[FFmpeg-trac] #3188(avcodec:new): vp9 crash (fuzzed input, MT regression)
FFmpeg
trac at avcodec.org
Mon Dec 2 11:59:55 CET 2013
#3188: vp9 crash (fuzzed input, MT regression)
-------------------------------------+-------------------------------------
Reporter: ubitux | Owner:
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git- | Keywords: vp9
master | regression
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
☭ ./ffmpeg -threads 1 -f ivf -c:v vp9 -i ~/samples/vp9/fuzzed0.ivf -f null
-
ffmpeg version N-58699-ge3d7a39 Copyright (c) 2000-2013 the FFmpeg
developers
built on Dec 2 2013 11:55:32 with gcc 4.8.2 (GCC)
configuration: --enable-gpl --enable-libx264 --enable-libmp3lame
--enable-x11grab --enable-libvorbis --samples=/home/ux/fate-samples
--enable-libfreetype --enable-libvpx --cpu=native --cc='ccache cc'
libavutil 52. 56.100 / 52. 56.100
libavcodec 55. 44.100 / 55. 44.100
libavformat 55. 22.100 / 55. 22.100
libavdevice 55. 5.102 / 55. 5.102
libavfilter 3. 91.100 / 3. 91.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
libpostproc 52. 3.100 / 52. 3.100
Truncating packet of size 402024711 to 1663093
Input #0, ivf, from '/home/ux/samples/vp9/fuzzed0.ivf':
Duration: N/A, start: 0.000001, bitrate: N/A
Stream #0:0: Video: vp9 (vP[25]0 / 0x30195076), yuv420p, 256x244, 0k
tbr, 0k tbn, 0k tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.22.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 256x244,
q=2-31, 200 kb/s, 90k tbn, 0k tbc
Stream mapping:
Stream #0:0 -> #0:0 (vp9 -> rawvideo)
Press [q] to stop, [?] for help
zsh: segmentation fault (core dumped) ./ffmpeg -threads 1 -f ivf -c:v vp9
-i ~/samples/vp9/fuzzed0.ivf -f null -
}}}
{{{
☭ gdb --args ./ffmpeg_g -threads 1 -f ivf -c:v vp9 -i
~/samples/vp9/fuzzed0.ivf -f null -
GNU gdb (GDB) 7.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/ux/src/ffmpeg/ffmpeg_g...done.
(gdb) r
Starting program: /home/ux/src/ffmpeg/./ffmpeg_g -threads 1 -f ivf -c:v
vp9 -i /home/ux/samples/vp9/fuzzed0.ivf -f null -
warning: no loadable sections found in added symbol-file system-supplied
DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
ffmpeg version N-58699-ge3d7a39 Copyright (c) 2000-2013 the FFmpeg
developers
built on Dec 2 2013 11:55:32 with gcc 4.8.2 (GCC)
configuration: --enable-gpl --enable-libx264 --enable-libmp3lame
--enable-x11grab --enable-libvorbis --samples=/home/ux/fate-samples
--enable-libfreetype --enable-libvpx --cpu=native --cc='ccache cc'
libavutil 52. 56.100 / 52. 56.100
libavcodec 55. 44.100 / 55. 44.100
libavformat 55. 22.100 / 55. 22.100
libavdevice 55. 5.102 / 55. 5.102
libavfilter 3. 91.100 / 3. 91.100
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
libpostproc 52. 3.100 / 52. 3.100
Truncating packet of size 402024711 to 1663093
Input #0, ivf, from '/home/ux/samples/vp9/fuzzed0.ivf':
Duration: N/A, start: 0.000001, bitrate: N/A
Stream #0:0: Video: vp9 (vP[25]0 / 0x30195076), yuv420p, 256x244, 0k
tbr, 0k tbn, 0k tbc
[New Thread 0x7ffff39a3700 (LWP 29856)]
[New Thread 0x7ffff31a2700 (LWP 29857)]
[New Thread 0x7ffff29a1700 (LWP 29858)]
[New Thread 0x7ffff21a0700 (LWP 29859)]
[New Thread 0x7ffff199f700 (LWP 29860)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.22.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 256x244,
q=2-31, 200 kb/s, 90k tbn, 0k tbc
Stream mapping:
Stream #0:0 -> #0:0 (vp9 -> rawvideo)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4a3aa20 in __memcpy_sse2_unaligned () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007ffff4a3aa20 in __memcpy_sse2_unaligned () from
/usr/lib/libc.so.6
#1 0x00000000009cd0b1 in vp9_alloc_frame (f=0x16c4b18, ctx=0x16c3540)
at libavcodec/vp9.c:268
#2 vp9_decode_frame (ctx=0x16c3540, frame=0x16b6920,
got_frame=0x7fffffffe1fc, pkt=<optimized out>) at
libavcodec/vp9.c:3512
#3 0x0000000000947e30 in avcodec_decode_video2 (avctx=0x16c3540,
picture=picture at entry=0x16b6920,
got_picture_ptr=got_picture_ptr at entry=0x7fffffffe1fc,
avpkt=avpkt at entry=0x7fffffffe480) at libavcodec/utils.c:2064
#4 0x00000000004787b3 in decode_video (ist=ist at entry=0x16c39a0,
pkt=pkt at entry=0x7fffffffe480,
got_output=got_output at entry=0x7fffffffe1fc) at ffmpeg.c:1695
#5 0x000000000046639a in output_packet (pkt=0x7fffffffe420,
ist=0x16c39a0)
at ffmpeg.c:1908
#6 process_input (file_index=<optimized out>) at ffmpeg.c:3216
#7 transcode_step () at ffmpeg.c:3312
#8 transcode () at ffmpeg.c:3364
#9 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3544
(gdb)
}}}
{{{
76bd878d959c79ef17ed90cc7d13dffea9327ee2 is the first bad commit
commit 76bd878d959c79ef17ed90cc7d13dffea9327ee2
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Nov 30 09:08:54 2013 -0500
vp9: add a 2-pass decoding mode, and add frame-mt support.
For a random 1080p sample, decoding time went from 9.7sec (1 threads)
to 6.0sec (2 threads) and 5.2sec (4 threads) in 2-pass decoding mode.
I don't have any samples that use the parallelmode feature, but the
gains should be higher.
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3188>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list