[FFmpeg-trac] #4873(avcodec:new): crashes in h264 decoder(decode_postinit)

FFmpeg trac at avcodec.org
Tue Sep 22 17:44:44 CEST 2015 

#4873: crashes in h264 decoder(decode_postinit)
-------------------------------------+-----------------------------------
             Reporter:  zylthinking  |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  important    |                Component:  avcodec
              Version:  unspecified  |               Resolution:
             Keywords:  h264 crash   |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-----------------------------------
Description changed by Timothy_Gu:

Old description:

> Summary of the bug:
> I/DEBUG   ( 7075): *** *** *** *** *** *** *** *** *** *** *** *** ***
> *** *** ***
> I/DEBUG   ( 7075): Build fingerprint:
> 'Sony/L36h_1270-9104/L36h:4.2.2/10.3.1.A.2.67/vPd3rg:user/release-keys'
> I/DEBUG   ( 7075): Revision: '0'
> I/DEBUG   ( 7075): pid: 26530, tid: 26565, name: libmm.demo2  >>>
> libmm.demo2 <<<
> I/DEBUG   ( 7075):''' signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault
> addr 00000058'''
> I/DEBUG   ( 7075):     r0 77cb1020  r1 00000001  r2 00000002  r3 00000000
> I/DEBUG   ( 7075):     r4 77cb1020  r5 00000000  r6 00000001  r7 77cb1e80
> I/DEBUG   ( 7075):     r8 00000942  r9 77ab0c2c  sl 6ef44620  fp 6e979dd0
> I/DEBUG   ( 7075):     ip 00000000  sp 77ab0ac0  lr 75c98a68  pc 75c95408
> cpsr 60000010
> I/DEBUG   ( 7075):
> I/DEBUG   ( 7075): backtrace:
> I/DEBUG   ( 7075):     #00  pc 00163408  /data/app-
> lib/libmm.demo2-2/libmedia2.so (decode_postinit+48)
> I/DEBUG   ( 7075):     #01  pc 00166a64  /data/app-
> lib/libmm.demo2-2/libmedia2.so (h264_decode_frame+948)
>

> 001633d8 <decode_postinit>:
>   1633d8:       e30b3968        movw    r3, #47464      ; 0xb968
>   1633dc:       e3403008        movt    r3, #8
>   1633e0:       e30b2d30        movw    r2, #48432      ; 0xbd30
>   1633e4:       e3402008        movt    r2, #8
>

>   1633e8:       e7903003        ldr     r3, [r0, r3]
>   1633ec:       e92d4ff0        push    {r4, r5, r6, r7, r8, r9, sl, fp,
> lr}
>   1633f0:       e3530000        cmp     r3, #0
>   1633f4:       e59055e0        ldr     r5, [r0, #1504] ; 0x5e0
>   1633f8:       e24dd014        sub     sp, sp, #20
>   1633fc:       e7902002        ldr     r2, [r0, r2]
>   163400:       e1a04000        mov     r4, r0
>   163404:       e1a06001        mov     r6, r1
>  ''' 163408:    e5852058        str     r2, [r5, #88]   ; 0x58
> -------------------------- here'''
>

>
>     if (h->next_output_pic)
>         return;
>   16340c:       0a000001        beq     163418 <decode_postinit+0x40>
>   163410:       e28dd014        add     sp, sp, #20
>   163414:       e8bd8ff0        pop     {r4, r5, r6, r7, r8, r9, sl, fp,
> pc}
>
> How to reproduce:
> {{{
> play video stream from rtmp://62.113.210.250:1935/medienasa-live/ok-
> magdeburg_high
> after some time, it crashes
> all the input stream seems to be roght, (having a correct nalu header at
> least)
> }}}

New description:

 Summary of the bug:

 {{{
 I/DEBUG   ( 7075): *** *** *** *** *** *** *** *** *** *** *** *** *** ***
 *** ***
 I/DEBUG   ( 7075): Build fingerprint:
 'Sony/L36h_1270-9104/L36h:4.2.2/10.3.1.A.2.67/vPd3rg:user/release-keys'
 I/DEBUG   ( 7075): Revision: '0'
 I/DEBUG   ( 7075): pid: 26530, tid: 26565, name: libmm.demo2  >>>
 libmm.demo2 <<<
 I/DEBUG   ( 7075):''' signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault
 addr 00000058'''
 I/DEBUG   ( 7075):     r0 77cb1020  r1 00000001  r2 00000002  r3 00000000
 I/DEBUG   ( 7075):     r4 77cb1020  r5 00000000  r6 00000001  r7 77cb1e80
 I/DEBUG   ( 7075):     r8 00000942  r9 77ab0c2c  sl 6ef44620  fp 6e979dd0
 I/DEBUG   ( 7075):     ip 00000000  sp 77ab0ac0  lr 75c98a68  pc 75c95408
 cpsr 60000010
 I/DEBUG   ( 7075):
 I/DEBUG   ( 7075): backtrace:
 I/DEBUG   ( 7075):     #00  pc 00163408  /data/app-
 lib/libmm.demo2-2/libmedia2.so (decode_postinit+48)
 I/DEBUG   ( 7075):     #01  pc 00166a64  /data/app-
 lib/libmm.demo2-2/libmedia2.so (h264_decode_frame+948)


 001633d8 <decode_postinit>:
   1633d8:       e30b3968        movw    r3, #47464      ; 0xb968
   1633dc:       e3403008        movt    r3, #8
   1633e0:       e30b2d30        movw    r2, #48432      ; 0xbd30
   1633e4:       e3402008        movt    r2, #8


   1633e8:       e7903003        ldr     r3, [r0, r3]
   1633ec:       e92d4ff0        push    {r4, r5, r6, r7, r8, r9, sl, fp,
 lr}
   1633f0:       e3530000        cmp     r3, #0
   1633f4:       e59055e0        ldr     r5, [r0, #1504] ; 0x5e0
   1633f8:       e24dd014        sub     sp, sp, #20
   1633fc:       e7902002        ldr     r2, [r0, r2]
   163400:       e1a04000        mov     r4, r0
   163404:       e1a06001        mov     r6, r1
  ''' 163408:    e5852058        str     r2, [r5, #88]   ; 0x58
 -------------------------- here'''



     if (h->next_output_pic)
         return;
   16340c:       0a000001        beq     163418 <decode_postinit+0x40>
   163410:       e28dd014        add     sp, sp, #20
   163414:       e8bd8ff0        pop     {r4, r5, r6, r7, r8, r9, sl, fp,
 pc}
 }}}

 How to reproduce:
 {{{
 play video stream from rtmp://62.113.210.250:1935/medienasa-live/ok-
 magdeburg_high
 after some time, it crashes
 all the input stream seems to be roght, (having a correct nalu header at
 least)
 }}}

--

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4873#comment:5>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list