Opened 11 years ago
Closed 11 years ago
#2971 closed defect (fixed)
g2m4: invalid write 3
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | g2m4 crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://www1.datafilehost.com/d/00e98d72
(gdb) r -i ./g2m4_fuzz4.wmv -an -f null -
Starting program: /media/sdb1/ffmpeg-HEAD-93439e8/ffmpeg_g -i ./g2m4_fuzz4.wmv -an -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
ffmpeg version 2.0-93439e8 Copyright (c) 2000-2013 the FFmpeg developers
built on Sep 18 2013 23:23:15 with gcc 4.7 (Debian 4.7.2-5)
configuration: --disable-yasm --enable-gpl --disable-ffprobe --disable-ffserver
libavutil 52. 44.100 / 52. 44.100
libavcodec 55. 31.101 / 55. 31.101
libavformat 55. 18.100 / 55. 18.100
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 86.101 / 3. 86.101
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[asf @ 0x9114d60] Estimating duration from bitrate, this may be inaccurate
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, asf, from './g2m4_fuzz4.wmv':
Metadata:
DeviceConformanceTemplate: L2
WMFSDKNeeded : 0.0.0.0000
WMFSDKVersion : 12.0.7601.17514
IsVBR : 1
WM/ToolVersion : 5.1 Build 880
WM/ToolName : GoToMeeting
BitRateFrom the writer: 492407
Audio samples : 29959
Video samples : 25936
recording time : Thu, 05 Apr 2012 14:03:20 Eastern Daylight Time
Duration: 00:05:58.11, start: 0.000000, bitrate: 494 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 44100 Hz, mono, fltp, 48 kb/s
Stream #0:1: Data: none, 2 kb/s
Stream #0:2: Video: g2m (G2M4 / 0x344D3247), rgb24, 1024x768, 444 kb/s, 9.92 tbr, 1k tbn, 1k tbc
[New Thread 0xb7dd1b70 (LWP 11402)]
[New Thread 0xb75d1b70 (LWP 11403)]
[New Thread 0xb6dd1b70 (LWP 11404)]
[New Thread 0xb65d1b70 (LWP 11405)]
[New Thread 0xb5dd1b70 (LWP 11406)]
[New Thread 0xb55d1b70 (LWP 11407)]
[New Thread 0xb4dd1b70 (LWP 11408)]
[New Thread 0xb45d1b70 (LWP 11409)]
[New Thread 0xb3dd1b70 (LWP 11410)]
Output #0, null, to 'pipe:':
Metadata:
DeviceConformanceTemplate: L2
WMFSDKNeeded : 0.0.0.0000
WMFSDKVersion : 12.0.7601.17514
IsVBR : 1
WM/ToolVersion : 5.1 Build 880
WM/ToolName : GoToMeeting
BitRateFrom the writer: 492407
Audio samples : 29959
Video samples : 25936
recording time : Thu, 05 Apr 2012 14:03:20 Eastern Daylight Time
encoder : Lavf55.18.100
Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 1024x768, q=2-31, 200 kb/s, 90k tbn, 9.92 tbc
Stream mapping:
Stream #0:2 -> #0:0 (g2m -> rawvideo)
Press [q] to stop, [?] for help
[g2m @ 0x9116d20] Error decoding tile 0,0
[g2m @ 0x9116d20] Error decoding tile 1,0
[g2m @ 0x9116d20] Error decoding tile 2,0
[g2m @ 0x9116d20] Error decoding tile 3,0
[g2m @ 0x9116d20] Error decoding tile 4,0
[g2m @ 0x9116d20] Error decoding tile 5,0
[g2m @ 0x9116d20] Error decoding tile 0,1
[g2m @ 0x9116d20] Error decoding tile 1,1
[g2m @ 0x9116d20] Error decoding tile 4,1
[g2m @ 0x9116d20] Error decoding tile 5,1
[g2m @ 0x9116d20] Error decoding tile 0,2
[g2m @ 0x9116d20] Error decoding tile 1,2
[g2m @ 0x9116d20] Error decoding tile 2,2
[g2m @ 0x9116d20] Error decoding tile 4,2
[g2m @ 0x9116d20] Error decoding tile 5,2
[g2m @ 0x9116d20] Error decoding tile 0,3
[g2m @ 0x9116d20] Error decoding tile 1,3
[g2m @ 0x9116d20] Error decoding tile 2,3
[g2m @ 0x9116d20] Error decoding tile 0,4
[g2m @ 0x9116d20] Error decoding tile 1,4
[g2m @ 0x9116d20] Error decoding tile 5,4
Program received signal SIGSEGV, Segmentation fault.
yuv2rgb (V=-1, U=1, Y=247, out=<optimized out>) at libavcodec/g2meet.c:227
227 out[0] = av_clip_uint8(Y + ( 91881 * V + 32768 >> 16));
(gdb) bt
#0 yuv2rgb (V=-1, U=1, Y=247, out=<optimized out>) at libavcodec/g2meet.c:227
#1 jpg_decode_data (c=c@entry=0x9147f80, width=0, width@entry=176, height=2,
height@entry=88,
src=src@entry=0x915fab8 "\366b=(\306E(S\232S\305Q#vŃŽi\330\315\033s@\b\006M\001q\316iq\203\307\064\273Nh\001:ŃŚw\245\306\071\315", <incomplete sequence \343\232>, src_size=src_size@entry=785,
dst=dst@entry=0xb358f230 "\341\345\350\341\345\350\342\346\351\342\346\351\342\346\351\342\346\351\342\346\351\342\346\351\343\347\352\343\347\352\343\347\352\343\347\352\342\346\351\341\345\350\340\344\347\340\344\347\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\341\345\350\343\347\352\342\346\351\342\346\351\341\345\350\341\345\350\342\346\351\342\346\351\343\347\352\344\350\353\344\350\353\343\347\352\342\346\351\342\346\351\342\346\351\343\347\352\343\347\352\342\346\351\341\345\350\341\345\350\341\345\350\342\346\351\344\350\353\346\352\355\347\353\356\346\352\355\346\352\355\346\352\355\345\351\354\345\351\354\344\350\353\344\350\353\344\350\353\344\350\353\344\350\353\344\350\353\345\351\354\345\351\354\346\352\355\346\352\355\346\352\355\344\350\353\344\350\353\344", <incomplete sequence \350>..., dst_stride=3072,
mask=mask@entry=0x0, mask_stride=mask_stride@entry=0, num_mbs=11,
num_mbs@entry=0, swapuv=0) at libavcodec/g2meet.c:291
#2 0x0834f161 in kempf_decode_tile (c=c@entry=0x9147f80,
tile_x=<optimized out>, tile_y=<optimized out>, src=<optimized out>,
src@entry=0x915fab7 " \366b=(\306E(S\232S\305Q#vŃŽi\330\315\033s@\b\006M\001q\316iq\203\307\064\273Nh\001:ŃŚw\245\306\071\315", <incomplete sequence \343\23---Type <return> to continue, or q <return> to quit---
2>, src_size=src_size@entry=786) at libavcodec/g2meet.c:369
#3 0x0835003c in g2m_decode_frame (avctx=0x9116d20, data=0x9148900,
got_picture_ptr=0xbffff504, avpkt=0xbffff2a8) at libavcodec/g2meet.c:760
#4 0x0867a58e in avcodec_decode_video2 (avctx=0x9116d20,
picture=picture@entry=0x9148900,
got_picture_ptr=got_picture_ptr@entry=0xbffff504,
avpkt=avpkt@entry=0xbffff750) at libavcodec/utils.c:1995
#5 0x080b394d in decode_video (ist=ist@entry=0x9117220,
pkt=pkt@entry=0xbffff750, got_output=got_output@entry=0xbffff504)
at ffmpeg.c:1668
#6 0x080b786a in output_packet (pkt=0xbffff6e8, ist=0x9117220)
at ffmpeg.c:1866
#7 process_input (file_index=3) at ffmpeg.c:3089
#8 0x080a3043 in transcode_step () at ffmpeg.c:3185
#9 transcode () at ffmpeg.c:3237
#10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3415
(gdb)
Change History (2)
comment:1 by , 11 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | g2m4 crash SIGSEGV added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in e07ac727c1cc9eed39e7f9117c97006f719864bd