Opened 12 years ago

Closed 12 years ago

#1155 closed defect (fixed)

jpeg: crash with lowres when s->flipped == 1

Reported by: ami_stuff Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

https://roundup.libav.org/file556/inteljpeg.avi

(gdb) r -vlowres 1 -i inteljpeg.avi
Starting program: d:\mingw\msys\1.0\ffmpeg-head-4246032\ffmpeg_g.exe -vlowres 1
-i inteljpeg.avi
[New Thread 2816.0xa7c]
ffmpeg version 0.9.1.git-4246032 Copyright (c) 2000-2012 the FFmpeg developers
  built on Mar 22 2012 16:12:00 with gcc 4.6.1
  configuration: --disable-ffprobe
  libavutil      51. 44.100 / 51. 44.100
  libavcodec     54. 12.100 / 54. 12.100
  libavformat    54.  2.100 / 54.  2.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 65.102 /  2. 65.102
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  7.100 /  0.  7.100
[mp3 @ 0397f980] Header missing

Program received signal SIGSEGV, Segmentation fault.
put_pixels_clamped4_c (line_size=-96,
    pixels=0x3f081f0 <Address 0x3f081f0 out of bounds>, block=0x3ee1c70)
    at libavcodec/dsputil.c:394
394             pixels[0] = av_clip_uint8(block[0]);
(gdb) bt
#0  put_pixels_clamped4_c (line_size=-96,
    pixels=0x3f081f0 <Address 0x3f081f0 out of bounds>, block=0x3ee1c70)
    at libavcodec/dsputil.c:394
#1  ff_jref_idct4_put (dest=0x3f081f0 <Address 0x3f081f0 out of bounds>,
    line_size=-96, block=0x3ee1c70) at libavcodec/dsputil.c:2755
#2  0x005df0d6 in mjpeg_decode_scan (reference=0x0, Al=0, Ah=0,
    nb_components=3, s=0x3ee16c0, mb_bitmask=<optimized out>)
    at libavcodec/mjpegdec.c:1029
#3  ff_mjpeg_decode_sos (s=0x3ee16c0, mb_bitmask=<optimized out>,
    reference=<optimized out>) at libavcodec/mjpegdec.c:1250
#4  ff_mjpeg_decode_frame (avctx=0x3ee0920, data=0x22f6e8,
    data_size=0x22f898, avpkt=0x22f658) at libavcodec/mjpegdec.c:1696
#5  0x004fb828 in avcodec_decode_video2 (avctx=0x3ee0920, picture=0x22f6e8,
    got_picture_ptr=0x22f898, avpkt=0x22f850) at libavcodec/utils.c:1358
#6  0x00434f17 in try_decode_frame (st=0x3981260, avpkt=<optimized out>,
    options=<optimized out>) at libavformat/utils.c:2263
#7  0x0043c777 in avformat_find_stream_info (ic=0x3972340, options=0x3981800)
    at libavformat/utils.c:2568
#8  0x0040d985 in opt_input_file (o=0x22fdb8, opt=0x3980e17 "i",
    filename=<optimized out>) at ffmpeg.c:3735
#9  0x00411d17 in parse_option (optctx=0x22fdb8, opt=<optimized out>,
    arg=0x3980e19 "inteljpeg.avi", options=0xafc6c0) at cmdutils.c:300
#10 0x00411f7a in parse_options (optctx=0x22fdb8, argc=5,
    argv=<optimized out>, options=0xafc6c0,
    parse_arg_function=0x40ee28 <opt_output_file>) at cmdutils.c:333
#11 0x00a9facd in main (argc=5, argv=0x3980d80) at ffmpeg.c:5176

Change History (2)

comment:1 by Carl Eugen Hoyos, 12 years ago

Keywords: regression added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master

Regression since 5dc6bd.

comment:2 by Michael Niedermayer, 12 years ago

Resolution: fixed
Status: openclosed

Locally fixed

Note: See TracTickets for help on using tickets.