search

hongbinz / ffmbc

Automatically exported from code.google.com/p/ffmbc
0 stars 0 forks source link

segfault combining rawvideo and audio #185

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Described in depth below.

What is the expected output? What do you see instead?
I don't expect a segfault ;-)

Please use labels and text to provide additional information.

Please note that this is an example of a workflow massaged into using files, so 
the example may look worthless but in reality we are doing other processing.

First I create a UYVY422 video and header-less WAV audio files with FFmbc:

ffmbc -shortest -threads 4 -ss 00:00:00.000 -t 00:00:10.000 -i 
"4_InToTree_1080i25_CgrLevels_SINC_FILTER_SVTdec05_DNxHD_185Mbps_422_1920x1080_5
0i.mov" -threads 4 -f s16le -ac 1 -ar 48000 -i "/dev/zero" -an -threads 4 -vf 
scale=0:0:interl=1,format=yuv422p,scale=1920:1080:interl=0,format=yuv422p,scale=
1920:1080:interl=1,format=uyvy422 -r 25/1 -vcodec rawvideo -pix_fmt uyvy422 -y 
"video.yuv" -vn -threads 4 -f s16le  -y "audio.wav" -acodec pcm_s16le -ac 16 
-ar 48000 -newaudio -map_audio_channel 1:0:0:1:0:0 -map_audio_channel 
1:0:0:1:0:1 -map_audio_channel 1:0:0:1:0:2 -map_audio_channel 1:0:0:1:0:3 
-map_audio_channel 1:0:0:1:0:4 -map_audio_channel 1:0:0:1:0:5 
-map_audio_channel 1:0:0:1:0:6 -map_audio_channel 1:0:0:1:0:7 
-map_audio_channel 1:0:0:1:0:8 -map_audio_channel 1:0:0:1:0:9 
-map_audio_channel 1:0:0:1:0:10 -map_audio_channel 1:0:0:1:0:11 
-map_audio_channel 1:0:0:1:0:12 -map_audio_channel 1:0:0:1:0:13 
-map_audio_channel 1:0:0:1:0:14 -map_audio_channel 1:0:0:1:0:15
FFmbc version 0.7.BBC.a-static-8bitX264_64bit
Copyright (c) 2008-2014 Baptiste Coudurier and the FFmpeg developers
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 
'4_InToTree_1080i25_CgrLevels_SINC_FILTER_SVTdec05_DNxHD_185Mbps_422_1920x1080_5
0i.mov':
  Metadata:
    major_brand: qt
    minor_version: 0
    compatible_brands: qt
    encoder: FFmbc 0.6
  Duration: 00:00:10.00, bitrate: 183502 kb/s
    Stream #0.0(eng): Video: dnxhd, yuv422p, 1920x1080i tff, 183500 kb/s, 25.00 fps
    Metadata:
      codec_name: dnxhd
[s16le @ 0x28cdde0] Estimating duration from bitrate, this may be inaccurate
Input #1, s16le, from '/dev/zero':
  Duration: N/A, bitrate: 768 kb/s
    Stream #1.0(und): Audio: pcm_s16le, 48000 Hz, 1 channels, s16, 768 kb/s
[scale @ 0x28d1340] w:1920 h:1080 fmt:yuv422p -> w:1920 h:1080 fmt:yuv422p 
flags:0x4 il:1
[scale @ 0x28f9840] w:1920 h:1080 fmt:yuv422p -> w:1920 h:1080 fmt:yuv422p 
flags:0x4 il:0
[scale @ 0x28fa7a0] w:1920 h:1080 fmt:yuv422p -> w:1920 h:1080 fmt:uyvy422 
flags:0x4 il:1
Output #0, rawvideo, to 'video.yuv':
  Metadata:
    encoder: FFmbc 0.7
    Stream #0.0(und): Video: rawvideo, uyvy422, 1920x1080p [PAR 1:1 DAR 16:9], 829440 kb/s, 25.00 fps
Output #1, s16le, to 'audio.wav':
  Metadata:
    encoder: FFmbc 0.7
    Stream #1.0(und): Audio: pcm_s16le, 48000 Hz, 16 channels, s16, 12288 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
  Stream #1.0 -> #1.0 [channel: 0 -> 0]
  Stream #1.0 -> #1.0 [channel: 0 -> 1]
  Stream #1.0 -> #1.0 [channel: 0 -> 2]
  Stream #1.0 -> #1.0 [channel: 0 -> 3]
  Stream #1.0 -> #1.0 [channel: 0 -> 4]
  Stream #1.0 -> #1.0 [channel: 0 -> 5]
  Stream #1.0 -> #1.0 [channel: 0 -> 6]
  Stream #1.0 -> #1.0 [channel: 0 -> 7]
  Stream #1.0 -> #1.0 [channel: 0 -> 8]
  Stream #1.0 -> #1.0 [channel: 0 -> 9]
  Stream #1.0 -> #1.0 [channel: 0 -> 10]
  Stream #1.0 -> #1.0 [channel: 0 -> 11]
  Stream #1.0 -> #1.0 [channel: 0 -> 12]
  Stream #1.0 -> #1.0 [channel: 0 -> 13]
  Stream #1.0 -> #1.0 [channel: 0 -> 14]
  Stream #1.0 -> #1.0 [channel: 0 -> 15]
Press [q] to stop, [?] for help
frame=  250 fps= 31 q=0.0 Lsize= 1012500kB time=00:00:09.87 
bitrate=839740.8kbits/s
video:1012500kB audio:14816kB global headers:0kB muxing overhead -1.442205%

Then I use FFmbc to mux that back into a MOV file - this segfaults.

ffmbc_g -shortest -threads 1 -f rawvideo -pix_fmt uyvy422 -s 1920x1080 -r 25/1 
-i video.yuv -f s16le -ac 16 -ar 48000 -i audio.wav -threads 4 -vf 
scale=1920:1080:interl=1,format=uyvy422 -vcodec rawvideo -pix_fmt uyvy422 -vtag 
2vuy -aspect 16:9 -tff -an -timecode 10:26:56:00 -y 
primary-2014-06_26_1108-41.mov -acodec pcm_s16le -ac 2 -ar 48000 -newaudio 
-map_audio_channel 1:0:0:0:1:0 -map_audio_channel 1:0:1:0:1:1
FFmbc version 0.7.1-static
Copyright (c) 2008-2014 Baptiste Coudurier and the FFmpeg developers
Input #0, rawvideo, from 'video.yuv':
  Duration: 00:00:10.00, bitrate: 829440 kb/s
    Stream #0.0(und): Video: rawvideo, uyvy422, 1920x1080p, 25.00 fps
[s16le @ 0x2e369a0] Estimating duration from bitrate, this may be inaccurate
Input #1, s16le, from 'audio.wav':
  Duration: 00:00:09.87, bitrate: 12288 kb/s
    Stream #1.0(und): Audio: pcm_s16le, 48000 Hz, 16 channels, s16, 12288 kb/s
[scale @ 0x2e3ca80] w:1920 h:1080 fmt:uyvy422 -> w:1920 h:1080 fmt:uyvy422 
flags:0x4 il:1
Output #0, mov, to 'primary-2014-06_26_1108-41.mov':
  Metadata:
    encoder: FFmbc 0.7
    Stream #0.0(und): Video: rawvideo, uyvy422, 1920x1080i tff [PAR 1:1 DAR 16:9], 829440 kb/s, 25.00 fps
    Stream #0.1(und): Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
  Stream #1.0 -> #0.1 [channel: 0 -> 0]
  Stream #1.0 -> #0.1 [channel: 1 -> 1]
Press [q] to stop, [?] for help
*** Error in `/home/himslm01/Documents/src/ffmbc/v0.7/FFmbc-0.7.1/ffmbc_g': 
free(): invalid pointer: 0x00007f21f8658040 ***
bash: line 1: 23814 Aborted                 (core dumped) 
"/home/himslm01/Documents/src/ffmbc/v0.7/FFmbc-0.7.1/ffmbc_g" -shortest 
-threads 1 -f rawvideo -pix_fmt uyvy422 -s 1920x1080 -r 25/1 -i video.yuv -f 
s16le -ac 16 -ar 48000 -i audio.wav -threads 4 -vf 
scale=1920:1080:interl=1,format=uyvy422 -vcodec rawvideo -pix_fmt uyvy422 -vtag 
2vuy -aspect 16:9 -tff -an -timecode 10:26:56:00 -y 
primary-2014-06_26_1108-41.mov -acodec pcm_s16le -ac 2 -ar 48000 -newaudio 
-map_audio_channel 1:0:0:0:1:0 -map_audio_channel 1:0:1:0:1:1

According to GDB, the segfault is caused by ffmbc.c line 3519:

$ gdb  /home/himslm01/Documents/src/ffmbc/v0.7/FFmbc-0.7.1/ffmbc_g core
GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from 
/home/himslm01/Documents/src/ffmbc/v0.7/FFmbc-0.7.1/ffmbc_g...done.
[New LWP 23814]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by 
`/home/himslm01/Documents/src/ffmbc/v0.7/FFmbc-0.7.1/ffmbc_g -shortest 
-threads'.
Program terminated with signal SIGABRT, Aborted.
#0  0x0000000000a2b4b9 in raise ()
(gdb) bt
#0  0x0000000000a2b4b9 in raise ()
#1  0x00000000009bfea8 in abort ()
#2  0x00000000009c7400 in __libc_message ()
#3  0x00000000009d1212 in _int_free ()
#4  0x0000000000439323 in transcode (output_files=0xee11e0 <output_files>, 
nb_stream_maps=<optimised out>, stream_maps=0x0,
    nb_input_files=2, input_files=0x2e36160, nb_output_files=1) at ffmbc.c:3519
#5  main (argc=<optimised out>, argv=<optimised out>) at ffmbc.c:5517
(gdb) frame 4
#4  0x0000000000439323 in transcode (output_files=0xee11e0 <output_files>, 
nb_stream_maps=<optimised out>, stream_maps=0x0,
    nb_input_files=2, input_files=0x2e36160, nb_output_files=1) at ffmbc.c:3519
3519                    av_free(ist->pkt_data_to_free);
(gdb) list
3514            }
3515
3516        discard_packet:
3517            if (ist && ist->st->codec->codec_id == CODEC_ID_RAWVIDEO) {
3518                if (ist->pkt_data_to_free)
3519                    av_free(ist->pkt_data_to_free);
3520                ist->pkt_data_to_free = pkt.data;
3521                pkt.destruct = NULL;
3522            }
3523            av_free_packet(&pkt);
(gdb) q

Original issue reported on code.google.com by mark.him...@gmail.com on 30 Jun 2014 at 11:13

GoogleCodeExporter commented 9 years ago 
I'm wondering whether pkt.destruct() is ever anything other than 
av_free(pkt.data).

If pkt.destruct() can be more than av_free(pkt.data) then perhaps 
ist.pkt_data_to_free should store the pkt.destruct to call later, instead of 
storing pkt.data.

FYI, I'm posting this issue in case I cannot work out a fix for myself. I may 
get back later, or talk on IRC.

Original comment by mark.him...@gmail.com on 30 Jun 2014 at 11:17

GoogleCodeExporter commented 9 years ago 
It's due to interlacing scaling with rawdecoding and uyvy422, frame is not 
allocated but from the demuxer itself.

Original comment by baptiste...@gmail.com on 1 Jul 2014 at 1:22

GoogleCodeExporter commented 9 years ago 
Ok - interesting...
As a workaround, I can fix the segfault by adding one EXTRA scale & format pair 
in the command line, so instead of

-vf scale=1920:1080:interl=1,format=uyvy422

(which segfaults) I can do:

-vf 
scale=1920:1080:interl=1,format=yuv422p,scale=1920:1080:interl=1,format=uyvy422

(which does not segfault)
The thought of how that 'fixes' the problem scares me...

Original comment by mark.him...@gmail.com on 1 Jul 2014 at 1:34

GoogleCodeExporter commented 9 years ago 
It fixes it because the frame will "become" allocated by the filter chain in 
the middle. I think it is just a buffer "padding" issue in that particular case.

Original comment by baptiste...@gmail.com on 1 Jul 2014 at 7:21

GoogleCodeExporter commented 9 years ago 
Should be fixed in 0.7.2

Original comment by baptiste...@gmail.com on 22 Dec 2014 at 3:48

GoogleCodeExporter commented 9 years ago

Original comment by baptiste...@gmail.com on 22 Dec 2014 at 3:48