[FFmpeg-trac] #456(avcodec:new): Invalid read in get_vlc2

FFmpeg trac at avcodec.org
Sun Sep 11 00:20:57 CEST 2011 

#456: Invalid read in get_vlc2
--------------------------------------+---------------------------------
               Reporter:  cehoyos     |                  Owner:
                   Type:  defect      |                 Status:  new
               Priority:  important   |              Component:  avcodec
                Version:  git-master  |               Keywords:
             Blocked By:              |               Blocking:
Reproduced by developer:  1           |  Analyzed by developer:  0
--------------------------------------+---------------------------------
 Found using fenrir's text file.
 {{{
 (gdb) r -i audio-switch-z14-2.m2ts

 Starting program: ffmpeg_g -i audio-switch-z14-2.m2ts
 [Thread debugging using libthread_db enabled]
 ffmpeg version N-32449-g8fd1da5, Copyright (c) 2000-2011 the FFmpeg
 developers
   built on Sep 10 2011 23:48:36 with gcc 4.5.3
   configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32' --disable-
 optimizations
   libavutil    51. 16. 0 / 51. 16. 0
   libavcodec   53. 13. 0 / 53. 13. 0
   libavformat  53. 12. 0 / 53. 12. 0
   libavdevice  53.  3. 0 / 53.  3. 0
   libavfilter   2. 39. 0 /  2. 39. 0
   libswscale    2.  1. 0 /  2.  1. 0

 ...

 Program received signal SIGSEGV, Segmentation fault.
 0x0853a034 in get_vlc2 (s=0xffffc884, table=0x0, bits=7, max_depth=1) at
 libavcodec/get_bits.h:514
 514         GET_VLC(code, re, s, table, bits, max_depth);
 (gdb) bt
 #0  0x0853a034 in get_vlc2 (s=0xffffc884, table=0x0, bits=7, max_depth=1)
 at libavcodec/get_bits.h:514
 #1  0x0853cda8 in vc1_parse_frame_header_adv (v=0x8cb9f08, gb=0xffffc884)
 at libavcodec/vc1.c:854
 #2  0x083fcc93 in vc1_extract_headers (s=0x8cb9da0, avctx=0x8ca1de0,
 buf=0x8d0f340 "", buf_size=52777)
     at libavcodec/vc1_parser.c:69
 #3  0x083fced6 in vc1_parse (s=0x8cb9da0, avctx=0x8ca1de0,
 poutbuf=0xffffcbf4, poutbuf_size=0xffffcbf8,
     buf=0x8d0f340 "", buf_size=52777) at libavcodec/vc1_parser.c:160
 #4  0x08369ead in av_parser_parse2 (s=0x8cb9da0, avctx=0x8ca1de0,
 poutbuf=0xffffcbf4,
     poutbuf_size=0xffffcbf8, buf=0x8cfde60 "", buf_size=7058,
 pts=55092341, dts=55084835, pos=355460)
     at libavcodec/parser.c:149
 #5  0x0814e1b0 in read_frame_internal (s=0x8c9caa0, pkt=0xffffcbe4) at
 libavformat/utils.c:1162
 #6  0x08151c14 in avformat_find_stream_info (ic=0x8c9caa0,
 options=0x8ca4fe0) at libavformat/utils.c:2385
 #7  0x080555ba in opt_input_file (o=0xffffcebc, opt=0xffffd285 "i",
     filename=0xffffd287 "audio-switch-z14-2.m2ts") at ffmpeg.c:3207
 #8  0x08059a02 in parse_option (optctx=0xffffcebc, opt=0xffffd285 "i",
     arg=0xffffd287 "audio-switch-z14-2.m2ts", options=0x85b6aa0) at
 cmdutils.c:265
 #9  0x08059b2c in parse_options (optctx=0xffffcebc, argc=3,
 argv=0xffffd014, options=0x85b6aa0,
     parse_arg_function=0x8056b5e <opt_output_file>) at cmdutils.c:298
 #10 0x08058df9 in main (argc=3, argv=0xffffd014) at ffmpeg.c:4469
 (gdb) disass $pc-32 $pc+32
 Dump of assembler code from 0x853a014 to 0x853a054:
 0x0853a014 <get_vlc2+52>:       inc    %ebp
 0x0853a015 <get_vlc2+53>:       adc    %cl,(%edi)
 0x0853a017 <get_vlc2+55>:       mov    $0x244489c0,%esi
 0x0853a01c <get_vlc2+60>:       add    $0x8b,%al
 0x0853a01e <get_vlc2+62>:       inc    %ebp
 0x0853a01f <get_vlc2+63>:       hlt
 0x0853a020 <get_vlc2+64>:       mov    %eax,(%esp)
 0x0853a023 <get_vlc2+67>:       call   0x8539d7b <NEG_USR32>
 0x0853a028 <get_vlc2+72>:       mov    %eax,-0x14(%ebp)
 0x0853a02b <get_vlc2+75>:       mov    -0x14(%ebp),%eax
 0x0853a02e <get_vlc2+78>:       shl    $0x2,%eax
 0x0853a031 <get_vlc2+81>:       add    0xc(%ebp),%eax
 0x0853a034 <get_vlc2+84>:       movzwl (%eax),%eax
 0x0853a037 <get_vlc2+87>:       cwtl
 0x0853a038 <get_vlc2+88>:       mov    %eax,-0x4(%ebp)
 0x0853a03b <get_vlc2+91>:       mov    -0x14(%ebp),%eax
 0x0853a03e <get_vlc2+94>:       shl    $0x2,%eax
 0x0853a041 <get_vlc2+97>:       add    0xc(%ebp),%eax
 0x0853a044 <get_vlc2+100>:      movzwl 0x2(%eax),%eax
 0x0853a048 <get_vlc2+104>:      cwtl
 0x0853a049 <get_vlc2+105>:      mov    %eax,-0x10(%ebp)
 0x0853a04c <get_vlc2+108>:      cmpl   $0x1,0x14(%ebp)
 0x0853a050 <get_vlc2+112>:      jle    0x853a14c <get_vlc2+364>
 End of assembler dump.
 (gdb) info registers
 eax            0x8      8
 ecx            0xfffffff9       -7
 edx            0xfffffff9       -7
 ebx            0x21     33
 esp            0xffffc7f0       0xffffc7f0
 ebp            0xffffc818       0xffffc818
 esi            0x0      0
 edi            0x8ca1de0        147463648
 eip            0x853a034        0x853a034 <get_vlc2+84>
 eflags         0x210202 [ IF RF ID ]
 cs             0x23     35
 ss             0x2b     43
 ds             0x2b     43
 es             0x2b     43
 fs             0x0      0
 gs             0x63     99
 }}}

-- 
Ticket URL: <https://avcodec.org/trac/ffmpeg/ticket/456>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list