[FFmpeg-trac] #3996(undetermined:new): dirac: crash with forced format and -max_alloc

FFmpeg trac at avcodec.org
Wed Oct 1 18:31:25 CEST 2014 

#3996: dirac: crash with forced format and -max_alloc
-------------------------------------+-------------------------------------
               Reporter:  ami_stuff  |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:
                Version:             |  undetermined
  unspecified                        |               Keywords:
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 http://www.datafilehost.com/d/52b0cb1c

 {{{
 (gdb) r -f dirac -max_alloc 1000000 -i i.avi
 Starting program: D:\MinGW\msys\1.0\ffmpeg\ffmpeg_g.exe -f dirac
 -max_alloc 1000
 000 -i i.avi
 [New Thread 1128.0xb1c]
 ffmpeg version 2.3.git Copyright (c) 2000-2014 the FFmpeg developers
   built on Aug 21 2014 13:25:12 with gcc 4.6.2 (GCC)
   configuration: --disable-pthreads --disable-yasm --enable-gpl --disable-
 ffprob
 e
   libavutil      54.  5.100 / 54.  5.100
   libavcodec     56.  0.101 / 56.  0.101
   libavformat    56.  1.100 / 56.  1.100
   libavdevice    56.  0.100 / 56.  0.100
   libavfilter     5.  0.100 /  5.  0.100
   libswscale      3.  0.100 /  3.  0.100
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  0.100 / 53.  0.100
 [dirac @ 059ee9e0] Warning: not compiled with thread support, using thread
 emula
 tion

 Program received signal SIGSEGV, Segmentation fault.
 0x008aa8e0 in dirac_combine_frame (buf_size=<synthetic pointer>,
     buf=<synthetic pointer>, next=-1, s=0x59eee00, avctx=<optimized out>)
     at libavcodec/dirac_parser.c:143
 143             memcpy(pc->buffer+pc->index, (*buf + pc->sync_offset),
 (gdb) bt
 #0  0x008aa8e0 in dirac_combine_frame (buf_size=<synthetic pointer>,
     buf=<synthetic pointer>, next=-1, s=0x59eee00, avctx=<optimized out>)
     at libavcodec/dirac_parser.c:143
 #1  dirac_parse (s=0x59eee00, avctx=0x59ee9e0, poutbuf=0x22f5e8,
     poutbuf_size=0x22f5ec,
     buf=0x5ae0060
 "\200\200\201\201\177\177\200\200\177\200\201\201\201\201\201\
 201\201\201\200\200\200\200\200\200\200\200\200\201\200\201\201\201\201\200\201\
 201\201\201\201\201\200\200\200\200\200\200\200\200\200\177\200\200\200\200\200\
 200\200\200\200", '\177' <repeats 14 times>, "\200\200\200\200\177\177",
 '\200'
 <repeats 35 times>, '\177' <repeats 15 times>, '\200' <repeats 18 times>,
 "\177\
 177\177\177\177\177\200\200\200\200\200\200\200\200\201\201\201\200\200\200\200\
 200\200\201\201\201\201\201\201\201\201\201\200\201\200\200\201\200\201\201\201\
 201\201\201\200\201\200\201\201\201\201\200\200"..., buf_size=1024)
     at libavcodec/dirac_parser.c:237
 #2  0x005f2063 in av_parser_parse2 (s=0x59eee00, avctx=0x59ee9e0,
     poutbuf=0x22f5e8, poutbuf_size=0x22f5ec,
     buf=0x5ae0060
 "\200\200\201\201\177\177\200\200\177\200\201\201\201\201\201\
 201\201\201\200\200\200\200\200\200\200\200\200\201\200\201\201\201\201\200\201\
 201\201\201\201\201\200\200\200\200\200\200\200\200\200\177\200\200\200\200\200\
 200\200\200\200", '\177' <repeats 14 times>, "\200\200\200\200\177\177",
 '\200'
 <repeats 35 times>, '\177' <repeats 15 times>, '\200' <repeats 18 times>,
 "\177\
 177\177\177\177\177\200\200\200\200\200\200\200\200\201\201\201\200\200\200\200\
 200\200\201\201\201\201\201\201\201\201\201\200\201\200\200\201\200\201\201\201\
 201\201\201\200\201\200\201\201\201\201\200\200"..., buf_size=1024,
     pts=-9223372036854775808, dts=-9223372036854775808, pos=1486848)
     at libavcodec/parser.c:160
 #3  0x004bff39 in parse_packet (s=0x59e5e40, pkt=0x22f6f8,
     stream_index=<optimized out>) at libavformat/utils.c:1160
 #4  0x004c264a in read_frame_internal (s=<optimized out>, pkt=0x22f9f8)
     at libavformat/utils.c:1333
 #5  0x004c639c in avformat_find_stream_info (ic=0x59e5e40,
 options=0x59eedc0)
     at libavformat/utils.c:3100
 #6  0x0040b8e5 in open_input_file (o=0x22fb80, filename=<optimized out>)
     at ffmpeg_opt.c:884
 #7  0x00409234 in open_files (inout=0xd1432f "input",
     open_file=0x40b4b4 <open_input_file>, l=<optimized out>)
     at ffmpeg_opt.c:2671
 #8  0x004101cf in ffmpeg_parse_options (argc=7, argv=0x5902548)
     at ffmpeg_opt.c:2708
 #9  0x00c8ec65 in main (argc=7, argv=<optimized out>) at ffmpeg.c:3829
 (gdb)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3996>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list