[FFmpeg-devel] Possible crasher bug when decoding unreliable H264 data

Michael Niedermayer michaelni at gmx.at
Fri Jun 21 15:20:47 CEST 2013 

On Fri, Jun 21, 2013 at 04:45:40AM -0700, Mark Stevans wrote:
> On 6/21/2013 3:24 AM, Michael Niedermayer wrote:
> >On Fri, Jun 21, 2013 at 02:21:24AM -0700, Mark Stevans wrote:

[...]

> Am I interpreting the actions of this function correctly?  I am not
> the greatest C programmer in the world, so I could be reading the
> code wrong.

why dont you add av_log/printf and actually look at what actual
values the variables have when the crash happens.
Also you can try -threads 1 to see if its threading related

and dumping the stream to disk and ten cuting the problematic part
out may give a testcase thats easier to work with than waiting hours
for it to occur
    

> 
> And I now have a stack trace (only took two hours to repro the bug):
> 
> ffplay_g!ff_pred8x8_dc_8_mmxext+0x6
> ffplay_g!hl_decode_mb_simple_8(struct H264Context * h =
> 0x00000000`02803cc0)+0xd12
> ffplay_g!ff_h264_hl_decode_mb(struct H264Context * h =
> 0x00000000`02803cc0)+0xfe
> ffplay_g!decode_slice(struct AVCodecContext * avctx =
> 0x00000000`01fede40, void * arg = 0x00000000`03cdfa10)+0x69b
> ffplay_g!execute_decode_slices(struct H264Context * h =
> 0x00000000`02803cc0, int context_count = 0n1)+0x76
> ffplay_g!decode_nal_units(struct H264Context * h =
> 0x00000000`02803cc0, unsigned char * buf = 0x00000000`02e09460 "",
> int buf_size = 0n2740, int parse_extradata = 0n0)+0x1219
> ffplay_g!decode_frame(struct AVCodecContext * avctx =
> 0x00000000`01fede40, void * data = 0x00000000`023f0a50, int *
> got_frame = 0x00000000`023f0cb8, struct AVPacket * avpkt =
> 0x00000000`023f09e0)+0x4bb
> ffplay_g!frame_worker_thread(void * arg = 0x00000000`023f0940)+0x158
> ffplay_g!win32thread_worker(void * arg = 0x00000000`023f0948)+0x39
> MSVCR100!endthreadex+0x43
> MSVCR100!endthreadex+0xdf
> kernel32!BaseThreadInitThunk+0xd
> ntdll!RtlUserThreadStart+0x1d

there are no line numbers

[....]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130621/284da30c/attachment.asc>

More information about the ffmpeg-devel mailing list