Opened 7 years ago
Closed 6 years ago
#7013 closed defect (fixed)
Floating point exception on adpcm_ms remuxing
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | mov crash fpe regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Reported by forum user neebah
FFmpeg crashes when remuxing adpcm_ms since d4e0130e4655cafa2123062330f5db1aeade1ef2
$ ffmpeg -f lavfi -i sine=d=1 -acodec adpcm_ms out.avi
(gdb) r -i out.avi -acodec copy out.mov
Starting program: ffmpeg_g -i out.avi -acodec copy out.mov
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-89982-g81d6501 Copyright (c) 2000-2018 the FFmpeg developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 56. 7.100 / 56. 7.100
libavcodec 58. 10.100 / 58. 10.100
libavformat 58. 9.100 / 58. 9.100
libavdevice 58. 1.100 / 58. 1.100
libavfilter 7. 11.101 / 7. 11.101
libswscale 5. 0.101 / 5. 0.101
libswresample 3. 0.101 / 3. 0.101
libpostproc 55. 0.100 / 55. 0.100
[avi @ 0x2088400] Estimating duration from bitrate, this may be inaccurate
Guessed Channel Layout for Input Stream #0.0 : mono
Input #0, avi, from 'out.avi':
Metadata:
encoder : Lavf58.7.100
Duration: 00:00:01.47, start: 0.000000, bitrate: 159 kb/s
Stream #0:0: Audio: adpcm_ms ([2][0][0][0] / 0x0002), 44100 Hz, mono, s16, 176 kb/s
[mov @ 0x208b6c0] Using MS style audio codec tag, the file may be unplayable!
Output #0, mov, to 'out.mov':
Metadata:
encoder : Lavf58.9.100
Stream #0:0: Audio: adpcm_ms ([2][0][0][0] / 0x0002), 44100 Hz, mono, s16, 176 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Press [q] to stop, [?] for help
Program received signal SIGFPE, Arithmetic exception.
0x00000000006c247b in mov_write_stsz_tag (pb=0x208dd80, track=<optimized out>) at libavformat/movenc.c:178
178 tst = track->cluster[i].size / track->cluster[i].entries;
(gdb) bt
#0 0x00000000006c247b in mov_write_stsz_tag (pb=0x208dd80, track=<optimized out>) at libavformat/movenc.c:178
#1 mov_write_stbl_tag (track=<optimized out>, mov=0x208bd40, pb=0x208dd80, s=0x208b6c0) at libavformat/movenc.c:2398
#2 mov_write_minf_tag (track=<optimized out>, mov=0x208bd40, pb=0x208dd80, s=0x208b6c0) at libavformat/movenc.c:2642
#3 mov_write_mdia_tag (track=<optimized out>, mov=0x208bd40, pb=0x208dd80, s=0x208b6c0) at libavformat/movenc.c:2696
#4 mov_write_trak_tag (st=0x208c5c0, track=<optimized out>, mov=0x208bd40, pb=0x208dd80, s=0x208b6c0) at libavformat/movenc.c:3072
#5 mov_write_moov_tag (pb=<optimized out>, mov=0x208bd40, s=0x208b6c0) at libavformat/movenc.c:3869
#6 0x00000000006c7c2d in mov_write_trailer (s=0x208b6c0) at libavformat/movenc.c:6533
#7 0x00000000006e3e84 in av_write_trailer (s=s@entry=0x208b6c0) at libavformat/mux.c:1276
#8 0x00000000004a7015 in transcode () at fftools/ffmpeg.c:4674
#9 0x00000000004856e2 in main (argc=<optimized out>, argv=0x7fffffffdd38) at fftools/ffmpeg.c:4843
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6c245b to 0x6c249b:
0x00000000006c245b <mov_write_moov_tag+3675>: jge 0x6c2479 <mov_write_moov_tag+3705>
0x00000000006c245d <mov_write_moov_tag+3677>: mov %rbp,%rcx
0x00000000006c2460 <mov_write_moov_tag+3680>: lea 0x28(%rbp,%rdx,8),%r10
0x00000000006c2465 <mov_write_moov_tag+3685>: jmp 0x6c2479 <mov_write_moov_tag+3705>
0x00000000006c2467 <mov_write_moov_tag+3687>: nopw 0x0(%rax,%rax,1)
0x00000000006c2470 <mov_write_moov_tag+3696>: mov 0x10(%rcx),%eax
0x00000000006c2473 <mov_write_moov_tag+3699>: mov 0x1c(%rcx),%edi
0x00000000006c2476 <mov_write_moov_tag+3702>: mov %r12d,%r8d
0x00000000006c2479 <mov_write_moov_tag+3705>: xor %edx,%edx
=> 0x00000000006c247b <mov_write_moov_tag+3707>: div %edi
0x00000000006c247d <mov_write_moov_tag+3709>: cmp %r8d,%eax
0x00000000006c2480 <mov_write_moov_tag+3712>: mov %eax,%r12d
0x00000000006c2483 <mov_write_moov_tag+3715>: je 0x6c248d <mov_write_moov_tag+3725>
0x00000000006c2485 <mov_write_moov_tag+3717>: cmp $0xffffffff,%r8d
0x00000000006c2489 <mov_write_moov_tag+3721>: cmovne %r11d,%r9d
0x00000000006c248d <mov_write_moov_tag+3725>: add $0x28,%rcx
0x00000000006c2491 <mov_write_moov_tag+3729>: add %edi,%esi
0x00000000006c2493 <mov_write_moov_tag+3731>: cmp %r10,%rcx
0x00000000006c2496 <mov_write_moov_tag+3734>: jne 0x6c2470 <mov_write_moov_tag+3696>
0x00000000006c2498 <mov_write_moov_tag+3736>: test %r9d,%r9d
End of assembler dump.
(gdb) info register
rax 0x200 512
rbx 0x208e580 34137472
rcx 0x2099220 34181664
rdx 0x0 0
rsi 0x0 0
rdi 0x0 0
rbp 0x2099220 0x2099220
rsp 0x7fffffffd410 0x7fffffffd410
r8 0xffffffff 4294967295
r9 0x1 1
r10 0x2099900 34183424
r11 0x0 0
r12 0x1 1
r13 0x5aaf 23215
r14 0x5acb 23243
r15 0x208dd80 34135424
rip 0x6c247b 0x6c247b <mov_write_moov_tag+3707>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
Note:
See TracTickets
for help on using tickets.
Fixed by Michael in 3a2d21bc5f97aa0161db3ae731fc2732be6108b8