Ticket #1361 (closed defect: fixed)
Crash reading yop
| Reported by: | cehoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | yop crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
(gdb) r -vcodec yop -i blox.avi
Starting program: ffmpeg_g -vcodec yop -i blox.avi
[Thread debugging using libthread_db enabled]
[New Thread 0xb79116c0 (LWP 20591)]
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg developers
built on May 28 2012 14:04:27 with gcc 4.3.2
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
libavutil 51. 55.100 / 51. 55.100
libavcodec 54. 23.100 / 54. 23.100
libavformat 54. 6.101 / 54. 6.101
libavdevice 54. 0.100 / 54. 0.100
libavfilter 2. 77.100 / 2. 77.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79116c0 (LWP 20591)]
0x086ba8f7 in yop_decode_init (avctx=0x901e700) at libavcodec/yop.c:95
95 s->num_pal_colors = avctx->extradata[0];
(gdb) bt
#0 0x086ba8f7 in yop_decode_init (avctx=0x901e700) at libavcodec/yop.c:95
#1 0x08590345 in avcodec_open2 (avctx=0x901e700, codec=Cannot access memory at address 0x4
)
at libavcodec/utils.c:925
#2 0x0819e8ac in avformat_find_stream_info (ic=0x9018440, options=0x90183c0)
at libavformat/utils.c:2485
#3 0x0805682b in opt_input_file (o=0xbfbf1228, opt=0xbfbf3280 "i",
filename=0xbfbf3282 "blox.avi") at ffmpeg.c:4327
#4 0x08062d72 in parse_option (optctx=0xbfbf1228, opt=0xbfbf3280 "i",
arg=0xbfbf3282 "blox.avi", options=0x88e7540) at cmdutils.c:305
#5 0x08063103 in parse_options (optctx=0xbfbf1228, argc=5, argv=0xbfbf1454,
options=0x88e7540, parse_arg_function=0x805d420 <opt_output_file>)
at cmdutils.c:338
#6 0x0805c4f6 in main (argc=5, argv=0xbfbf1454) at ffmpeg.c:5906
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x86ba8d7 to 0x86ba917:
0x086ba8d7 <yop_decode_init+90>: adc $0x24,%al
0x086ba8d9 <yop_decode_init+92>: call 0x87f4cb0 <av_image_check_size>
0x086ba8de <yop_decode_init+97>: test %eax,%eax
0x086ba8e0 <yop_decode_init+99>: js 0x86ba8a1 <yop_decode_init+36>
0x086ba8e2 <yop_decode_init+101>: movl $0xb,0x90(%ebx)
0x086ba8ec <yop_decode_init+111>: mov %esi,(%esp)
0x086ba8ef <yop_decode_init+114>: call 0x858de80 <avcodec_get_frame_defaults>
0x086ba8f4 <yop_decode_init+119>: mov 0x64(%ebx),%eax
0x086ba8f7 <yop_decode_init+122>: movzbl (%eax),%ecx
0x086ba8fa <yop_decode_init+125>: mov %ecx,0x16c(%esi)
0x086ba900 <yop_decode_init+131>: movzbl 0x1(%eax),%edx
0x086ba904 <yop_decode_init+135>: mov %edx,0x170(%esi)
0x086ba90a <yop_decode_init+141>: movzbl 0x2(%eax),%edx
0x086ba90e <yop_decode_init+145>: mov %ecx,%eax
0x086ba910 <yop_decode_init+147>: add 0x170(%esi),%eax
0x086ba916 <yop_decode_init+153>: cmp $0x100,%eax
End of assembler dump.
(gdb) info register
eax 0x0 0
ecx 0x0 0
edx 0x901f100 151122176
ebx 0x901e700 151119616
esp 0xbfbf0c90 0xbfbf0c90
ebp 0x90183c0 0x90183c0
esi 0x901f100 151122176
edi 0x8a81880 145234048
eip 0x86ba8f7 0x86ba8f7 <yop_decode_init+122>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
Change History
Note: See
TracTickets for help on using
tickets.
