[FFmpeg-trac] #2677(avcodec:open): Crash when trying to read a .tta audio file (was: ffplay crashes when trying to read a .tta audio file)
FFmpeg
trac at avcodec.org
Sun Jun 16 19:22:40 CEST 2013
#2677: Crash when trying to read a .tta audio file
-------------------------------------+-------------------------------------
Reporter: cyril | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: tta crash | Blocked By:
SIGSEGV regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: FFplay => avcodec
* priority: normal => important
* keywords: => tta crash SIGSEGV regression
Comment:
Regression since 55121f3
{{{
(gdb) r -i music.ape.tta
Starting program: ffmpeg_g -i music.ape.tta
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-54046-g3b86174 Copyright (c) 2000-2013 the FFmpeg
developers
built on Jun 16 2013 19:20:08 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --disable-indev=jack
libavutil 52. 37.101 / 52. 37.101
libavcodec 55. 16.100 / 55. 16.100
libavformat 55. 8.103 / 55. 8.103
libavdevice 55. 2.100 / 55. 2.100
libavfilter 3. 77.101 / 3. 77.101
libswscale 2. 3.100 / 2. 3.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 3.100 / 52. 3.100
Program received signal SIGSEGV, Segmentation fault.
0x00000000005babe2 in tta_read_packet (s=<optimized out>,
pkt=0x7fffffffd190) at libavformat/tta.c:159
159 size = st->index_entries[c->currentframe].size;
(gdb) bt
#0 0x00000000005babe2 in tta_read_packet (s=<optimized out>,
pkt=0x7fffffffd190)
at libavformat/tta.c:159
#1 0x00000000005c0a52 in ff_read_packet (s=s at entry=0x1692020,
pkt=pkt at entry=0x7fffffffd190)
at libavformat/utils.c:791
#2 0x00000000005c2970 in read_frame_internal (s=s at entry=0x1692020,
pkt=pkt at entry=0x7fffffffd3b0)
at libavformat/utils.c:1443
#3 0x00000000005c5d4e in avformat_find_stream_info (ic=0x1692020,
options=0x1693880)
at libavformat/utils.c:2904
#4 0x00000000004637f9 in open_input_file (o=o at entry=0x7fffffffd760,
filename=<optimized out>)
at ffmpeg_opt.c:814
#5 0x000000000045e2f2 in open_files (inout=<optimized out>,
inout at entry=0xc6f47f "input",
open_file=open_file at entry=0x463450 <open_input_file>, l=<optimized
out>, l=<optimized out>)
at ffmpeg_opt.c:2483
#6 0x0000000000464b89 in ffmpeg_parse_options (argc=argc at entry=3,
argv=argv at entry=0x7fffffffddf8)
at ffmpeg_opt.c:2520
#7 0x000000000045be38 in main (argc=3, argv=0x7fffffffddf8) at
ffmpeg.c:3361
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5babc2 to 0x5bac02:
0x00000000005babc2 <tta_read_packet+34>: mov (%rax),%esp
0x00000000005babc4 <tta_read_packet+36>: mov $0xdfb9b0bb,%eax
0x00000000005babc9 <tta_read_packet+41>: jge 0x5bac1b
<tta_read_packet+123>
0x00000000005babcb <tta_read_packet+43>: mov 0x1e0(%r12),%rcx
0x00000000005babd3 <tta_read_packet+51>: lea (%rdx,%rdx,2),%rax
0x00000000005babd7 <tta_read_packet+55>: mov 0x20(%rdi),%rdi
0x00000000005babdb <tta_read_packet+59>: mov %rsi,%rbp
0x00000000005babde <tta_read_packet+62>: lea (%rcx,%rax,8),%rax
=> 0x00000000005babe2 <tta_read_packet+66>: mov 0x10(%rax),%edx
0x00000000005babe5 <tta_read_packet+69>: sar $0x2,%edx
0x00000000005babe8 <tta_read_packet+72>: callq 0x5bfbd0
<av_get_packet>
0x00000000005babed <tta_read_packet+77>: mov 0x4(%rbx),%ecx
0x00000000005babf0 <tta_read_packet+80>: mov 0x1e0(%r12),%rsi
0x00000000005babf8 <tta_read_packet+88>: movslq %ecx,%rdx
0x00000000005babfb <tta_read_packet+91>: lea (%rdx,%rdx,2),%rdx
0x00000000005babff <tta_read_packet+95>: lea (%rsi,%rdx,8),%rdx
End of assembler dump.
(gdb) info register
rax 0x0 0
rbx 0x1692600 23668224
rcx 0x0 0
rdx 0x0 0
rsi 0x7fffffffd190 140737488343440
rdi 0x169a720 23701280
rbp 0x7fffffffd190 0x7fffffffd190
rsp 0x7fffffffd040 0x7fffffffd040
r8 0x0 0
r9 0x8 8
r10 0x0 0
r11 0x19 25
r12 0x16926c0 23668416
r13 0x8000000000000000 -9223372036854775808
r14 0x8000000000000000 -9223372036854775808
r15 0x0 0
rip 0x5babe2 0x5babe2 <tta_read_packet+66>
eflags 0x10287 [ CF PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2677#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list