[FFmpeg-trac] #3985(ffmpeg:new): Crash when extracting the audio from a video created by mkvmerge

FFmpeg trac at avcodec.org
Sun Sep 28 16:41:04 CEST 2014 

#3985: Crash when extracting the audio from a video created by mkvmerge
-----------------------------------+--------------------------------------
             Reporter:  Calmarius  |                     Type:  defect
               Status:  new        |                 Priority:  normal
            Component:  ffmpeg     |                  Version:  git-master
             Keywords:             |               Blocked By:
             Blocking:             |  Reproduced by developer:  0
Analyzed by developer:  0          |
-----------------------------------+--------------------------------------
 Just cloned and built ffmpeg using the git command line I found in the
 download area. And compiled on 64 bit Linux.

 I merged together some MKV-s into a single one using mkvmerge and tried to
 extract the sound for further processing. This caused ffmpeg to crash.

 The full sample is available on my google drive:

 https://drive.google.com/file/d/0B8rc3cKwPxmsS2xBcUlwNC1qcFU/edit?usp=sharing

 Although it can be reproduced using a small sample too.

 I'm not familiar with the codebase so I haven't tried to fix it my own,
 and I have a workaround: using the concat demuxer instead of concatenating
 with mkvmerge.

 '''How to reproduce'''
 {{{
 $ ffmpeg -i "intermediate_cc.mkv" -af aresample=async=1000 -f wav
 "intermediate_fx.wav"
 }}}

 '''Detailed log'''

 {{{
 $ ffmpeg -v 9 -loglevel 99 -i intermediate_cc.mkv
 ffmpeg version N-66524-gb7082d9 Copyright (c) 2000-2014 the FFmpeg
 developers
   built on Sep 28 2014 15:48:18 with gcc 4.6 (Ubuntu/Linaro
 4.6.3-1ubuntu5)
   configuration: --enable-libx264 --enable-gpl --disable-stripping
   libavutil      54.  7.101 / 54.  7.101
   libavcodec     56.  1.101 / 56.  1.101
   libavformat    56.  7.101 / 56.  7.101
   libavdevice    56.  1.100 / 56.  1.100
   libavfilter     5.  1.102 /  5.  1.102
   libswscale      3.  1.100 /  3.  1.100
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  1.100 / 53.  1.100
 Splitting the commandline.
 Reading option '-v' ... matched as option 'v' (set logging level) with
 argument '9'.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-i' ... matched as input file with argument
 'intermediate_cc.mkv'.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option v (set logging level) with argument 9.
 Successfully parsed a group of options.
 Parsing a group of options: input file intermediate_cc.mkv.
 Successfully parsed a group of options.
 Opening an input file: intermediate_cc.mkv.
 [matroska,webm @ 0x20ae620] Format matroska,webm probed with size=2048 and
 score=100
 st:0 removing common factor 1000000 from timebase
 st:1 removing common factor 1000000 from timebase
 [matroska,webm @ 0x20ae620] Before avformat_find_stream_info() pos: 5607
 bytes read:36029 seeks:2
 [matroska,webm @ 0x20ae620] parser not found for codec pcm_s16le, packets
 or times may be invalid.
     Last message repeated 1 times
 [h264 @ 0x20b3b20] no picture
 [matroska,webm @ 0x20ae620] All info found
 [matroska,webm @ 0x20ae620] After avformat_find_stream_info() pos: 66152
 bytes read:101565 seeks:2 frames:5
 Guessed Channel Layout for  Input Stream #0.1 : stereo
 Input #0, matroska,webm, from 'intermediate_cc.mkv':
   Metadata:
     creation_time   : 2014-09-28 13:24:30
     ENCODER         : Lavf56.7.101
   Duration: 00:09:01.75, start: 0.000000, bitrate: 4401 kb/s
     Stream #0:0, 4, 1/1000: Video: h264 (High 4:4:4 Predictive), yuv444p,
 640x480, 15625/2190197, SAR 1:1 DAR 4:3, 70.09 fps, 70.09 tbr, 1k tbn,
 140.17 tbc (default)
     Metadata:
       ENCODER         : Lavc56.1.101 libx264
     Stream #0:1, 1, 1/1000: Audio: pcm_s16le, 44100 Hz, 2 channels, s16,
 1411 kb/s (default)
 Successfully opened the file.
 At least one output file must be specified
 [AVIOContext @ 0x20b6ca0] Statistics: 101565 bytes read, 2 seeks
 }}}

 '''Valgrind log'''

 {{{
 $ valgrind ffmpeg -i "intermediate_cc.mkv" -af aresample=async=1000 -f wav
 "intermediate_fx.wav"
 ==9969== Memcheck, a memory error detector
 ==9969== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
 ==9969== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
 ==9969== Command: ffmpeg -i intermediate_cc.mkv -af aresample=async=1000
 -f wav intermediate_fx.wav
 ==9969==
 ffmpeg version N-66524-gb7082d9 Copyright (c) 2000-2014 the FFmpeg
 developers
   built on Sep 28 2014 15:48:18 with gcc 4.6 (Ubuntu/Linaro
 4.6.3-1ubuntu5)
   configuration: --enable-libx264 --enable-gpl --disable-stripping
   libavutil      54.  7.101 / 54.  7.101
   libavcodec     56.  1.101 / 56.  1.101
   libavformat    56.  7.101 / 56.  7.101
   libavdevice    56.  1.100 / 56.  1.100
   libavfilter     5.  1.102 /  5.  1.102
   libswscale      3.  1.100 /  3.  1.100
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  1.100 / 53.  1.100
 Guessed Channel Layout for  Input Stream #0.1 : stereo
 Input #0, matroska,webm, from 'intermediate_cc.mkv':
   Metadata:
     creation_time   : 2014-09-28 13:24:30
     ENCODER         : Lavf56.7.101
   Duration: 00:09:01.75, start: 0.000000, bitrate: 4401 kb/s
     Stream #0:0: Video: h264 (High 4:4:4 Predictive), yuv444p, 640x480,
 SAR 1:1 DAR 4:3, 70.09 fps, 70.09 tbr, 1k tbn, 140.17 tbc (default)
     Metadata:
       ENCODER         : Lavc56.1.101 libx264
     Stream #0:1: Audio: pcm_s16le, 44100 Hz, 2 channels, s16, 1411 kb/s
 (default)
 File 'intermediate_fx.wav' already exists. Overwrite ? [y/N] y
 Output #0, wav, to 'intermediate_fx.wav':
   Metadata:
     ISFT            : Lavf56.7.101
     Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz,
 stereo, s16, 1411 kb/s (default)
     Metadata:
       encoder         : Lavc56.1.101 pcm_s16le
 Stream mapping:
   Stream #0:1 -> #0:0 (pcm_s16le (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help
 ==9969== Invalid write of size 8
 ==9969==    at 0xD65CCA: ??? (in /usr/local/bin/ffmpeg)
 ==9969==    by 0xD61EC8: swri_audio_convert (audioconvert.c:207)
 ==9969==    by 0xD5F0AB: swr_convert_internal.part.4 (swresample.c:633)
 ==9969==    by 0xD5FE61: swr_convert (swresample.c:526)
 ==9969==    by 0xD605BB: swr_next_pts (swresample.c:753)
 ==9969==    by 0x5095B2: filter_frame (af_aresample.c:199)
 ==9969==    by 0x4947A3: ff_filter_frame_framed (avfilter.c:1081)
 ==9969==    by 0x496B7B: ff_filter_frame (avfilter.c:1161)
 ==9969==    by 0x49A9A1: request_frame (buffersrc.c:499)
 ==9969==    by 0x49ACE5: av_buffersrc_add_frame_internal (buffersrc.c:181)
 ==9969==    by 0x49AE1D: av_buffersrc_add_frame_flags (buffersrc.c:106)
 ==9969==    by 0x483417: process_input_packet (ffmpeg.c:1861)
 ==9969==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
 ==9969==
 ==9969==
 ==9969== Process terminating with default action of signal 11 (SIGSEGV)
 ==9969==  Access not within mapped region at address 0x8
 ==9969==    at 0xD65CCA: ??? (in /usr/local/bin/ffmpeg)
 ==9969==    by 0xD61EC8: swri_audio_convert (audioconvert.c:207)
 ==9969==    by 0xD5F0AB: swr_convert_internal.part.4 (swresample.c:633)
 ==9969==    by 0xD5FE61: swr_convert (swresample.c:526)
 ==9969==    by 0xD605BB: swr_next_pts (swresample.c:753)
 ==9969==    by 0x5095B2: filter_frame (af_aresample.c:199)
 ==9969==    by 0x4947A3: ff_filter_frame_framed (avfilter.c:1081)
 ==9969==    by 0x496B7B: ff_filter_frame (avfilter.c:1161)
 ==9969==    by 0x49A9A1: request_frame (buffersrc.c:499)
 ==9969==    by 0x49ACE5: av_buffersrc_add_frame_internal (buffersrc.c:181)
 ==9969==    by 0x49AE1D: av_buffersrc_add_frame_flags (buffersrc.c:106)
 ==9969==    by 0x483417: process_input_packet (ffmpeg.c:1861)
 ==9969==  If you believe this happened as a result of a stack
 ==9969==  overflow in your program's main thread (unlikely but
 ==9969==  possible), you can try to increase the size of the
 ==9969==  main thread stack using the --main-stacksize= flag.
 ==9969==  The main thread stack size used in this run was 8388608.
 ==9969==
 ==9969== HEAP SUMMARY:
 ==9969==     in use at exit: 3,075,780 bytes in 431 blocks
 ==9969==   total heap usage: 3,505 allocs, 3,074 frees, 19,465,091 bytes
 allocated
 ==9969==
 ==9969== LEAK SUMMARY:
 ==9969==    definitely lost: 0 bytes in 0 blocks
 ==9969==    indirectly lost: 0 bytes in 0 blocks
 ==9969==      possibly lost: 816 bytes in 3 blocks
 ==9969==    still reachable: 3,074,964 bytes in 428 blocks
 ==9969==         suppressed: 0 bytes in 0 blocks
 ==9969== Rerun with --leak-check=full to see details of leaked memory
 ==9969==
 ==9969== For counts of detected and suppressed errors, rerun with: -v
 ==9969== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 2 from 2)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3985>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list