decoding ffv1 crashes ffmpeg

[dave rice]

Summary of the bug:

I have one ffv1 file (out of many thousands created) that crashes ffmpeg. The entire file was 30 minutes long, but using -ss -t and -c copy I created a small sample that still causes the same crash.

How to reproduce:

This isn't exactly how to reproduce the creation of the file, but this is the original report from the creation of the initial file.

ffmpeg started on 2015-04-14 at 15:26:02
Report written to "/Volumes/GDRIVE4/vrecord/SXS00455_ffmpeg_20150414-152602.log"
Command line:
ffmpeg -v info -hide_banner -stats -i - -c:v ffv1 -level 3 -g 1 -metadata:s:v:0 "encoder=FFV1 version 3" -c:a pcm_s24le -filter_complex "[0:v:0]setfield=bff,setsar=40/27,setdar=4/3[vid1];[0:a:0]channelsplit=channel_layout=4.0[a1][a2][a3][a4];[a1][a2]amerge,aformat=channel_layouts=stereo[stereo1];[a3][a4]amerge,aformat=channel_layouts=stereo[stereo2]" -map "[vid1]" -map "[stereo1]" -map "[stereo2]" /Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov -c copy -f nut -
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with argument 'info'.
Reading option '-hide_banner' ... matched as option 'hide_banner' (do not show program banner) with argument '1'.
Reading option '-stats' ... matched as option 'stats' (print progress report during encoding) with argument '1'.
Reading option '-i' ... matched as input file with argument '-'.
Reading option '-c:v' ... matched as option 'c' (codec name) with argument 'ffv1'.
Reading option '-level' ... matched as AVOption 'level' with argument '3'.
Reading option '-g' ... matched as AVOption 'g' with argument '1'.
Reading option '-metadata:s:v:0' ... matched as option 'metadata' (add metadata) with argument 'encoder=FFV1 version 3'.
Reading option '-c:a' ... matched as option 'c' (codec name) with argument 'pcm_s24le'.
Reading option '-filter_complex' ... matched as option 'filter_complex' (create a complex filtergraph) with argument '[0:v:0]setfield=bff,setsar=40/27,setdar=4/3[vid1];[0:a:0]channelsplit=channel_layout=4.0[a1][a2][a3][a4];[a1][a2]amerge,aformat=channel_layouts=stereo[stereo1];[a3][a4]amerge,aformat=channel_layouts=stereo[stereo2]'.
Reading option '-map' ... matched as option 'map' (set input stream mapping) with argument '[vid1]'.
Reading option '-map' ... matched as option 'map' (set input stream mapping) with argument '[stereo1]'.
Reading option '-map' ... matched as option 'map' (set input stream mapping) with argument '[stereo2]'.
Reading option '/Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov' ... matched as output file.
Reading option '-c' ... matched as option 'c' (codec name) with argument 'copy'.
Reading option '-f' ... matched as option 'f' (force format) with argument 'nut'.
Reading option '-' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument info.
Applying option hide_banner (do not show program banner) with argument 1.
Applying option stats (print progress report during encoding) with argument 1.
Applying option filter_complex (create a complex filtergraph) with argument [0:v:0]setfield=bff,setsar=40/27,setdar=4/3[vid1];[0:a:0]channelsplit=channel_layout=4.0[a1][a2][a3][a4];[a1][a2]amerge,aformat=channel_layouts=stereo[stereo1];[a3][a4]amerge,aformat=channel_layouts=stereo[stereo2].
Successfully parsed a group of options.
Parsing a group of options: input file -.
Successfully parsed a group of options.
Opening an input file: -.
[nut @ 0x7fa031027000] Format nut probed with size=2048 and score=100
[nut @ 0x7fa031027000] Before avformat_find_stream_info() pos: 289 bytes read:33049 seeks:0
[nut @ 0x7fa031027000] Probe buffer size limit of 5000000 bytes reached
[nut @ 0x7fa031027000] After avformat_find_stream_info() pos: 5258281 bytes read:5258281 seeks:0 frames:14
Guessed Channel Layout for  Input Stream #0.1 : 7.1
Input #0, nut, from 'pipe:':
  Metadata:
    encoder         : Lavf56.25.101
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0, 7, 1/60000: Video: rawvideo (UYVY / 0x59565955), uyvy422, 720x486, 29.97 fps, 29.97 tbr, 60k tbn, 60k tbc
    Stream #0:1, 7, 1/48000: Audio: pcm_s32le (PSD  / 0x20445350), 48000 Hz, 8 channels, s32, 12288 kb/s
Successfully opened the file.
Parsing a group of options: output file /Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov.
Applying option c:v (codec name) with argument ffv1.
Applying option metadata:s:v:0 (add metadata) with argument encoder=FFV1 version 3.
Applying option c:a (codec name) with argument pcm_s24le.
Applying option map (set input stream mapping) with argument [vid1].
Applying option map (set input stream mapping) with argument [stereo1].
Applying option map (set input stream mapping) with argument [stereo2].
Successfully parsed a group of options.
Opening an output file: /Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov.
detected 8 logical cores
[Parsed_setfield_0 @ 0x7fa032100520] Setting 'mode' to value 'bff'
[Parsed_setsar_1 @ 0x7fa0321006c0] Setting 'sar' to value '40/27'
[Parsed_setdar_2 @ 0x7fa032100a80] Setting 'dar' to value '4/3'
[Parsed_channelsplit_3 @ 0x7fa032100f20] Setting 'channel_layout' to value '4.0'
[Parsed_aformat_5 @ 0x7fa032100de0] Setting 'channel_layouts' to value 'stereo'
[Parsed_aformat_7 @ 0x7fa032101180] Setting 'channel_layouts' to value 'stereo'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'video_size' to value '720x486'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'pix_fmt' to value '17'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'time_base' to value '1/60000'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'pixel_aspect' to value '0/1'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'sws_param' to value 'flags=2'
[graph 0 input from stream 0:0 @ 0x7fa032102560] Setting 'frame_rate' to value '30000/1001'
[graph 0 input from stream 0:0 @ 0x7fa032102560] w:720 h:486 pixfmt:uyvy422 tb:1/60000 fr:30000/1001 sar:0/1 sws_param:flags=2
[graph 0 input from stream 0:1 @ 0x7fa032102960] Setting 'time_base' to value '1/48000'
[graph 0 input from stream 0:1 @ 0x7fa032102960] Setting 'sample_rate' to value '48000'
[graph 0 input from stream 0:1 @ 0x7fa032102960] Setting 'sample_fmt' to value 's32'
[graph 0 input from stream 0:1 @ 0x7fa032102960] Setting 'channel_layout' to value '0x63f'
[graph 0 input from stream 0:1 @ 0x7fa032102960] tb:1/48000 samplefmt:s32 samplerate:48000 chlayout:0x63f
[format @ 0x7fa032103780] compat: called with args=[yuv420p|yuva420p|yuva422p|yuv444p|yuva444p|yuv440p|yuv422p|yuv411p|yuv410p|bgr0|bgra|yuv420p16le|yuv422p16le|yuv444p16le|yuv444p9le|yuv422p9le|yuv420p9le|yuv420p10le|yuv422p10le|yuv444p10le|yuva444p16le|yuva422p16le|yuva420p16le|yuva444p10le|yuva422p10le|yuva420p10le|yuva444p9le|yuva422p9le|yuva420p9le|gray16le|gray|gbrp9le|gbrp10le|gbrp12le|gbrp14le]
[format @ 0x7fa032103780] Setting 'pix_fmts' to value 'yuv420p|yuva420p|yuva422p|yuv444p|yuva444p|yuv440p|yuv422p|yuv411p|yuv410p|bgr0|bgra|yuv420p16le|yuv422p16le|yuv444p16le|yuv444p9le|yuv422p9le|yuv420p9le|yuv420p10le|yuv422p10le|yuv444p10le|yuva444p16le|yuva422p16le|yuva420p16le|yuva444p10le|yuva422p10le|yuva420p10le|yuva444p9le|yuva422p9le|yuva420p9le|gray16le|gray|gbrp9le|gbrp10le|gbrp12le|gbrp14le'
[audio format for output stream 0:1 @ 0x7fa0321042c0] Setting 'sample_fmts' to value 's32'
[audio format for output stream 0:2 @ 0x7fa032104fa0] Setting 'sample_fmts' to value 's32'
Successfully opened the file.
Parsing a group of options: output file -.
Applying option c (codec name) with argument copy.
Applying option f (force format) with argument nut.
Successfully parsed a group of options.
Opening an output file: -.
Successfully opened the file.
[Parsed_channelsplit_3 @ 0x7fa032100f20] auto-inserting filter 'auto-inserted resampler 0' between the filter 'graph 0 input from stream 0:1' and the filter 'Parsed_channelsplit_3'
[Parsed_amerge_4 @ 0x7fa0321015c0] auto-inserting filter 'auto-inserted resampler 1' between the filter 'Parsed_channelsplit_3' and the filter 'Parsed_amerge_4'
[Parsed_amerge_4 @ 0x7fa0321015c0] auto-inserting filter 'auto-inserted resampler 2' between the filter 'Parsed_channelsplit_3' and the filter 'Parsed_amerge_4'
[Parsed_amerge_6 @ 0x7fa032101ce0] auto-inserting filter 'auto-inserted resampler 3' between the filter 'Parsed_channelsplit_3' and the filter 'Parsed_amerge_6'
[Parsed_amerge_6 @ 0x7fa032101ce0] auto-inserting filter 'auto-inserted resampler 4' between the filter 'Parsed_channelsplit_3' and the filter 'Parsed_amerge_6'
[Parsed_aformat_7 @ 0x7fa032101180] auto-inserting filter 'auto-inserted resampler 5' between the filter 'Parsed_amerge_6' and the filter 'Parsed_aformat_7'
[auto-inserted scaler 0 @ 0x7fa032107560] w:iw h:ih flags:'bilinear' interl:0
[format @ 0x7fa032103780] auto-inserting filter 'auto-inserted scaler 0' between the filter 'Parsed_setdar_2' and the filter 'format'
[AVFilterGraph @ 0x7fa0305031c0] query_formats: 16 queried, 20 merged, 19 already done, 0 delayed
[auto-inserted scaler 0 @ 0x7fa032107560] picking yuv422p out of 35 ref:uyvy422 alpha:0
[Parsed_setsar_1 @ 0x7fa0321006c0] w:720 h:486 sar:0/1 dar:40/27 -> sar:40/27 dar:1600/729
[Parsed_setdar_2 @ 0x7fa032100a80] w:720 h:486 dar:1600/729 sar:40/27 -> dar:4/3 sar:9/10
[auto-inserted scaler 0 @ 0x7fa032107560] w:720 h:486 fmt:uyvy422 sar:9/10 -> w:720 h:486 fmt:yuv422p sar:9/10 flags:0x2
0.353553 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 
0.000000 0.353553 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 
0.000000 0.000000 0.353553 0.000000 0.000000 0.000000 0.000000 0.000000 
0.000000 0.000000 0.000000 0.000000 0.250000 0.250000 0.250000 0.250000 
[auto-inserted resampler 0 @ 0x7fa032106400] ch:8 chl:7.1 fmt:s32 r:48000Hz -> ch:4 chl:4.0 fmt:s32p r:48000Hz
[auto-inserted resampler 1 @ 0x7fa032106800] ch:1 chl:1 channels (FL) fmt:s32p r:48000Hz -> ch:1 chl:1 channels (FL) fmt:s32 r:48000Hz
[auto-inserted resampler 2 @ 0x7fa0321079e0] ch:1 chl:1 channels (FR) fmt:s32p r:48000Hz -> ch:1 chl:1 channels (FR) fmt:s32 r:48000Hz
[Parsed_amerge_4 @ 0x7fa0321015c0] in0:1 channels (FL) + in1:1 channels (FR) -> out:stereo
[auto-inserted resampler 3 @ 0x7fa0321078e0] ch:1 chl:mono fmt:s32p r:48000Hz -> ch:1 chl:mono fmt:u8 r:48000Hz
[auto-inserted resampler 4 @ 0x7fa0321081a0] ch:1 chl:1 channels (BC) fmt:s32p r:48000Hz -> ch:1 chl:1 channels (BC) fmt:u8 r:48000Hz
[Parsed_amerge_6 @ 0x7fa032101ce0] in0:mono + in1:1 channels (BC) -> out:2 channels (FC+BC)
0.585786 0.414214 
0.585786 0.414214 
[auto-inserted resampler 5 @ 0x7fa032107d80] ch:2 chl:2 channels (FC+BC) fmt:u8 r:48000Hz -> ch:2 chl:stereo fmt:s32 r:48000Hz
[mov @ 0x7fa03300d600] Using MS style video codec tag, the file may be unplayable!
Output #0, mov, to '/Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov':
  Metadata:
    encoder         : Lavf56.25.101
    Stream #0:0, 0, 1/30000: Video: ffv1, yuv422p, 720x486 [SAR 9:10 DAR 4:3], q=2-31, 200 kb/s, 29.97 fps, 30k tbn, 29.97 tbc (default)
    Metadata:
      encoder         : FFV1 version 3
    Stream #0:1, 0, 1/48000: Audio: pcm_s24le (in24 / 0x34326E69), 48000 Hz, stereo, s32, 2304 kb/s
    Metadata:
      encoder         : Lavc56.26.100 pcm_s24le
    Stream #0:2, 0, 1/48000: Audio: pcm_s24le (in24 / 0x34326E69), 48000 Hz, stereo, s32, 2304 kb/s
    Metadata:
      encoder         : Lavc56.26.100 pcm_s24le
Output #1, nut, to 'pipe:':
  Metadata:
    encoder         : Lavf56.25.101
    Stream #1:0, 0, 1/60000: Video: rawvideo (UYVY / 0x59565955), uyvy422, 720x486, q=2-31, 29.97 fps, 29.97 tbr, 60k tbn, 60k tbc
    Stream #1:1, 0, 1/48000: Audio: pcm_s32le (PSD  / 0x20445350), 48000 Hz, 7.1 (32 bit), 12288 kb/s
Stream mapping:
  Stream #0:0 (rawvideo) -> setfield
  Stream #0:1 (pcm_s32le) -> channelsplit
  setdar -> Stream #0:0 (ffv1)
  aformat -> Stream #0:1 (pcm_s24le)
  aformat -> Stream #0:2 (pcm_s24le)
  Stream #0:0 -> #1:0 (copy)
  Stream #0:1 -> #1:1 (copy)
Cliping frame in rate conversion by 0.000008
frame=   20 fps=0.0 q=0.0 q=-1.0 size=     387kB time=00:00:00.66 bitrate=4746.0kbits/s    

[...]

bitrate=53877.1kbits/sframe=54394 fps= 30 q=0.0 q=-1.0 size=11933522kB time=00:30:14.94 bitrate=53863.5kbits/sframe=54409 fps= 30 q=0.0 q=-1.0 size=11933816kB time=00:30:15.44 bitrate=53850.0kbits/sframe=54424 fps= 30 q=0.0 q=-1.0 size=11934109kB time=00:30:15.94 bitrate=53836.5kbits/s[nut @ 0x7fa03301a000] Multiple keyframes with same PTS
[nut @ 0x7fa03301a000] Multiple keyframes with same PTS
[nut @ 0x7fa03301a000] Multiple keyframes with same PTS
[nut @ 0x7fa03301a000] Multiple keyframes with same PTS

[...]

[nut @ 0x7fa03301a000] Multiple keyframes with same PTS
[nut @ 0x7fa03301a000] Multiple keyframes with same PTS
frame=54431 fps= 30 q=0.0 Lq=-1.0 size=11936872kB time=00:30:16.18 bitrate=53842.0kbits/svideo:48112861kB audio:3745873kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
Input file #0 (pipe:):
  Input stream #0:0 (video): 54431 packets read (38092991040 bytes); 54431 frames decoded; 
  Input stream #0:1 (audio): 54431 packets read (2789654080 bytes); 54431 frames decoded (87176690 samples); 
  Total: 108862 packets (40882645120 bytes) demuxed
Output file #0 (/Volumes/GDRIVE4/vrecord/SXS00455_ffv1.mov):
  Output stream #0:0 (video): 54431 frames encoded; 54431 packets muxed (11174578681 bytes); 
  Output stream #0:1 (audio): 54431 frames encoded (87176690 samples); 54431 packets muxed (523060140 bytes); 
  Output stream #0:2 (audio): 54431 frames encoded (87176690 samples); 54431 packets muxed (523060140 bytes); 
  Total: 163293 packets (12220698961 bytes) muxed
Output file #1 (pipe:):
  Output stream #1:0 (video): 54431 packets muxed (38092991040 bytes); 
  Output stream #1:1 (audio): 54431 packets muxed (2789654080 bytes); 
  Total: 108862 packets (40882645120 bytes) muxed
108862 frames successfully decoded, 0 decoding errors
[AVIOContext @ 0x7fa032105600] Statistics: 92 seeks, 475869 writeouts
[AVIOContext @ 0x7fa0321062c0] Statistics: 0 seeks, 1306364 writeouts
[AVIOContext @ 0x7fa0305024e0] Statistics: 40885760167 bytes read, 0 seeks
Received signal 15: terminating.

Crashing FFV1 file is attached.

[dave rice]

ffv1 encoding that crashes ffmpeg (and vlc)

[Elon Musk]

This is undamaged file? Was it concatenated?

[dave rice]

The attached file crashes ffmpeg and vlc for me. The original file is very large, so I did ffmpeg -i ORIGINAL -ss $sometime -t $partialsecond -c copy SXS00455_ffv1_crash.mkv​ to make the attachment.

Are you sure it is undamaged? For me it even crashes in ffplay.

[Carl Eugen Hoyos]

Regression since 60217b5b9cf713b1eeb7626473eac357cde25673

(gdb) r -i SXS00455_ffv1_crash.mkv -f null -
Starting program: ffmpeg_g -i SXS00455_ffv1_crash.mkv -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-75503-g2441842 Copyright (c) 2000-2015 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      55.  2.100 / 55.  2.100
  libavcodec     57.  3.100 / 57.  3.100
  libavformat    57.  2.100 / 57.  2.100
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6.  8.100 /  6.  8.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.100 /  2.  0.100
  libpostproc    54.  0.100 / 54.  0.100
Guessed Channel Layout for  Input Stream #0.1 : stereo
Input #0, matroska,webm, from 'SXS00455_ffv1_crash.mkv':
  Metadata:
    MAJOR_BRAND     : qt
    MINOR_VERSION   : 512
    COMPATIBLE_BRANDS: qt
    ENCODER         : Lavf56.40.101
  Duration: 00:00:00.30, start: 0.000000, bitrate: 54018 kb/s
    Stream #0:0(eng): Video: ffv1 (FFV1 / 0x31564646), yuv422p, 720x486, SAR 9:10 DAR 4:3, 29.97 fps, 29.97 tbr, 1k tbn, 1k tbc (default)
    Metadata:
      LANGUAGE        : eng
      HANDLER_NAME    : DataHandler
      ENCODER         : FFV1 version 3
      DURATION        : 00:00:00.300000000
    Stream #0:1(eng): Audio: pcm_s24le, 48000 Hz, 2 channels, s32 (24 bit), 2304 kb/s (default)
    Metadata:
      LANGUAGE        : eng
      HANDLER_NAME    : DataHandler
      DURATION        : 00:00:00.300000000
Output #0, null, to 'pipe:':
  Metadata:
    MAJOR_BRAND     : qt
    MINOR_VERSION   : 512
    COMPATIBLE_BRANDS: qt
    encoder         : Lavf57.2.100
    Stream #0:0(eng): Video: rawvideo (Y42B / 0x42323459), yuv422p, 720x486 [SAR 9:10 DAR 4:3], q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc (default)
    Metadata:
      LANGUAGE        : eng
      HANDLER_NAME    : DataHandler
      DURATION        : 00:00:00.300000000
      encoder         : Lavc57.3.100 rawvideo
    Stream #0:1(eng): Audio: pcm_s16le, 48000 Hz, stereo, s16 (24 bit), 1536 kb/s (default)
    Metadata:
      LANGUAGE        : eng
      HANDLER_NAME    : DataHandler
      DURATION        : 00:00:00.300000000
      encoder         : Lavc57.3.100 pcm_s16le
Stream mapping:
  Stream #0:0 -> #0:0 (ffv1 (native) -> rawvideo (native))
  Stream #0:1 -> #0:1 (pcm_s24le (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe54d8700 (LWP 10456)]
read_header (f=0x1fb78a0) at libavcodec/ffv1dec.c:799
799             fs->ac            = f->ac;
(gdb) bt
#0  read_header (f=0x1fb78a0) at libavcodec/ffv1dec.c:799
#1  decode_frame (avctx=0x1fb7100, data=0x1fb75e0, got_frame=0x1ca6608, avpkt=0x1ca65b0)
    at libavcodec/ffv1dec.c:904
#2  0x0000000000a4f2ad in frame_worker_thread (arg=0x1ca64b0)
    at libavcodec/pthread_frame.c:154
#3  0x00007ffff626ee0e in start_thread () from /lib64/libpthread.so.0
#4  0x00007ffff52592cd in clone () from /lib64/libc.so.6
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7402d9 to 0x740319:
   0x00000000007402d9 <decode_frame+2137>:      rex
   0x00000000007402da <decode_frame+2138>:      lea    0x3bc0(%rbx),%rcx
   0x00000000007402e1 <decode_frame+2145>:      mov    %rcx,%r13
   0x00000000007402e4 <decode_frame+2148>:      mov    0x40(%rsp),%rsi
   0x00000000007402e9 <decode_frame+2153>:      mov    0x1334(%rbx),%eax
   0x00000000007402ef <decode_frame+2159>:      cmpl   $0x2,0x12c0(%rbx)
   0x00000000007402f6 <decode_frame+2166>:      mov    (%rsi),%r14
=> 0x00000000007402f9 <decode_frame+2169>:      mov    %eax,0x1334(%r14)
   0x0000000000740300 <decode_frame+2176>:      mov    0x9744(%rbx),%eax
   0x0000000000740306 <decode_frame+2182>:      movl   $0x0,0x9738(%r14)
   0x0000000000740311 <decode_frame+2193>:      mov    %eax,0x9744(%r14)
   0x0000000000740318 <decode_frame+2200>:      je     0x740aaf <decode_frame+4143>
End of assembler dump.
(gdb) info register
rax            0x0      0
rbx            0x1fb78a0        33257632
rcx            0x0      0
rdx            0x4      4
rsi            0x1fc1010        33296400
rdi            0x202f5c0        33748416
rbp            0x202ebc0        0x202ebc0
rsp            0x7fffe54d7d00   0x7fffe54d7d00
r8             0x21ec960        35572064
r9             0x100    256
r10            0x2002261        33563233
r11            0xccccccc        214748364
r12            0xffffffff       4294967295
r13            0x1fbb460        33272928
r14            0x0      0
r15            0x2      2
rip            0x7402f9 0x7402f9 <decode_frame+2169>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

[Michael Niedermayer]

Fixed in aa6c43f3fdec8a7518534b9dab20c9eb4be11568