[FFmpeg-trac] #2365(avcodec:open): aas4 regression (crash)

FFmpeg trac at avcodec.org
Fri Mar 15 00:51:11 CET 2013


#2365: aas4 regression (crash)
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  aasc         |               Blocked By:
  regression crash SIGSEGV           |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => open
 * reproduced:  0 => 1
 * component:  undetermined => avcodec
 * priority:  normal => important
 * version:  unspecified => git-master
 * keywords:   => aasc regression crash SIGSEGV


Comment:

 Regression since 80e9e63
 {{{
 (gdb) r -i aas4_8bpp.avi -f null -
 Starting program: ffmpeg_g -i aas4_8bpp.avi -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-50945-g1f68bac Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Mar 15 2013 00:47:24 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl --enable-indev=jack
   libavutil      52. 19.100 / 52. 19.100
   libavcodec     55.  0.100 / 55.  0.100
   libavformat    55.  0.100 / 55.  0.100
   libavdevice    55.  0.100 / 55.  0.100
   libavfilter     3. 45.103 /  3. 45.103
   libswscale      2.  2.100 /  2.  2.100
   libswresample   0. 17.102 /  0. 17.102
   libpostproc    52.  2.100 / 52.  2.100
 Input #0, avi, from 'aas4_8bpp.avi':
   Duration: 00:00:12.60, start: 0.000000, bitrate: 3043 kb/s
     Stream #0:0: Video: aasc (AAS4 / 0x34534141), pal8, 320x240, 5 tbr, 5
 tbn, 5 tbc
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf55.0.100
     Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k
 tbn, 5 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (aasc -> rawvideo)
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920,
 pic=<optimized out>)
     at libavcodec/msrledec.c:215
 215                             *output++ = pix[0];
 (gdb) bt
 #0  msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920,
     pic=<optimized out>) at libavcodec/msrledec.c:215
 #1  ff_msrle_decode (avctx=avctx at entry=0x15f5920, pic=pic at entry=0x15fa440,
     depth=depth at entry=8, gb=gb at entry=0x15fa428) at
 libavcodec/msrledec.c:261
 #2  0x0000000000a8ab6c in aasc_decode_frame (avctx=0x15f5920,
 data=0x15f8ec0,
     got_frame=0x7fffffffd87c, avpkt=<optimized out>) at
 libavcodec/aasc.c:104
 #3  0x00000000009a140b in avcodec_decode_video2 (avctx=0x15f5920,
     picture=picture at entry=0x15f8ec0,
     got_picture_ptr=got_picture_ptr at entry=0x7fffffffd87c,
     avpkt=avpkt at entry=0x7fffffffdae0) at libavcodec/utils.c:1915
 #4  0x000000000045d840 in decode_video (ist=ist at entry=0x15f7900,
     pkt=pkt at entry=0x7fffffffdae0,
 got_output=got_output at entry=0x7fffffffd87c)
     at ffmpeg.c:1682
 #5  0x0000000000460d37 in output_packet (pkt=0x7fffffffda80,
 ist=0x15f7900)
     at ffmpeg.c:1877
 #6  process_input (file_index=<optimized out>) at ffmpeg.c:3032
 #7  0x00000000004508d0 in transcode_step () at ffmpeg.c:3128
 #8  transcode () at ffmpeg.c:3180
 #9  main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3357
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x8d07b0 to 0x8d07f0:
    0x00000000008d07b0 <ff_msrle_decode+1792>:   (bad)
    0x00000000008d07b1 <ff_msrle_decode+1793>:   decl   0x29(%rbp)
    0x00000000008d07b4 <ff_msrle_decode+1796>:   retq
    0x00000000008d07b5 <ff_msrle_decode+1797>:   xor    %ecx,%ecx
    0x00000000008d07b7 <ff_msrle_decode+1799>:   test   %r11,%r11
    0x00000000008d07ba <ff_msrle_decode+1802>:   jle    0x8d07c8
 <ff_msrle_decode+1816>
    0x00000000008d07bc <ff_msrle_decode+1804>:   lea    0x2(%r9),%rcx
    0x00000000008d07c0 <ff_msrle_decode+1808>:   mov    %rcx,(%r15)
    0x00000000008d07c3 <ff_msrle_decode+1811>:   movzbl 0x1(%r9),%ecx
    0x00000000008d07c8 <ff_msrle_decode+1816>:   lea    -0x1(%rdx),%edx
    0x00000000008d07cb <ff_msrle_decode+1819>:   lea
 0x1(%rax,%rdx,1),%rdx
 => 0x00000000008d07d0 <ff_msrle_decode+1824>:   mov    %cl,(%rax)
    0x00000000008d07d2 <ff_msrle_decode+1826>:   add    $0x1,%rax
    0x00000000008d07d6 <ff_msrle_decode+1830>:   cmp    %rdx,%rax
    0x00000000008d07d9 <ff_msrle_decode+1833>:   jne    0x8d07d0
 <ff_msrle_decode+1824>
    0x00000000008d07db <ff_msrle_decode+1835>:   mov    (%r15),%r9
    0x00000000008d07de <ff_msrle_decode+1838>:   mov    0x8(%r15),%r11
    0x00000000008d07e2 <ff_msrle_decode+1842>:   add    %ebx,%r14d
    0x00000000008d07e5 <ff_msrle_decode+1845>:   jmpq   0x8d0188
 <ff_msrle_decode+216>
    0x00000000008d07ea <ff_msrle_decode+1850>:   mov    %r11,%rcx
    0x00000000008d07ed <ff_msrle_decode+1853>:   sub    %r8,%rcx
 End of assembler dump.
 (gdb) info register
 rax            0xffffffffd0d4864f       -791378353
 rbx            0xff     255
 rcx            0xa      10
 rdx            0xffffffffd0d4874e       -791378098
 rsi            0x15fa440        23045184
 rdi            0x15f5920        23025952
 rbp            0x8      0x8
 rsp            0x7fffffffd4e0   0x7fffffffd4e0
 r8             0x16056a1        23090849
 r9             0x16056a0        23090848
 r10            0x5aa1   23201
 r11            0x3415   13333
 r12            0xef     239
 r13            0x1      1
 r14            0x0      0
 r15            0x15fa428        23045160
 rip            0x8d07d0 0x8d07d0 <ff_msrle_decode+1824>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2365#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list