Opened 12 years ago

Closed 12 years ago

#1635 closed defect (fixed)

snow crash 2

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: crash SIGSEGV snow
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://samples.mplayerhq.hu/V-codecs/mfuy.avi

(gdb) r -vcodec snow -i mfuy.avi -f null -
Starting program: d:\mingw\msys\1.0\ffmpeg\ffmpeg_g.exe -vcodec snow -i mfuy.avi
 -f null -
[New Thread 1752.0x738]
ffmpeg version 0.10.2.git Copyright (c) 2000-2012 the FFmpeg developers
  built on Jun 28 2012 19:36:59 with gcc 4.6.1
  configuration: --disable-ffprobe --disable-ffplay --disable-asm
  libavutil      51. 63.100 / 51. 63.100
  libavcodec     54. 29.101 / 54. 29.101
  libavformat    54. 11.100 / 54. 11.100
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     3.  0.100 /  3.  0.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
[snow @ 03a3db20] Error s->version is 3
    Last message repeated 1 times
[snow @ 03a3db20] Error s->version is 14
[snow @ 03a3db20] Error s->version is 8
[snow @ 03a3db20] Error s->version is 12
[snow @ 03a3db20] Error s->version is 2

Program received signal SIGSEGV, Segmentation fault.
0x007cb5c5 in decode_subband_slice_buffered (save_state=<optimized out>,
    h=12, start_y=0, sb=0x3e1cd30, b=0x3d1b9f8, s=0x3c10020)
    at libavcodec/snowdec.c:118
118             v = b->x_coeff[new_index].coeff;
(gdb) bt
#0  0x007cb5c5 in decode_subband_slice_buffered (save_state=<optimized out>,
    h=12, start_y=0, sb=0x3e1cd30, b=0x3d1b9f8, s=0x3c10020)
    at libavcodec/snowdec.c:118
#1  decode_frame (avctx=0x3a3db20, data=0x22f6d0, data_size=0x22f898,
    avpkt=0x22f648) at libavcodec/snowdec.c:510
#2  0x00513e77 in avcodec_decode_video2 (avctx=0x3a3db20, picture=0x22f6d0,
    got_picture_ptr=0x22f898, avpkt=0x22f850) at libavcodec/utils.c:1485
#3  0x00441aff in try_decode_frame (st=0x3a3d950, avpkt=<optimized out>,
    options=<optimized out>) at libavformat/utils.c:2336
#4  0x00449b94 in avformat_find_stream_info (ic=0x3a3d3f0, options=0x3a3e100)
    at libavformat/utils.c:2660
#5  0x0040e963 in opt_input_file (o=0x22fdc8, opt=0x3a327a0 "i",
    filename=<optimized out>) at ffmpeg.c:4340
#6  0x004133b3 in parse_option (optctx=0x22fdc8, opt=<optimized out>,
    arg=0x3a327a2 "mfuy.avi", options=0xa9cd60) at cmdutils.c:311
#7  0x00413616 in parse_options (optctx=0x22fdc8, argc=8,
    argv=<optimized out>, options=0xa9cd60,
    parse_arg_function=0x40ff70 <opt_output_file>) at cmdutils.c:344
#8  0x00a3bd25 in main (argc=8, argv=0x3a32848) at ffmpeg.c:5914
(gdb)

Change History (3)

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: undeterminedavcodec
Keywords: snow added
Priority: normalimportant
Reproduced by developer: set
Status: newopen
Version: unspecifiedgit-master
(gdb) r -vcodec snow -i mfuy.avi
Starting program: /home/cehoyos/Projects/ffmpeg/ffmpeg_g -vcodec snow -i mfuy.avi
[Thread debugging using libthread_db enabled]
[New Thread 0xb764c8e0 (LWP 17139)]
ffmpeg version N-43466-g6fd7bf7 Copyright (c) 2000-2012 the FFmpeg developers
  built on Aug 12 2012 11:20:46 with gcc 4.3.2 (GCC)
  configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs --enable-x11grab --enable-libass --enable-nonfree --enable-libfaac --enable-libopus --enable-libfdk-aac
  libavutil      51. 68.100 / 51. 68.100
  libavcodec     54. 51.100 / 54. 51.100
  libavformat    54. 23.100 / 54. 23.100
  libavdevice    54.  2.100 / 54.  2.100
  libavfilter     3.  7.100 /  3.  7.100
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
[snow @ 0x9106860] Error s->version is 3
    Last message repeated 1 times
[snow @ 0x9106860] Error s->version is 14
[snow @ 0x9106860] Error s->version is 8
[snow @ 0x9106860] Error s->version is 12
[snow @ 0x9106860] Error s->version is 2

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb764c8e0 (LWP 17139)]
decode_frame (avctx=0x9106860, data=0xbfaef3a0, data_size=0xbfaef568,
    avpkt=0xbfaef310) at libavcodec/snowdec.c:119
119             x = b->x_coeff[new_index++].x;
(gdb) bt
#0  decode_frame (avctx=0x9106860, data=0xbfaef3a0, data_size=0xbfaef568,
    avpkt=0xbfaef310) at libavcodec/snowdec.c:119
#1  0x08591385 in avcodec_decode_video2 (avctx=0x9106860, picture=0xbfaef3a0,
    got_picture_ptr=0xbfaef520, avpkt=0x9100b60) at libavcodec/utils.c:1509
#2  0x081b1807 in try_decode_frame (st=0x9100b60, avpkt=<value optimized out>,
    options=<value optimized out>) at libavformat/utils.c:2378
#3  0x081b7976 in avformat_find_stream_info (ic=0x9100580, options=0x9107600)
    at libavformat/utils.c:2732
#4  0x08052b53 in opt_input_file (o=0xbfaefb10, opt=0xbfaf0261 "i",
    filename=0xbfaf0263 "mfuy.avi") at ffmpeg_opt.c:751
#5  0x080661d4 in parse_option (optctx=0xbfaefb10, opt=0xbfaf0261 "i",
    arg=0xbfaf0263 "mfuy.avi", options=0x898b200) at cmdutils.c:314
#6  0x08066559 in parse_options (optctx=0xbfaefb10, argc=5, argv=0xbfaefd84,
    options=0x898b200, parse_arg_function=0x8054420 <opt_output_file>)
    at cmdutils.c:347
#7  0x08061e4e in main (argc=5, argv=0xbfaefd84) at ffmpeg.c:3078
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8548fff to 0x854903f:
0x08548fff <decode_frame+7711>: cmp    $0x24,%al
0x08549001 <decode_frame+7713>: add    %eax,%eax
0x08549003 <decode_frame+7715>: mov    %eax,0x8(%esp)
0x08549007 <decode_frame+7719>: call   0x804ead0 <memset@plt>
0x0854900c <decode_frame+7724>: mov    0x23c(%esp),%ebx
0x08549013 <decode_frame+7731>: lea    0x0(,%esi,4),%eax
0x0854901a <decode_frame+7738>: add    $0x1,%esi
0x0854901d <decode_frame+7741>: add    (%ebx),%eax
0x0854901f <decode_frame+7743>: movswl (%eax),%ebx
0x08549022 <decode_frame+7746>: cmp    %ebx,0x1f4(%esp)
0x08549029 <decode_frame+7753>: movzwl 0x2(%eax),%edx
0x0854902d <decode_frame+7757>: jle    0x8549085 <decode_frame+7845>
0x0854902f <decode_frame+7759>: movzwl %dx,%edx
0x08549032 <decode_frame+7762>: lea    0x0(,%esi,4),%ecx
0x08549039 <decode_frame+7769>: lea    0x0(%esi),%esi
End of assembler dump.
(gdb) info register
eax            0xbb12d22b       -1156394453
ecx            0x0      0
edx            0x0      0
ebx            0xb7547a14       -1219200492
esp            0xbfaeed30       0xbfaeed30
ebp            0xb743c028       0xb743c028
esi            0x1      1
edi            0x92005c4        153093572
eip            0x854901f        0x854901f <decode_frame+7743>
eflags         0x10286  [ PF SF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51

comment:2 by Carl Eugen Hoyos, 12 years ago

Keywords: crash SIGSEGV added

comment:3 by Michael Niedermayer, 12 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.