On Fri, May 15, 2026 at 4:32 AM Andrew Randrianasulu
<[email protected]> wrote:
>
> Unfortunately after patching our ffmpeg 8.1 with
>
> https://source.ffmpeg.org/gitweb/ffmpeg.git/commit/3b939ced79655ed084e6bebc493fa8b11e9b9d8b
>
> I still see this crash on x265 created hevc + alpha file:
>
> Thread 301 "av:hevc:df1" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fff82ffd700 (LWP 6407)]
> alloc_frame (s=s@entry=0x7fff401ae8c0, l=l@entry=0x7fff401af698) at
> libavcodec/hevc/refs.c:194
> 194 AVFrame *base = s->layers[0].cur_frame->f;
I added one more condition at line 192 in this file:
&& &s->layers[0].cur_frame->f != 0
so full line reads like
if (l != &s->layers[0] && ff_hevc_is_alpha_video(s) &&
&s->layers[0].cur_frame->f != 0 ) {
and this seems to eliminate crash (decoding still looks ok)
> (gdb) bt full
> #0 alloc_frame (s=s@entry=0x7fff401ae8c0, l=l@entry=0x7fff401af698)
> at libavcodec/hevc/refs.c:194
> alpha = 0x7fff0406bdc0
> base = <optimized out>
> frame = <optimized out>
> vps = <optimized out>
> i = <optimized out>
> j = <optimized out>
> ret = <optimized out>
> #1 0x000000000100b7f3 in ff_hevc_set_new_ref
> (s=s@entry=0x7fff401ae8c0, l=l@entry=0x7fff401af698, poc=123)
> at libavcodec/hevc/refs.c:226
> ref = <optimized out>
> i = <optimized out>
> no_output = <optimized out>
> #2 0x0000000000fd7dd6 in hevc_frame_start (nal_idx=1,
> l=0x7fff401af698, s=0x7fff401ae8c0)
> at libavcodec/hevc/hevcdec.c:3337
> pps = 0x7fff402c5640
> new_sequence = 0
> prev_layers_active_output = 1
> ret = <optimized out>
> sps = 0x7fff402c0640
> pic_size_in_ctb = 2806
> prev_layers_active_decode = 3
> #3 decode_slice (gb=0x7fff82ffccc0, nal_idx=1, s=0x7fff401ae8c0) at
> libavcodec/hevc/hevcdec.c:3580
> ---Type <return> to continue, or q <return> to quit---
> layer_idx = <optimized out>
> l = 0x7fff401af698
> ret = <optimized out>
> #4 decode_nal_unit (nal_idx=1, s=0x7fff401ae8c0) at
> libavcodec/hevc/hevcdec.c:3663
> nal = <optimized out>
> gb = {
> buffer = 0x7fff74000e9e
> "\002\t\244\366W\346\024\210\022\003\001*$\004A\370\326\372\303\246\260\314\353\214c).z_=\351\021~\304\f\020'\247\222#gb\033/_\325H\261L\211v\037h\206\301\272\256[\"\377/\204|W\002pm\347\265\322\177e\030\220K\216!\224\b+mI\216\017\307\020\177\215#m\353\200\235W\215E\352K\031\275k\346\322\032g>'0\246C\274U\263v\236\215s\265y\312\245\t\255\203T\376\213Y\037\177`y\005\320\016\022R\036\035I\261\204w\202\271\311\311%S\313\322\370\306\250\241\065JW\224>1\247\234-_\243\317XO\361\003
> \031\363\246X\363(s\252\214Pf\331\307o\352\266\201/\360c\020\fo\331\004\064/b"...,
> index = 136,
> size_in_bits = 5878, size_in_bits_plus8 = 5886}
> ret = <optimized out>
> #5 decode_nal_units (length=<optimized out>, buf=<optimized out>,
> s=0x7fff401ae8c0) at libavcodec/hevc/hevcdec.c:3779
> nal = <optimized out>
> i = 1
> ret = <optimized out>
> eos_at_start = <optimized out>
> flags = <optimized out>
> #6 hevc_receive_frame (avctx=<optimized out>, frame=<optimized out>)
> at libavcodec/hevc/hevcdec.c:3881
> s = 0x7fff401ae8c0
> avci = <optimized out>
> avpkt = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
> ret = <optimized out>
> sd = <optimized out>
> sd_size = 0
> #7 0x0000000000f1263f in ff_decode_receive_frame_internal
> (avctx=avctx@entry=0x7fff402c6c00,
> frame=frame@entry=0x7fff880f2f40) at libavcodec/decode.c:625
> avci = 0x7fff402c6fc0
> ret = <optimized out>
> #8 0x000000000117b47a in frame_worker_thread (arg=0x7fff4006ff00) at
> libavcodec/pthread_frame.c:291
> ret = 0
> p = 0x7fff4006ff00
> avctx = 0x7fff402c6c00
> #9 0x00007ffff540755a in start_thread () from /lib64/libpthread.so.0
> No symbol table info available.
> #10 0x00007fffedd02e5f in clone () from /lib64/libc.so.6
> No symbol table info available.
>
> There was another patch moving some of those i local variables into
> loop, but I am not sure if or how it may help here ?
>
> Will test more. (I wonder if disabling threaded decode will avoid this?)
_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
