[Ffmpeg-devel] [BUG] Crash when providing -coder ac parameter

Panagiotis Issaris takis.issaris
Thu Mar 29 14:45:43 CEST 2007


Hi,

I've noticed that providing the -coder ac parameter causes FFmpeg to 
segfault:
takis at issaris:/usr/local/src/rw/ffmpeg$ ./ffmpeg -i 
/mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
FFmpeg version SVN-r8548, Copyright (c) 2000-2007 Fabrice Bellard, et al.
   configuration: --enable-gpl --enable-x11grab
   libavutil version: 49.4.0
   libavcodec version: 51.40.2
   libavformat version: 51.11.0
   built on Mar 29 2007 14:38:46, gcc: 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Input #0, avi, from '/mnt/video/test-704x576.avi':
   Duration: 00:00:04.0, start: 0.000000, bitrate: 68141 kb/s
   Stream #0.0: Video: ffvhuff, yuv420p, 704x576, 25.00 fps(r)
Segmentation fault (core dumped)

It appears that it is not a problem with the AC coder by itself, but 
purely a parameter parsing problem.

I haven't really looked at the cause yet, but I wanted to send the 
bugreport first, in case others would not want to miss the joy of 
searching for it ;-)

takis at issaris:/usr/local/src/rw/ffmpeg$ gdb ./ffmpeg_g
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) r -i /mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
Starting program: /usr/local/src/rw/ffmpeg/ffmpeg_g -i 
/mnt/video/test-704x576.avi -vcodec ffv1 -coder ac /tmp/test.avi
FFmpeg version SVN-r8548, Copyright (c) 2000-2007 Fabrice Bellard, et al.
   configuration: --enable-gpl --enable-x11grab
   libavutil version: 49.4.0
   libavcodec version: 51.40.2
   libavformat version: 51.11.0
   built on Mar 29 2007 14:38:46, gcc: 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Input #0, avi, from '/mnt/video/test-704x576.avi':
   Duration: 00:00:04.0, start: 0.000000, bitrate: 68141 kb/s
   Stream #0.0: Video: ffvhuff, yuv420p, 704x576, 25.00 fps(r)

Program received signal SIGSEGV, Segmentation fault.
0xb7d14688 in strcmp () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb7d14688 in strcmp () from /lib/tls/i686/cmov/libc.so.6
#1  0x0821e581 in av_set_string (obj=0x8583cb0, name=0xbf81f6c4 "coder", 
val=0xbf81f6ca "ac") at opt.c:39
#2  0x0805922a in opt_default (opt=0xbf81f6c4 "coder", arg=0xbf81f6ca 
"ac") at ffmpeg.c:3503
#3  0x08063613 in parse_options (argc=8, argv=0xbf81d514, 
options=0x83dc080) at cmdutils.c:104
#4  0x08061384 in main (argc=8, argv=0xbf81d514) at ffmpeg.c:3765

(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xb7d14668 to 0xb7d146a8:
0xb7d14668 <strchr+344>:        inc    %eax
0xb7d14669 <strchr+345>:        shr    $0x10,%ecx
0xb7d1466c <strchr+348>:        test   %cl,%cl
0xb7d1466e <strchr+350>:        je     0xb7d14675 <strchr+357>
0xb7d14670 <strchr+352>:        cmp    %dl,%cl
0xb7d14672 <strchr+354>:        je     0xb7d1464a <strchr+314>
0xb7d14674 <strchr+356>:        inc    %eax
0xb7d14675 <strchr+357>:        pop    %edi
0xb7d14676 <strchr+358>:        ret
0xb7d14677 <_fini+454451>:      nop
0xb7d14678 <_fini+454452>:      nop
0xb7d14679 <_fini+454453>:      nop
0xb7d1467a <_fini+454454>:      nop
0xb7d1467b <_fini+454455>:      nop
0xb7d1467c <_fini+454456>:      nop
0xb7d1467d <_fini+454457>:      nop
0xb7d1467e <_fini+454458>:      nop
0xb7d1467f <_fini+454459>:      nop
0xb7d14680 <strcmp+0>:  mov    0x4(%esp),%ecx
0xb7d14684 <strcmp+4>:  mov    0x8(%esp),%edx
0xb7d14688 <strcmp+8>:  mov    (%ecx),%al
0xb7d1468a <strcmp+10>: cmp    (%edx),%al
0xb7d1468c <strcmp+12>: jne    0xb7d14697 <strcmp+23>
0xb7d1468e <strcmp+14>: inc    %ecx
0xb7d1468f <strcmp+15>: inc    %edx
0xb7d14690 <strcmp+16>: test   %al,%al
0xb7d14692 <strcmp+18>: jne    0xb7d14688 <strcmp+8>
0xb7d14694 <strcmp+20>: xor    %eax,%eax
0xb7d14696 <strcmp+22>: ret
0xb7d14697 <strcmp+23>: mov    $0x1,%eax
0xb7d1469c <strcmp+28>: mov    $0xffffffff,%ecx
0xb7d146a1 <strcmp+33>: cmovb  %ecx,%eax
0xb7d146a4 <strcmp+36>: ret
0xb7d146a5 <_fini+454497>:      nop
0xb7d146a6 <_fini+454498>:      nop
0xb7d146a7 <_fini+454499>:      nop
End of assembler dump.

 
                                (gdb) info all-registers
eax            0x0      0
ecx            0x0      0
edx            0x83f4516        138364182
ebx            0x83f4516        138364182
esp            0xbf81cbec       0xbf81cbec
ebp            0xbf81f6cc       0xbf81f6cc
esi            0x83f0970        138348912
edi            0xbf81cc7c       -1082012548
eip            0xb7d14688       0xb7d14688 <strcmp+8>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            1        (raw 0x3fff8000000000000000)
st7            nan(0xc000000000000000)  (raw 0x7fffc000000000000000)
fctrl          0x37f    895
fstat          0x4020   16416
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x821e52f        136439087
foseg          0x7b     123
fooff          0xbf81cc30       -1082012624
fop            0x675    1653
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}, v4_int32 = {
     0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 
0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7            {uint64 = 0xc000000000000000, v2_int32 = {0x0, 
0xc0000000}, v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}

With friendly regards,
Takis




More information about the ffmpeg-devel mailing list