Opened 12 years ago

Closed 12 years ago

#1364 closed defect (fixed)

Crash reading jv

Reported by: Carl Eugen Hoyos Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: jv crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

(gdb) r -vcodec jv -i blox.avi -f null -
Starting program: ffmpeg_g -vcodec jv -i blox.avi -f null -
[Thread debugging using libthread_db enabled]
[New Thread 0xb79556c0 (LWP 21071)]
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg developers
  built on May 28 2012 14:04:27 with gcc 4.3.2
  configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
  libavutil      51. 55.100 / 51. 55.100
  libavcodec     54. 23.100 / 54. 23.100
  libavformat    54.  6.101 / 54.  6.101
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     2. 77.100 /  2. 77.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
Input #0, avi, from 'blox.avi':
  Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
    Stream #0:0: Video: jv (BLOX / 0x584F4C42), pal8, 320x240, 23.97 tbr, 23.97 tbn, 23.97 tbc
[buffer @ 0x901fee0] w:320 h:240 pixfmt:pal8 tb:100/2397 sar:0/1 sws_param:flags=2
[buffersink @ 0x9010100] No opaque field provided
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf54.6.101
    Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (jv -> rawvideo)
Press [q] to stop, [?] for help
[jv @ 0x901e700] unsupported frame type 103
Error while decoding stream #0:0
[jv @ 0x901e700] unsupported frame type 127
Error while decoding stream #0:0

...

[jv @ 0x901e700] unsupported frame type 35
Error while decoding stream #0:0
[jv @ 0x901e700] unsupported frame type 116
Error while decoding stream #0:0

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79556c0 (LWP 21071)]
0x0843c671 in decode_frame (avctx=0x901e700, data=0x9010540,
    data_size=0xbfbbf7c4, avpkt=0xbfbbf400) at ./libavutil/x86/bswap.h:44
44          __asm__("bswap   %0" : "+r" (x));
(gdb) bt
#0  0x0843c671 in decode_frame (avctx=0x901e700, data=0x9010540,
    data_size=0xbfbbf7c4, avpkt=0xbfbbf400) at ./libavutil/x86/bswap.h:44
#1  0x0858e1a5 in avcodec_decode_video2 (avctx=0x901e700, picture=0x9010540,
    got_picture_ptr=0xbfbbf6a4, avpkt=0x95d) at libavcodec/utils.c:1464
#2  0x08058a3e in output_packet (ist=0x901ef40, pkt=0xbfbc0b3c)
    at ffmpeg.c:2645
#3  0x0805b410 in transcode () at ffmpeg.c:3662
#4  0x0805c556 in main (argc=Cannot access memory at address 0x0
) at ffmpeg.c:5926
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x843c651 to 0x843c691:
0x0843c651 <decode_frame+657>:  adc    $0xb,%al
0x0843c653 <decode_frame+659>:  add    %al,(%eax)
0x0843c655 <decode_frame+661>:  mov    %eax,0x30(%esp)
0x0843c659 <decode_frame+665>:  mov    0x4c(%esp),%eax
0x0843c65d <decode_frame+669>:  imul   0x30(%esp),%eax
0x0843c662 <decode_frame+674>:  add    0x48(%esp),%eax
0x0843c666 <decode_frame+678>:  add    %edx,%eax
0x0843c668 <decode_frame+680>:  mov    %eax,0x34(%esp)
0x0843c66c <decode_frame+684>:  mov    %esi,%eax
0x0843c66e <decode_frame+686>:  shr    $0x3,%eax
0x0843c671 <decode_frame+689>:  mov    (%ecx,%eax,1),%eax
0x0843c674 <decode_frame+692>:  mov    %esi,%ecx
0x0843c676 <decode_frame+694>:  and    $0x7,%ecx
0x0843c679 <decode_frame+697>:  lea    0x2(%esi),%edx
0x0843c67c <decode_frame+700>:  bswap  %eax
0x0843c67e <decode_frame+702>:  shl    %cl,%eax
0x0843c680 <decode_frame+704>:  shr    $0xfe,%eax
0x0843c683 <decode_frame+707>:  cmp    %ebp,%edx
0x0843c685 <decode_frame+709>:  jbe    0x843c689 <decode_frame+713>
0x0843c687 <decode_frame+711>:  mov    %ebp,%edx
0x0843c689 <decode_frame+713>:  cmp    $0x2,%eax
0x0843c68c <decode_frame+716>:  mov    %edx,%esi
0x0843c68e <decode_frame+718>:  jne    0x843c618 <decode_frame+600>
0x0843c690 <decode_frame+720>:  mov    0x70(%esp),%ecx
End of assembler dump.
(gdb) info register
eax            0x0      0
ecx            0x0      0
edx            0x9049e00        151297536
ebx            0x140    320
esp            0xbfbbf2f0       0xbfbbf2f0
ebp            0x8      0x8
esi            0x0      0
edi            0xffffffff       -1
eip            0x843c671        0x843c671 <decode_frame+689>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51

Attachments (1)

blox.avi (1.2 MB ) - added by Carl Eugen Hoyos 12 years ago.

Download all attachments as: .zip

Change History (2)

by Carl Eugen Hoyos, 12 years ago

Attachment: blox.avi added

comment:1 by Michael Niedermayer, 12 years ago

Reproduced by developer: set
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.