Opened 13 years ago
Closed 13 years ago
#1362 closed defect (fixed)
Crash reading iff_ilbm
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | iff crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
(gdb) r -vcodec iff_ilbm -i blox.avi
Starting program: ffmpeg_g -vcodec iff_ilbm -i blox.avi
[Thread debugging using libthread_db enabled]
[New Thread 0xb797d6c0 (LWP 20781)]
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg developers
built on May 28 2012 14:04:27 with gcc 4.3.2
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
libavutil 51. 55.100 / 51. 55.100
libavcodec 54. 23.100 / 54. 23.100
libavformat 54. 6.101 / 54. 6.101
libavdevice 54. 0.100 / 54. 0.100
libavfilter 2. 77.100 / 2. 77.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb797d6c0 (LWP 20781)]
extract_header (avctx=0x901e700, avpkt=0x0) at libavcodec/iff.c:194
194 int palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
(gdb) bt
#0 extract_header (avctx=0x901e700, avpkt=0x0) at libavcodec/iff.c:194
#1 0x08413dde in decode_init (avctx=0x901e700) at libavcodec/iff.c:335
#2 0x08590345 in avcodec_open2 (avctx=0x901e700, codec=Cannot access memory at address 0x4
)
at libavcodec/utils.c:925
#3 0x0819e8ac in avformat_find_stream_info (ic=0x9018440, options=0x90183c0)
at libavformat/utils.c:2485
#4 0x0805682b in opt_input_file (o=0xbfbaa228, opt=0xbfbab280 "i",
filename=0xbfbab282 "blox.avi") at ffmpeg.c:4327
#5 0x08062d72 in parse_option (optctx=0xbfbaa228, opt=0xbfbab280 "i",
arg=0xbfbab282 "blox.avi", options=0x88e7540) at cmdutils.c:305
#6 0x08063103 in parse_options (optctx=0xbfbaa228, argc=5, argv=0xbfbaa454,
options=0x88e7540, parse_arg_function=0x805d420 <opt_output_file>)
at cmdutils.c:338
#7 0x0805c4f6 in main (argc=5, argv=0xbfbaa454) at ffmpeg.c:5906
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8411cae to 0x8411cee:
0x08411cae: add %al,(%eax)
0x08411cb0 <extract_header+0>: sub $0x4c,%esp
0x08411cb3 <extract_header+3>: mov %esi,0x40(%esp)
0x08411cb7 <extract_header+7>: mov %eax,%esi
0x08411cb9 <extract_header+9>: mov %ebp,0x48(%esp)
0x08411cbd <extract_header+13>: mov %ebx,0x3c(%esp)
0x08411cc1 <extract_header+17>: mov %edi,0x44(%esp)
0x08411cc5 <extract_header+21>: mov 0x64(%eax),%ebx
0x08411cc8 <extract_header+24>: mov 0x68(%eax),%ecx
0x08411ccb <extract_header+27>: mov 0x40(%eax),%edi
0x08411cce <extract_header+30>: movzwl (%ebx),%eax
0x08411cd1 <extract_header+33>: mov %ecx,%ebp
0x08411cd3 <extract_header+35>: rol $0x8,%ax
0x08411cd7 <extract_header+39>: movzwl %ax,%eax
0x08411cda <extract_header+42>: sub %eax,%ebp
0x08411cdc <extract_header+44>: test %edx,%edx
0x08411cde <extract_header+46>: mov %ebp,0x2c(%esp)
0x08411ce2 <extract_header+50>: je 0x8411e10 <extract_header+352>
0x08411ce8 <extract_header+56>: mov 0x14(%edx),%ecx
0x08411ceb <extract_header+59>: cmp $0x1,%ecx
End of assembler dump.
(gdb) info register
eax 0x901e700 151119616
ecx 0x0 0
edx 0x0 0
ebx 0x0 0
esp 0xbfba9c40 0xbfba9c40
ebp 0x90183c0 0x90183c0
esi 0x901e700 151119616
edi 0x901f100 151122176
eip 0x8411cce 0x8411cce <extract_header+30>
eflags 0x10282 [ SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
Change History (1)
comment:1 by , 13 years ago
| Reproduced by developer: | set |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
