[FFmpeg-trac] #1364(avcodec:new): Crash reading jv

FFmpeg trac at avcodec.org
Mon May 28 15:52:47 CEST 2012 

#1364: Crash reading jv
-------------------------------------+-------------------------------------
               Reporter:  cehoyos    |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  important  |              Component:  avcodec
                Version:  git-       |               Keywords:  jv crash
  master                             |  SIGSEGV
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 (gdb) r -vcodec jv -i blox.avi -f null -
 Starting program: ffmpeg_g -vcodec jv -i blox.avi -f null -
 [Thread debugging using libthread_db enabled]
 [New Thread 0xb79556c0 (LWP 21071)]
 ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on May 28 2012 14:04:27 with gcc 4.3.2
   configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-
 libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame
 --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
   libavutil      51. 55.100 / 51. 55.100
   libavcodec     54. 23.100 / 54. 23.100
   libavformat    54.  6.101 / 54.  6.101
   libavdevice    54.  0.100 / 54.  0.100
   libavfilter     2. 77.100 /  2. 77.100
   libswscale      2.  1.100 /  2.  1.100
   libswresample   0. 15.100 /  0. 15.100
   libpostproc    52.  0.100 / 52.  0.100
 Input #0, avi, from 'blox.avi':
   Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
     Stream #0:0: Video: jv (BLOX / 0x584F4C42), pal8, 320x240, 23.97 tbr,
 23.97 tbn, 23.97 tbc
 [buffer @ 0x901fee0] w:320 h:240 pixfmt:pal8 tb:100/2397 sar:0/1
 sws_param:flags=2
 [buffersink @ 0x9010100] No opaque field provided
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf54.6.101
     Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k
 tbn, 23.97 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (jv -> rawvideo)
 Press [q] to stop, [?] for help
 [jv @ 0x901e700] unsupported frame type 103
 Error while decoding stream #0:0
 [jv @ 0x901e700] unsupported frame type 127
 Error while decoding stream #0:0

 ...

 [jv @ 0x901e700] unsupported frame type 35
 Error while decoding stream #0:0
 [jv @ 0x901e700] unsupported frame type 116
 Error while decoding stream #0:0

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0xb79556c0 (LWP 21071)]
 0x0843c671 in decode_frame (avctx=0x901e700, data=0x9010540,
     data_size=0xbfbbf7c4, avpkt=0xbfbbf400) at ./libavutil/x86/bswap.h:44
 44          __asm__("bswap   %0" : "+r" (x));
 (gdb) bt
 #0  0x0843c671 in decode_frame (avctx=0x901e700, data=0x9010540,
     data_size=0xbfbbf7c4, avpkt=0xbfbbf400) at ./libavutil/x86/bswap.h:44
 #1  0x0858e1a5 in avcodec_decode_video2 (avctx=0x901e700,
 picture=0x9010540,
     got_picture_ptr=0xbfbbf6a4, avpkt=0x95d) at libavcodec/utils.c:1464
 #2  0x08058a3e in output_packet (ist=0x901ef40, pkt=0xbfbc0b3c)
     at ffmpeg.c:2645
 #3  0x0805b410 in transcode () at ffmpeg.c:3662
 #4  0x0805c556 in main (argc=Cannot access memory at address 0x0
 ) at ffmpeg.c:5926
 (gdb) disass $pc-32 $pc+32
 Dump of assembler code from 0x843c651 to 0x843c691:
 0x0843c651 <decode_frame+657>:  adc    $0xb,%al
 0x0843c653 <decode_frame+659>:  add    %al,(%eax)
 0x0843c655 <decode_frame+661>:  mov    %eax,0x30(%esp)
 0x0843c659 <decode_frame+665>:  mov    0x4c(%esp),%eax
 0x0843c65d <decode_frame+669>:  imul   0x30(%esp),%eax
 0x0843c662 <decode_frame+674>:  add    0x48(%esp),%eax
 0x0843c666 <decode_frame+678>:  add    %edx,%eax
 0x0843c668 <decode_frame+680>:  mov    %eax,0x34(%esp)
 0x0843c66c <decode_frame+684>:  mov    %esi,%eax
 0x0843c66e <decode_frame+686>:  shr    $0x3,%eax
 0x0843c671 <decode_frame+689>:  mov    (%ecx,%eax,1),%eax
 0x0843c674 <decode_frame+692>:  mov    %esi,%ecx
 0x0843c676 <decode_frame+694>:  and    $0x7,%ecx
 0x0843c679 <decode_frame+697>:  lea    0x2(%esi),%edx
 0x0843c67c <decode_frame+700>:  bswap  %eax
 0x0843c67e <decode_frame+702>:  shl    %cl,%eax
 0x0843c680 <decode_frame+704>:  shr    $0xfe,%eax
 0x0843c683 <decode_frame+707>:  cmp    %ebp,%edx
 0x0843c685 <decode_frame+709>:  jbe    0x843c689 <decode_frame+713>
 0x0843c687 <decode_frame+711>:  mov    %ebp,%edx
 0x0843c689 <decode_frame+713>:  cmp    $0x2,%eax
 0x0843c68c <decode_frame+716>:  mov    %edx,%esi
 0x0843c68e <decode_frame+718>:  jne    0x843c618 <decode_frame+600>
 0x0843c690 <decode_frame+720>:  mov    0x70(%esp),%ecx
 End of assembler dump.
 (gdb) info register
 eax            0x0      0
 ecx            0x0      0
 edx            0x9049e00        151297536
 ebx            0x140    320
 esp            0xbfbbf2f0       0xbfbbf2f0
 ebp            0x8      0x8
 esi            0x0      0
 edi            0xffffffff       -1
 eip            0x843c671        0x843c671 <decode_frame+689>
 eflags         0x10246  [ PF ZF IF RF ]
 cs             0x73     115
 ss             0x7b     123
 ds             0x7b     123
 es             0x7b     123
 fs             0x0      0
 gs             0x33     51
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1364>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list