Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#9425 closed Bug Report (fixed)

[CRASH] mythtranscode segfault in AudioReencodeBuffer::AddFrames

Reported by: timowi <mythtv@…> Owned by: JYA
Priority: minor Milestone: 0.25
Component: MythTV - Mythtranscode Version: 0.24-fixes
Severity: medium Keywords:
Cc: Ticket locked: no


rarely I had problems with transcoding some files. With some files transcoding failed every time. I am not sure if other cases are related but now I have a file where transcoding fails every time.

I am not familiar with the code but I can help with debugging. I seems in AudioReencodeBuffer::AddFrames? the audiobuffer value passed to memset() is not valid. All other values seem valid.


#0  0x00007f01a42b2fb0 in memcpy () from /lib/
#1  0x0000000000430355 in AudioReencodeBuffer::AddFrames (this=0xc9adf0, buffer=0x7f019a10a010, frames=1536, timecode=4178) at transcode.cpp:93
#2  0x00007f01ac4b902d in AudioPlayer::AddAudioData (this=0xc69750, buffer=0x7f019a10a010 "\f", len=18432, timecode=4178) at audioplayer.cpp:342
#3  0x00007f01ac52b078 in AvFormatDecoder::ProcessAudioPacket (this=0xc9c610, curstream=0xca8da0, pkt=0x132aae0, decodetype=kDecodeAV) at avformatdecoder.cpp:4089
#4  0x00007f01ac53c79e in AvFormatDecoder::GetFrame (this=0xc9c610, decodetype=kDecodeAV) at avformatdecoder.cpp:4374
#5  0x00007f01ac495983 in MythPlayer::TranscodeGetNextFrame (this=0xc4ee50, dm_iter=@0x7fffd0bbe2b0, did_ff=@0x7fffd0bbe2ac, is_key=@0x7fffd0bbe2ab, honorCutList=true) at mythplayer.cpp:4161
#6  0x000000000042eaa1 in Transcode::TranscodeFile (this=0xc376b0, inputname=@0x7fffd0bbfc00, outputname=@0x7fffd0bbfbf0, profileName=@0x7fffd0bbfbe0, honorCutList=true, framecontrol=false, 
    jobID=2122, fifodir=
      {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 330}, alloc = 0, size = 0, data = 0x7f01a5404efa, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 124}, alloc = 0, size = 0, data = 0x7f01a5404f1a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fffd0bc0140, static codecForCStrings = 0x0}, deleteMap=@0x7fffd0bbfba0) at transcode.cpp:796
#7  0x000000000041c009 in main (argc=8, argv=0x7fffd0bc0508) at main.cpp:642
tmpbuf = (unsigned char *) 0x7f01987c7010 ""
bufsize = 798720
audiobuffer_len = 792576
audiobuffer = (unsigned char *) 0x1052 <Address 0x1052 out of bounds>

tmpbuf is created just before the memset with size = bufsize and only audiobuffer_len bytes are copied in the memcpy. The Problem here is only the pointer buffer which is not valid. I have no idea why this is the case but I have a file I can reproduce this with.

Change History (14)

comment:1 Changed 9 years ago by timowi <mythtv@…>

I come closer to the root of the problem... There is a int array just before the audiobuffer pointer:

int ab_count;
int ab_len[128];
int ab_offset[128];
long long ab_time[128];
unsigned char *audiobuffer;

The arrays are indexed by ab_count and ab_count becomes bigger than 127. So the audiobuffer pointer gets overwritten in the next call to AddFrames().

comment:2 Changed 9 years ago by beirdo

Owner: set to JYA
Status: newassigned

comment:3 Changed 9 years ago by JYA

I will look into it, but note that I have knowledge of the mythtranscode code whatsoever

comment:4 Changed 9 years ago by beirdo

Summary: mythtranscode segfault in AudioReencodeBuffer::AddFrames[CRASH] mythtranscode segfault in AudioReencodeBuffer::AddFrames

If you get no traction on it, punt it back over to me, and I'll take a look.

comment:5 Changed 9 years ago by JYA

Status: assignedinfoneeded

Could you please provide the arguments you gave to the mythtranscode command?


comment:6 Changed 9 years ago by timowi <mythtv@…>

I do not have the exact command line I used. Mythtranscode was invoked by the mythjobque and crashed every time I tried. I took the same arguments as mythtv did. As far as I remember the arguments were starttime + channel, profile and honorcutlist.

The problem is not related to the arguments (ok, does only happen with transcoding mpeg->nuv not with mpeg->mpeg). The problem are the video files.

I have tracked the problem and I thought I did explain it good enough. AddFrames? is called more than 128 times at a special case in this file (between two frames and between two reads of the buffer). When add Frames is called the 128th time *audiobuffer is overwritten by the value written to ab_time[128].

This is cause by some (defect?) recordings. Perhaps missing video frames or a problem with the audio track? If I remember correctly the problem was at the end of commercials.

I modified mythtranscode by resizing ab_len, ab_offset, ab_time and returning from AddFrames? if ab_count is bigger than the length of ab_len[] etc. With these changes I had no problems transcoding the recording. With these fixes I added some additional output (frame number, video time, number of frames in audiobuffer). Almost the complete recording there were 1-2 frames in the buffer. In some places there were about 10 to 20 frames is the buffer. Just in this one place there were about 170 audio frames between two video frames.

I'm not sure where the problem is. Perhaps the Audio frames are needed later and ab_len, ab_offset and ab_time should be resized dynamically as needed (just as audiobuffer) or perhaps the there is a problem with the audio stream and instead of buffering the frames all audio frames should be flushed and audio and video resynced afterwards.

An additional note: I had some problems with audio in transcoded files in the past. This happened in some rare cases (five to ten out of 400-600 recordings). The recording was fine before transcoding (I could watch in mythtv and there were no problems with the audio). After transcoding these recording had issues with the audio stream. Depending on the player (mythtv, vlc, mplayer) either the player crashes at this position, there is no audio after this position or there is no a/v sync after this position. This my be related to this problem.

comment:7 Changed 9 years ago by JYA

You still haven't provided: -The argument used when calling mythtranscode -A backtrace

comment:8 Changed 9 years ago by timowi <mythtv@…>


mythtranscode --infile /mnt/storage/temp/testvid.mpg --outfile /mnt/storage/temp/test-out.nuv -v most --video -p 28

(was originally called by jobqueue with -c ... -s ... instead of --infile ... --video --outfile ...)


-> initial report

comment:9 Changed 9 years ago by JYA

I'd like to see the full backtrace still and not a short extract not showing useful information.

comment:10 Changed 9 years ago by sphery

Complete backtrace (showing arguments), log file, and sample video on #9675.

comment:11 Changed 9 years ago by sphery

Status: infoneededassigned

comment:13 Changed 9 years ago by zeloise@…


The problem ha appears with the commit 649fa85cb41f12860603 (Add support for E-AC3, TrueHD and DTS-HD digital passthrough). if you reverse this commit this mythtranscode bug disapear


comment:14 Changed 9 years ago by Jean-Yves Avenard

Milestone: unknown0.25
Resolution: fixed
Status: assignedclosed

Initialise audioOutput object if it exists.

Code incorrectly assumed that the only place the creation of the audioOutput object was done in MythPlayer?. Mythtranscode creates its own audioOutput object and use AudioPlayer::SetAudioOutput? to set it. Now if an audio object exists, we initialise it no matter what. This will likely increase verbosity in some cases

Fixes #9425

Changeset: 53c94717dce6d5a3c0755fcc132afd2df4f26b18

comment:15 Changed 9 years ago by zeloise@…


i confirm that the problem is solve with this commit

Thank you very much


Note: See TracTickets for help on using tickets.