Opened 10 years ago

Closed 9 years ago

Last modified 9 years ago

#4406 closed defect (fixed)

h264 segfault

Reported by: Kieran Kunhya Owned by:
Priority: important Component: avcodec
Version: unspecified Keywords: h264 crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

API segfault. No sample available.

(gdb) bt
#0  0x0000000000554483 in decode_slice (avctx=0x7fffe4045560, arg=0x7ffff0262040) at libavcodec/h264_slice.c:2299
#1  0x0000000000559467 in ff_h264_execute_decode_slices (h=h@entry=0x7ffff7f26040, context_count=context_count@entry=1) at libavcodec/h264_slice.c:2492
#2  0x000000000051c722 in decode_nal_units (h=h@entry=0x7ffff7f26040, buf=buf@entry=0x7fffe421fd70 "P", buf_size=buf_size@entry=11160,
    parse_extradata=parse_extradata@entry=0) at libavcodec/h264.c:1686
#3  0x000000000051d882 in h264_decode_frame (avctx=0x7fffe4045560, data=0x7fffe4045100, got_frame=0x7ffff23fcc3c, avpkt=0x7ffff23fcb30) at libavcodec/h264.c:1823
#4  0x00000000005f5986 in avcodec_decode_video2 (avctx=0x7fffe4045560, picture=picture@entry=0x7fffe4045100, got_picture_ptr=got_picture_ptr@entry=0x7ffff23fcc3c,
    avpkt=avpkt@entry=0x7ffff23fcd20) at libavcodec/utils.c:2376

(gdb) disassemble $pc-32,$pc+32
Dump of assembler code from 0x554463 to 0x5544a3:
   0x0000000000554463 <decode_slice+19>:        lea    0xb348(%rdi),%esp
   0x0000000000554469 <decode_slice+25>:        push   %rbp
   0x000000000055446a <decode_slice+26>:        push   %rbx
   0x000000000055446b <decode_slice+27>:        sub    $0x18,%rsp
   0x000000000055446f <decode_slice+31>:        mov    (%rsi),%r14
   0x0000000000554472 <decode_slice+34>:        mov    0x57d8(%rsi),%ebx
   0x0000000000554478 <decode_slice+40>:        mov    %rdi,(%rsp)
   0x000000000055447c <decode_slice+44>:        mov    0x598(%r14),%rax
=> 0x0000000000554483 <decode_slice+51>:        mov    0x40(%rax),%ebp
   0x0000000000554486 <decode_slice+54>:        movslq 0x44(%rax),%rax
   0x000000000055448a <decode_slice+58>:        movslq %ebp,%rdx
   0x000000000055448d <decode_slice+61>:        mov    %rax,0x57c0(%rsi)
   0x0000000000554494 <decode_slice+68>:        mov    %ebp,%eax
   0x0000000000554496 <decode_slice+70>:        mov    %rdx,0x57b8(%rsi)
   0x000000000055449d <decode_slice+77>:        sar    $0x1f,%eax
   0x00000000005544a0 <decode_slice+80>:        xor    %eax,%ebp
   0x00000000005544a2 <decode_slice+82>:        sub    %eax,%ebp
End of assembler dump.


      

    

  









      

        

          

            

              
              
              
              
              
            

            

              
              
              
              
            

          

        


        

          Change History
          (3)


        

          









  
  
  comment:1

  by Kieran Kunhya, 10 years ago









  

  












  
[Switching to Thread 0x7ffff23fd700 (LWP 15031)]
0x0000000000554483 in decode_slice (avctx=0x7fffe4045560, arg=0x7ffff0262040) at libavcodec/h264_slice.c:2299
2299        sl->linesize   = h->cur_pic_ptr->f.linesize[0];




          

          









  
  
  comment:2

  by Kieran Kunhya, 9 years ago









  

  



  



    

      Resolution:
      fixed
      
    


    

      Status:
      
        newclosed
      
    

  








          

          









  
  
  comment:3

  by Carl Eugen Hoyos, 9 years ago









  

  



  



    

      Keywords:
      
        h264 crash added
      
    


    

      Priority:
      
        normalimportant
      
    

  










  

Which commit fixed the crash?






          

          

        

      





  Note:
 See   TracTickets
 for help on using tickets.