Opened 12 years ago

Closed 12 years ago

#837 closed defect (fixed)

crash with pam file generated by ffmpeg

Reported by: ami_stuff Owned by:
Priority: important Component: avcodec
Version: unspecified Keywords: pam pnm gray
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

https://ffmpeg.org/trac/ffmpeg/attachment/ticket/833/gray.png

ffmpeg -i gray.png out.pam

ffmpeg -i out.pam out.bmp

(gdb) r -i out.pam out.bmp
Starting program: F:\MinGW\msys\1.0\ffmpeg-HEAD-834f80d/ffmpeg_g.exe -i out.pam
out.bmp
[New Thread 3540.0x2d8]
ffmpeg version 0.9.0.git-834f80d, Copyright (c) 2000-2011 the FFmpeg developers
  built on Dec 22 2011 14:07:40 with gcc 4.5.2
  configuration: --disable-ffplay --disable-ffserver --disable-asm --disable-yas
m --disable-shared --enable-static
  libavutil      51. 32.100 / 51. 32.100
  libavcodec     53. 47.100 / 53. 47.100
  libavformat    53. 28.100 / 53. 28.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 53.  0 /  2. 53.  0
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  5.100 /  0.  0.100

Program received signal SIGFPE, Arithmetic exception.
0x006f0147 in pnm_decode_frame (avctx=0x3d5ef98, data=0x22f828,
    data_size=0x22faf8, avpkt=0x22f948) at libavcodec/pnmdec.c:128
128                     unsigned int j, f = (255 * 128 + s->maxval / 2) / s->max
val;
(gdb) bt
#0  0x006f0147 in pnm_decode_frame (avctx=0x3d5ef98, data=0x22f828,
    data_size=0x22faf8, avpkt=0x22f948) at libavcodec/pnmdec.c:128
#1  0x005091f2 in avcodec_decode_video2 (avctx=0x3d5ef98, picture=0x22f828,
    got_picture_ptr=0x22faf8, avpkt=0x22f948) at libavcodec/utils.c:953
#2  0x0043d9e1 in try_decode_frame (ic=0x3d58b60, options=0x3d60ff0)
    at libavformat/utils.c:2258
#3  avformat_find_stream_info (ic=0x3d58b60, options=0x3d60ff0)
    at libavformat/utils.c:2558
#4  0x0040c2d2 in opt_input_file (o=0x22fd98, opt=0x3d60d38 "i",
    filename=<value optimized out>) at ffmpeg.c:3485
#5  0x00410ea2 in parse_option (optctx=0x22fd98, opt=<value optimized out>,
    arg=0x3d60d3a "out.pam", options=0xa3b460) at cmdutils.c:293
#6  0x00411250 in parse_options (optctx=0x22fd98, argc=4,
    argv=<value optimized out>, options=0xa3b460,
    parse_arg_function=0x40dbbc <opt_output_file>) at cmdutils.c:326
#7  0x0040f41a in main (argc=4, argv=<value optimized out>) at ffmpeg.c:4865
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6f0127 to 0x6f0167:
   0x006f0127 <pnm_decode_frame+1095>:  sub    0x4(%ebx),%eax
   0x006f012a <pnm_decode_frame+1098>:  add    $0x4c,%esp
   0x006f012d <pnm_decode_frame+1101>:  pop    %ebx
   0x006f012e <pnm_decode_frame+1102>:  pop    %esi
   0x006f012f <pnm_decode_frame+1103>:  pop    %edi
   0x006f0130 <pnm_decode_frame+1104>:  pop    %ebp
   0x006f0131 <pnm_decode_frame+1105>:  ret
   0x006f0132 <pnm_decode_frame+1106>:  mov    0x130(%ebx),%ecx
   0x006f0138 <pnm_decode_frame+1112>:  mov    %ecx,%eax
   0x006f013a <pnm_decode_frame+1114>:  shr    $0x1f,%eax
   0x006f013d <pnm_decode_frame+1117>:  add    %ecx,%eax
   0x006f013f <pnm_decode_frame+1119>:  sar    %eax
   0x006f0141 <pnm_decode_frame+1121>:  add    $0x7f80,%eax
   0x006f0146 <pnm_decode_frame+1126>:  cltd
=> 0x006f0147 <pnm_decode_frame+1127>:  idiv   %ecx
   0x006f0149 <pnm_decode_frame+1129>:  mov    0x18(%esp),%edx
   0x006f014d <pnm_decode_frame+1133>:  test   %edx,%edx
   0x006f014f <pnm_decode_frame+1135>:  je     0x6f0174 <pnm_decode_frame+1172>
   0x006f0151 <pnm_decode_frame+1137>:  xor    %edx,%edx
   0x006f0153 <pnm_decode_frame+1139>:  mov    0x18(%esp),%edi
   0x006f0157 <pnm_decode_frame+1143>:  jmp    0x6f015e <pnm_decode_frame+1150>
   0x006f0159 <pnm_decode_frame+1145>:  lea    0x0(%esi),%esi
   0x006f015c <pnm_decode_frame+1148>:  mov    (%ebx),%esi
   0x006f015e <pnm_decode_frame+1150>:  movzbl (%esi,%edx,1),%ecx
   0x006f0162 <pnm_decode_frame+1154>:  imul   %eax,%ecx
   0x006f0165 <pnm_decode_frame+1157>:  add    $0x40,%ecx
End of assembler dump.
(gdb) info all-registers
eax            0x7f80   32640
ecx            0x0      0
edx            0x0      0
ebx            0x3d61290        64361104
esp            0x22f690 0x22f690
ebp            0x4480020        0x4480020
esi            0x43b0067        70975591
edi            0x3d5ef98        64352152
eip            0x6f0147 0x6f0147 <pnm_decode_frame+1127>
eflags         0x10202  [ IF RF ]
cs             0x1b     27
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x3b     59
gs             0x0      0
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            -1       (raw 0xbfff8000000000000000)
st4            -1       (raw 0xbfff8000000000000000)
st5            9.9999999999999995e-021  (raw 0x3fbcbce5086492111aeb)
st6            1.4411518807585587e+017  (raw 0x40388000000000000000)
st7            3.6028797018963968e+018  (raw 0x403cc800000000000002)
fctrl          0xffff037f       -64641
fstat          0xffff0420       -64480
ftag           0xffffffff       -1
fiseg          0x0      0
fioff          0x0      0
foseg          0xffff0000       -65536
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm5            {uint64 = 0xbce5086492111aeb, v2_int32 = {0x92111aeb,
    0xbce50864}, v4_int16 = {0x1aeb, 0x9211, 0x864, 0xbce5}, v8_int8 = {0xeb,
    0x1a, 0x11, 0x92, 0x64, 0x8, 0xe5, 0xbc}}
mm6            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
  v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x80}}
mm7            {uint64 = 0xc800000000000002, v2_int32 = {0x2, 0xc8000000},
  v4_int16 = {0x2, 0x0, 0x0, 0xc800}, v8_int8 = {0x2, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0xc8}}

Change History (6)

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: undeterminedavcodec
Keywords: pam pnm gray added
Priority: normalimportant
Reproduced by developer: set
Status: newopen

comment:2 by Frank Vernaillen, 12 years ago

I can reproduce the crash and am volunteering to try and fix it.

The intermediate file out.pam seems fine, by the way.

comment:3 by Carl Eugen Hoyos, 12 years ago

I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253

Please feel free to comment on or improve / fix the patch!

in reply to:  3 ; comment:4 by Frank Vernaillen, 12 years ago

Replying to cehoyos:

I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253

Please feel free to comment on or improve / fix the patch!

Competition is fierce for the low-hanging fruit, it seems :-)
That is indeed the fix.

in reply to:  4 comment:5 by Carl Eugen Hoyos, 12 years ago

Replying to WhiteViking:

Replying to cehoyos:

I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253

Please feel free to comment on or improve / fix the patch!

Competition is fierce for the low-hanging fruit, it seems :-)

Please do not let this discourage you!

Since it takes me time to

  • download the sample
  • look if the issue is valid at all
  • test with current FFmpeg
  • test with earlier versions
  • reconsider if I still believe the issue to be valid
  • ...

I usually try to fix problems that look simple enough;-(

comment:6 by Carl Eugen Hoyos, 12 years ago

Resolution: fixed
Status: openclosed

Fixed in current git head.

Note: See TracTickets for help on using tickets.