Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#223 closed defect (fixed)

fpe when reading mov file

Reported by: cehoyos Owned by:
Priority: important Component: avformat
Version: git-master Keywords: mov
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

(gdb) r -i crash.mp4
ffmpeg version git-N-30023-g7e5cb2e, Copyright (c) 2000-2011 the FFmpeg developers
  built on May 19 2011 16:44:57 with gcc 4.5.3
  configuration: --enable-libopencv --cc=/usr/local/gcc-4.5.3/bin/gcc --enable-gpl
  libavutil    51.  2. 1 / 51.  2. 1
  libavcodec   53.  6. 0 / 53.  6. 0
  libavformat  53.  1. 0 / 53.  1. 0
  libavdevice  53.  0. 0 / 53.  0. 0
  libavfilter   2.  5. 0 /  2.  5. 0
  libswscale    0. 14. 0 /  0. 14. 0
  libpostproc  51.  2. 0 / 51.  2. 0

Program received signal SIGFPE, Arithmetic exception.
0x00000000004a2ded in mov_build_index (st=0x12af280, mov=<value optimized out>) at libavformat/mov.c:1530
1530                sc->ctts_data[0].duration / sc->stts_data[0].duration > 16) {
(gdb) bt
#0  0x00000000004a2ded in mov_build_index (st=0x12af280, mov=<value optimized out>) at libavformat/mov.c:1530
#1  mov_read_trak (st=0x12af280, mov=<value optimized out>) at libavformat/mov.c:1777
#2  0x000000000049faca in mov_read_default (c=0x12ae620, pb=0x12b6680, atom=...) at libavformat/mov.c:306
#3  0x00000000004a0165 in mov_read_moov (c=0x12ae620, pb=<value optimized out>, atom=...) at libavformat/mov.c:583
#4  0x000000000049faca in mov_read_default (c=0x12ae620, pb=0x12b6680, atom=...) at libavformat/mov.c:306
#5  0x00000000004a29ee in mov_read_header (s=0x12ae060, ap=<value optimized out>) at libavformat/mov.c:2395
#6  0x00000000004f3ca0 in av_demuxer_open (ic=0x12ae060, ap=<value optimized out>) at libavformat/utils.c:481
#7  0x000000000040d758 in opt_input_file (filename=0x7fffffffe28a "crash.mp4") at ffmpeg.c:3313
#8  0x0000000000411a42 in parse_options (argc=3, argv=0x7fffffffde18, options=0x975020, parse_arg_function=0x410100 <opt_output_file>) at cmdutils.c:283
#9  0x0000000000410b86 in main (argc=3, argv=0x7fffffffde18) at ffmpeg.c:4546
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x4a2dcd to 0x4a2e0d:
0x00000000004a2dcd <mov_build_index+43>:        mov    0x38(%r13),%rax
0x00000000004a2dd1 <mov_build_index+47>:        neg    %r14d
0x00000000004a2dd4 <mov_build_index+50>:        movslq %r14d,%r14
0x00000000004a2dd7 <mov_build_index+53>:        test   %rax,%rax
0x00000000004a2dda <mov_build_index+56>:        je     0x4a2e10 <mov_build_index+110>
0x00000000004a2ddc <mov_build_index+58>:        mov    0x28(%r13),%rcx
0x00000000004a2de0 <mov_build_index+62>:        test   %rcx,%rcx
0x00000000004a2de3 <mov_build_index+65>:        je     0x4a2e10 <mov_build_index+110>
0x00000000004a2de5 <mov_build_index+67>:        mov    0x4(%rax),%eax
0x00000000004a2de8 <mov_build_index+70>:        mov    %eax,%edx
0x00000000004a2dea <mov_build_index+72>:        sar    $0x1f,%edx
0x00000000004a2ded <mov_build_index+75>:        idivl  0x4(%rcx)
0x00000000004a2df0 <mov_build_index+78>:        cmp    $0x10,%eax
0x00000000004a2df3 <mov_build_index+81>:        jle    0x4a2e10 <mov_build_index+110>
0x00000000004a2df5 <mov_build_index+83>:        movl   $0x1,0xc4(%r13)
0x00000000004a2e00 <mov_build_index+94>:        movl   $0x1,0x138(%r15)
0x00000000004a2e0b <mov_build_index+105>:       nopl   0x0(%rax,%rax,1)
End of assembler dump.
(gdb) info register
rax            0x6      6
rbx            0x12af280        19591808
rcx            0x12b1700        19601152
rdx            0x0      0
rsi            0x1      1
rdi            0x6      6
rbp            0x12ae620        0x12ae620
rsp            0x7fffffffd8b0   0x7fffffffd8b0
r8             0x7fffffff       2147483647
r9             0x1      1
r10            0x32     50
r11            0x26     38
r12            0x12b10e0        19599584
r13            0x12b10e0        19599584
r14            0xfffffffffffffffa       -6
r15            0x12b0be0        19598304
rip            0x4a2ded 0x4a2ded <mov_build_index+75>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x9fe0   [ PE DAZ IM DM ZM OM UM PM FZ ]

Attachments (1)

crash.mp4 (936.5 KB) - added by cehoyos 6 years ago.

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by cehoyos

comment:1 Changed 6 years ago by michael

  • Resolution set to fixed
  • Status changed from new to closed

Locally fixed, will push

comment:2 Changed 5 years ago by cehoyos

  • Keywords mov added
Note: See TracTickets for help on using tickets.