Bug#648843: ffmpeg: segmentation fault when transcoding mkv to mpg

Eric Cooper ecc at cmu.edu
Tue Nov 15 23:26:34 UTC 2011 

On Tue, Nov 15, 2011 at 05:07:19PM +0100, Reinhard Tartler wrote:
> Can you please install the package libav-dbg and attach a stacktrace for
> this crash?

$ gdb ffmpeg
[...]
Press ctrl-c to stop encoding
Input stream #0.1 frame changed from rate:48000 fmt:s16 ch:6 to rate:48000 fmt:flt ch:6
[dvd @ 0x6480e0] buffer underflow i=1 bufi=1017 size=1792rate=4012.2kbits/s dup=4775 drop=0    
    Last message repeated 3 times051400kB time=2597.80 bitrate=3315.5kbits/s dup=12910 drop=0    
Input stream #0.1 frame changed from rate:48000 fmt:flt ch:6 to rate:48000 fmt:flt ch:2
Warning, using s16 intermediate sample format for resampling

Program received signal SIGSEGV, Segmentation fault.
ac3_extract_exponents_c (exp=0x0, coef=0x6a68c0, nb_coefs=10752)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3dsp.c:181
181 /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3dsp.c: No such file or directory.
    in /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3dsp.c
(gdb) bt
#0  ac3_extract_exponents_c (exp=0x0, coef=0x6a68c0, nb_coefs=10752)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3dsp.c:181
#1  0x00007ffff6a24702 in extract_exponents (s=0x734d20)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3enc.c:318
#2  process_exponents (s=0x734d20)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3enc.c:575
#3  ff_ac3_encode_frame (avctx=0x73d320, 
    frame=0xdcd8e0 "\vwK\246\036@\353\370@>\377\231\305\370\201\020\242\034AU]Q\256\371\367\247ϟ>|\371\367\365\256%̉\t\226\300L\250\253\345O\322\327+I\325[\tuC{G{\364ϝ=\256B\225uOm\271\260E3\335o֪\206\326\024\067ϕ>{]Q\375k\242ArBZJ륣^\262\250P\225&|\246\273\345na\241{\v\202\347\022\037*\034\210\213\327\321\032\273L\225\363\333\017_)\250\231\363\347ϟ*\200~\rg\\ؐ\251\363\364\273\253R\327:\372UT\227U\257]\331\bi\225\020\207\r-^\n\221%\244\351\354w\266\346\346\210I+\350K\006\272T\371\363\350\064\325\037\363[\347\320\nf\315\033"..., buf_size=<optimized out>, data=0xd7c240)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/ac3enc.c:1913
#4  0x00007ffff6d25497 in avcodec_encode_audio (avctx=0x73d320, buf=<optimized out>, 
    buf_size=<optimized out>, samples=<optimized out>)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/libavcodec/utils.c:633
#5  0x00000000004064e5 in do_audio_out (size=36864, buf=<optimized out>, ist=0x7abb48, ost=0x786dc0, 
    s=0x6480e0) at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/ffmpeg.c:962
#6  output_packet (ist=<optimized out>, ist_index=1, ost_table=0x754340, nb_ostreams=2, 
    pkt=<optimized out>) at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/ffmpeg.c:1681
#7  0x000000000040ab7d in transcode (nb_output_files=1, input_files=0x71beb0, nb_input_files=1, 
    stream_maps=0x0, nb_stream_maps=<optimized out>, output_files=0x6181e0)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/ffmpeg.c:2654
#8  0x0000000000407d40 in main (argc=<optimized out>, argv=0x7fffffffe1b8)
    at /build/buildd-libav_0.7.2-1+b1-amd64-gyQUa8/libav-0.7.2/ffmpeg.c:4466

And here is the disassembly around $pc, and the registers:

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff6a21327 to 0x7ffff6a21367:
   0x00007ffff6a21327 <ac3_extract_exponents_c+7>:	add    %al,(%rax)
   0x00007ffff6a21329 <ac3_extract_exponents_c+9>:	xor    %eax,%eax
   0x00007ffff6a2132b <ac3_extract_exponents_c+11>:	mov    $0xffffff,%ebx
   0x00007ffff6a21330 <ac3_extract_exponents_c+16>:	mov    $0xff000001,%r11d
   0x00007ffff6a21336 <ac3_extract_exponents_c+22>:	jmp    0x7ffff6a21353 <ac3_extract_exponents_c+51>
   0x00007ffff6a21338 <ac3_extract_exponents_c+24>:	nopl   0x0(%rax,%rax,1)
   0x00007ffff6a21340 <ac3_extract_exponents_c+32>:	movl   $0x0,(%rsi,%rax,4)
=> 0x00007ffff6a21347 <ac3_extract_exponents_c+39>:	mov    %r10b,(%rdi,%rax,1)
   0x00007ffff6a2134b <ac3_extract_exponents_c+43>:	add    $0x1,%rax
   0x00007ffff6a2134f <ac3_extract_exponents_c+47>:	cmp    %eax,%edx
   0x00007ffff6a21351 <ac3_extract_exponents_c+49>:	jle    0x7ffff6a213b0 <ac3_extract_exponents_c+144>
   0x00007ffff6a21353 <ac3_extract_exponents_c+51>:	mov    (%rsi,%rax,4),%r9d
   0x00007ffff6a21357 <ac3_extract_exponents_c+55>:	mov    $0x18,%r10d
   0x00007ffff6a2135d <ac3_extract_exponents_c+61>:	mov    %r9d,%r8d
   0x00007ffff6a21360 <ac3_extract_exponents_c+64>:	sar    $0x1f,%r8d
   0x00007ffff6a21364 <ac3_extract_exponents_c+68>:	mov    %r8d,%ecx
End of assembler dump.
(gdb) info all-registers 
rax            0x0	 0
rbx            0xffffff	 16777215
rcx            0x0	 0
rdx            0x2a00	 10752
rsi            0x6a68c0	 6973632
rdi            0x0	 0
rbp            0x73d320	 0x73d320
rsp            0x7fffffffcc60	0x7fffffffcc60
r8             0x0		0
r9             0x0		0
r10            0x18		24
r11            0xff000001	4278190081
r12            0x0		0
r13            0xd7c240		14139968
r14            0x9000		36864
r15            0x509b0		330160
rip            0x7ffff6a21347	0x7ffff6a21347 <ac3_extract_exponents_c+39>
eflags         0x10246		[ PF ZF IF RF ]
cs             0x33		51
ss             0x2b		43
ds             0x0		0
es             0x0		0
fs             0x0		0
gs             0x0		0
st0            -inf		(raw 0xffff0000000000000000)
st1            -inf		(raw 0xffff0000000000000000)
st2            -nan(0x80008000800080)	(raw 0xffff0080008000800080)
st3            -nan(0x80008000800080)	(raw 0xffff0080008000800080)
st4            -nan(0x10001000130012)	(raw 0xffff0010001000130012)
st5            -nan(0x10000f00100010)	(raw 0xffff0010000f00100010)
st6            -inf			(raw 0xffff0000000000000000)
st7            -inf			(raw 0xffff0000000000000000)
fctrl          0x37f			895
fstat          0x220			544
ftag           0xffff			65535
fiseg          0x7fff			32767
fioff          0xf60b5b87		-167027833
foseg          0x7fff			32767
fooff          0xffffd1f8		-11784
fop            0x51f			1311
xmm0           {v4_float = {0x1000000, 0x1000000, 0x1000000, 0x1000000}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x0, 0x0, 0x80, 0x4b, 0x0, 0x0, 0x80, 0x4b, 
    0x0, 0x0, 0x80, 0x4b, 0x0, 0x0, 0x80, 0x4b}, v8_int16 = {0x0, 0x4b80, 0x0, 0x4b80, 0x0, 0x4b80, 0x0, 
    0x4b80}, v4_int32 = {0x4b800000, 0x4b800000, 0x4b800000, 0x4b800000}, v2_int64 = {
    0x4b8000004b800000, 0x4b8000004b800000}, uint128 = 0x4b8000004b8000004b8000004b800000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x39, 0xfc, 0x7f, 
    0x3d, 0x0 <repeats 12 times>}, v8_int16 = {0xfc39, 0x3d7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int32 = {0x3d7ffc39, 0x0, 0x0, 0x0}, v2_int64 = {0x3d7ffc39, 0x0}, 
  uint128 = 0x0000000000000000000000003d7ffc39}
xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm11          {v4_float = {0x0, 0x1c, 0x0, 0x0}, v2_double = {0x80000000, 0x0}, v16_int8 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0xe0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 
    0x41e0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x41e00000, 0x0, 0x0}, v2_int64 = {0x41e0000000000000, 
    0x0}, uint128 = 0x000000000000000041e0000000000000}
xmm12          {v4_float = {0xc100000, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3f, 0xcf, 
    0x66, 0xd5, 0x83, 0x7e, 0x91, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xcf3f, 
    0xd566, 0x7e83, 0x3f91, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xd566cf3f, 0x3f917e83, 0x0, 0x0}, 
  v2_int64 = {0x3f917e83d566cf3f, 0x0}, uint128 = 0x00000000000000003f917e83d566cf3f}
xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 
    0x5a, 0xb5, 0x60, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xb55a, 
    0xbf60, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0xbf60b55a, 0x0, 0x0}, v2_int64 = {0xbf60b55a00000000, 
    0x0}, uint128 = 0x0000000000000000bf60b55a00000000}
xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x9a, 0xed, 0xe0, 
    0x3e, 0x10, 0x97, 0x13, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xed9a, 0x3ee0, 
    0x9710, 0x3e13, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x3ee0ed9a, 0x3e139710, 0x0, 0x0}, v2_int64 = {
    0x3e1397103ee0ed9a, 0x0}, uint128 = 0x00000000000000003e1397103ee0ed9a}
xmm15          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x62, 0x3f, 0x99, 
    0x12, 0x91, 0xf9, 0x83, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x3f62, 0x1299, 
    0xf991, 0x3c83, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x12993f62, 0x3c83f991, 0x0, 0x0}, v2_int64 = {
    0x3c83f99112993f62, 0x0}, uint128 = 0x00000000000000003c83f99112993f62}
mxcsr          0x1fb2	[ DE UE PE IM DM ZM OM UM PM ]

> Please try to reproduce the issue with a shortened version of the
> file.

I haven't been able to do this yet, since I don't know how to shorten
the MKV file and still have it be well-formed.

-- 
Eric Cooper             e c c @ c m u . e d u

More information about the pkg-multimedia-maintainers mailing list