[Ffmpeg-devel] [BUG] Crash when providing -coder ac parameter
Panagiotis Issaris
takis.issaris
Thu Mar 29 14:45:43 CEST 2007
Hi,
I've noticed that providing the -coder ac parameter causes FFmpeg to
segfault:
takis at issaris:/usr/local/src/rw/ffmpeg$ ./ffmpeg -i
/mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
FFmpeg version SVN-r8548, Copyright (c) 2000-2007 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-x11grab
libavutil version: 49.4.0
libavcodec version: 51.40.2
libavformat version: 51.11.0
built on Mar 29 2007 14:38:46, gcc: 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Input #0, avi, from '/mnt/video/test-704x576.avi':
Duration: 00:00:04.0, start: 0.000000, bitrate: 68141 kb/s
Stream #0.0: Video: ffvhuff, yuv420p, 704x576, 25.00 fps(r)
Segmentation fault (core dumped)
It appears that it is not a problem with the AC coder by itself, but
purely a parameter parsing problem.
I haven't really looked at the cause yet, but I wanted to send the
bugreport first, in case others would not want to miss the joy of
searching for it ;-)
takis at issaris:/usr/local/src/rw/ffmpeg$ gdb ./ffmpeg_g
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) r -i /mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
Starting program: /usr/local/src/rw/ffmpeg/ffmpeg_g -i
/mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
FFmpeg version SVN-r8548, Copyright (c) 2000-2007 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-x11grab
libavutil version: 49.4.0
libavcodec version: 51.40.2
libavformat version: 51.11.0
built on Mar 29 2007 14:38:46, gcc: 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Input #0, avi, from '/mnt/video/test-704x576.avi':
Duration: 00:00:04.0, start: 0.000000, bitrate: 68141 kb/s
Stream #0.0: Video: ffvhuff, yuv420p, 704x576, 25.00 fps(r)
Program received signal SIGSEGV, Segmentation fault.
0xb7d14688 in strcmp () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7d14688 in strcmp () from /lib/tls/i686/cmov/libc.so.6
#1 0x0821e581 in av_set_string (obj=0x8583cb0, name=0xbf81f6c4 "coder",
val=0xbf81f6ca "ac") at opt.c:39
#2 0x0805922a in opt_default (opt=0xbf81f6c4 "coder", arg=0xbf81f6ca
"ac") at ffmpeg.c:3503
#3 0x08063613 in parse_options (argc=8, argv=0xbf81d514,
options=0x83dc080) at cmdutils.c:104
#4 0x08061384 in main (argc=8, argv=0xbf81d514) at ffmpeg.c:3765
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xb7d14668 to 0xb7d146a8:
0xb7d14668 <strchr+344>: inc %eax
0xb7d14669 <strchr+345>: shr $0x10,%ecx
0xb7d1466c <strchr+348>: test %cl,%cl
0xb7d1466e <strchr+350>: je 0xb7d14675 <strchr+357>
0xb7d14670 <strchr+352>: cmp %dl,%cl
0xb7d14672 <strchr+354>: je 0xb7d1464a <strchr+314>
0xb7d14674 <strchr+356>: inc %eax
0xb7d14675 <strchr+357>: pop %edi
0xb7d14676 <strchr+358>: ret
0xb7d14677 <_fini+454451>: nop
0xb7d14678 <_fini+454452>: nop
0xb7d14679 <_fini+454453>: nop
0xb7d1467a <_fini+454454>: nop
0xb7d1467b <_fini+454455>: nop
0xb7d1467c <_fini+454456>: nop
0xb7d1467d <_fini+454457>: nop
0xb7d1467e <_fini+454458>: nop
0xb7d1467f <_fini+454459>: nop
0xb7d14680 <strcmp+0>: mov 0x4(%esp),%ecx
0xb7d14684 <strcmp+4>: mov 0x8(%esp),%edx
0xb7d14688 <strcmp+8>: mov (%ecx),%al
0xb7d1468a <strcmp+10>: cmp (%edx),%al
0xb7d1468c <strcmp+12>: jne 0xb7d14697 <strcmp+23>
0xb7d1468e <strcmp+14>: inc %ecx
0xb7d1468f <strcmp+15>: inc %edx
0xb7d14690 <strcmp+16>: test %al,%al
0xb7d14692 <strcmp+18>: jne 0xb7d14688 <strcmp+8>
0xb7d14694 <strcmp+20>: xor %eax,%eax
0xb7d14696 <strcmp+22>: ret
0xb7d14697 <strcmp+23>: mov $0x1,%eax
0xb7d1469c <strcmp+28>: mov $0xffffffff,%ecx
0xb7d146a1 <strcmp+33>: cmovb %ecx,%eax
0xb7d146a4 <strcmp+36>: ret
0xb7d146a5 <_fini+454497>: nop
0xb7d146a6 <_fini+454498>: nop
0xb7d146a7 <_fini+454499>: nop
End of assembler dump.
(gdb) info all-registers
eax 0x0 0
ecx 0x0 0
edx 0x83f4516 138364182
ebx 0x83f4516 138364182
esp 0xbf81cbec 0xbf81cbec
ebp 0xbf81f6cc 0xbf81f6cc
esi 0x83f0970 138348912
edi 0xbf81cc7c -1082012548
eip 0xb7d14688 0xb7d14688 <strcmp+8>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 1 (raw 0x3fff8000000000000000)
st7 nan(0xc000000000000000) (raw 0x7fffc000000000000000)
fctrl 0x37f 895
fstat 0x4020 16416
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x821e52f 136439087
foseg 0x7b 123
fooff 0xbf81cc30 -1082012624
fop 0x675 1653
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0x8000000000000000, v2_int32 = {0x0,
0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7 {uint64 = 0xc000000000000000, v2_int32 = {0x0,
0xc0000000}, v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}
With friendly regards,
Takis
More information about the ffmpeg-devel
mailing list