[FFmpeg-trac] #2048(avcodec:open): reproducible crash on some subtitles in ff_ass_split_override_codes()
FFmpeg
trac at avcodec.org
Thu Dec 20 11:51:28 CET 2012
#2048: reproducible crash on some subtitles in ff_ass_split_override_codes()
-------------------------------------+-------------------------------------
Reporter: julian | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: ass crash | Blocked By:
SIGSEGV | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avcodec
* priority: normal => important
* version: 1.0 => git-master
* keywords: => ass crash SIGSEGV
Comment:
{{{
(gdb) r -i ffmpeg-bug.mkv -map 0:0 -scodec mov_text out.mp4
Starting program: ffmpeg_g -i ffmpeg-bug.mkv -map 0:0 -scodec mov_text
out.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-48034-g174c483 Copyright (c) 2000-2012 the FFmpeg
developers
built on Dec 20 2012 10:05:56 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 12.100 / 52. 12.100
libavcodec 54. 81.100 / 54. 81.100
libavformat 54. 49.102 / 54. 49.102
libavdevice 54. 3.102 / 54. 3.102
libavfilter 3. 28.102 / 3. 28.102
libswscale 2. 1.103 / 2. 1.103
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 2.100 / 52. 2.100
Input #0, matroska,webm, from 'ffmpeg-bug.mkv':
Metadata:
ENCODER : Lavf54.29.104
Duration: 00:24:27.06, start: 0.000000, bitrate: 8 kb/s
Stream #0:0: Subtitle: ssa (default)
Metadata:
title : 简体中文
Stream #0:1: Video: h264 (High), yuv420p, 640x360 [SAR 1:1 DAR 16:9],
23.81 fps, 23.81 tbr, 1k tbn, 47.62 tbc (default)
Stream #0:2: Subtitle: ssa (default)
Metadata:
title : 繁体中文
Output #0, mp4, to 'out.mp4':
Metadata:
encoder : Lavf54.49.102
Stream #0:0: Subtitle: mov_text ([8][0][0][0] / 0x0008) (default)
Metadata:
title : 简体中文
Stream mapping:
Stream #0:0 -> #0:0 (ass -> mov_text)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
ff_ass_split_override_codes (callbacks=callbacks at entry=0xc79ee0
<mov_text_callbacks>,
priv=priv at entry=0x15ef840, buf=0x0) at libavcodec/ass_split.c:372
372 while (*buf) {
(gdb) bt
#0 ff_ass_split_override_codes (callbacks=callbacks at entry=0xc79ee0
<mov_text_callbacks>,
priv=priv at entry=0x15ef840, buf=0x0) at libavcodec/ass_split.c:372
#1 0x000000000086b5e1 in mov_text_encode_frame (avctx=0x15f5b00,
buf=0x7ffff6463040 "",
bufsize=1048576, sub=0x7fffffffd6f0) at libavcodec/movtextenc.c:125
#2 0x00000000009a1238 in avcodec_encode_subtitle
(avctx=avctx at entry=0x15f5b00,
buf=<optimized out>, buf_size=buf_size at entry=1048576,
sub=sub at entry=0x7fffffffd6f0)
at libavcodec/utils.c:1485
#3 0x0000000000460011 in do_subtitle_out (sub=0x7fffffffd6f0,
ost=0x15eb3e0, s=0x15ec9c0,
ist=<optimized out>) at ffmpeg.c:753
#4 transcode_subtitles (ist=ist at entry=0x15e9de0,
pkt=pkt at entry=0x7fffffffdac0,
got_output=got_output at entry=0x7fffffffd85c) at ffmpeg.c:1728
#5 0x000000000046138a in output_packet (pkt=0x7fffffffda60,
ist=0x15e9de0) at ffmpeg.c:1812
#6 process_input (file_index=<optimized out>) at ffmpeg.c:2886
#7 0x00000000004515d0 in transcode_step () at ffmpeg.c:2982
#8 transcode () at ffmpeg.c:3034
#9 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3209
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xaae210 to 0xaae250:
0x0000000000aae210 <ff_ass_split_override_codes+16>: push %rsp
0x0000000000aae211 <ff_ass_split_override_codes+17>: mov %rdi,%r12
0x0000000000aae214 <ff_ass_split_override_codes+20>: push %rbp
0x0000000000aae215 <ff_ass_split_override_codes+21>: push %rbx
0x0000000000aae216 <ff_ass_split_override_codes+22>: sub $0x128,%rsp
0x0000000000aae21d <ff_ass_split_override_codes+29>: lea
0xa0(%rsp),%rbp
0x0000000000aae225 <ff_ass_split_override_codes+37>: movl
$0x0,0x2c(%rsp)
0x0000000000aae22d <ff_ass_split_override_codes+45>: nopl (%rax)
=> 0x0000000000aae230 <ff_ass_split_override_codes+48>: cmpb $0x0,(%r15)
0x0000000000aae234 <ff_ass_split_override_codes+52>: je 0xaae42c
<ff_ass_split_override_codes+556>
0x0000000000aae23a <ff_ass_split_override_codes+58>: test %r14,%r14
0x0000000000aae23d <ff_ass_split_override_codes+61>: je 0xaae281
<ff_ass_split_override_codes+129>
0x0000000000aae23f <ff_ass_split_override_codes+63>: cmpq $0x0,(%r12)
0x0000000000aae244 <ff_ass_split_override_codes+68>: je 0xaae281
<ff_ass_split_override_codes+129>
0x0000000000aae246 <ff_ass_split_override_codes+70>: lea
0x30(%rsp),%rdx
0x0000000000aae24b <ff_ass_split_override_codes+75>: xor %eax,%eax
0x0000000000aae24d <ff_ass_split_override_codes+77>: mov
$0xd4b500,%esi
End of assembler dump.
(gdb) info register
rax 0x1 1
rbx 0x15ef840 23001152
rcx 0x0 0
rdx 0x0 0
rsi 0x15ef840 23001152
rdi 0xc79ee0 13082336
rbp 0x7fffffffd570 0x7fffffffd570
rsp 0x7fffffffd4d0 0x7fffffffd4d0
r8 0x0 0
r9 0x7 7
r10 0x0 0
r11 0x7ffff68d1d60 140737329831264
r12 0xc79ee0 13082336
r13 0x15ef840 23001152
r14 0x0 0
r15 0x0 0
rip 0xaae230 0xaae230 <ff_ass_split_override_codes+48>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2048#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list