Opened 5 years ago

Closed 5 years ago

#627 closed defect (fixed)

ffmpeg crashes when force flic codec with mov file

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

https://ffmpeg.org/trac/ffmpeg/raw-attachment/ticket/626/npgo.mov

$ gdb ffmpeg_g.exe
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from F:\MinGW\msys\1.0\ffmpeg-HEAD-d3bc75c/ffmpeg_g.exe...done.
(gdb) r -vcodec flic -i npgo.mov
Starting program: F:\MinGW\msys\1.0\ffmpeg-HEAD-d3bc75c/ffmpeg_g.exe -vcodec fli
c -i npgo.mov
[New Thread 3524.0xbd4]
ffmpeg version 0.8.5.git-d3bc75c, Copyright (c) 2000-2011 the FFmpeg developers
  built on Nov  6 2011 18:11:47 with gcc 4.5.2
  configuration: --disable-ffplay --disable-ffserver --disable-asm --disable-yas
m --disable-shared --enable-static
  libavutil    51. 23. 0 / 51. 23. 0
  libavcodec   53. 28. 0 / 53. 28. 0
  libavformat  53. 19. 0 / 53. 19. 0
  libavdevice  53.  4. 0 / 53.  4. 0
  libavfilter   2. 47. 0 /  2. 47. 0
  libswscale    2.  1. 0 /  2.  1. 0

Program received signal SIGSEGV, Segmentation fault.
flic_decode_init (avctx=0x41008b0) at libavcodec/flicvideo.c:86
86          s->fli_type = AV_RL16(&fli_header[4]); /* Might be overridden if a M
agic Carpet FLC */
(gdb) bt
#0  flic_decode_init (avctx=0x41008b0) at libavcodec/flicvideo.c:86
#1  0x004f99b7 in avcodec_open2 (avctx=0x41008b0, codec=0xa02420,
    options=0x22fb0c) at libavcodec/utils.c:695
#2  0x00438929 in avformat_find_stream_info (ic=0x3b98ae0, options=0x3ba1680)
    at libavformat/utils.c:2391
#3  0x0040c5f8 in opt_input_file (o=0x22fda8, opt=0x3ba0d69 "i",
    filename=<value optimized out>) at ffmpeg.c:3317
#4  0x0041114a in parse_option (optctx=0x22fda8, opt=<value optimized out>,
    arg=0x3ba0d6b "npgo.mov", options=0xa0d2c0) at cmdutils.c:275
#5  0x004114f8 in parse_options (optctx=0x22fda8, argc=5,
    argv=<value optimized out>, options=0xa0d2c0,
    parse_arg_function=0x40e018 <opt_output_file>) at cmdutils.c:308
#6  0x0040f847 in main (argc=5, argv=<value optimized out>) at ffmpeg.c:4716
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x9d7912 to 0x9d7952:
   0x009d7912 <flic_decode_end+22>:     add    $0x89,%al
   0x009d7914 <flic_decode_end+24>:     add    $0x24,%al
   0x009d7916 <flic_decode_end+26>:     call   *0xf8(%eax)
   0x009d791c <flic_decode_end+32>:     xor    %eax,%eax
   0x009d791e <flic_decode_end+34>:     add    $0x1c,%esp
   0x009d7921 <flic_decode_end+37>:     ret
   0x009d7922 <flic_decode_init+0>:     push   %ebx
   0x009d7923 <flic_decode_init+1>:     sub    $0x18,%esp
   0x009d7926 <flic_decode_init+4>:     mov    0x20(%esp),%eax
   0x009d792a <flic_decode_init+8>:     mov    0x7c(%eax),%ebx
   0x009d792d <flic_decode_init+11>:    mov    0x18(%eax),%ecx
   0x009d7930 <flic_decode_init+14>:    mov    %eax,(%ebx)
=> 0x009d7932 <flic_decode_init+16>:    movzwl 0x4(%ecx),%edx
   0x009d7936 <flic_decode_init+20>:    mov    %edx,0x524(%ebx)
   0x009d793c <flic_decode_init+26>:    mov    0x1c(%eax),%edx
   0x009d793f <flic_decode_init+29>:    cmp    $0xc,%edx
   0x009d7942 <flic_decode_init+32>:    jne    0x9d7952 <flic_decode_init+48>
   0x009d7944 <flic_decode_init+34>:    movl   $0xaf13,0x524(%ebx)
   0x009d794e <flic_decode_init+44>:    mov    $0x8,%dl
   0x009d7950 <flic_decode_init+46>:    jmp    0x9d7981 <flic_decode_init+95>
End of assembler dump.
(gdb) info all-registers
eax            0x41008b0        68159664
ecx            0x0      0
edx            0x0      0
ebx            0x4101190        68161936
esp            0x22f6f0 0x22f6f0
ebp            0x0      0x0
esi            0x41008b0        68159664
edi            0x22f75c 2291548
eip            0x9d7932 0x9d7932 <flic_decode_init+16>
eflags         0x10206  [ PF IF RF ]
cs             0x1b     27
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x3b     59
gs             0x0      0
st0            <invalid float value>    (raw 0x0000b9a49a24b9a4995c)
st1            0        (raw 0x00000000000000000001)
st2            0        (raw 0x99d4badb0d00804dc8c1)
st3            -1       (raw 0xbfff8000000000000000)
st4            -1       (raw 0xbfff8000000000000000)
st5            1        (raw 0x3fff8000000000000000)
st6            1        (raw 0x3fff8000000000000000)
st7            1        (raw 0x3fff8000000000000000)
fctrl          0xffff037f       -64641
fstat          0xffff4020       -49120
ftag           0xffffffff       -1
fiseg          0x0      0
fioff          0x0      0
foseg          0xffff0000       -65536
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xc1, 0xc8, 0x4d, 0x80, 0x8, 0x0, 0x0, 0x0,
    0x82, 0x2, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xc8c1, 0x804d, 0x8, 0x0,
    0x282, 0x0}, v4_int32 = {0x0, 0x804dc8c1, 0x8, 0x282}, v2_int64 = {
    0x804dc8c100000000, 0x28200000008},
  uint128 = 0x0000028200000008804dc8c100000000}
xmm1           {v4_float = {0xffffffff, 0x0, 0x0, 0x0}, v2_double = {0x0,
    0x0}, v16_int8 = {0xd6, 0x99, 0x85, 0xbf, 0xf4, 0x22, 0x0, 0x80, 0x0,
    0x0, 0x0, 0x0, 0x10, 0x9b, 0xa4, 0xb9}, v8_int16 = {0x99d6, 0xbf85,
    0x22f4, 0x8000, 0x0, 0x0, 0x9b10, 0xb9a4}, v4_int32 = {0xbf8599d6,
    0x800022f4, 0x0, 0xb9a49b10}, v2_int64 = {0x800022f4bf8599d6,
    0xb9a49b1000000000}, uint128 = 0xb9a49b1000000000800022f4bf8599d6}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x30, 0x38, 0x8f, 0xe1, 0x10, 0x0, 0x12, 0x0, 0x0, 0x9b, 0xa4,
    0xb9, 0xac, 0x0, 0x0, 0x0}, v8_int16 = {0x3830, 0xe18f, 0x10, 0x12,
    0x9b00, 0xb9a4, 0xac, 0x0}, v4_int32 = {0xe18f3830, 0x120010, 0xb9a49b00,
    0xac}, v2_int64 = {0x120010e18f3830, 0xacb9a49b00},
  uint128 = 0x000000acb9a49b0000120010e18f3830}
xmm3           {v4_float = {0x0, 0x0, 0xffffffff, 0x0}, v2_double = {0x0,
    0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xd0, 0x9b, 0xa4, 0xb9, 0x26, 0x4a,
    0x85, 0xbf, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x9bd0, 0xb9a4,
    0x4a26, 0xbf85, 0x0, 0x0}, v4_int32 = {0x0, 0xb9a49bd0, 0xbf854a26, 0x0},
  v2_int64 = {0xb9a49bd000000000, 0xbf854a26},
  uint128 = 0x00000000bf854a26b9a49bd000000000}
xmm4           {v4_float = {0x0, 0x0, 0xffffffff, 0x0}, v2_double = {0x0,
    0x8000000000000000}, v16_int8 = {0xa6, 0x9c, 0x0, 0x0, 0xd0, 0x9b, 0xa4,
    0xb9, 0x61, 0x4a, 0x85, 0xbf, 0x30, 0x38, 0x8f, 0xe1}, v8_int16 = {
    0x9ca6, 0x0, 0x9bd0, 0xb9a4, 0x4a61, 0xbf85, 0x3830, 0xe18f}, v4_int32 = {
    0x9ca6, 0xb9a49bd0, 0xbf854a61, 0xe18f3830}, v2_int64 = {
    0xb9a49bd000009ca6, 0xe18f3830bf854a61},
  uint128 = 0xe18f3830bf854a61b9a49bd000009ca6}
xmm5           {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
    0x8000000000000000}, v16_int8 = {0x24, 0x9a, 0xa4, 0xb9, 0xd1, 0x4a,
    0x85, 0xbf, 0x0, 0x0, 0x0, 0x1, 0xf8, 0x8c, 0x28, 0xe3}, v8_int16 = {
    0x9a24, 0xb9a4, 0x4ad1, 0xbf85, 0x0, 0x100, 0x8cf8, 0xe328}, v4_int32 = {
    0xb9a49a24, 0xbf854ad1, 0x1000000, 0xe3288cf8}, v2_int64 = {
    0xbf854ad1b9a49a24, 0xe3288cf801000000},
  uint128 = 0xe3288cf801000000bf854ad1b9a49a24}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x30, 0x38, 0x8f, 0xe1, 0x10, 0x0, 0x12, 0x0, 0x0, 0x9b, 0xa4,
    0xb9, 0x14, 0x9a, 0xa4, 0xb9}, v8_int16 = {0x3830, 0xe18f, 0x10, 0x12,
    0x9b00, 0xb9a4, 0x9a14, 0xb9a4}, v4_int32 = {0xe18f3830, 0x120010,
    0xb9a49b00, 0xb9a49a14}, v2_int64 = {0x120010e18f3830,
    0xb9a49a14b9a49b00}, uint128 = 0xb9a49a14b9a49b0000120010e18f3830}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x78, 0x1, 0xe4, 0xbb, 0x0, 0x0, 0x2, 0x0, 0x0, 0xe0, 0xfd,
    0x7f, 0x40, 0x9a, 0xa4, 0xb9}, v8_int16 = {0x178, 0xbbe4, 0x0, 0x2,
    0xe000, 0x7ffd, 0x9a40, 0xb9a4}, v4_int32 = {0xbbe40178, 0x20000,
    0x7ffde000, 0xb9a49a40}, v2_int64 = {0x20000bbe40178,
    0xb9a49a407ffde000}, uint128 = 0xb9a49a407ffde00000020000bbe40178}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0xb9a49a24b9a4995c, v2_int32 = {0xb9a4995c,
    0xb9a49a24}, v4_int16 = {0x995c, 0xb9a4, 0x9a24, 0xb9a4}, v8_int8 = {
    0x5c, 0x99, 0xa4, 0xb9, 0x24, 0x9a, 0xa4, 0xb9}}
mm1            {uint64 = 0x1, v2_int32 = {0x1, 0x0}, v4_int16 = {0x1, 0x0,
    0x0, 0x0}, v8_int8 = {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0xbadb0d00804dc8c1, v2_int32 = {0x804dc8c1,
    0xbadb0d00}, v4_int16 = {0xc8c1, 0x804d, 0xd00, 0xbadb}, v8_int8 = {0xc1,
    0xc8, 0x4d, 0x80, 0x0, 0xd, 0xdb, 0xba}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm5            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm6            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm7            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}

Change History (2)

comment:1 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open
  • Version changed from unspecified to git-master

Patch on ffmpeg-devel.

comment:2 Changed 5 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.