[FFmpeg-trac] #182(avformat:open): libavformat crashes on damaged mp3
FFmpeg
trac at avcodec.org
Tue May 10 00:41:26 CEST 2011
#182: libavformat crashes on damaged mp3
-----------------------+-----------------------
Reporter: jwarren | Owner:
Type: defect | Status: open
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: regression | Blocked By:
Blocking: | Reproduced: 1
Analyzed: 0 |
-----------------------+-----------------------
Changes (by cehoyos):
* keywords: => regression
* status: new => open
* version: git => git-master
* reproduced: 0 => 1
Comment:
For future bug reports, please consider reading
http://ffmpeg.org/bugreports.html
{{{
(gdb) r -i Allaby_cut.mp3
Starting program: ffmpeg_g -i Allaby_cut.mp3
ffmpeg version git-N-29734-g38bb5a5, Copyright (c) 2000-2011 the FFmpeg
developers
built on May 10 2011 00:36:05 with gcc 4.5.2
configuration: --cc='/usr/local/gcc-4.5.2/bin/gcc -m32' --enable-gpl
libavutil 51. 2. 1 / 51. 2. 1
libavcodec 53. 5. 0 / 53. 5. 0
libavformat 53. 0. 3 / 53. 0. 3
libavdevice 53. 0. 0 / 53. 0. 0
libavfilter 2. 5. 0 / 2. 5. 0
libswscale 0. 14. 0 / 0. 14. 0
Program received signal SIGSEGV, Segmentation fault.
0x081657c6 in ff_id3v2_parse (flags=<value optimized out>, version=4
'\004', len=17922, s=0x8c97b20) at libavformat/id3v2.c:263
263 buffer[j] = avio_r8(s->pb);
(gdb) bt
#0 0x081657c6 in ff_id3v2_parse (flags=<value optimized out>, version=4
'\004', len=17922, s=0x8c97b20) at libavformat/id3v2.c:263
#1 ff_id3v2_read (flags=<value optimized out>, version=4 '\004',
len=17922, s=0x8c97b20) at libavformat/id3v2.c:316
#2 0x0814de96 in av_open_input_stream (ic_ptr=0xffffce2c, pb=0x8ca00c0,
filename=0xffffd285 "Allaby_cut.mp3", fmt=0x871a520, ap=0xffffce04) at
libavformat/utils.c:442
#3 0x0814e516 in av_open_input_file (ic_ptr=0xffffce2c,
filename=0xffffd285 "Allaby_cut.mp3", fmt=0x871a520, buf_size=0,
ap=0xffffce04) at libavformat/utils.c:613
#4 0x08054f7f in opt_input_file (filename=<value optimized out>) at
ffmpeg.c:3262
#5 0x08059636 in parse_options (argc=3, argv=0xffffd014,
options=0x85e1880, parse_arg_function=0x8057b40 <opt_output_file>) at
cmdutils.c:282
#6 0x08058699 in main (argc=3, argv=0xffffd014) at ffmpeg.c:4486
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x81657a6 to 0x81657e6:
0x081657a6 <ff_id3v2_parse+1301>: je 0x8165ba9
<ff_id3v2_parse+2328>
0x081657ac <ff_id3v2_parse+1307>: mov 0x10(%edi),%eax
0x081657af <ff_id3v2_parse+1310>: mov 0xdc(%esp),%edx
0x081657b6 <ff_id3v2_parse+1317>: mov %eax,(%esp)
0x081657b9 <ff_id3v2_parse+1320>: mov %edx,0x20(%esp)
0x081657bd <ff_id3v2_parse+1324>: call 0x80bd0f0 <avio_r8>
0x081657c2 <ff_id3v2_parse+1329>: mov 0x20(%esp),%edx
0x081657c6 <ff_id3v2_parse+1333>: mov %al,(%edx)
0x081657c8 <ff_id3v2_parse+1335>: xor %eax,%eax
0x081657ca <ff_id3v2_parse+1337>: mov 0xdc(%esp),%ecx
0x081657d1 <ff_id3v2_parse+1344>: mov %ebp,0x34(%esp)
0x081657d5 <ff_id3v2_parse+1348>: mov %eax,%ebp
0x081657d7 <ff_id3v2_parse+1350>: xor %edx,%edx
0x081657d9 <ff_id3v2_parse+1352>: add $0x1,%ebp
0x081657dc <ff_id3v2_parse+1355>: cmp %ebp,0x2c(%esp)
0x081657e0 <ff_id3v2_parse+1359>: mov %ebx,0x50(%esp)
0x081657e4 <ff_id3v2_parse+1363>: mov %edx,%ebx
End of assembler dump.
(gdb) info register
eax 0x4f 79
ecx 0xffffcc7c -13188
edx 0x0 0
ebx 0x16e 366
esp 0xffffcba0 0xffffcba0
ebp 0x3 0x3
esi 0x0 0
edi 0x8c97b20 147421984
eip 0x81657c6 0x81657c6 <ff_id3v2_parse+1333>
eflags 0x10282 [ SF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
}}}
--
Ticket URL: <https://avcodec.org/trac/ffmpeg/ticket/182#comment:2>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list