Opened 13 years ago
Closed 13 years ago
#1363 closed defect (fixed)
Crash decoding motionpixels
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | motionpixels crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
(gdb) r -vcodec motionpixels -i blox.avi -f null -
Starting program: ffmpeg_g -vcodec motionpixels -i blox.avi -f null -
[Thread debugging using libthread_db enabled]
[New Thread 0xb79566c0 (LWP 20922)]
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg developers
built on May 28 2012 14:04:27 with gcc 4.3.2
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
libavutil 51. 55.100 / 51. 55.100
libavcodec 54. 23.100 / 54. 23.100
libavformat 54. 6.101 / 54. 6.101
libavdevice 54. 0.100 / 54. 0.100
libavfilter 2. 77.100 / 2. 77.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100
Input #0, avi, from 'blox.avi':
Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
Stream #0:0: Video: motionpixels (BLOX / 0x584F4C42), rgb555le, 320x240, 23.97 tbr, 23.97 tbn, 23.97 tbc
[buffer @ 0x901ff40] w:320 h:240 pixfmt:rgb555le tb:100/2397 sar:0/1 sws_param:flags=2
[buffersink @ 0x9010160] No opaque field provided
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf54.6.101
Stream #0:0: Video: rawvideo (RGB[15] / 0xF424752), rgb555le, 320x240, q=2-31, 200 kb/s, 90k tbn, 23.97 tbc
Stream mapping:
Stream #0:0 -> #0:0 (motionpixels -> rawvideo)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79566c0 (LWP 20922)]
0x08464ab9 in mp_decode_frame (avctx=0x901e6e0, data=0x90105c0,
data_size=0xbfd16bd4, avpkt=0xbfd16810) at libavcodec/motionpixels.c:268
268 for (i = !(avctx->extradata[1] & 2); i < 2; ++i) {
(gdb) bt
#0 0x08464ab9 in mp_decode_frame (avctx=0x901e6e0, data=0x90105c0,
data_size=0xbfd16bd4, avpkt=0xbfd16810) at libavcodec/motionpixels.c:268
#1 0x0858e1a5 in avcodec_decode_video2 (avctx=0x901e6e0, picture=0x90105c0,
got_picture_ptr=0xbfd16ab4, avpkt=0xb7c26140) at libavcodec/utils.c:1464
#2 0x08058a3e in output_packet (ist=0x901ef40, pkt=0xbfd17f4c)
at ffmpeg.c:2645
#3 0x0805b410 in transcode () at ffmpeg.c:3662
#4 0x0805c556 in main (argc=Cannot access memory at address 0x0
) at ffmpeg.c:5926
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8464a99 to 0x8464ad9:
0x08464a99 <mp_decode_frame+409>: add %al,(%eax)
0x08464a9b <mp_decode_frame+411>: movl $0x0,0x4(%esp)
0x08464aa3 <mp_decode_frame+419>: mov %eax,0x8(%esp)
0x08464aa7 <mp_decode_frame+423>: mov %edx,(%esp)
0x08464aaa <mp_decode_frame+426>: call 0x804c4c4 <memset@plt>
0x08464aaf <mp_decode_frame+431>: mov 0xc0(%esp),%esi
0x08464ab6 <mp_decode_frame+438>: mov 0x64(%esi),%eax
0x08464ab9 <mp_decode_frame+441>: movzbl 0x1(%eax),%edi
0x08464abd <mp_decode_frame+445>: shr %edi
0x08464abf <mp_decode_frame+447>: xor $0x1,%edi
0x08464ac2 <mp_decode_frame+450>: and $0x1,%edi
0x08464ac5 <mp_decode_frame+453>: lea 0x0(%esi),%esi
0x08464ac8 <mp_decode_frame+456>: mov 0xa0(%esp),%eax
0x08464acf <mp_decode_frame+463>: mov 0x98(%esp),%ebx
0x08464ad6 <mp_decode_frame+470>: mov 0xa8(%esp),%ebp
End of assembler dump.
(gdb) info register
eax 0x0 0
ecx 0x0 0
edx 0x0 0
ebx 0x90109c0 151062976
esp 0xbfd16710 0xbfd16710
ebp 0xbfd16810 0xbfd16810
esi 0x901e6e0 151119584
edi 0xffffffff -1
eip 0x8464ab9 0x8464ab9 <mp_decode_frame+441>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
Attachments (1)
Change History (2)
by , 13 years ago
comment:1 by , 13 years ago
| Reproduced by developer: | set |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
