[FFmpeg-trac] #2609(avformat:closed): av_seek_frame crashes on .nut file

FFmpeg trac at avcodec.org
Thu May 30 11:14:14 CEST 2013


#2609: av_seek_frame crashes on .nut file
-------------------------------------+-------------------------------------
             Reporter:  hxuanyu      |                    Owner:
                 Type:  defect       |                   Status:  closed
             Priority:  important    |                Component:  avformat
              Version:  1.1.5        |               Resolution:  fixed
             Keywords:  nut crash    |               Blocked By:
  SIGSEGV regression                 |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * status:  new => closed
 * reproduced:  0 => 1
 * priority:  normal => important
 * version:  unspecified => 1.1.5
 * keywords:   => nut crash SIGSEGV regression
 * resolution:   => fixed


Comment:

 Fixed in origin/release/1.1, thank you for the report!

 For future tickets: Please always also test with ffmpeg (first) and
 ffplay, if they allow to reproduce a problem, it is generally
 significantly easier to test / reproduce / fix the bug.

 {{{
 (gdb) r -ss 1 -i Akon.nut
 Starting program: /home/cehoyos/test/cehoyos/FFmpeg/ffmpeg_g -ss 1 -i
 Akon.nut
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version 1.1.5 Copyright (c) 2000-2013 the FFmpeg developers
   built on May 30 2013 11:10:58 with gcc 4.7 (SUSE Linux)
   configuration:
   libavutil      52. 13.100 / 52. 13.100
   libavcodec     54. 86.100 / 54. 86.100
   libavformat    54. 59.106 / 54. 59.106
   libavdevice    54.  3.102 / 54.  3.102
   libavfilter     3. 32.100 /  3. 32.100
   libswscale      2.  1.103 /  2.  1.103
   libswresample   0. 17.102 /  0. 17.102
 [nut @ 0x1553540] no index at the end
 [nut @ 0x1553540] read_timestamp failed.

 Program received signal SIGSEGV, Segmentation fault.
 ff_read_timestamp (read_timestamp=0x516660 <nut_read_timestamp>,
 pos_limit=9223372036854775807,
     ppos=0x7fffffffd388, stream_index=-1, s=0x1553540) at
 libavformat/utils.c:4347
 4347    }
 (gdb) bt
 #0  ff_read_timestamp (read_timestamp=0x516660 <nut_read_timestamp>,
 pos_limit=9223372036854775807,
     ppos=0x7fffffffd388, stream_index=-1, s=0x1553540) at
 libavformat/utils.c:4347
 #1  ff_gen_search (s=s at entry=0x1553540,
 stream_index=stream_index at entry=-1,
     target_ts=<optimized out>, pos_min=6522, pos_max=15065570,
 pos_limit=15065570, ts_min=0,
     ts_max=301768133, flags=flags at entry=1,
 ts_ret=ts_ret at entry=0x7fffffffd428,
     read_timestamp=read_timestamp at entry=0x516660 <nut_read_timestamp>) at
 libavformat/utils.c:1917
 #2  0x0000000000515b24 in read_seek (s=0x1553540, stream_index=<optimized
 out>,
     pts=<optimized out>, flags=1) at libavformat/nutdec.c:985
 #3  0x0000000000564279 in seek_frame_internal (s=s at entry=0x1553540,
 stream_index=0,
     stream_index at entry=-1, timestamp=30, timestamp at entry=1000000,
 flags=flags at entry=1)
     at libavformat/utils.c:2060
 #4  0x0000000000564f29 in av_seek_frame (flags=1, timestamp=1000000,
 stream_index=-1, s=0x1553540)
     at libavformat/utils.c:2080
 #5  avformat_seek_file (s=s at entry=0x1553540,
 stream_index=stream_index at entry=-1,
     min_ts=-9223372036854775808, ts=ts at entry=1000000,
 max_ts=max_ts at entry=1000000,
     flags=flags at entry=0) at libavformat/utils.c:2123
 #6  0x0000000000451e29 in open_input_file (o=o at entry=0x7fffffffd7b0,
 filename=<optimized out>)
     at ffmpeg_opt.c:808
 #7  0x000000000044ffd0 in open_files (inout=<optimized out>,
 inout at entry=0xbaba1f "input",
     open_file=open_file at entry=0x451080 <open_input_file>, l=<optimized
 out>, l=<optimized out>)
     at ffmpeg_opt.c:2293
 #8  0x0000000000455989 in ffmpeg_parse_options (argc=argc at entry=5,
 argv=argv at entry=0x7fffffffdde8)
     at ffmpeg_opt.c:2330
 #9  0x000000000044de18 in main (argc=5, argv=0x7fffffffdde8) at
 ffmpeg.c:3192
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x5638f1 to 0x563931:
    0x00000000005638f1 <ff_gen_search+305>:      mov    0xc(%rsp),%esi
    0x00000000005638f5 <ff_gen_search+309>:      mov    0xa0(%rsp),%r8
    0x00000000005638fd <ff_gen_search+317>:      mov    %r12,%rdi
    0x0000000000563900 <ff_gen_search+320>:      callq  *%r8
    0x0000000000563903 <ff_gen_search+323>:      mov    0x30(%r12),%rdx
    0x0000000000563908 <ff_gen_search+328>:      mov    0x10(%rsp),%r8
    0x000000000056390d <ff_gen_search+333>:      mov    (%rdx,%r8,1),%rdx
 => 0x0000000000563911 <ff_gen_search+337>:      mov    0xd8(%rdx),%ecx
    0x0000000000563917 <ff_gen_search+343>:      mov    0x200(%rdx),%rsi
    0x000000000056391e <ff_gen_search+350>:      mov    0x208(%rdx),%edx
    0x0000000000563924 <ff_gen_search+356>:      test   %edx,%edx
    0x0000000000563926 <ff_gen_search+358>:      je     0x563950
 <ff_gen_search+400>
    0x0000000000563928 <ff_gen_search+360>:      movabs
 $0x8000000000000000,%rdi
 End of assembler dump.
 (gdb) info register
 rax            0xfc87e  1034366
 rbx            0xf4628  1001000
 rcx            0x7fffffffd208   140737488343560
 rdx            0x20     32
 rsi            0x30     48
 rdi            0x1553540        22361408
 rbp            0xdc9b   0xdc9b
 rsp            0x7fffffffd350   0x7fffffffd350
 r8             0xfffffffffffffff8       -8
 r9             0x101010101010101        72340172838076673
 r10            0x5b21   23329
 r11            0x7ffff65a910e   140737326518542
 r12            0x1553540        22361408
 r13            0x197a   6522
 r14            0x0      0
 r15            0xe5e1e2 15065570
 rip            0x563911 0x563911 <ff_gen_search+337>
 eflags         0x10206  [ PF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2609#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list