New submission from Tomas Härdin <[email protected]>: Using r25242, ffplay crashes when seeking in mpegts files containing H.264 video. I haven't been able to reproduce this using ffmpeg yet (tried various values of -ss while transcoding video)
Sample uploaded to MPlayer/incoming/h264_nonkey_seek_crash/h264_nonkey_seek_crash.ts I took the liberty of marking this as important (or attempted to at least). tjop...@callisto:~/ffmpeg$ gdb ./ffplay_g GNU gdb (GDB) 7.0-ubuntu Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/tjoppen/ffmpeg/ffplay_g...done. (gdb) r h264_nonkey_seek_crash.ts Starting program: /home/tjoppen/ffmpeg/ffplay_g h264_nonkey_seek_crash.ts [Thread debugging using libthread_db enabled] FFplay version git-svn-r25242, Copyright (c) 2003-2010 the FFmpeg developers built on Sep 28 2010 10:14:20 with gcc 4.4.1 configuration: libavutil 50.31. 0 / 50.31. 0 libavcore 0. 9. 0 / 0. 9. 0 libavcodec 52.91. 1 / 52.91. 1 libavformat 52.78. 5 / 52.78. 5 libavdevice 52. 2. 2 / 52. 2. 2 libavfilter 1.47. 1 / 1.47. 1 libswscale 0.11. 0 / 0.11. 0 [New Thread 0x7ffff4f6c910 (LWP 19429)] [New Thread 0x7ffff3e62910 (LWP 19430)] [mpegts @ 0x124d9a0] max_analyze_duration reached [NULL @ 0x12488f0] start time is not set in av_estimate_timings_from_pts [NULL @ 0x1248f60] start time is not set in av_estimate_timings_from_pts [NULL @ 0x1251a10] start time is not set in av_estimate_timings_from_pts [NULL @ 0x1252240] start time is not set in av_estimate_timings_from_pts Input #0, mpegts, from 'h264_nonkey_seek_crash.ts': Duration: 00:00:23.56, start: 10.000000, bitrate: 3560 kb/s Program 1 Service01 Metadata: name : Service01 provider_name : FFmpeg Stream #0.0[0x1e1]: Video: h264, yuv420p, 704x576 [PAR 16:11 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc Stream #0.1[0x1e2](und): Audio: mp2, 48000 Hz, 2 channels, s16, 192 kb/s Stream #0.2[0x1e4](swe): Subtitle: dvbsub Stream #0.3[0x1e5](nor): Subtitle: dvbsub Stream #0.4[0x1e6](dan): Subtitle: dvbsub Stream #0.5[0x1e7](fin): Subtitle: dvbsub [New Thread 0x7ffff3661910 (LWP 19431)] [New Thread 0x7ffff2e60910 (LWP 19432)] [New Thread 0x7ffff265f910 (LWP 19433)] [New Thread 0x7ffff1e5e910 (LWP 19434)] 20.45 A-V: 9.930 s:0.0 aq= 348KB vq= 3627KB sq= 0B f=0/0 f=0/0 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff2e60910 (LWP 19432)] 0x00000000008e7399 in av_image_copy (dst_data=<value optimized out>, dst_linesizes=<value optimized out>, src_data=<value optimized out>, src_linesizes=<value optimized out>, pix_fmt=PIX_FMT_YUYV422, width=704, height=576) at libavcore/imgutils.c:182 182 av_image_copy_plane(dst_data[i], dst_linesizes[i], (gdb) bt #0 0x00000000008e7399 in av_image_copy (dst_data=<value optimized out>, dst_linesizes=<value optimized out>, src_data=<value optimized out>, src_linesizes=<value optimized out>, pix_fmt=PIX_FMT_YUYV422, width=704, height=576) at libavcore/imgutils.c:182 #1 0x00000000005a6eb8 in decode_slice_header (h=0x127bb00, h0=0x127bb00) at libavcodec/h264.c:1915 #2 0x00000000005af050 in decode_nal_units (h=0x127bb00, buf=0xa <Address 0xa out of bounds>, buf_size=-154460412) at libavcodec/h264.c:2851 #3 0x00000000005af91f in decode_frame (avctx=0x124d4e0, data=0x1253330, data_size=0x7ffff2e5fefc, avpkt=0x0) at libavcodec/h264.c:3012 #4 0x000000000072b020 in avcodec_decode_video2 (avctx=0x124d4e0, picture=0x1253330, got_picture_ptr=0x7ffff2e5fefc, avpkt=0x7ffff2e5feb0) at libavcodec/utils.c:614 #5 0x000000000042d57d in get_video_frame (link=0x1253460) at ffplay.c:1577 #6 input_request_frame (link=0x1253460) at ffplay.c:1719 #7 0x000000000042f081 in get_filtered_video_frame (arg=0x7ffff3e63010) at ffplay.c:1802 #8 video_thread (arg=0x7ffff3e63010) at ffplay.c:1893 #9 0x00007ffff71cc735 in ?? () from /usr/lib/libSDL-1.2.so.0 #10 0x00007ffff7211889 in ?? () from /usr/lib/libSDL-1.2.so.0 #11 0x00007ffff6fa6a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300 #12 0x00007ffff6d0fd4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 #13 0x0000000000000000 in ?? () (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x8e7379 to 0x8e73b9: 0x00000000008e7379 <av_image_copy+217>: (bad) 0x00000000008e737a <av_image_copy+218>: sar $0x3,%eax 0x00000000008e737d <av_image_copy+221>: mov 0x4(%rsp),%edx 0x00000000008e7381 <av_image_copy+225>: mov 0xb0(%rsp),%ebp 0x00000000008e7388 <av_image_copy+232>: sub $0x1,%edx 0x00000000008e738b <av_image_copy+235>: cmp $0x1,%edx 0x00000000008e738e <av_image_copy+238>: jbe 0x8e7550 <av_image_copy+688> 0x00000000008e7394 <av_image_copy+244>: mov 0x30(%rsp),%rdx 0x00000000008e7399 <av_image_copy+249>: mov (%rdx,%rbx,1),%r14d 0x00000000008e739d <av_image_copy+253>: mov 0x20(%rsp),%rdx 0x00000000008e73a2 <av_image_copy+258>: mov (%rdx,%rbx,2),%r12 0x00000000008e73a6 <av_image_copy+262>: mov 0x28(%rsp),%rdx 0x00000000008e73ab <av_image_copy+267>: mov (%rdx,%rbx,1),%r15d 0x00000000008e73af <av_image_copy+271>: mov 0x18(%rsp),%rdx 0x00000000008e73b4 <av_image_copy+276>: test %r12,%r12 0x00000000008e73b7 <av_image_copy+279>: mov (%rdx,%rbx,2),%r13 End of assembler dump. (gdb) info all-registers rax 0x2c0 704 rbx 0x0 0 rcx 0x0 0 rdx 0x20 32 rsi 0x7ffff2e5fb90 140737268546448 rdi 0x7ffff2e5fba0 140737268546464 rbp 0x240 0x240 rsp 0x7ffff2e5fb40 0x7ffff2e5fb40 r8 0x1 1 r9 0x2c0 704 r10 0xa 10 r11 0x7ffff6cb1f04 140737333894916 r12 0x1 1 r13 0x12afb34 19594036 r14 0x0 0 r15 0x3 3 rip 0x8e7399 0x8e7399 <av_image_copy+249> eflags 0x10282 [ SF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 st0 -inf (raw 0xffff0000000000000000) st1 -inf (raw 0xffff0000000000000000) st2 -nan(0xf0f0f0f0f0f0f0f) (raw 0xffff0f0f0f0f0f0f0f0f) st3 -nan(0xf0f0f0f0f0f0f0f) (raw 0xffff0f0f0f0f0f0f0f0f) st4 -nan(0xf0f0f0f0f0f0f0f) (raw 0xffff0f0f0f0f0f0f0f0f) st5 -nan(0xf0f0f0f0f0f0f0f) (raw 0xffff0f0f0f0f0f0f0f0f) st6 -nan(0x20002000200020) (raw 0xffff0020002000200020) st7 -inf (raw 0xffff0000000000000000) fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff, 0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff} xmm1 {v4_float = {0x0, 0x1a, 0x0, 0x0}, v2_double = {0x4ca1a784, 0x0}, v16_int8 = {0xe1, 0xf9, 0x30, 0xe1, 0x69, 0x28, 0xd3, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xf9e1, 0xe130, 0x2869, 0x41d3, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe130f9e1, 0x41d32869, 0x0, 0x0}, v2_int64 = {0x41d32869e130f9e1, 0x0}, uint128 = 0x000000000000000041d32869e130f9e1} xmm2 {v4_float = {0x15c28, 0xffffffff, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x14, 0xae, 0x47, 0xe1, 0x7a, 0xa4, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x1400, 0x47ae, 0x7ae1, 0xbfa4, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x47ae1400, 0xbfa47ae1, 0x0, 0x0}, v2_int64 = {0xbfa47ae147ae1400, 0x0}, uint128 = 0x0000000000000000bfa47ae147ae1400} xmm3 {v4_float = {0x15c28, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x14, 0xae, 0x47, 0xe1, 0x7a, 0xa4, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x1400, 0x47ae, 0x7ae1, 0x3fa4, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x47ae1400, 0x3fa47ae1, 0x0, 0x0}, v2_int64 = {0x3fa47ae147ae1400, 0x0}, uint128 = 0x00000000000000003fa47ae147ae1400} xmm4 {v4_float = {0x0, 0x2, 0x0, 0x0}, v2_double = {0xa, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x4024, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x40240000, 0x0, 0x0}, v2_int64 = {0x4024000000000000, 0x0}, uint128 = 0x00000000000000004024000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x10, 0x10, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x1010, 0xf0f, 0xf0f, 0xf0f, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xf0f1010, 0xf0f0f0f, 0x0, 0x0}, v2_int64 = {0xf0f0f0f0f0f1010, 0x0}, uint128 = 0x00000000000000000f0f0f0f0f0f1010} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16 = {0x4, 0x4, 0x4, 0x4, 0x4, 0x4, 0x4, 0x4}, v4_int32 = { 0x40004, 0x40004, 0x40004, 0x40004}, v2_int64 = {0x4000400040004, 0x4000400040004}, uint128 = 0x00040004000400040004000400040004} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} ---Type <return> to continue, or q <return> to quit--- xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0}, v8_int16 = {0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf}, v4_int32 = { 0xf000f, 0xf000f, 0xf000f, 0xf000f}, v2_int64 = {0xf000f000f000f, 0xf000f000f000f}, uint128 = 0x000f000f000f000f000f000f000f000f} xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0}, v8_int16 = {0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf}, v4_int32 = { 0xf000f, 0xf000f, 0xf000f, 0xf000f}, v2_int64 = {0xf000f000f000f, 0xf000f000f000f}, uint128 = 0x000f000f000f000f000f000f000f000f} xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3f <repeats 16 times>}, v8_int16 = {0x3f3f, 0x3f3f, 0x3f3f, 0x3f3f, 0x3f3f, 0x3f3f, 0x3f3f, 0x3f3f}, v4_int32 = {0x3f3f3f3f, 0x3f3f3f3f, 0x3f3f3f3f, 0x3f3f3f3f}, v2_int64 = {0x3f3f3f3f3f3f3f3f, 0x3f3f3f3f3f3f3f3f}, uint128 = 0x3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f} xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x2e, 0x0, 0x2e, 0x0, 0x2e, 0x0, 0x2f, 0x0, 0x2f, 0x0, 0x2f, 0x0, 0x2f, 0x0, 0x2f, 0x0}, v8_int16 = {0x2e, 0x2e, 0x2e, 0x2f, 0x2f, 0x2f, 0x2f, 0x2f}, v4_int32 = {0x2e002e, 0x2f002e, 0x2f002f, 0x2f002f}, v2_int64 = {0x2f002e002e002e, 0x2f002f002f002f}, uint128 = 0x002f002f002f002f002f002e002e002e} xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0, 0xf, 0x0}, v8_int16 = {0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf}, v4_int32 = { 0xf000f, 0xf000f, 0xf000f, 0xf000f}, v2_int64 = {0xf000f000f000f, 0xf000f000f000f}, uint128 = 0x000f000f000f000f000f000f000f000f} xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0}, v8_int16 = {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}, v4_int32 = {0x100010, 0x100010, 0x100010, 0x100010}, v2_int64 = {0x10001000100010, 0x10001000100010}, uint128 = 0x00100010001000100010001000100010} xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x5, 0x0, 0x5, 0x0, 0x5, 0x0, 0x5, 0x0, 0x5, 0x0, 0x5, 0x0, 0x5, 0x0, 0x5, 0x0}, v8_int16 = {0x5, 0x5, 0x5, 0x5, 0x5, 0x5, 0x5, 0x5}, v4_int32 = { 0x50005, 0x50005, 0x50005, 0x50005}, v2_int64 = {0x5000500050005, 0x5000500050005}, uint128 = 0x00050005000500050005000500050005} xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] (gdb) q A debugging session is active. Inferior 1 [process 19426] will be killed. Quit anyway? (y or n) y tjop...@callisto:~/ffmpeg$ ---------- messages: 12066 priority: normal status: new substatus: new title: H.264 decoder crashes when seeking in mpegts ________________________________________________ FFmpeg issue tracker <[email protected]> <https://roundup.ffmpeg.org/issue2253> ________________________________________________
