Opened 5 years ago

Closed 5 years ago

#1846 closed defect (fixed)

mpeg2 crash with lowres

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: lowres mpeg2video crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

the sample from tickets #186 / #254 can crash ffmpeg when lowres is enabled

http://ffmpeg.org/trac/ffmpeg/raw-attachment/ticket/186/t.mpg

Starting program: d:\mingw\msys\1.0\ffmpeg-head-4f92d31\ffmpeg_g.exe -cpuflags 0
 -vlowres 1 -i t.mpg -an -f null -
[New Thread 3732.0xea8]
ffmpeg version 0.11.1.git-4f92d31 Copyright (c) 2000-2012 the FFmpeg developers
  built on Aug 28 2012 14:56:41 with gcc 4.6.1 (GCC)
  configuration: --disable-ffprobe --disable-ffplay --enable-gpl
  libavutil      51. 70.100 / 51. 70.100
  libavcodec     54. 54.100 / 54. 54.100
  libavformat    54. 25.104 / 54. 25.104
  libavdevice    54.  2.100 / 54.  2.100
  libavfilter     3. 13.101 /  3. 13.101
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
[mp3 @ 044484a0] Header missing
[mpeg2video @ 04458a80] allocate dummy last picture for field based first keyfra
me
[mpeg2video @ 04458a80] invalid cbp at 21 0

Program received signal SIGSEGV, Segmentation fault.
0x00596f4b in ff_emulated_edge_mc_8 (buf=0x4474420 '\200' <repeats 17 times>,
    src=0x482c0e6 <Address 0x482c0e6 out of bounds>, linesize=224,
    block_w=17, block_h=17, src_x=22, src_y=<optimized out>, w=17, h=72)
    at libavcodec/dsputil_template.c:167
167             memcpy(buf, src, w*sizeof(pixel));
(gdb) bt
#0  0x00596f4b in ff_emulated_edge_mc_8 (
    buf=0x4474420 '\200' <repeats 17 times>,
    src=0x482c0e6 <Address 0x482c0e6 out of bounds>, linesize=224,
    block_w=17, block_h=17, src_x=22, src_y=<optimized out>, w=17, h=72)
    at libavcodec/dsputil_template.c:167
#1  0x006697bc in mpeg_motion_lowres (mb_y=3, h=4, motion_y=73876091,
    motion_x=73865147, pix_op=0x44609f8, ref_picture=<optimized out>,
    field_select=0, bottom_field=0, field_based=0,
    dest_cr=0x44a3c7c '\200' <repeats 100 times>"\210, ŹĺĺĽô\220Źć\201zuwxyzz{|}
\200\177}|~}{zxyyxvutsqqrrsromnnnnikosy~\201\200\201\200\177~{zyxxwvuvvvvuuuusss
svrv\201\200\201äů", '\200' <repeats 12 times>...,
    dest_cb=0x44a11bc '\200' <repeats 100 times>, "{wuvssssy}éć\210çůäćććć\201\2
01\201\201ććůů\210\210\210\210ëëëëîîőőĆÄîőîŹĆ\220ĺ\220ÄîůůůůëŐőî\220ôŚÜľĽĹîůëîŹő
\220ĆÄŹőőĽćëŐ\210\203", '\200' <repeats 12 times>...,
    dest_y=0x44991c8 '\200' <repeats 200 times>..., s=0x445efa0)
    at libavcodec/mpegvideo.c:1926
#2  MPV_motion_lowres (s=0x445efa0,
    dest_y=0x44991c8 '\200' <repeats 200 times>...,
    dest_cb=0x44a11bc '\200' <repeats 100 times>, "{wuvssssy}éć\210çůäćććć\201\2
01\201\201ććůů\210\210\210\210ëëëëîîőőĆÄîőîŹĆ\220ĺ\220ÄîůůůůëŐőî\220ôŚÜľĽĹîůëîŹő
\220ĆÄŹőőĽćëŐ\210\203", '\200' <repeats 12 times>...,
    dest_cr=0x44a3c7c '\200' <repeats 100 times>"\210, ŹĺĺĽô\220Źć\201zuwxyzz{|}
\200\177}|~}{zxyyxvutsqqrrsromnnnnikosy~\201\200\201\200\177~{zyxxwvuvvvvuuuusss
svrv\201\200\201äů", '\200' <repeats 12 times>..., dir=0,
    ref_picture=0x445f358, pix_op=0x44609f8) at libavcodec/mpegvideo.c:2121
#3  0x00674ea2 in MPV_decode_mb_internal (is_mpeg12=1, lowres_flag=1,
    block=0x436ed60, s=0x445efa0) at libavcodec/mpegvideo.c:2378
#4  ff_MPV_decode_mb (s=0x445efa0, block=0x436ed60)
    at libavcodec/mpegvideo.c:2524
#5  0x00720199 in mpeg_decode_slice (s=0x445efa0, mb_y=71692192,
    buf=0x22f4a8, buf_size=1860) at libavcodec/mpeg12.c:1781
#6  0x00725723 in decode_chunks (avctx=0x4458a80, picture=0x22f5e0,
    data_size=0x22f7d8, buf=0x4504580 "", buf_size=13912)
    at libavcodec/mpeg12.c:2534
#7  0x00725d9b in mpeg_decode_frame (avctx=0x4458a80, data=0x22f5e0,
    data_size=0x22f7d8, avpkt=0x22f558) at libavcodec/mpeg12.c:2281
#8  0x0055847f in avcodec_decode_video2 (avctx=0x4458a80, picture=0x22f5e0,
    got_picture_ptr=0x22f7d8, avpkt=0x22f770) at libavcodec/utils.c:1512
#9  0x0047bbf2 in try_decode_frame (st=0x4452d40, avpkt=<optimized out>,
    options=<optimized out>) at libavformat/utils.c:2377
#10 0x004839c0 in avformat_find_stream_info (ic=0x436d560, options=0x4448880)
    at libavformat/utils.c:2749
#11 0x004056d7 in opt_input_file (optctx=0x22fd68, opt=0x43627fb "i",
    filename=<optimized out>) at ffmpeg_opt.c:770
#12 0x00415467 in parse_option (optctx=0x22fd68, opt=<optimized out>,
    arg=0x43627fd "t.mpg", options=0xb7faa0) at cmdutils.c:320
#13 0x004156d6 in parse_options (optctx=0x22fd68, argc=11,
    argv=<optimized out>, options=0xb7faa0,
    parse_arg_function=0x40616c <opt_output_file>) at cmdutils.c:353
#14 0x00b0d946 in main (argc=11, argv=<optimized out>) at ffmpeg.c:3126
(gdb)

Change History (2)

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Keywords lowres mpeg2video crash SIGSEGV added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

comment:2 Changed 5 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.