[Ffmpeg-devel] segfault in ff_mpeg1_find_frame_end()

Måns Rullgård mru
Sun Apr 10 20:37:24 CEST 2005


Stefan Lucke <stefan at lucke.in-berlin.de> writes:

> Hi,
>
> We are developing a plugin for vdr named softdevice. Plugins homepage
> is at http://softdevice.berlios.de .
>
> I get a segfault in function mentioned in subject. The segfault happens
> when there is a transition in aspect ratio from 16:9 to 4:3. It happens not
> when the stream is played the first time but when its played the 3rd time.
> But this may vary (segfault may happen at the first time too).

That makes me suspect a problem in your code.  Could you be
accidentally using a freed buffer?  Maybe a race between threads.

> To ensure that it has nothing to with PADDING bytes I added extra
> code that mallocs and copies data before decoding and zeros
> from "data+size" FF_INPUT_BUFFER_PADDING_SIZE bytes.
>
> I'm using ffmpeg cvs version from today.
>
> What could be done to track down the cause of segfault?

Can the crash be reproduced using the "ffmpeg" command?

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 655401 (LWP 4847)]
> 0x4046d1d1 in ff_mpeg1_find_frame_end () from /usr/local/lib/libavcodec.so
> (gdb) bt
> #0  0x4046d1d1 in ff_mpeg1_find_frame_end () from /usr/local/lib/libavcodec.so

The stack trace isn't very useful without line numbers.

> and the following at the first try when using  statically linked ffmpegs libs:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 245776 (LWP 5433)]
> mpeg1_decode_picture (avctx=0x8368fc8, buf=0x86dc258 <Address 0x86dc258 out of bounds>, buf_size=18921) at bswap.h:30
> 30      {
> (gdb) bt
> #0  mpeg1_decode_picture (avctx=0x8368fc8, buf=0x86dc258 <Address 0x86dc258 out of bounds>, buf_size=18921) at bswap.h:30
> #1  0x4045a799 in mpeg_decode_frame (avctx=0x8368fc8, data=0x8451340, data_size=0x489dfe54, buf=0x86dc190 <Address 0x86dc190 out of bounds>,
>     buf_size=19121) at mpeg12.c:3023
> #2  0x40364fc4 in avcodec_decode_video (avctx=0x8368fc8, picture=0x8451340, got_picture_ptr=0x489dfe54, buf=0x8432180 "", buf_size=2039) at utils.c:593
> #3  0x4035f199 in cVideoStreamDecoder::DecodePacket(AVPacket*) (this=0x8440b48, pkt=0x8444d4c) at mpeg2decoder.c:497

This looks like an unrelated crash.

-- 
M?ns Rullg?rd
mru at inprovide.com





More information about the ffmpeg-devel mailing list