Segmentation fault of ffprobe with the official static build for ts files with Debian 12

[Stéphane Diemer]

Environment:

OS: Debian 12.
Media: All .ts files.

The problem was tested on many ts files (local files and files served on HTTPS).

How to reproduce:

# docker run -it --rm "debian:bookworm" /bin/bash

apt update
apt install -y wget xz-utils
cd /tmp
# Get static build files
wget 'https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz'
tar -xf ffmpeg-release-amd64-static.tar.xz
# Get a ts file
wget 'https://test-streams.mux.dev/x36xhzz/url_6/url_846/193039199_mp4_h264_aac_hq_7.ts'
/tmp/ffmpeg-6.0-amd64-static/ffprobe 193039199_mp4_h264_aac_hq_7.ts

Result:

root@951410b240f6:/tmp# /tmp/ffmpeg-6.0-amd64-static/ffprobe -v 9 -loglevel 99 193039199_mp4_h264_aac_hq_7.ts
ffprobe version 6.0-static https://johnvansickle.com/ffmpeg/  Copyright (c) 2007-2023 the FFmpeg developers
  built with gcc 8 (Debian 8.3.0-6)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
  libavutil      58.  2.100 / 58.  2.100
  libavcodec     60.  3.100 / 60.  3.100
  libavformat    60.  3.100 / 60.  3.100
  libavdevice    60.  1.100 / 60.  1.100
  libavfilter     9.  3.100 /  9.  3.100
  libswscale      7.  1.100 /  7.  1.100
  libswresample   4. 10.100 /  4. 10.100
  libpostproc    57.  1.100 / 57.  1.100
[NULL @ 0x5975fc0] Opening '193039199_mp4_h264_aac_hq_7.ts' for reading
[file @ 0x59767c0] Setting default whitelist 'file,crypto,data'
Probing aac score:25 size:2048
Probing mp3 score:1 size:2048
Probing mpegts score:50 size:2048
[mpegts @ 0x5975fc0] Format mpegts probed with size=2048 and score=50
[mpegts @ 0x5975fc0] Probe: 8192, score: 44, dvhs_score: -2, fec_score: -2 
[mpegts @ 0x5975fc0] Filter: pid=0x11 type=1
[mpegts @ 0x5975fc0] Filter: pid=0x0 type=1
[mpegts @ 0x5975fc0] Filter: pid=0x12 type=1
[mpegts @ 0x5975fc0] SDT:
[mpegts @ 0x5975fc0] tag: 0x48 len=23
Segmentation fault (core dumped)

The "-report" option does not provide any additional information.

Debug information with strace:

root@951410b240f6:/tmp# strace /tmp/ffmpeg-6.0-amd64-static/ffprobe 193039199_mp4_h264_aac_hq_7.ts
execve("/tmp/ffmpeg-6.0-amd64-static/ffprobe", ["/tmp/ffmpeg-6.0-amd64-static/ffp"..., "193039199_mp4_h264_aac_hq_7.ts"], 0x7ffed83b0148 /* 8 vars */) = 0
brk(NULL)                               = 0x6cef000
brk(0x6cf02c0)                          = 0x6cf02c0
arch_prctl(ARCH_SET_FS, 0x6cef980)      = 0
uname({sysname="Linux", nodename="951410b240f6", ...}) = 0
set_tid_address(0x6cefc50)              = 2843
set_robust_list(0x6cefc60, 24)          = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x139db70, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x139d150}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x139dc00, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x139d150}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/tmp/ffmpeg-6.0-amd64-static/ffp"..., 4096) = 36
brk(0x6d112c0)                          = 0x6d112c0
brk(0x6d12000)                          = 0x6d12000
futex(0x54066ac, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x54066b8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0x6d33000)                          = 0x6d33000
getrandom("\x58", 1, GRND_NONBLOCK)     = 1
stat("/etc/gnutls/config", 0x7ffd4bd01780) = -1 ENOENT (No such file or directory)
brk(0x6d57000)                          = 0x6d57000
brk(0x6d52000)                          = 0x6d52000
ioctl(2, TCGETS, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
ioctl(2, TCGETS, {c_iflag=ICRNL|IXON, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0
write(2, "ffprobe version 6.0-static https"..., 61ffprobe version 6.0-static https://johnvansickle.com/ffmpeg/ ) = 61
write(2, " Copyright (c) 2007-2023 the FFm"..., 46 Copyright (c) 2007-2023 the FFmpeg developers) = 46
write(2, "\n", 1
)                       = 1
write(2, "  built with gcc 8 (Debian 8.3.0"..., 36  built with gcc 8 (Debian 8.3.0-6)
) = 36
write(2, "  configuration: --enable-gpl --"..., 757  configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
) = 757
write(2, "  libavutil      58.  2.100 / 58"..., 41  libavutil      58.  2.100 / 58.  2.100
) = 41
write(2, "  libavcodec     60.  3.100 / 60"..., 41  libavcodec     60.  3.100 / 60.  3.100
) = 41
write(2, "  libavformat    60.  3.100 / 60"..., 41  libavformat    60.  3.100 / 60.  3.100
) = 41
write(2, "  libavdevice    60.  1.100 / 60"..., 41  libavdevice    60.  1.100 / 60.  1.100
) = 41
write(2, "  libavfilter     9.  3.100 /  9"..., 41  libavfilter     9.  3.100 /  9.  3.100
) = 41
write(2, "  libswscale      7.  1.100 /  7"..., 41  libswscale      7.  1.100 /  7.  1.100
) = 41
write(2, "  libswresample   4. 10.100 /  4"..., 41  libswresample   4. 10.100 /  4. 10.100
) = 41
write(2, "  libpostproc    57.  1.100 / 57"..., 41  libpostproc    57.  1.100 / 57.  1.100
) = 41
openat(AT_FDCWD, "193039199_mp4_h264_aac_hq_7.ts", O_RDONLY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=905784, ...}) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "G@\21\20\0B\360*\0\1\301\0\0\0\1\377\0\1\374\200\31H\27\1\nlumberj"..., 32768) = 32768
brk(0x6d77000)                          = 0x6d77000
futex(0x53f5be8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=27028, ...}) = 0
mmap(NULL, 27028, PROT_READ, MAP_SHARED, 4, 0) = 0x7f03923d3000
close(4)                                = 0
futex(0x544da90, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=26872, ...}) = 0
mmap(NULL, 28728, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f03923cb000
mmap(0x7f03923cc000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1000) = 0x7f03923cc000
mmap(0x7f03923ce000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x7f03923ce000
mmap(0x7f03923d1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x5000) = 0x7f03923d1000
close(4)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=4958, ...}) = 0
mmap(NULL, 4958, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f03923c9000
close(4)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Ps\2\0\0\0\0\0"..., 832) = 832
lseek(4, 64, SEEK_SET)                  = 64
read(4, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784) = 784
lseek(4, 848, SEEK_SET)                 = 848
read(4, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\200\0\300\4\0\0\0\1\0\0\0\0\0\0\0", 32) = 32
lseek(4, 880, SEEK_SET)                 = 880
read(4, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\4\1\275\215\246\355\253>E9\235bW\23W\253"..., 68) = 68
fstat(4, {st_mode=S_IFREG|0755, st_size=1922136, ...}) = 0
lseek(4, 64, SEEK_SET)                  = 64
read(4, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784) = 784
mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f03921e8000
mmap(0x7f039220e000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x26000) = 0x7f039220e000
mmap(0x7f0392363000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x17b000) = 0x7f0392363000
mmap(0x7f03923b6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1ce000) = 0x7f03923b6000
mmap(0x7f03923bc000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f03923bc000
close(4)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\251\1\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=210968, ...}) = 0
mmap(NULL, 209624, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f03921b4000
mmap(0x7f03921b5000, 151552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1000) = 0x7f03921b5000
mmap(0x7f03921da000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x26000) = 0x7f03921da000
mmap(0x7f03921e4000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x30000) = 0x7f03921e4000
close(4)                                = 0
mprotect(0x7f03921e4000, 8192, PROT_READ) = 0
mprotect(0x7f03923b6000, 16384, PROT_READ) = 0
mprotect(0x7f03923d1000, 4096, PROT_READ) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x27020} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault

[Stéphane Diemer]

The problem also occurs on the latest build from the master branch:

root@085c65e3ce14:/tmp# /tmp/ffmpeg-git-20230621-amd64-static/ffprobe 193039199_mp4_h264_aac_hq_7.ts
ffprobe version N-66244-g468615f204-static https://johnvansickle.com/ffmpeg/  Copyright (c) 2007-2023 the FFmpeg developers
  built with gcc 8 (Debian 8.3.0-6)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
  libavutil      58. 13.101 / 58. 13.101
  libavcodec     60. 21.100 / 60. 21.100
  libavformat    60.  9.100 / 60.  9.100
  libavdevice    60.  2.100 / 60.  2.100
  libavfilter     9.  8.102 /  9.  8.102
  libswscale      7.  3.100 /  7.  3.100
  libswresample   4. 11.100 /  4. 11.100
  libpostproc    57.  2.100 / 57.  2.100
Segmentation fault (core dumped)

[Stéphane Diemer]

When I take a look at the ffprobe header, it shows that it has been compiled with an old version of gcc : 8.3.0.
Debian 11 comes with gcc 10.X and Debian 12 with gcc 12.X.
The problem is probably linked to these outdated libraries.