#11484: Segmentation fault on function av_log_default_callback
--------------------------------+--------------------------------------
Reporter: fizz | Type: defect
Status: new | Priority: normal
Component: ffmpeg | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
--------------------------------+--------------------------------------
Summary of the bug: Segmentation fault on function av_log_default_callback
How to reproduce:
{{{
system: ubuntu20.04
git last commit:
commit 66e9888bf418984a274beddbc3e87e9f1b8f5077 (HEAD -> master,
origin/master, origin/HEAD)
Author: Michael Niedermayer <mich...@niedermayer.cc>
Date: Wed Jan 8 03:11:02 2025 +0100
use this command to compile:
./configure --enable-debug=2 --disable-optimizations --disable-stripping
make -j4
use this command to reproduce: valgrind ./ffmpeg -i POC_FILE /dev/null
}}}
information from valgrind:
{{{
==30384== Memcheck, a memory error detector
==30384== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30384== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright
info
==30384== Command: ./ffmpeg -i ./bugs/ffmpeg_av_log_default_callback
/dev/null
==30384==
ffmpeg version N-118312-g66e9888bf4 Copyright (c) 2000-2025 the FFmpeg
developers
built with gcc 9 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
configuration: --enable-debug=2 --disable-optimizations --disable-
stripping
libavutil 59. 55.100 / 59. 55.100
libavcodec 61. 31.100 / 61. 31.100
libavformat 61. 9.106 / 61. 9.106
libavdevice 61. 4.100 / 61. 4.100
libavfilter 10. 6.101 / 10. 6.101
libswscale 8. 13.100 / 8. 13.100
libswresample 5. 4.100 / 5. 4.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x64cb8c0] Broken file, trak/mdat not at top-
level
==30384== at 0x3AAC487: VALGRIND_PRINTF_BACKTRACE.constprop.0
(valgrind.h:6306)
==30384== by 0x3AADE74: av_log_default_callback (log.c:404)
==30384== by 0x3AAF4F4: av_log (log.c:418)
==30384== by 0x1172CF2: mov_read_default (mov.c:9366)
==30384== by 0x11EAA54: ff_mov_read_stsd_entries (mov.c:3090)
==30384== by 0x11EC565: mov_read_stsd (mov.c:3153)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x11CA1FC: mov_read_trak (mov.c:5122)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== Invalid read of size 4
==30384== at 0x11CC28F: mov_read_trak (mov.c:5208)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x1173128: mov_read_moov (mov.c:1565)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x11CC6AE: mov_read_header (mov.c:10458)
==30384== by 0xFABB15: avformat_open_input (demux.c:308)
==30384== by 0x42BAE0: ifile_open (ffmpeg_demux.c:1727)
==30384== by 0x48384C: open_files.isra.0 (ffmpeg_opt.c:1363)
==30384== by 0x48A3AD: ffmpeg_parse_options (ffmpeg_opt.c:1412)
==30384== by 0x410A38: main (ffmpeg.c:974)
==30384== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==30384==
==30384==
==30384== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==30384== Access not within mapped region at address 0x4
==30384== at 0x11CC28F: mov_read_trak (mov.c:5208)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x1173128: mov_read_moov (mov.c:1565)
==30384== by 0x1171E25: mov_read_default (mov.c:9414)
==30384== by 0x11CC6AE: mov_read_header (mov.c:10458)
==30384== by 0xFABB15: avformat_open_input (demux.c:308)
==30384== by 0x42BAE0: ifile_open (ffmpeg_demux.c:1727)
==30384== by 0x48384C: open_files.isra.0 (ffmpeg_opt.c:1363)
==30384== by 0x48A3AD: ffmpeg_parse_options (ffmpeg_opt.c:1412)
==30384== by 0x410A38: main (ffmpeg.c:974)
==30384== If you believe this happened as a result of a stack
==30384== overflow in your program's main thread (unlikely but
==30384== possible), you can try to increase the size of the
==30384== main thread stack using the --main-stacksize= flag.
==30384== The main thread stack size used in this run was 8388608.
==30384==
==30384== HEAP SUMMARY:
==30384== in use at exit: 40,137 bytes in 63 blocks
==30384== total heap usage: 107 allocs, 44 frees, 80,533 bytes allocated
==30384==
==30384== LEAK SUMMARY:
==30384== definitely lost: 0 bytes in 0 blocks
==30384== indirectly lost: 0 bytes in 0 blocks
==30384== possibly lost: 0 bytes in 0 blocks
==30384== still reachable: 40,137 bytes in 63 blocks
==30384== suppressed: 0 bytes in 0 blocks
==30384== Rerun with --leak-check=full to see details of leaked memory
==30384==
==30384== For lists of detected and suppressed errors, rerun with: -s
==30384== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11484>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
