[FFmpeg-trac] #1563(FFmpeg:new): ffmpeg crashes (segmentation violation) when copying time-delimited portion of .wmv file
FFmpeg
trac at avcodec.org
Fri Jul 20 21:12:40 CEST 2012
#1563: ffmpeg crashes (segmentation violation) when copying time-delimited portion
of .wmv file
-------------------------------------+-------------------------------------
Reporter: GreyBeard | Type: defect
Status: new | Priority: normal
Component: FFmpeg | Version: 0.10.4
Keywords: segentation | Blocked By:
violation, .wmv | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
ffmpeg gets a segmentation violation when I try to trim off the start of
some .wmv files (not all). I am using time to trim off some number of
seconds worth of the video. It outputs a small amount of the output
before it crashes. The time doesn't seem to be important. Some .wmv
files crash and other succeed. Here are the particulars for the test case
(cat flushing a toilet repeatedly). I'm sorry the stack trace-back
doesn't help much. My bet is that some bug outside of malloc overwrote a
malloc data structure with trash causing malloc to fail. It's the usual
problem of a bug laying a landmine for malloc to step on. I don't have
valgrind on my system either. Sorry.
The input file name is water_leak_found.wmv; I will attempt to upload it
by that name. The file is 3.2 megs, larger than you allow as an
attachment, so will try to upload it to upload.ffmpeg.org/incoming. I
tried to truncate it with a DD command so I could attach it here, but that
yielded a different error altogether. If I cannot upload it feel free to
contact me and I'll get it to you by other means.
Thanks,
Jeff Barry
How to reproduce:
{{{
atomik $?=0> uname -a
Linux atomik 2.6.37.6-smp #1 SMP Sat Apr 9 14:01:14 CDT 2011 i686 Intel(R)
Atom(TM) CPU D510 @ 1.66GHz GenuineIntel GNU/Linux
atomik $?=0> cat /etc/slackware-version
Slackware 13.37.0
atomik $?=0> rm -f water_leak_found.TRIMMED.wmv
atomik $?=0> cksum water_leak_found.wmv
2892790208 3255612 water_leak_found.wmv
atomik $?=0> rm -f water_leak_found.TRIMMED.wmv
atomik $?=0> valgrind ffmpeg -ss 1 -i water_leak_found.wmv -acodec copy
-vcodec copy water_leak_found.TRIMMED.wmv
-bash: valgrind: command not found
atomik $?=0> gdb ffmpeg
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-slackware-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/ffmpeg...(no debugging symbols
found)...done.
(gdb) run -ss 1 -i water_leak_found.wmv -acodec copy -vcodec copy
water_leak_found.TRIMMED.wmv
Starting program: /usr/bin/ffmpeg -ss 1 -i water_leak_found.wmv -acodec
copy -vcodec copy water_leak_found.TRIMMED.wmv
[Thread debugging using libthread_db enabled]
ffmpeg version 0.10.4 Copyright (c) 2000-2012 the FFmpeg developers
built on Jul 17 2012 01:40:04 with gcc 4.5.2
configuration: --prefix=/usr
libavutil 51. 35.100 / 51. 35.100
libavcodec 53. 61.100 / 53. 61.100
libavformat 53. 32.100 / 53. 32.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 61.100 / 2. 61.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 6.100 / 0. 6.100
Input #0, asf, from 'water_leak_found.wmv':
Metadata:
Application : Windows Movie Maker 2.1.4026.0
WMFSDKVersion : 10.00.00.3646
WMFSDKNeeded : 0.0.0.0000
IsVBR : 0
artist : Will F. Whittle
Duration: 00:02:47.73, start: 0.000000, bitrate: 155 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 16000 Hz, 1 channels,
s16, 16 kb/s
Stream #0:1: Video: wmv3 (Main) (WMV3 / 0x33564D57), yuv420p, 320x240,
134 kb/s, 15 tbr, 1k tbn, 1k tbc
Output #0, asf, to 'water_leak_found.TRIMMED.wmv':
Metadata:
Application : Windows Movie Maker 2.1.4026.0
WMFSDKVersion : 10.00.00.3646
WMFSDKNeeded : 0.0.0.0000
IsVBR : 0
Author : Will F. Whittle
WM/EncodingSettings: Lavf53.32.100
Stream #0:0: Video: wmv3 (WMV3 / 0x33564D57), yuv420p, 320x240,
q=2-31, 134 kb/s, 1k tbn, 1k tbc
Stream #0:1: Audio: wmav2 (a[1][0][0] / 0x0161), 16000 Hz, 1 channels,
16 kb/s
Stream mapping:
Stream #0:1 -> #0:0 (copy)
Stream #0:0 -> #0:1 (copy)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0xb7cba6d6 in malloc_consolidate () from /lib/libc.so.6
(gdb) bt
#0 0xb7cba6d6 in malloc_consolidate () from /lib/libc.so.6
#1 0xb7cbbe47 in _int_malloc () from /lib/libc.so.6
#2 0xb7cbd336 in _int_memalign () from /lib/libc.so.6
#3 0xb7cbf5b4 in memalign () from /lib/libc.so.6
#4 0xb7cc078f in posix_memalign () from /lib/libc.so.6
#5 0x08720b1e in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xb7cba6b6 to 0xb7cba6f6:
0xb7cba6b6 <malloc_consolidate+118>: (bad)
0xb7cba6b7 <malloc_consolidate+119>: je 0xb7cba808
<malloc_consolidate+456>
0xb7cba6bd <malloc_consolidate+125>: movl $0x0,(%eax)
0xb7cba6c3 <malloc_consolidate+131>: jmp 0xb7cba749
<malloc_consolidate+265>
0xb7cba6c8 <malloc_consolidate+136>: add %eax,%ecx
0xb7cba6ca <malloc_consolidate+138>: mov 0x8(%edi),%eax
0xb7cba6cd <malloc_consolidate+141>: mov %eax,-0x1c(%ebp)
0xb7cba6d0 <malloc_consolidate+144>: mov -0x1c(%ebp),%edx
0xb7cba6d3 <malloc_consolidate+147>: mov 0xc(%edi),%eax
=> 0xb7cba6d6 <malloc_consolidate+150>: cmp 0xc(%edx),%edi
0xb7cba6d9 <malloc_consolidate+153>: jne 0xb7cba876
<malloc_consolidate+566>
0xb7cba6df <malloc_consolidate+159>: cmp 0x8(%eax),%edi
0xb7cba6e2 <malloc_consolidate+162>: jne 0xb7cba876
<malloc_consolidate+566>
0xb7cba6e8 <malloc_consolidate+168>: mov -0x1c(%ebp),%edx
0xb7cba6eb <malloc_consolidate+171>: cmpl $0x1ff,0x4(%edi)
0xb7cba6f2 <malloc_consolidate+178>: mov %eax,0xc(%edx)
0xb7cba6f5 <malloc_consolidate+181>: mov %edx,0x8(%eax)
End of assembler dump.
(gdb) info all-registers
eax 0x252879a 38963098
ecx 0x520 1312
edx 0x45b1d064 1169281124
ebx 0xb7da8ff4 -1210413068
esp 0xbfffc17c 0xbfffc17c
ebp 0xbfffc1d8 0xbfffc1d8
esi 0x8e62748 149301064
edi 0x8e62778 149301112
eip 0xb7cba6d6 0xb7cba6d6 <malloc_consolidate+150>
eflags 0x210202 [ IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 -2147483648 (raw 0xc01e8000000000000000)
st4 123456 (raw 0x400ff120000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 14.266999999999999459987520822323859 (raw
0x4002e445a1cac0831000)
st7 14333 (raw 0x400cdff4000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x80849ca 134760906
foseg 0x7b 123
fooff 0xbfffc870 -1073756048
fop 0x7bc 1980
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0,
0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4 {uint64 = 0xf120000000000000, v2_int32 = {0x0, 0xf1200000},
v4_int16 = {0x0, 0x0, 0x0,
0xf120}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xf1}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0,
0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6 {uint64 = 0xe445a1cac0831000, v2_int32 = {0xc0831000,
0xe445a1ca}, v4_int16 = {0x1000,
0xc083, 0xa1ca, 0xe445}, v8_int8 = {0x0, 0x10, 0x83, 0xc0, 0xca, 0xa1,
0x45, 0xe4}}
mm7 {uint64 = 0xdff4000000000000, v2_int32 = {0x0, 0xdff40000},
v4_int16 = {0x0, 0x0, 0x0,
0xdff4}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0xdf}}
(gdb) quit
A debugging session is active.
Inferior 1 [process 18727] will be killed.
Quit anyway? (y or n) y^M
atomik $?=0> cksum water_leak_found.*
1377656358 221839 water_leak_found.TRIMMED.wmv
2892790208 3255612 water_leak_found.wmv
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1563>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list