Context Navigation

Ticket #1824 (closed defect: fixed)

Last modified 7 months ago

ffv1 segfault

Reported by:	jamal	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	ffv1 crash SIGSEGV regression
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

$ gdb ffmpeg_g
GNU gdb (GDB) 7.5
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from D:\msys\1.0\ffmpeg\build\ffmpeg_g.exe...done.
(gdb) r -vcodec ffv1 -i Addicted-SweetBox.3gp -an -f null -
Starting program: D:\msys\1.0\ffmpeg\build\ffmpeg_g.exe -vcodec ffv1 -i Addicted-SweetBox.3gp -an -f null -
[New Thread 4108.0x12e4]
ffmpeg version N-45613-g711ffb8 Copyright (c) 2000-2012 the FFmpeg developers
  built on Oct 17 2012 05:00:59 with gcc 4.7.2 (GCC)
  configuration: --enable-gpl --enable-memory-poisoning --enable-cross-compile --cross-prefix=i686-w64-mingw32- --target-os=mingw32 --arch=x86 --cpu=i686 --prefix=/mingw32
  libavutil      51. 76.100 / 51. 76.100
  libavcodec     54. 66.100 / 54. 66.100
  libavformat    54. 32.101 / 54. 32.101
  libavdevice    54.  3.100 / 54.  3.100
  libavfilter     3. 19.103 /  3. 19.103
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 16.100 /  0. 16.100
  libpostproc    52.  1.100 / 52.  1.100

Program received signal SIGSEGV, Segmentation fault.
0x00a0e61e in ff_init_range_encoder (buf_size=1723, buf=0x4f8f1c0 "", c=0x8) at D:/msys/1.0/ffmpeg/src/libavcodec/rangecoder.c:45
45          c->bytestream_end    = buf + buf_size;
(gdb) bt
#0  0x00a0e61e in ff_init_range_encoder (buf_size=1723, buf=0x4f8f1c0 "", c=0x8) at D:/msys/1.0/ffmpeg/src/libavcodec/rangecoder.c:45
#1  ff_init_range_decoder (c=c@entry=0x8, buf=buf@entry=0x4f8f1c0 "", buf_size=buf_size@entry=1723) at D:/msys/1.0/ffmpeg/src/libavcodec/rangecoder.c:55
#2  0x0072f87f in decode_frame (avctx=0x4ab0b40, data=0x4f8f8e0, data_size=0x28f46c, avpkt=0x28f3d8) at D:/msys/1.0/ffmpeg/src/libavcodec/ffv1.c:2065
#3  0x00581a16 in avcodec_decode_video2 (avctx=0x4ab0b40, picture=0x4f8f8e0, got_picture_ptr=got_picture_ptr@entry=0x28f46c, avpkt=avpkt@entry=0x28f498) at D:/msys/1.0/ffmpeg/src/libavcodec/utils.c:1579
#4  0x00489e58 in try_decode_frame (st=st@entry=0x4ab0940, avpkt=avpkt@entry=0x4aa8860, options=0x4ac7220) at D:/msys/1.0/ffmpeg/src/libavformat/utils.c:2364
#5  0x00491f9a in avformat_find_stream_info (ic=0x4f8b400, options=0x4ac7220) at D:/msys/1.0/ffmpeg/src/libavformat/utils.c:2744
#6  0x004059c2 in opt_input_file (optctx=0x28fd30, opt=0x4f814e2 "i",  filename=<optimized out>) at D:/msys/1.0/ffmpeg/src/ffmpeg_opt.c:786
#7  0x00414966 in parse_option (optctx=optctx@entry=0x28fd30, opt=0x4f814e2 "i", arg=0x4f814e4 "Addicted-SweetBox.3gp", options=options@entry=0xc4cb20) at D:/msys/1.0/ffmpeg/src/cmdutils.c:320
#8  0x00414e7b in parse_options (optctx=optctx@entry=0x28fd30, argc=argc@entry=9, argv=<optimized out>, options=0xc4cb20, parse_arg_function=0x406760 <opt_output_file>) at D:/msys/1.0/ffmpeg/src/cmdutils.c:353
#9  0x00bd9210 in main (argc=9, argv=<optimized out>) at D:/msys/1.0/ffmpeg/src/ffmpeg.c:3138
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xa0e5fe to 0xa0e63e:
   0x00a0e5fe <ff_init_range_encoder+46>:       sbb    %al,(%edx)
   0x00a0e600 <ff_init_range_encoder+48>:       add    %al,(%eax)
   0x00a0e602 <ff_init_range_encoder+50>:       movl   $0xffffffff,0xc(%eax)
   0x00a0e609 <ff_init_range_encoder+57>:       ret
   0x00a0e60a <ff_init_range_encoder+58>:       lea    0x0(%esi),%esi
   0x00a0e610 <ff_init_range_decoder+0>:        mov    0x8(%esp),%edx
   0x00a0e614 <ff_init_range_decoder+4>:        mov    0xc(%esp),%ecx
   0x00a0e618 <ff_init_range_decoder+8>:        mov    0x4(%esp),%eax
   0x00a0e61c <ff_init_range_decoder+12>:       add    %edx,%ecx
=> 0x00a0e61e <ff_init_range_decoder+14>:       mov    %ecx,0x218(%eax)
   0x00a0e624 <ff_init_range_decoder+20>:       lea    0x2(%edx),%ecx
   0x00a0e627 <ff_init_range_decoder+23>:       movl   $0x0,(%eax)
   0x00a0e62d <ff_init_range_decoder+29>:       mov    %edx,0x210(%eax)
   0x00a0e633 <ff_init_range_decoder+35>:       movl   $0xff00,0x4(%eax)
   0x00a0e63a <ff_init_range_decoder+42>:       movl   $0x0,0x8(%eax)
End of assembler dump.

Attachments

Addicted-SweetBox.3gp (2.3 MB) - added by jamal 7 months ago.

Change History

Changed 7 months ago by jamal

attachment Addicted-SweetBox.3gp added

comment:1 Changed 7 months ago by cehoyos

Keywords crash SIGSEGV regression added; segfault removed
Priority changed from normal to important
Status changed from new to open
Component changed from undetermined to avcodec
Reproduced by developer set

comment:2 Changed 7 months ago by michael

Status changed from open to closed
Resolution set to fixed

Note: See TracTickets for help on using tickets.

Download in other formats: