[FFmpeg-trac] #1846(undetermined:new): mpeg2 crash with lowres

FFmpeg trac at avcodec.org
Wed Oct 24 20:29:26 CEST 2012 

#1846: mpeg2 crash with lowres
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 the sample from tickets #186 / #254 can crash ffmpeg when lowres is
 enabled

 http://ffmpeg.org/trac/ffmpeg/raw-attachment/ticket/186/t.mpg

 {{{
 Starting program: d:\mingw\msys\1.0\ffmpeg-head-4f92d31\ffmpeg_g.exe
 -cpuflags 0
  -vlowres 1 -i t.mpg -an -f null -
 [New Thread 3732.0xea8]
 ffmpeg version 0.11.1.git-4f92d31 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on Aug 28 2012 14:56:41 with gcc 4.6.1 (GCC)
   configuration: --disable-ffprobe --disable-ffplay --enable-gpl
   libavutil      51. 70.100 / 51. 70.100
   libavcodec     54. 54.100 / 54. 54.100
   libavformat    54. 25.104 / 54. 25.104
   libavdevice    54.  2.100 / 54.  2.100
   libavfilter     3. 13.101 /  3. 13.101
   libswscale      2.  1.101 /  2.  1.101
   libswresample   0. 15.100 /  0. 15.100
   libpostproc    52.  0.100 / 52.  0.100
 [mp3 @ 044484a0] Header missing
 [mpeg2video @ 04458a80] allocate dummy last picture for field based first
 keyfra
 me
 [mpeg2video @ 04458a80] invalid cbp at 21 0

 Program received signal SIGSEGV, Segmentation fault.
 0x00596f4b in ff_emulated_edge_mc_8 (buf=0x4474420 '\200' <repeats 17
 times>,
     src=0x482c0e6 <Address 0x482c0e6 out of bounds>, linesize=224,
     block_w=17, block_h=17, src_x=22, src_y=<optimized out>, w=17, h=72)
     at libavcodec/dsputil_template.c:167
 167             memcpy(buf, src, w*sizeof(pixel));
 (gdb) bt
 #0  0x00596f4b in ff_emulated_edge_mc_8 (
     buf=0x4474420 '\200' <repeats 17 times>,
     src=0x482c0e6 <Address 0x482c0e6 out of bounds>, linesize=224,
     block_w=17, block_h=17, src_x=22, src_y=<optimized out>, w=17, h=72)
     at libavcodec/dsputil_template.c:167
 #1  0x006697bc in mpeg_motion_lowres (mb_y=3, h=4, motion_y=73876091,
     motion_x=73865147, pix_op=0x44609f8, ref_picture=<optimized out>,
     field_select=0, bottom_field=0, field_based=0,
     dest_cr=0x44a3c7c '\200' <repeats 100 times>"\210,
 ŹĺĺĽô\220Źć\201zuwxyzz{|}
 \200\177}|~}{zxyyxvutsqqrrsromnnnnikosy~\201\200\201\200\177~{zyxxwvuvvvvuuuusss
 svrv\201\200\201äů", '\200' <repeats 12 times>...,
     dest_cb=0x44a11bc '\200' <repeats 100 times>,
 "{wuvssssy}éć\210çůäćććć\201\2
 01\201\201ććůů\210\210\210\210ëëëëîîőőĆÄîőîŹĆ\220ĺ\220ÄîůůůůëŐőî\220ôŚÜľĽĹîůëîŹő
 \220ĆÄŹőőĽćëŐ\210\203", '\200' <repeats 12 times>...,
     dest_y=0x44991c8 '\200' <repeats 200 times>..., s=0x445efa0)
     at libavcodec/mpegvideo.c:1926
 #2  MPV_motion_lowres (s=0x445efa0,
     dest_y=0x44991c8 '\200' <repeats 200 times>...,
     dest_cb=0x44a11bc '\200' <repeats 100 times>,
 "{wuvssssy}éć\210çůäćććć\201\2
 01\201\201ććůů\210\210\210\210ëëëëîîőőĆÄîőîŹĆ\220ĺ\220ÄîůůůůëŐőî\220ôŚÜľĽĹîůëîŹő
 \220ĆÄŹőőĽćëŐ\210\203", '\200' <repeats 12 times>...,
     dest_cr=0x44a3c7c '\200' <repeats 100 times>"\210,
 ŹĺĺĽô\220Źć\201zuwxyzz{|}
 \200\177}|~}{zxyyxvutsqqrrsromnnnnikosy~\201\200\201\200\177~{zyxxwvuvvvvuuuusss
 svrv\201\200\201äů", '\200' <repeats 12 times>..., dir=0,
     ref_picture=0x445f358, pix_op=0x44609f8) at
 libavcodec/mpegvideo.c:2121
 #3  0x00674ea2 in MPV_decode_mb_internal (is_mpeg12=1, lowres_flag=1,
     block=0x436ed60, s=0x445efa0) at libavcodec/mpegvideo.c:2378
 #4  ff_MPV_decode_mb (s=0x445efa0, block=0x436ed60)
     at libavcodec/mpegvideo.c:2524
 #5  0x00720199 in mpeg_decode_slice (s=0x445efa0, mb_y=71692192,
     buf=0x22f4a8, buf_size=1860) at libavcodec/mpeg12.c:1781
 #6  0x00725723 in decode_chunks (avctx=0x4458a80, picture=0x22f5e0,
     data_size=0x22f7d8, buf=0x4504580 "", buf_size=13912)
     at libavcodec/mpeg12.c:2534
 #7  0x00725d9b in mpeg_decode_frame (avctx=0x4458a80, data=0x22f5e0,
     data_size=0x22f7d8, avpkt=0x22f558) at libavcodec/mpeg12.c:2281
 #8  0x0055847f in avcodec_decode_video2 (avctx=0x4458a80,
 picture=0x22f5e0,
     got_picture_ptr=0x22f7d8, avpkt=0x22f770) at libavcodec/utils.c:1512
 #9  0x0047bbf2 in try_decode_frame (st=0x4452d40, avpkt=<optimized out>,
     options=<optimized out>) at libavformat/utils.c:2377
 #10 0x004839c0 in avformat_find_stream_info (ic=0x436d560,
 options=0x4448880)
     at libavformat/utils.c:2749
 #11 0x004056d7 in opt_input_file (optctx=0x22fd68, opt=0x43627fb "i",
     filename=<optimized out>) at ffmpeg_opt.c:770
 #12 0x00415467 in parse_option (optctx=0x22fd68, opt=<optimized out>,
     arg=0x43627fd "t.mpg", options=0xb7faa0) at cmdutils.c:320
 #13 0x004156d6 in parse_options (optctx=0x22fd68, argc=11,
     argv=<optimized out>, options=0xb7faa0,
     parse_arg_function=0x40616c <opt_output_file>) at cmdutils.c:353
 #14 0x00b0d946 in main (argc=11, argv=<optimized out>) at ffmpeg.c:3126
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1846>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list