by ensuring that
> ff_inlink_queued_samples(ctx->inputs[0]) == s->nb_samples, I will still get
> additional segfaults in the acrossfade code where ff_inlink_consume_samples
> returns 0 and does not set the frame pointer.

I think this was just reported and fixed very recently.

> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".


More information about the ffmpeg-devel mailing list