[FFmpeg-trac] #2677(avcodec:open): Crash when trying to read a .tta audio file (was: ffplay crashes when trying to read a .tta audio file)

FFmpeg trac at avcodec.org
Sun Jun 16 19:22:40 CEST 2013


#2677: Crash when trying to read a .tta audio file
-------------------------------------+-------------------------------------
             Reporter:  cyril        |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  tta crash    |               Blocked By:
  SIGSEGV regression                 |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  FFplay => avcodec
 * priority:  normal => important
 * keywords:   => tta crash SIGSEGV regression


Comment:

 Regression since 55121f3
 {{{
 (gdb) r -i music.ape.tta
 Starting program: ffmpeg_g -i music.ape.tta
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-54046-g3b86174 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Jun 16 2013 19:20:08 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --disable-indev=jack
   libavutil      52. 37.101 / 52. 37.101
   libavcodec     55. 16.100 / 55. 16.100
   libavformat    55.  8.103 / 55.  8.103
   libavdevice    55.  2.100 / 55.  2.100
   libavfilter     3. 77.101 /  3. 77.101
   libswscale      2.  3.100 /  2.  3.100
   libswresample   0. 17.102 /  0. 17.102
   libpostproc    52.  3.100 / 52.  3.100

 Program received signal SIGSEGV, Segmentation fault.
 0x00000000005babe2 in tta_read_packet (s=<optimized out>,
 pkt=0x7fffffffd190) at libavformat/tta.c:159
 159         size = st->index_entries[c->currentframe].size;
 (gdb) bt
 #0  0x00000000005babe2 in tta_read_packet (s=<optimized out>,
 pkt=0x7fffffffd190)
     at libavformat/tta.c:159
 #1  0x00000000005c0a52 in ff_read_packet (s=s at entry=0x1692020,
 pkt=pkt at entry=0x7fffffffd190)
     at libavformat/utils.c:791
 #2  0x00000000005c2970 in read_frame_internal (s=s at entry=0x1692020,
 pkt=pkt at entry=0x7fffffffd3b0)
     at libavformat/utils.c:1443
 #3  0x00000000005c5d4e in avformat_find_stream_info (ic=0x1692020,
 options=0x1693880)
     at libavformat/utils.c:2904
 #4  0x00000000004637f9 in open_input_file (o=o at entry=0x7fffffffd760,
 filename=<optimized out>)
     at ffmpeg_opt.c:814
 #5  0x000000000045e2f2 in open_files (inout=<optimized out>,
 inout at entry=0xc6f47f "input",
     open_file=open_file at entry=0x463450 <open_input_file>, l=<optimized
 out>, l=<optimized out>)
     at ffmpeg_opt.c:2483
 #6  0x0000000000464b89 in ffmpeg_parse_options (argc=argc at entry=3,
 argv=argv at entry=0x7fffffffddf8)
     at ffmpeg_opt.c:2520
 #7  0x000000000045be38 in main (argc=3, argv=0x7fffffffddf8) at
 ffmpeg.c:3361
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x5babc2 to 0x5bac02:
    0x00000000005babc2 <tta_read_packet+34>:     mov    (%rax),%esp
    0x00000000005babc4 <tta_read_packet+36>:     mov    $0xdfb9b0bb,%eax
    0x00000000005babc9 <tta_read_packet+41>:     jge    0x5bac1b
 <tta_read_packet+123>
    0x00000000005babcb <tta_read_packet+43>:     mov    0x1e0(%r12),%rcx
    0x00000000005babd3 <tta_read_packet+51>:     lea    (%rdx,%rdx,2),%rax
    0x00000000005babd7 <tta_read_packet+55>:     mov    0x20(%rdi),%rdi
    0x00000000005babdb <tta_read_packet+59>:     mov    %rsi,%rbp
    0x00000000005babde <tta_read_packet+62>:     lea    (%rcx,%rax,8),%rax
 => 0x00000000005babe2 <tta_read_packet+66>:     mov    0x10(%rax),%edx
    0x00000000005babe5 <tta_read_packet+69>:     sar    $0x2,%edx
    0x00000000005babe8 <tta_read_packet+72>:     callq  0x5bfbd0
 <av_get_packet>
    0x00000000005babed <tta_read_packet+77>:     mov    0x4(%rbx),%ecx
    0x00000000005babf0 <tta_read_packet+80>:     mov    0x1e0(%r12),%rsi
    0x00000000005babf8 <tta_read_packet+88>:     movslq %ecx,%rdx
    0x00000000005babfb <tta_read_packet+91>:     lea    (%rdx,%rdx,2),%rdx
    0x00000000005babff <tta_read_packet+95>:     lea    (%rsi,%rdx,8),%rdx
 End of assembler dump.
 (gdb) info register
 rax            0x0      0
 rbx            0x1692600        23668224
 rcx            0x0      0
 rdx            0x0      0
 rsi            0x7fffffffd190   140737488343440
 rdi            0x169a720        23701280
 rbp            0x7fffffffd190   0x7fffffffd190
 rsp            0x7fffffffd040   0x7fffffffd040
 r8             0x0      0
 r9             0x8      8
 r10            0x0      0
 r11            0x19     25
 r12            0x16926c0        23668416
 r13            0x8000000000000000       -9223372036854775808
 r14            0x8000000000000000       -9223372036854775808
 r15            0x0      0
 rip            0x5babe2 0x5babe2 <tta_read_packet+66>
 eflags         0x10287  [ CF PF SF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2677#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list