Opened 5 years ago

Closed 5 years ago

#807 closed defect (fixed)

zzuf .mve crashes FFMPEG floating point exception

Reported by: oanastratulat Owned by:
Priority: important Component: avformat
Version: git-master Keywords: crash fpe ipmovie
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

==20781== Memcheck, a memory error detector
==20781== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==20781== Using Valgrind-3.6.1-Debian and LibVEX; rerun with -h for copyright info
==20781== Command: ffmpeg -i corruptfile -f null -
==20781==
ffmpeg version N-35989-gaa1c590, Copyright (c) 2000-2011 the FFmpeg developers

built on Dec 20 2011 14:30:54 with gcc 4.6.1
configuration:
libavutil 51. 32. 0 / 51. 32. 0
libavcodec 53. 46. 1 / 53. 46. 1
libavformat 53. 27. 0 / 53. 27. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 53. 0 / 2. 53. 0
libswscale 2. 1. 0 / 2. 1. 0

==20781==
==20781== Process terminating with default action of signal 8 (SIGFPE)
==20781== Integer divide by zero at address 0x4035C6B76
==20781== at 0x493F55: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x49491D: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x502EE4: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x443D95: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x447C80: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x447ED6: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x43A1BC: ??? (in /usr/local/bin/ffmpeg)
==20781== by 0x550930C: (below main) (libc-start.c:226)
==20781==
==20781== HEAP SUMMARY:
==20781== in use at exit: 57,788 bytes in 6 blocks
==20781== total heap usage: 9 allocs, 3 frees, 92,652 bytes allocated
==20781==
==20781== LEAK SUMMARY:
==20781== definitely lost: 0 bytes in 0 blocks
==20781== indirectly lost: 0 bytes in 0 blocks
==20781== possibly lost: 0 bytes in 0 blocks
==20781== still reachable: 57,788 bytes in 6 blocks
==20781== suppressed: 0 bytes in 0 blocks
==20781== Rerun with --leak-check=full to see details of leaked memory
==20781==
==20781== For counts of detected and suppressed errors, rerun with: -v
==20781== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)

Attachments (2)

corruptfile (1.0 MB) - added by oanastratulat 5 years ago.
valgrind (1.9 KB) - added by oanastratulat 5 years ago.

Download all attachments as: .zip

Change History (4)

Changed 5 years ago by oanastratulat

Changed 5 years ago by oanastratulat

comment:1 Changed 5 years ago by cehoyos

  • Component changed from FFmpeg to avformat
  • Keywords crash fpe ipmovie added
  • Reproduced by developer set
  • Status changed from new to open

Please always add backtrace for crashes, especially if valgrind does not show the source of the crash.

(gdb) r -i corruptfile
Starting program: ffmpeg_g -i corruptfile
[Thread debugging using libthread_db enabled]
ffmpeg version N-35987-g6168e58, Copyright (c) 2000-2011 the FFmpeg developers
  built on Dec 20 2011 11:12:48 with gcc 4.5.3
  configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
  libavutil    51. 32. 0 / 51. 32. 0
  libavcodec   53. 46. 1 / 53. 46. 1
  libavformat  53. 27. 0 / 53. 27. 0
  libavdevice  53.  4. 0 / 53.  4. 0
  libavfilter   2. 53. 0 /  2. 53. 0
  libswscale    2.  1. 0 /  2.  1. 0

Program received signal SIGFPE, Arithmetic exception.
0x080b9887 in load_ipmovie_packet (s=0x8dbe020, pb=0x8dc6060, pkt=0xffffca50) at libavformat/ipmovie.c:138
138                 (s->audio_chunk_size / s->audio_channels / (s->audio_bits / 8));
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) r -i corruptfile
Starting program: /home/cehoyos/Projects/FFmpeg/ffmpeg_g -i corruptfile
[Thread debugging using libthread_db enabled]
ffmpeg version N-35987-g6168e58, Copyright (c) 2000-2011 the FFmpeg developers
  built on Dec 20 2011 11:12:48 with gcc 4.5.3
  configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
  libavutil    51. 32. 0 / 51. 32. 0
  libavcodec   53. 46. 1 / 53. 46. 1
  libavformat  53. 27. 0 / 53. 27. 0
  libavdevice  53.  4. 0 / 53.  4. 0
  libavfilter   2. 53. 0 /  2. 53. 0
  libswscale    2.  1. 0 /  2.  1. 0

Program received signal SIGFPE, Arithmetic exception.
0x080b9887 in load_ipmovie_packet (s=0x8dbe020, pb=0x8dc6060, pkt=0xffffca50) at libavformat/ipmovie.c:138
138                 (s->audio_chunk_size / s->audio_channels / (s->audio_bits / 8));
(gdb) bt
#0  0x080b9887 in load_ipmovie_packet (s=0x8dbe020, pb=0x8dc6060, pkt=0xffffca50)
    at libavformat/ipmovie.c:138
#1  0x080b9b3d in process_ipmovie_chunk (s=0x8dbe020, pb=0x8dc6060, pkt=0xffffca50)
    at libavformat/ipmovie.c:223
#2  0x080ba3b4 in ipmovie_read_header (s=0x8dbdaa0, ap=0xffffcb04) at libavformat/ipmovie.c:559
#3  0x081478ca in avformat_open_input (ps=0xffffcc7c, filename=0xffffd274 "corruptfile", fmt=0x0,
    options=0x8d0ad48) at libavformat/utils.c:709
#4  0x080571f4 in opt_input_file (o=0xffffcdc0, opt=0xffffd272 "i", filename=<value optimized out>)
    at ffmpeg.c:3468
#5  0x0805bdc2 in parse_option (optctx=0xffffcdc0, opt=0xffffd272 "i", arg=0xffffd274 "corruptfile",
    options=0x86ef3e0) at cmdutils.c:292
#6  0x0805c07b in parse_options (optctx=0xffffcdc0, argc=3, argv=0xffffd004, options=0x86ef3e0,
    parse_arg_function=0x8058d30 <opt_output_file>) at cmdutils.c:325
#7  0x0805a56f in main (argc=3, argv=0xffffd004) at ffmpeg.c:4865
(gdb) print s->audio_bits
$1 = 0

comment:2 Changed 5 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.