[libav-bugs] [Bug 933] New: avconv craches with SIGSEGV

bugzilla at libav.org bugzilla at libav.org
Tue Mar 29 17:22:03 CEST 2016


https://bugzilla.libav.org/show_bug.cgi?id=933

            Bug ID: 933
           Summary: avconv craches with SIGSEGV
           Product: Libav
           Version: 9
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: sanjayr at ymail.com

Created attachment 578
  --> https://bugzilla.libav.org/attachment.cgi?id=578&action=edit
This mp3 file crashed avconv utility with SIGSEGV.

Problem:
    avconv craches with SIGSEGV, when running with the following command with a
specific mp3 input file (new-72-g43.mp3).
    avconv - v 0 -y -t 5 -i new-72-g43.mp3.mp3 junk.mp3


Commandline out:
========================
$ /usr/bin/avconv - v 9 -loglevel 99 -y -i new-72-g43.mp3 junk.mp3
avconv version 9.18-6:9.18-0ubuntu0.14.04.1+fdkaac, Copyright (c) 2000-2014 the
Libav developers
  built on Apr 10 2015 23:18:58 with gcc 4.8 (Ubuntu 4.8.2-19ubuntu1)
  configuration: --arch=amd64 --enable-pthreads --enable-runtime-cpudetect
--extra-version='6:9.18-0ubuntu0.14.04.1+fdkaac'
--libdir=/usr/lib/x86_64-linux-gnu --prefix=/usr --enable-bzlib
--enable-libdc1394 --enable-libfreetype --enable-frei0r --enable-gnutls
--enable-libgsm --enable-libmp3lame --enable-librtmp --enable-libopenjpeg
--enable-libopus --enable-libpulse --enable-libschroedinger --enable-libspeex
--enable-libtheora --enable-vaapi --enable-vdpau --enable-libvorbis
--enable-libvpx --enable-zlib --enable-gpl --enable-swscale --enable-libcdio
--enable-x11grab --enable-libx264 --enable-libxvid --enable-libfdk-aac
--enable-nonfree --shlibdir=/usr/lib/x86_64-linux-gnu --enable-shared
--disable-static
  libavutil     52.  3. 0 / 52.  3. 0
  libavcodec    54. 35. 0 / 54. 35. 0
  libavformat   54. 20. 4 / 54. 20. 4
  libavdevice   53.  2. 0 / 53.  2. 0
  libavfilter    3.  3. 0 /  3.  3. 0
  libavresample  1.  0. 1 /  1.  0. 1
  libswscale     2.  1. 1 /  2.  1. 1
Splitting the commandline.
Reading option '-' ... matched as output file.
Reading option 'v' ... matched as output file.
Reading option '9' ... matched as output file.
Reading option '-loglevel' ... matched as option 'loglevel' (set libav* logging
level) with argument '99'.
Reading option '-y' ... matched as option 'y' (overwrite output files) with
argument '1'.
Reading option '-i' ... matched as input file with argument 'new-72-g43.mp3'.
Reading option 'junk.mp3' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option loglevel (set libav* logging level) with argument 99.
Applying option y (overwrite output files) with argument 1.
Successfully parsed a group of options.
Parsing a group of options: input file new-72-g43.mp3.
Successfully parsed a group of options.
Opening an input file: new-72-g43.mp3.
[dts @ 0x686660] Probed with size=65536 and score=51
[dts @ 0x686660] Invalid size in frame �EB, skipping the rest of tag.
[mjpeg @ 0x68aca0] marker=d8 avail_size_in_buf=36984
[mjpeg @ 0x68aca0] marker parser used 0 bytes (0 bits)
[mjpeg @ 0x68aca0] marker=e0 avail_size_in_buf=36982
[mjpeg @ 0x68aca0] marker parser used 16 bytes (128 bits)
[mjpeg @ 0x68aca0] marker=e1 avail_size_in_buf=36964
[mjpeg @ 0x68aca0] marker parser used 21 bytes (168 bits)
[mjpeg @ 0x68aca0] marker=db avail_size_in_buf=36940
[mjpeg @ 0x68aca0] index=0
[mjpeg @ 0x68aca0] qscale[0]: 3
[mjpeg @ 0x68aca0] marker parser used 67 bytes (536 bits)
[mjpeg @ 0x68aca0] marker=db avail_size_in_buf=36871
[mjpeg @ 0x68aca0] index=1
[mjpeg @ 0x68aca0] qscale[1]: 6
[mjpeg @ 0x68aca0] marker parser used 67 bytes (536 bits)
[mjpeg @ 0x68aca0] marker=c0 avail_size_in_buf=36802
[mjpeg @ 0x68aca0] sof0: picture: 500x500
[mjpeg @ 0x68aca0] component 0 2:2 id: 0 quant:0
[mjpeg @ 0x68aca0] component 1 1:1 id: 1 quant:1
[mjpeg @ 0x68aca0] component 2 1:1 id: 2 quant:1
[mjpeg @ 0x68aca0] pix fmt id 22111100
[mjpeg @ 0x68aca0] marker parser used 17 bytes (136 bits)
[mjpeg @ 0x68aca0] marker=c4 avail_size_in_buf=36783
[mjpeg @ 0x68aca0] class=0 index=0 nb_codes=12
[mjpeg @ 0x68aca0] marker parser used 31 bytes (248 bits)
[mjpeg @ 0x68aca0] marker=c4 avail_size_in_buf=36750
[mjpeg @ 0x68aca0] class=1 index=0 nb_codes=251
[mjpeg @ 0x68aca0] marker parser used 181 bytes (1448 bits)
[mjpeg @ 0x68aca0] marker=c4 avail_size_in_buf=36567
[mjpeg @ 0x68aca0] class=0 index=1 nb_codes=12
[mjpeg @ 0x68aca0] marker parser used 31 bytes (248 bits)
[mjpeg @ 0x68aca0] marker=c4 avail_size_in_buf=36534
[mjpeg @ 0x68aca0] class=1 index=1 nb_codes=251
[mjpeg @ 0x68aca0] marker parser used 181 bytes (1448 bits)
[mjpeg @ 0x68aca0] escaping removed 1704 bytes
[mjpeg @ 0x68aca0] marker=da avail_size_in_buf=36351
[mjpeg @ 0x68aca0] component: 0
[mjpeg @ 0x68aca0] component: 1
[mjpeg @ 0x68aca0] component: 2
[mjpeg @ 0x68aca0] mjpeg_decode_dc: bad vlc: 0:0 (0x68bac0)
[mjpeg @ 0x68aca0] error dc
[mjpeg @ 0x68aca0] error y=30 x=8
[mjpeg @ 0x68aca0] marker parser used 34646 bytes (277167 bits)
[mjpeg @ 0x68aca0] marker=d9 avail_size_in_buf=1493
[mjpeg @ 0x68aca0] mjpeg decode frame unused 1493 bytes
[dca @ 0x6872e0] Not a valid DCA frame
[dca @ 0x6872e0] Invalid bit allocation index
[dca @ 0x6872e0] error decoding block
[dca @ 0x6872e0] Joint stereo coding not supported
Segmentation fault (core dumped)

========================
GDB output:

=================
(gdb) bt
#0  0x00007ffff6a3ddf8 in ?? () from /usr/lib/x86_64-linux-gnu/libavcodec.so.54
#1  0x00007ffff67d8d5c in ?? () from /usr/lib/x86_64-linux-gnu/libavcodec.so.54
#2  0x00007ffff6a56332 in avcodec_decode_audio4 ()
   from /usr/lib/x86_64-linux-gnu/libavcodec.so.54
#3  0x00007ffff7730128 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libavformat.so.54
#4  0x00007ffff7735a5b in avformat_find_stream_info ()
   from /usr/lib/x86_64-linux-gnu/libavformat.so.54
#5  0x000000000040a5be in ?? ()
#6  0x000000000040d6b9 in ?? ()
#7  0x0000000000405439 in ?? ()
#8  0x00007ffff59c3ec5 in __libc_start_main (main=0x4053c0, argc=8, 
    argv=0x7fffffffdbe8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffdbd8) at libc-start.c:287
#9  0x0000000000407f2f in ?? ()

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff6a3ddd8 to 0x7ffff6a3de18:
   0x00007ffff6a3ddd8:    mulss  %xmm0,%xmm2
   0x00007ffff6a3dddc:    sub    $0x4,%r9
   0x00007ffff6a3dde0:    add    $0x4,%r11
   0x00007ffff6a3dde4:    mulss  %xmm0,%xmm1
   0x00007ffff6a3dde8:    add    $0x2,%rsi
   0x00007ffff6a3ddec:    add    $0x2,%rdi
   0x00007ffff6a3ddf0:    sub    $0x1,%rcx
   0x00007ffff6a3ddf4:    sub    $0x1,%r10
=> 0x00007ffff6a3ddf8:    movss  %xmm2,0x0(%rbp,%r8,4)
   0x00007ffff6a3ddff:    movss  %xmm1,0x40(%rbp,%r8,4)
   0x00007ffff6a3de06:    movss  %xmm4,(%rbx,%r8,4)
   0x00007ffff6a3de0c:    movss  %xmm3,0x40(%rbx,%r8,4)
   0x00007ffff6a3de13:    add    $0x1,%r8
   0x00007ffff6a3de17:    cmp    $0x10,%r8
End of assembler dump.

(gdb) info all-registers
rax            0x7ffff6b651f0    140737332531696
rbx            0x7ffff7f8bf00    140737353662208
rcx            0x1e    30
rdx            0x7ffff7f88f3c    140737353649980
rsi            0xfffffffffffffff3    -13
rdi            0x3    3
rbp            0x0    0x0
rsp            0x7fffffffc330    0x7fffffffc330
r8             0x0    0
r9             0x7ffff7f88738    140737353647928
r10            0xe    14
r11            0x7ffff6b649f4    140737332529652
r12            0x200    512
r13            0x200    512
r14            0x200    512
r15            0x7ffff6b651f0    140737332531696
rip            0x7ffff6a3ddf8    0x7ffff6a3ddf8
eflags         0x10202    [ IF RF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
---Type <return> to continue, or q <return> to quit---
gs             0x0    0
st0            -nan(0x9f9f9f9f9f9f9f9f)    (raw 0xffff9f9f9f9f9f9f9f9f)
st1            -nan(0x9f009f009f009f)    (raw 0xffff009f009f009f009f)
st2            -nan(0x9f9f9f9f9f9f9f9f)    (raw 0xffff9f9f9f9f9f9f9f9f)
st3            -nan(0x9f009f009f009f)    (raw 0xffff009f009f009f009f)
st4            -nan(0x9f9f9f9f9f9f9f9f)    (raw 0xffff9f9f9f9f9f9f9f9f)
st5            -nan(0x9f009f009f009f)    (raw 0xffff009f009f009f009f)
st6            -nan(0x9f9f9f9f9f9f9f9f)    (raw 0xffff9f9f9f9f9f9f9f9f)
st7            -nan(0x9f009f009f009f)    (raw 0xffff009f009f009f009f)
fctrl          0x37f    895
fstat          0x0    0
ftag           0xffff    65535
fiseg          0x0    0
fioff          0x0    0
foseg          0x0    0
fooff          0x0    0
fop            0x0    0
mxcsr          0x1fa0    [ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x37, 
    0x0 <repeats 28 times>}, v16_int16 = {0x0, 0x3700, 
    0x0 <repeats 14 times>}, v8_int32 = {0x37000000, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int64 = {0x37000000, 0x0, 0x0, 0x0}, v2_int128 = {
---Type <return> to continue, or q <return> to quit---
    0x00000000000000000000000037000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x4b, 0x35, 0x9e, 0xb0, 
    0x0 <repeats 28 times>}, v16_int16 = {0x354b, 0xb09e, 
    0x0 <repeats 14 times>}, v8_int32 = {0xb09e354b, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int64 = {0xb09e354b, 0x0, 0x0, 0x0}, v2_int128 = {
    0x000000000000000000000000b09e354b, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xa2, 0x3f, 0xe1, 0xaa, 
    0x0 <repeats 28 times>}, v16_int16 = {0x3fa2, 0xaae1, 
    0x0 <repeats 14 times>}, v8_int32 = {0xaae13fa2, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int64 = {0xaae13fa2, 0x0, 0x0, 0x0}, v2_int128 = {
    0x000000000000000000000000aae13fa2, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xf, 0x6f, 0x33, 0x3b, 
    0x0 <repeats 28 times>}, v16_int16 = {0x6f0f, 0x3b33, 
    0x0 <repeats 14 times>}, v8_int32 = {0x3b336f0f, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int64 = {0x3b336f0f, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000000000003b336f0f, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x34, 0xb5, 0xaa, 0xb4, 
    0x0 <repeats 28 times>}, v16_int16 = {0xb534, 0xb4aa, 
    0x0 <repeats 14 times>}, v8_int32 = {0xb4aab534, 0x0, 0x0, 0x0, 0x0, 0x0, 
---Type <return> to continue, or q <return> to quit---
    0x0, 0x0}, v4_int64 = {0xb4aab534, 0x0, 0x0, 0x0}, v2_int128 = {
    0x000000000000000000000000b4aab534, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x11c, 0xfffffeff, 0xd9, 0xffffff59, 0x0, 0x0, 
    0x0, 0x0}, v4_double = {0xfde929d78e396220, 0xfff4791e5e531e75, 0x0, 0x0}, 
  v32_int8 = {0xef, 0x34, 0x8e, 0x43, 0xb1, 0xb6, 0x80, 0xc3, 0x16, 0xc3, 
    0x59, 0x43, 0xc3, 0xd, 0x27, 0xc3, 0x0 <repeats 16 times>}, v16_int16 = {
    0x34ef, 0x438e, 0xb6b1, 0xc380, 0xc316, 0x4359, 0xdc3, 0xc327, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x438e34ef, 0xc380b6b1, 
    0x4359c316, 0xc3270dc3, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xc380b6b1438e34ef, 0xc3270dc34359c316, 0x0, 0x0}, v2_int128 = {
    0xc3270dc34359c316c380b6b1438e34ef, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
---Type <return> to continue, or q <return> to quit---
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 
    0x0 <repeats 30 times>}, v16_int16 = {0xffff, 0x0 <repeats 15 times>}, 
  v8_int32 = {0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xffff, 
    0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000000000000000ffff, 
---Type <return> to continue, or q <return> to quit---
    0x00000000000000000000000000000000}}
ymm13          {v8_float = {0xfffffe70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xeb, 0x73, 0xc8, 0xc3, 0xc4, 
    0xe1, 0xef, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x73eb, 0xc3c8, 
    0xe1c4, 0x3fef, 0x0 <repeats 12 times>}, v8_int32 = {0xc3c873eb, 
    0x3fefe1c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3fefe1c4c3c873eb, 
    0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fefe1c4c3c873eb, 
    0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x4e, 0x6d, 0xc8, 0x3, 0xee, 
    0xe7, 0xd7, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x6d4e, 0x3c8, 
    0xe7ee, 0x3fd7, 0x0 <repeats 12 times>}, v8_int32 = {0x3c86d4e, 
    0x3fd7e7ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3fd7e7ee03c86d4e, 
    0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fd7e7ee03c86d4e, 
    0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x7, 0x5c, 0x14, 0x33, 0x26, 
    0xa6, 0x91, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x5c07, 0x3314, 
    0xa626, 0x3c91, 0x0 <repeats 12 times>}, v8_int32 = {0x33145c07, 
    0x3c91a626, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3c91a62633145c07, 
    0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c91a62633145c07, 
    0x00000000000000000000000000000000}}    

=================
The offending input new-72-g43.mp3 is attached.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20160329/b10afdeb/attachment-0001.html>


More information about the libav-bugs mailing list