[FFmpeg-trac] #2093(avcodec:new): ffplay: crash when seeking with the mouse

FFmpeg trac at avcodec.org
Thu Jan 3 17:10:00 CET 2013


#2093: ffplay: crash when seeking with the mouse
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV leak                       |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by ami_stuff):

 > (or --disable-pthreads --disable-w32threads)?

 still crashes

 {{{
 (gdb) r -threads 2 problem.rm
 The program being debugged has been started already.
 Start it from the beginning? (y or n) y

 Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe
 -threads 2
 problem.rm
 [New Thread 1048.0x60c]
 [New Thread 1048.0x5a4]
 [New Thread 1048.0x698]
 [New Thread 1048.0x7ec]
 [New Thread 1048.0x594]
 [New Thread 1048.0x72c]
 [New Thread 1048.0x188]
 [New Thread 1048.0x7e8]

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 1048.0x188]
 0x006797f3 in ff_MPV_frame_end (s=0x4d7de18) at
 libavcodec/mpegvideo.c:1592
 1592        s->last_lambda_for [s->pict_type] =
 s->current_picture_ptr->f.qualit
 y;
 (gdb) bt
 #0  0x006797f3 in ff_MPV_frame_end (s=0x4d7de18)
     at libavcodec/mpegvideo.c:1592
 #1  0x009c8047 in ff_rv34_decode_frame (avctx=0x4d57810, data=0x4dc26f8,
     got_picture_ptr=0xc69fefc, avpkt=0xc69fbf0) at libavcodec/rv34.c:1656
 #2  0x005617a4 in avcodec_decode_video2 (avctx=0x4d57810,
 picture=0x4dc26f8,
     got_picture_ptr=0xc69fefc, avpkt=0xc69fe90) at libavcodec/utils.c:1621
 #3  0x00402245 in get_video_frame (serial=<optimized out>,
     pkt=<optimized out>, pts=<optimized out>, frame=<optimized out>,
     is=<optimized out>) at ffplay.c:1663
 #4  video_thread (arg=0x4b90020) at ffplay.c:1837
 #5  0x681097ee in SDL_RunThread (data=0x52108a8)
     at ./src/thread/SDL_thread.c:204
 #6  0x681327d3 in RunThread (data=0x5295fe8)
     at ./src/thread/win32/SDL_systhread.c:74
 #7  RunThreadViaBeginThreadEx (data=0x5295fe8)
     at ./src/thread/win32/SDL_systhread.c:95
 #8  0x77c2a3b0 in msvcrt!_endthreadex () from
 C:\WINDOWS\system32\msvcrt.dll
 #9  0x7c80b729 in KERNEL32!GetModuleFileNameA ()
    from C:\WINDOWS\system32\kernel32.dll
 #10 0x00000000 in ?? ()
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x6797d3 to 0x679813:
    0x006797d3 <ff_MPV_frame_end+39>:    add    %eax,(%eax)
    0x006797d5 <ff_MPV_frame_end+41>:    add    %ch,%al
    0x006797d7 <ff_MPV_frame_end+43>:    dec    %ecx
    0x006797d8 <ff_MPV_frame_end+44>:    addl   $0xffffffa8,0x0(%esi)
    0x006797dc <ff_MPV_frame_end+48>:    add    %esi,0xf(%edx,%eax,1)
    0x006797e0 <ff_MPV_frame_end+52>:    ja     0x67976d
 <ff_MPV_frame_start+2705
 >
    0x006797e2 <ff_MPV_frame_end+54>:    andl
 $0xffffff83,-0x76ffffec(%eax)
    0x006797e9 <ff_MPV_frame_end+61>:    test   $0x14,%al
    0x006797eb <ff_MPV_frame_end+63>:    add    %al,(%eax)
    0x006797ed <ff_MPV_frame_end+65>:    mov    0x1400(%ebx),%edx
 => 0x006797f3 <ff_MPV_frame_end+71>:    mov    0xa8(%edx),%ecx
    0x006797f9 <ff_MPV_frame_end+77>:    mov    %ecx,0x14c0(%ebx,%eax,4)
    0x00679800 <ff_MPV_frame_end+84>:    cmp    $0x3,%eax
    0x00679803 <ff_MPV_frame_end+87>:    je     0x67980b
 <ff_MPV_frame_end+95>
    0x00679805 <ff_MPV_frame_end+89>:    mov    %eax,0x14ac(%ebx)
    0x0067980b <ff_MPV_frame_end+95>:    mov    0x38(%ebx),%esi
    0x0067980e <ff_MPV_frame_end+98>:    test   %esi,%esi
    0x00679810 <ff_MPV_frame_end+100>:   je     0x679898
 <ff_MPV_frame_end+236>
 End of assembler dump.
 (gdb) info all-registers
 eax            0x1      1
 ecx            0x0      0
 edx            0x0      0
 ebx            0x4d7de18        81255960
 esp            0xc69fa90        0xc69fa90
 ebp            0x108    0x108
 esi            0x0      0
 edi            0xaa0    2720
 eip            0x6797f3 0x6797f3 <ff_MPV_frame_end+71>
 eflags         0x10202  [ IF RF ]
 cs             0x1b     27
 ss             0x23     35
 ds             0x23     35
 es             0x23     35
 fs             0x3b     59
 gs             0x0      0
 st0            -nan(0x001010101)        (raw 0xffff0000000001010101)
 st1            0        (raw 0x00000000000000000000)
 st2            0        (raw 0x00000000000000000000)
 st3            0        (raw 0x00000000000000000000)
 st4            0        (raw 0x00000000000000000000)
 st5            0        (raw 0x00000000000000000000)
 st6            1000000  (raw 0x4012f424000000000000)
 st7            1357229218.46875 (raw 0x401da1cb5944f0000000)
 fctrl          0xffff027f       -64897
 fstat          0xffff0020       -65504
 ftag           0xffffffff       -1
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0xffff0000       -65536
 fooff          0x0      0
 fop            0x0      0
 xmm0           {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0,
 0x8b,
     0x4, 0x68, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
     0x7c91, 0x0, 0x48b, 0x68, 0x4000, 0x1db, 0x7c91}, v4_int32 =
 {0x7c919c0c,
     0x48b0000, 0x40000068, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
     0x7c9101db40000068}, uint128 = 0x7c9101db40000068048b00007c919c0c}
 xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0xc0, 0x27, 0x13, 0x68, 0x88, 0x0,
 0x0,
     0x0, 0x0, 0x0, 0x0, 0x0, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x27c0,
     0x6813, 0x88, 0x0, 0x0, 0x0, 0x9ffa, 0x7c91}, v4_int32 = {0x681327c0,
     0x88, 0x0, 0x7c919ffa}, v2_int64 = {0x88681327c0, 0x7c919ffa00000000},
   uint128 = 0x7c919ffa0000000000000088681327c0}
 xmm2           {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0,
 0x8b,
     0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
     0x7c91, 0x0, 0x48b, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 =
 {0x7c919c0c,
     0x48b0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
     0x7c9101db40000060}, uint128 = 0x7c9101db40000060048b00007c919c0c}
 xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0x20, 0x17, 0x23, 0x5, 0x8, 0x0, 0x0,
     0x0, 0x0, 0x14, 0x23, 0x5, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 =
 {0x1720,
     0x523, 0x8, 0x0, 0x1400, 0x523, 0x9ffa, 0x7c91}, v4_int32 =
 {0x5231720,
     0x8, 0x5231400, 0x7c919ffa}, v2_int64 = {0x805231720,
     0x7c919ffa05231400}, uint128 = 0x7c919ffa052314000000000805231720}
 xmm4           {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0,
 0x8b,
     0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
     0x7c91, 0x0, 0x48b, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 =
 {0x7c919c0c,
     0x48b0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
     0x7c9101db40000060}, uint128 = 0x7c9101db40000060048b00007c919c0c}
 xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
   v16_int8 = {0x20, 0x17, 0x23, 0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x14, 0x23,
     0x5, 0x4c, 0x7, 0x0, 0x0}, v8_int16 = {0x1720, 0x523, 0x10, 0x0,
 0x1400,
     0x523, 0x74c, 0x0}, v4_int32 = {0x5231720, 0x10, 0x5231400, 0x74c},
   v2_int64 = {0x1005231720, 0x74c05231400},
   uint128 = 0x0000074c052314000000001005231720}
 xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
   v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x50, 0xfd, 0x4, 0x5, 0x91, 0x25, 0x13,
     0x68, 0xa4, 0xfa, 0x4, 0x5}, v8_int16 = {0x0, 0x0, 0xfd50, 0x504,
 0x2591,
     0x6813, 0xfaa4, 0x504}, v4_int32 = {0x0, 0x504fd50, 0x68132591,
     0x504faa4}, v2_int64 = {0x504fd5000000000, 0x504faa468132591},
   uint128 = 0x0504faa4681325910504fd5000000000}
 xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
     0x8000000000000000}, v16_int8 = {0x6b, 0x54, 0xad, 0x0, 0xa4, 0xff,
 0x4,
     0x5, 0x94, 0x5c, 0xc2, 0x77, 0x70, 0x20, 0xc0, 0x77}, v8_int16 =
 {0x546b,
     0xad, 0xffa4, 0x504, 0x5c94, 0x77c2, 0x2070, 0x77c0}, v4_int32 = {
     0xad546b, 0x504ffa4, 0x77c25c94, 0x77c02070}, v2_int64 = {
     0x504ffa400ad546b, 0x77c0207077c25c94},
   uint128 = 0x77c0207077c25c940504ffa400ad546b}
 mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
 mm0            {uint64 = 0x1010101, v2_int32 = {0x1010101, 0x0}, v4_int16
 = {
     0x101, 0x101, 0x0, 0x0}, v8_int8 = {0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0,
     0x0}}
 mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
     0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
 mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
     0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
 mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
     0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
 mm4            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
     0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
 mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
     0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
 mm6            {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000},
   v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
     0x0, 0x24, 0xf4}}
 mm7            {uint64 = 0xa1cb5944f0000000, v2_int32 = {0xf0000000,
     0xa1cb5944}, v4_int16 = {0x0, 0xf000, 0x5944, 0xa1cb}, v8_int8 = {0x0,
     0x0, 0x0, 0xf0, 0x44, 0x59, 0xcb, 0xa1}}
 (gdb)
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2093#comment:10>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list