Opened 12 years ago
Closed 12 years ago
#588 closed defect (fixed)
FFmpeg crashes when transcoding a wmv video on windows 7 (64 bit) machine
| Reported by: | Yossi | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | unspecified | Keywords: | win64 |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Any attemot to transcode the movie file ffmpeg-crash-around-frame-60.wmv, which was uploaded to http://upload.ffmpeg.org/upload/, causes ffmpeg to crash around frame 60.
This happens on a 64bit windows7 machine running ffmpeg downloaded from http://ffmpeg.zeranoe.com/builds/win32/static/ffmpeg-git-d049257-win32-static.7z as well as earlier versions of ffmpeg (like ffmpeg version N-31932-g41bf67d, built on Aug 16 2011 18:54:12 with gcc 4.6.1).
Any of the following commands replicates the crash:
ffmpeg.exe -i ffmpeg-crash-around-frame-60.wmv -y video.wmv
ffmpeg.exe -i ffmpeg-crash-around-frame-60.wmv -y video.mp4
ffmpeg.exe -i ffmpeg-crash-around-frame-60.wmv -vcodec libx264 -s 960x540 -r 25 -ar 22050 -b 1993846 -y video.flv
You can also download the original, full sized, video (around 50MB) from our servers at:
http://media.webcollage.net/rwvfp/wc/cp/3493374/module/instantupdatetest/_cp/products/1318977439061/tab-da6bd996-030a-4d8d-b4a7-105c57117116/resource-3c1aaa56-90fd-4fb5-9383-e0606761a4ca.wmv
Note: ffplay does play the movie to its end.
Running ffmpeg -v 9 -loglevel 99 -i on the movie produces the following output:
ffmpeg version N-33818-gd049257, Copyright (c) 2000-2011 the FFmpeg developers
built on Oct 19 2011 22:57:39 with gcc 4.6.1
configuration: --enable-gpl --enable-version3 --enable-runtime-cpudetect --enable-avisynth --enable-bzlib --enable-frei0r --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libfreetype --enable-libgsm --enable-libmp3lame --enable-libopenjpeg --enable-librtmp --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvo-aacenc --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxavs --enable-libxvid --enable-zlib
libavutil 51. 22. 0 / 51. 22. 0
libavcodec 53. 22. 0 / 53. 22. 0
libavformat 53. 17. 0 / 53. 17. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 44. 1 / 2. 44. 1
libswscale 2. 1. 0 / 2. 1. 0
libpostproc 51. 2. 0 / 51. 2. 0
[asf @ 00378960] Format asf probed with size=2048 and score=100
[asf @ 00378960] gpos mismatch our pos=24, end=26
[asf @ 00378960] gpos mismatch our pos=24, end=3541
[asf @ 00378960] gpos mismatch our pos=24, end=38
[asf @ 00378960] Unsupported value type 1 in tag ASFLeakyBucketPairs.
[asf @ 00378960] gpos mismatch our pos=24, end=246
[asf @ 00378960] gpos mismatch our pos=24, end=38
[wmav2 @ 00379580] Unsupported bit depth: 0
[wmv2 @ 0037F980] Unsupported bit depth: 0
[asf @ 00378960] parser not found for codec wmav2, packets or times may be invalid.
[asf @ 00378960] All info found
rfps: 0.083333 0.001480
Last message repeated 1 times
rfps: 0.166667 0.005922
Last message repeated 1 times
rfps: 0.250000 0.013324
rfps: 24.750000 0.013445
rfps: 24.833333 0.006008
Last message repeated 1 times
rfps: 24.916667 0.001531
Last message repeated 1 times
rfps: 25.000000 0.000015
rfps: 25.083333 0.001460
Last message repeated 1 times
rfps: 25.166667 0.005866
Last message repeated 1 times
rfps: 25.250000 0.013233
rfps: 49.750000 0.013597
rfps: 49.833333 0.006124
Last message repeated 1 times
rfps: 49.916667 0.001612
Last message repeated 1 times
rfps: 50.000000 0.000061
Last message repeated 1 times
rfps: 50.083333 0.001471
Last message repeated 1 times
rfps: 50.166667 0.005841
Last message repeated 1 times
rfps: 50.250000 0.013173
Seems stream 1 codec frame rate differs from container frame rate: 1000.00 (1000/1) -> 25.00 (25/1)
Input #0, asf, from 'ffmpeg-crash-around-frame-60.wmv':
Metadata:
WMFSDKVersion : 11.0.5721.5245
WMFSDKNeeded : 0.0.0.0000
IsVBR : 1
VBR Peak : 84640.0000
Buffer Average : 85140.0000
Encoded_By : Sorenson Squeeze
Encoded_With : Sorenson Squeeze
Duration: 00:01:20.02, start: 0.000000, bitrate: 307 kb/s
Stream #0:0, 9, 1/1000: Audio: wmav2 (a[1][0][0] / 0x0161), 48000 Hz, 2 channels, s16, 128 kb/s
Stream #0:1, 41, 1/1000: Video: wmv2 (WMV2 / 0x32564D57), yuv420p, 1280x720, 1/1000, 18000 kb/s, 25 tbr, 1k tbn, 1k tbc
At least one output file must be specified
Attachments (1)
Change History (9)
by , 12 years ago
| Attachment: | ffmpeg-crash-around-frame-60.wmv added |
|---|
comment:1 by , 12 years ago
| Component: | FFmpeg → avcodec |
|---|---|
| Keywords: | win64 added |
| Priority: | critical → important |
| Reproduced by developer: | set |
| Status: | new → open |
(gdb) r -i ffmpeg-crash-around-frame-60.wmv -vn -f null -
ffmpeg version N-34060-g51bfaa2, Copyright (c) 2000-2011 the FFmpeg developers
built on Oct 26 2011 04:00:05 with gcc 4.7.0 20110827 (experimental)
configuration:
libavutil 51. 22. 0 / 51. 22. 0
libavcodec 53. 23. 0 / 53. 23. 0
libavformat 53. 17. 0 / 53. 17. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 45. 0 / 2. 45. 0
libswscale 2. 1. 0 / 2. 1. 0
[wmav2 @ 00000000003AC980] Warning: not compiled with thread support, using thread emulation
[wmv2 @ 0000000005E26260] Warning: not compiled with thread support, using thread emulation
[asf @ 00000000003ABA90] parser not found for codec wmav2, packets or times may be invalid.
Seems stream 1 codec frame rate differs from container frame rate: 1000.00 (1000/1) -> 25.00 (25/1)
Input #0, asf, from 'ffmpeg-crash-around-frame-60.wmv':
Metadata:
WMFSDKVersion : 11.0.5721.5245
WMFSDKNeeded : 0.0.0.0000
IsVBR : 1
VBR Peak : 8464 ¡║X½½½½½½½½½½½½½½½½■¯■¯■¯■
Buffer Average : 8514 ¡║X½½½½½½½½½½½½½½½½■¯■¯■¯■
Encoded_By : Sorenson Squeeze
Encoded_With : Sorenson Squeeze
Duration: 00:01:20.02, start: 0.000000, bitrate: 153 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 48000 Hz, 2 channels, s16, 128 kb/s
Stream #0:1: Video: wmv2 (WMV2 / 0x32564D57), yuv420p, 1280x720, 18000 kb/s, 25 tbr, 1k tbn, 1k tbc
[pcm_s16le @ 0000000005E275B0] Warning: not compiled with thread support, using thread emulation
[wmav2 @ 00000000003AC980] Warning: not compiled with thread support, using thread emulation
Output #0, null, to 'pipe:':
Metadata:
WMFSDKVersion : 11.0.5721.5245
WMFSDKNeeded : 0.0.0.0000
IsVBR : 1
VBR Peak : 8464 ¡║X½½½½½½½½½½½½½½½½■¯■¯■¯■
Buffer Average : 8514 ¡║X½½½½½½½½½½½½½½½½■¯■¯■¯■
Encoded_By : Sorenson Squeeze
Encoded_With : Sorenson Squeeze
encoder : Lavf53.17.0
Stream #0:0: Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
Stream mapping:
Stream #0.0 -> #0.0 (wmav2 -> pcm_s16le)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x00000000009d5712 in ff_imdct_half_sse.pre ()
(gdb) bt
#0 0x00000000009d5712 in ff_imdct_half_sse.pre ()
#1 0x0000000000000029 in ?? ()
#2 0x0000000000000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x9d56f2 to 0x9d5732:
0x00000000009d56f2 <ff_imdct_half_sse+34>: pop %rcx
0x00000000009d56f3 <ff_imdct_half_sse+35>: and %cl,0x61(%rbx,%rcx,4)
0x00000000009d56f7 <ff_imdct_half_sse+39>: sub %cl,0x1(%rbp)
0x00000000009d56fa <ff_imdct_half_sse+42>: lret
0x00000000009d56fb <ff_imdct_half_sse+43>: add %r9,%r12
0x00000000009d56fe <ff_imdct_half_sse+46>: shr %r9
0x00000000009d5701 <ff_imdct_half_sse+49>: mov 0x8(%rcx),%r10
0x00000000009d5705 <ff_imdct_half_sse+53>: add %r9,%r10
0x00000000009d5708 <ff_imdct_half_sse+56>: sub $0x4,%r9
0x00000000009d570c <ff_imdct_half_sse+60>: xor %rdi,%rdi
0x00000000009d570f <ff_imdct_half_sse+63>: sub %r9,%rdi
=> 0x00000000009d5712 <ff_imdct_half_sse.pre+0>: movaps (%r8,%r9,4),%xmm0
0x00000000009d5717 <ff_imdct_half_sse.pre+5>: movaps -0x10(%r8,%rdi,4),%xmm1
0x00000000009d571d <ff_imdct_half_sse.pre+11>: movaps %xmm0,%xmm2
0x00000000009d5720 <ff_imdct_half_sse.pre+14>: shufps $0x88,%xmm1,%xmm0
0x00000000009d5724 <ff_imdct_half_sse.pre+18>: shufps $0x77,%xmm2,%xmm1
0x00000000009d5728 <ff_imdct_half_sse.pre+22>: movlps (%r11,%r9,2),%xmm4
0x00000000009d572d <ff_imdct_half_sse.pre+27>: movlps (%r12,%r9,2),%xmm5
End of assembler dump.
(gdb) info all-registers
rax 0x5ee42b0 99500720
rbx 0x5ee12ac 99488428
rcx 0x5ee42b0 99500720
rdx 0x5ee12ac 99488428
rsi 0x400 1024
rdi 0xfffffffffffffc04 -1020
rbp 0x5ee02ac 0x5ee02ac
rsp 0x22dd30 0x22dd30
r8 0x5edd2ac 99472044
r9 0x3fc 1020
r10 0x5efd580 99603840
r11 0x5e5f540 98956608
r12 0x5e60540 98960704
r13 0x0 0
r14 0x29 41
r15 0x5ed3dd0 99433936
rip 0x9d5712 0x9d5712 <ff_imdct_half_sse.pre>
eflags 0x10293 [ CF AF SF IF RF ]
cs 0x33 51
ss 0x293002b 43188267
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x2b0000 2818048
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 9 (raw 0x40029000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 1584.893192461114 (raw 0x4009c61c95085b309b42)
st7 3.2000000000000002 (raw 0x4000ccccccccccccd000)
fctrl 0x420037f 69206911
fstat 0x420 1056
ftag 0x5d80000 98041856
fiseg 0x33 51
fioff 0xa55c40 10837056
foseg 0x2b 43
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
comment:2 by , 12 years ago
Looks like an alignment issue
try to compile with --enable-memalign-hack and report back if that helped
comment:3 by , 12 years ago
--enable-memalign-hack does not help:
(gdb) break ff_imdct_half_sse
Breakpoint 1 at 0x9d7560
(gdb) break ff_imdct_half_sse.pre
Breakpoint 2 at 0x9d75a2
(gdb) r -i ffmpeg-crash-around-frame-60.wmv -vn -f null -
ffmpeg version N-34276-g02fa529, Copyright (c) 2000-2011 the FFmpeg developers
built on Oct 30 2011 17:33:40 with gcc 4.7.0 20110827 (experimental)
configuration: --enable-memalign-hack
libavutil 51. 22. 0 / 51. 22. 0
libavcodec 53. 25. 0 / 53. 25. 0
libavformat 53. 18. 0 / 53. 18. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 45. 1 / 2. 45. 1
libswscale 2. 1. 0 / 2. 1. 0
[wmav2 @ 0000000005B15BC0] Warning: not compiled with thread support, using thread emulation
[wmv2 @ 0000000005B16580] Warning: not compiled with thread support, using thread emulation
[asf @ 000000000032BAE0] parser not found for codec wmav2, packets or times may be invalid.
Seems stream 1 codec frame rate differs from container frame rate: 1000.00 (1000/1) -> 25.00 (25/1)
Input #0, asf, from 'ffmpeg-crash-around-frame-60.wmv':
Metadata:
WMFSDKVersion : 11.0.5721.5245
WMFSDKNeeded : 0.0.0.0000
IsVBR : 1
VBR Peak : 8464 ¡║¯½½½½½½½½½½½½½½½½■¯■¯■¯■
Buffer Average : 8514 ¡║¯½½½½½½½½½½½½½½½½■¯■¯■¯■
Encoded_By : Sorenson Squeeze
Encoded_With : Sorenson Squeeze
Duration: 00:01:20.02, start: 0.000000, bitrate: 153 kb/s
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 48000 Hz, 2 channels, s16, 128 kb/s
Stream #0:1: Video: wmv2 (WMV2 / 0x32564D57), yuv420p, 1280x720, 18000 kb/s, 25 tbr, 1k tbn, 1k tbc
[pcm_s16le @ 0000000005B74400] Warning: not compiled with thread support, using thread emulation
[wmav2 @ 0000000005B15BC0] Warning: not compiled with thread support, using thread emulation
Output #0, null, to 'pipe:':
Metadata:
WMFSDKVersion : 11.0.5721.5245
WMFSDKNeeded : 0.0.0.0000
IsVBR : 1
VBR Peak : 8464 ¡║¯½½½½½½½½½½½½½½½½■¯■¯■¯■
Buffer Average : 8514 ¡║¯½½½½½½½½½½½½½½½½■¯■¯■¯■
Encoded_By : Sorenson Squeeze
Encoded_With : Sorenson Squeeze
encoder : Lavf53.18.0
Stream #0:0: Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
Stream mapping:
Stream #0.0 -> #0.0 (wmav2 -> pcm_s16le)
Press [q] to stop, [?] for help
Breakpoint 1, 0x00000000009d7560 in ff_imdct_half_sse ()
(gdb) bt
#0 0x00000000009d7560 in ff_imdct_half_sse ()
#1 0x00000000009d4779 in ff_imdct_calc_sse (s=<optimized out>,
output=0x5b51a3c, input=<optimized out>) at libavcodec/x86/fft_sse.c:89
#2 0x00000000007464d5 in wma_decode_block (s=0x5b45560)
at libavcodec/wmadec.c:756
#3 0x0000000000000000 in ?? ()
(gdb) disass $pc,$pc+128
Dump of assembler code from 0x9d7560 to 0x9d75e0:
=> 0x00000000009d7560 <ff_imdct_half_sse+0>: push %rdi
0x00000000009d7561 <ff_imdct_half_sse+1>: push %rsi
0x00000000009d7562 <ff_imdct_half_sse+2>: sub $0x30,%rsp
0x00000000009d7566 <ff_imdct_half_sse+6>: movaps %xmm7,0x18(%rsp)
0x00000000009d756b <ff_imdct_half_sse+11>: movaps %xmm6,0x8(%rsp)
0x00000000009d7570 <ff_imdct_half_sse+16>: push %r12
0x00000000009d7572 <ff_imdct_half_sse+18>: push %r13
0x00000000009d7574 <ff_imdct_half_sse+20>: push %r14
0x00000000009d7576 <ff_imdct_half_sse+22>: mov 0x18(%rcx),%r9d
0x00000000009d757a <ff_imdct_half_sse+26>: add %r9,%r8
0x00000000009d757d <ff_imdct_half_sse+29>: shr %r9
0x00000000009d7580 <ff_imdct_half_sse+32>: mov 0x20(%rcx),%r11
0x00000000009d7584 <ff_imdct_half_sse+36>: mov 0x28(%rcx),%r12
0x00000000009d7588 <ff_imdct_half_sse+40>: add %r9,%r11
0x00000000009d758b <ff_imdct_half_sse+43>: add %r9,%r12
0x00000000009d758e <ff_imdct_half_sse+46>: shr %r9
0x00000000009d7591 <ff_imdct_half_sse+49>: mov 0x8(%rcx),%r10
0x00000000009d7595 <ff_imdct_half_sse+53>: add %r9,%r10
0x00000000009d7598 <ff_imdct_half_sse+56>: sub $0x4,%r9
0x00000000009d759c <ff_imdct_half_sse+60>: xor %rdi,%rdi
0x00000000009d759f <ff_imdct_half_sse+63>: sub %r9,%rdi
0x00000000009d75a2 <ff_imdct_half_sse.pre+0>: movaps (%r8,%r9,4),%xmm0
0x00000000009d75a7 <ff_imdct_half_sse.pre+5>: movaps -0x10(%r8,%rdi,4),%xmm1
0x00000000009d75ad <ff_imdct_half_sse.pre+11>: movaps %xmm0,%xmm2
0x00000000009d75b0 <ff_imdct_half_sse.pre+14>: shufps $0x88,%xmm1,%xmm0
0x00000000009d75b4 <ff_imdct_half_sse.pre+18>: shufps $0x77,%xmm2,%xmm1
0x00000000009d75b8 <ff_imdct_half_sse.pre+22>: movlps (%r11,%r9,2),%xmm4
0x00000000009d75bd <ff_imdct_half_sse.pre+27>: movlps (%r12,%r9,2),%xmm5
0x00000000009d75c2 <ff_imdct_half_sse.pre+32>: movhps -0x8(%r11,%rdi,2),%xmm4
0x00000000009d75c8 <ff_imdct_half_sse.pre+38>: movhps -0x8(%r12,%rdi,2),%xmm5
0x00000000009d75ce <ff_imdct_half_sse.pre+44>: movaps %xmm0,%xmm2
0x00000000009d75d1 <ff_imdct_half_sse.pre+47>: movaps %xmm1,%xmm3
0x00000000009d75d4 <ff_imdct_half_sse.pre+50>: mulps %xmm5,%xmm0
0x00000000009d75d7 <ff_imdct_half_sse.pre+53>: mulps %xmm4,%xmm1
0x00000000009d75da <ff_imdct_half_sse.pre+56>: mulps %xmm4,%xmm2
0x00000000009d75dd <ff_imdct_half_sse.pre+59>: mulps %xmm5,%xmm3
End of assembler dump.
(gdb) info registers
rax 0x3e95a40 65624640
rbx 0x3e92a3c 65612348
rcx 0x3e95a40 65624640
rdx 0x3e92a3c 65612348
rsi 0x400 1024
rdi 0x1000 4096
rbp 0x3e91a3c 0x3e91a3c
rsp 0x22dd68 0x22dd68
r8 0x3e8da3c 65591868
r9 0x38d780 3725184
r10 0x800 2048
r11 0x4 4
r12 0x0 0
r13 0x0 0
r14 0x29 41
r15 0x3e85560 65557856
rip 0x9d7560 0x9d7560 <ff_imdct_half_sse>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x206002b 33947691
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x2b0000 2818048
(gdb) s
Single stepping until exit from function ff_imdct_half_sse,
which has no line number information.
Breakpoint 2, 0x00000000009d75a2 in ff_imdct_half_sse.pre ()
(gdb) bt
#0 0x00000000009d75a2 in ff_imdct_half_sse.pre ()
#1 0x0000000000000029 in ?? ()
#2 0x0000000000000000 in ?? ()
(gdb) info registers
rax 0x3e95a40 65624640
rbx 0x3e92a3c 65612348
rcx 0x3e95a40 65624640
rdx 0x3e92a3c 65612348
rsi 0x400 1024
rdi 0xfffffffffffffc04 -1020
rbp 0x3e91a3c 0x3e91a3c
rsp 0x22dd10 0x22dd10
r8 0x3e8ea3c 65595964
r9 0x3fc 1020
r10 0x38e660 3728992
r11 0x3efaca0 66038944
r12 0x3efbca0 66043040
r13 0x0 0
r14 0x29 41
r15 0x3e85560 65557856
rip 0x9d75a2 0x9d75a2 <ff_imdct_half_sse.pre>
eflags 0x293 [ CF AF SF IF ]
cs 0x33 51
ss 0x293002b 43188267
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x2b0000 2818048
xmm0 = 0
(gdb) s
Single stepping until exit from function ff_imdct_half_sse.pre,
which has no line number information.
Program received signal SIGSEGV, Segmentation fault.
0x00000000009d75a2 in ff_imdct_half_sse.pre ()
(gdb) bt
#0 0x00000000009d75a2 in ff_imdct_half_sse.pre ()
#1 0x0000000000000029 in ?? ()
#2 0x0000000000000000 in ?? ()
comment:4 by , 12 years ago
I've been able to determine it's not an alignment issue.
Looks like a bad count, memory overrun, or similiar and results in access violation.
All I have is the raw assembly starting from avcodec_decode_video2 and can't tell you much more than this about it at the moment. This occurs deep in and after 52 iterations of some code at a higher level.
Registers at time of crash:
EAX = 0536F96C EBX = 00000053 ECX = 00000008 EDX = 0BC7116D ESI = 0000000A
EDI = 000000A6 EIP = 0A3D8B84 ESP = 0536F8F0 EBP = 00000053 EFL = 00000297
EDX is bad in the 10th loop of the following: ESI contains the count
0A3D8A20 55 push ebp
0A3D8A21 57 push edi
0A3D8A22 56 push esi
0A3D8A23 53 push ebx
0A3D8A24 8B 5C 24 18 mov ebx,dword ptr [esp+18h]
0A3D8A28 85 DB test ebx,ebx
0A3D8A2A 0F 8E 5A 01 00 00 jle 0A3D8B8A
0A3D8A30 31 F6 xor esi,esi
LOOP:
0A3D8A32 0F B6 3A movzx edi,byte ptr [edx] ; crash right here
0A3D8A35 0F B6 5A 01 movzx ebx,byte ptr [edx+1]
0A3D8A39 0F B6 6A FF movzx ebp,byte ptr [edx-1]
0A3D8A3D 01 FB add ebx,edi
0A3D8A3F 0F B6 7A 02 movzx edi,byte ptr [edx+2]
0A3D8A43 8D 1C DB lea ebx,[ebx+ebx*8]
0A3D8A46 01 EF add edi,ebp
0A3D8A48 29 FB sub ebx,edi
...................
...................
...................
0A3D8B4E 88 58 06 mov byte ptr [eax+6],bl
0A3D8B51 0F B6 7A 07 movzx edi,byte ptr [edx+7]
0A3D8B55 0F B6 5A 08 movzx ebx,byte ptr [edx+8]
0A3D8B59 0F B6 6A 06 movzx ebp,byte ptr [edx+6]
0A3D8B5D 01 FB add ebx,edi
0A3D8B5F 0F B6 7A 09 movzx edi,byte ptr [edx+9]
0A3D8B63 8D 1C DB lea ebx,[ebx+ebx*8]
0A3D8B66 03 54 24 14 add edx,dword ptr [esp+14h]
0A3D8B6A 01 EF add edi,ebp
0A3D8B6C 29 FB sub ebx,edi
0A3D8B6E 83 C3 08 add ebx,8
0A3D8B71 C1 FB 04 sar ebx,4
0A3D8B74 0F B6 9B 80 13 02 0B movzx ebx,byte ptr [ebx+0B021380h]
0A3D8B7B 88 58 07 mov byte ptr [eax+7],bl
0A3D8B7E 01 C8 add eax,ecx
0A3D8B80 3B 74 24 18 cmp esi,dword ptr [esp+18h]
0A3D8B84 0F 85 A8 FE FF FF jne 0A3D8A32
0A3D8B8A 5B pop ebx
.....................
.....................
comment:5 by , 12 years ago
| Owner: | removed |
|---|
comment:8 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Does not crash with a current zeranoe build.
this video also demonstrates the problem