[FFmpeg-trac] #2999(avcodec:new): FFmpeg crashes on decoding H.264 MP4 file

FFmpeg trac at avcodec.org
Thu Sep 26 03:13:45 CEST 2013 

#2999: FFmpeg crashes on decoding H.264 MP4 file
--------------------------------------+---------------------------------
               Reporter:  mbradshaw   |                  Owner:
                   Type:  defect      |                 Status:  new
               Priority:  normal      |              Component:  avcodec
                Version:  git-master  |               Keywords:
             Blocked By:              |               Blocking:
Reproduced by developer:  0           |  Analyzed by developer:  0
--------------------------------------+---------------------------------
 Summary of the bug:
 Simply running: `ffmpeg -i hunger.mp4 -vn out.wav`
 results in: `Segmentation fault: 11`

 Sample source file (33MB):
 https://googledrive.com/host/0BxWx_dIBnyRoN2cxT1ZOaEhOUnc/hunger.mp4

 Operating System:
 OS X 10.8.5

 How to reproduce (here's the result of running it in gdb):
 {{{
 $ gdb ./ffmpeg
 GNU gdb (GDB) 7.6.1
 Copyright (C) 2013 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "x86_64-apple-darwin12.4.0".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>...
 Reading symbols from /Users/mjbshaw/Projects/ffmpeg/ffmpeg...done.
 (gdb) run -i hunger.mp4 -vn out.wav
 Starting program: /Users/mjbshaw/Projects/ffmpeg/./ffmpeg -i hunger.mp4
 -vn out.wav
 BFD:
 /System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork(i386:x86-64):
 unknown load command 0x20
 ffmpeg version N-56663-g851a6e2 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Sep 25 2013 18:57:30 with llvm-gcc 4.2.1 (LLVM build
 2336.11.00)
   configuration: --enable-debug=gdb --disable-optimizations --disable-
 stripping --enable-libopenjpeg --disable-decoder=jpeg2000
   libavutil      52. 46.100 / 52. 46.100
   libavcodec     55. 33.100 / 55. 33.100
   libavformat    55. 18.102 / 55. 18.102
   libavdevice    55.  3.100 / 55.  3.100
   libavfilter     3. 87.100 /  3. 87.100
   libswscale      2.  5.100 /  2.  5.100
   libswresample   0. 17.103 /  0. 17.103

 Program received signal SIGSEGV, Segmentation fault.
 0x00000001004d8b3b in refill2 (c=0x101cf5ed0) at
 /Users/mjbshaw/Projects/ffmpeg/libavcodec/cabac_functions.h:73
 73              x+= (c->bytestream[0]<<9) + (c->bytestream[1]<<1);
 (gdb) bt
 #0  0x00000001004d8b3b in refill2 (c=0x101cf5ed0) at
 /Users/mjbshaw/Projects/ffmpeg/libavcodec/cabac_functions.h:73
 #1  0x00000001004d8ce7 in get_cabac_inline (c=0x101cf5ed0,
 state=0x101cf5f6a
 "\027%\004\v#\025-\001#\035\031==?A*\001\n%\001\037\023\031\021-\037;\034\023\001/#\t\017\002\016\004")
     at /Users/mjbshaw/Projects/ffmpeg/libavcodec/cabac_functions.h:101
 #2  get_cabac_noinline (c=0x101cf5ed0, state=0x101cf5f6a
 "\027%\004\v#\025-\001#\035\031==?A*\001\n%\001\037\023\031\021-\037;\034\023\001/#\t\017\002\016\004")
 at h264_cabac.c:107
 #3  0x00000001004e0a22 in decode_cabac_mb_cbp_luma (h=0x101ca0000) at
 h264_cabac.c:1403
 #4  0x00000001004f28e4 in ff_h264_decode_mb_cabac (h=0x101ca0000) at
 h264_cabac.c:2286
 #5  0x00000001004d5e1a in decode_slice (avctx=0x102013800,
 arg=0x7fff5fbfe7c8) at h264.c:4434
 #6  0x00000001004d691d in execute_decode_slices (h=0x101ca0000,
 context_count=1) at h264.c:4590
 #7  0x00000001004d7cd5 in decode_nal_units (h=0x101ca0000, buf=0x1019138b0
 "", buf_size=214, parse_extradata=0) at h264.c:4942
 #8  0x00000001004d84c0 in decode_frame (avctx=0x102013800,
 data=0x101913a40, got_frame=0x7fff5fbfec44, avpkt=0x7fff5fbfeac0) at
 h264.c:5079
 #9  0x00000001008f4d43 in avcodec_decode_video2 (avctx=0x102013800,
 picture=0x101913a40, got_picture_ptr=0x7fff5fbfec44, avpkt=0x7fff5fbfebb8)
 at utils.c:1994
 #10 0x0000000100238ff9 in try_decode_frame (st=0x1019115c0,
 avpkt=0x1019139a0, options=0x101911be0) at utils.c:2484
 #11 0x000000010023b623 in avformat_find_stream_info (ic=0x10200f200,
 options=0x101911be0) at utils.c:2930
 #12 0x0000000100004ad2 in open_input_file (o=0x7fff5fbff558,
 filename=0x7fff5fbffbf3 "hunger.mp4") at ffmpeg_opt.c:809
 #13 0x000000010000e3dd in open_files (l=0x101910958, inout=0x100d9935f
 "input", open_file=0x100004160 <open_input_file>) at ffmpeg_opt.c:2494
 #14 0x000000010000e619 in ffmpeg_parse_options (argc=5,
 argv=0x7fff5fbffa78) at ffmpeg_opt.c:2531
 #15 0x00000001000235cd in main (argc=5, argv=0x7fff5fbffa78) at
 ffmpeg.c:3393
 (gdb) p c
 $1 = (CABACContext *) 0x101cf5ed0
 (gdb) p c->bytestream
 $2 = (uint8_t *) 0x1ff0a <Address 0x1ff0a out of bounds>
 (gdb) p *c
 $3 = {low = -1643708416, range = 292, outstanding_count = 0,
 bytestream_start = 0x101d0f003 "\343\205\035Y", bytestream = 0x1ff0a
 <Address 0x1ff0a out of bounds>,
   bytestream_end = 0x101d0f0a4 "", pb = {bit_buf = 0, bit_left = 0, buf =
 0x0, buf_ptr = 0x0, buf_end = 0x0, size_in_bits = 0}}
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2999>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list