Ticket #2365 (closed defect: fixed)
aas4 regression (crash)
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | aasc regression crash SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
24bpp doesn't decode due to
[aasc @ 026ad380] Skip beyond picture bounds
8bpp crashes
http://www.filehostfree.com/?d=51425AD41
(datafilehost seems to be down)
C:\>ffmpeg -i aas4_8bpp.avi out.avi
ffmpeg version N-50911-g9efcfbe Copyright (c) 2000-2013 the FFmpeg developers
built on Mar 13 2013 21:26:48 with gcc 4.7.2 (GCC)
configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av
isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab
le-libass --enable-libbluray --enable-libcaca --enable-libfreetype --enable-libg
sm --enable-libilbc --enable-libmp3lame --enable-libopencore-amrnb --enable-libo
pencore-amrwb --enable-libopenjpeg --enable-libopus --enable-librtmp --enable-li
bschroedinger --enable-libsoxr --enable-libspeex --enable-libtheora --enable-lib
twolame --enable-libvo-aacenc --enable-libvo-amrwbenc --enable-libvorbis --enabl
e-libvpx --enable-libx264 --enable-libxavs --enable-libxvid --enable-zlib
libavutil 52. 19.100 / 52. 19.100
libavcodec 55. 0.100 / 55. 0.100
libavformat 55. 0.100 / 55. 0.100
libavdevice 54. 4.100 / 54. 4.100
libavfilter 3. 45.103 / 3. 45.103
libswscale 2. 2.100 / 2. 2.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 2.100 / 52. 2.100
Input #0, avi, from 'aas4_8bpp.avi':
Duration: 00:00:12.60, start: 0.000000, bitrate: 3043 kb/s
Stream #0:0: Video: aasc (AAS4 / 0x34534141), pal8, 320x240, 5 tbr, 5 tbn, 5
tbc
Output #0, avi, to 'out.avi':
Metadata:
ISFT : Lavf55.0.100
Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 320x240, q=2-31, 200
kb/s, 5 tbn, 5 tbc
Stream mapping:
Stream #0:0 -> #0:0 (aasc -> mpeg4)
Press [q] to stop, [?] for help
Change History
Note: See
TracTickets for help on using
tickets.
Regression since 80e9e63
(gdb) r -i aas4_8bpp.avi -f null - Starting program: ffmpeg_g -i aas4_8bpp.avi -f null - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". ffmpeg version N-50945-g1f68bac Copyright (c) 2000-2013 the FFmpeg developers built on Mar 15 2013 00:47:24 with gcc 4.7 (SUSE Linux) configuration: --enable-gpl --enable-indev=jack libavutil 52. 19.100 / 52. 19.100 libavcodec 55. 0.100 / 55. 0.100 libavformat 55. 0.100 / 55. 0.100 libavdevice 55. 0.100 / 55. 0.100 libavfilter 3. 45.103 / 3. 45.103 libswscale 2. 2.100 / 2. 2.100 libswresample 0. 17.102 / 0. 17.102 libpostproc 52. 2.100 / 52. 2.100 Input #0, avi, from 'aas4_8bpp.avi': Duration: 00:00:12.60, start: 0.000000, bitrate: 3043 kb/s Stream #0:0: Video: aasc (AAS4 / 0x34534141), pal8, 320x240, 5 tbr, 5 tbn, 5 tbc Output #0, null, to 'pipe:': Metadata: encoder : Lavf55.0.100 Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k tbn, 5 tbc Stream mapping: Stream #0:0 -> #0:0 (aasc -> rawvideo) Press [q] to stop, [?] for help Program received signal SIGSEGV, Segmentation fault. msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920, pic=<optimized out>) at libavcodec/msrledec.c:215 215 *output++ = pix[0]; (gdb) bt #0 msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920, pic=<optimized out>) at libavcodec/msrledec.c:215 #1 ff_msrle_decode (avctx=avctx@entry=0x15f5920, pic=pic@entry=0x15fa440, depth=depth@entry=8, gb=gb@entry=0x15fa428) at libavcodec/msrledec.c:261 #2 0x0000000000a8ab6c in aasc_decode_frame (avctx=0x15f5920, data=0x15f8ec0, got_frame=0x7fffffffd87c, avpkt=<optimized out>) at libavcodec/aasc.c:104 #3 0x00000000009a140b in avcodec_decode_video2 (avctx=0x15f5920, picture=picture@entry=0x15f8ec0, got_picture_ptr=got_picture_ptr@entry=0x7fffffffd87c, avpkt=avpkt@entry=0x7fffffffdae0) at libavcodec/utils.c:1915 #4 0x000000000045d840 in decode_video (ist=ist@entry=0x15f7900, pkt=pkt@entry=0x7fffffffdae0, got_output=got_output@entry=0x7fffffffd87c) at ffmpeg.c:1682 #5 0x0000000000460d37 in output_packet (pkt=0x7fffffffda80, ist=0x15f7900) at ffmpeg.c:1877 #6 process_input (file_index=<optimized out>) at ffmpeg.c:3032 #7 0x00000000004508d0 in transcode_step () at ffmpeg.c:3128 #8 transcode () at ffmpeg.c:3180 #9 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3357 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x8d07b0 to 0x8d07f0: 0x00000000008d07b0 <ff_msrle_decode+1792>: (bad) 0x00000000008d07b1 <ff_msrle_decode+1793>: decl 0x29(%rbp) 0x00000000008d07b4 <ff_msrle_decode+1796>: retq 0x00000000008d07b5 <ff_msrle_decode+1797>: xor %ecx,%ecx 0x00000000008d07b7 <ff_msrle_decode+1799>: test %r11,%r11 0x00000000008d07ba <ff_msrle_decode+1802>: jle 0x8d07c8 <ff_msrle_decode+1816> 0x00000000008d07bc <ff_msrle_decode+1804>: lea 0x2(%r9),%rcx 0x00000000008d07c0 <ff_msrle_decode+1808>: mov %rcx,(%r15) 0x00000000008d07c3 <ff_msrle_decode+1811>: movzbl 0x1(%r9),%ecx 0x00000000008d07c8 <ff_msrle_decode+1816>: lea -0x1(%rdx),%edx 0x00000000008d07cb <ff_msrle_decode+1819>: lea 0x1(%rax,%rdx,1),%rdx => 0x00000000008d07d0 <ff_msrle_decode+1824>: mov %cl,(%rax) 0x00000000008d07d2 <ff_msrle_decode+1826>: add $0x1,%rax 0x00000000008d07d6 <ff_msrle_decode+1830>: cmp %rdx,%rax 0x00000000008d07d9 <ff_msrle_decode+1833>: jne 0x8d07d0 <ff_msrle_decode+1824> 0x00000000008d07db <ff_msrle_decode+1835>: mov (%r15),%r9 0x00000000008d07de <ff_msrle_decode+1838>: mov 0x8(%r15),%r11 0x00000000008d07e2 <ff_msrle_decode+1842>: add %ebx,%r14d 0x00000000008d07e5 <ff_msrle_decode+1845>: jmpq 0x8d0188 <ff_msrle_decode+216> 0x00000000008d07ea <ff_msrle_decode+1850>: mov %r11,%rcx 0x00000000008d07ed <ff_msrle_decode+1853>: sub %r8,%rcx End of assembler dump. (gdb) info register rax 0xffffffffd0d4864f -791378353 rbx 0xff 255 rcx 0xa 10 rdx 0xffffffffd0d4874e -791378098 rsi 0x15fa440 23045184 rdi 0x15f5920 23025952 rbp 0x8 0x8 rsp 0x7fffffffd4e0 0x7fffffffd4e0 r8 0x16056a1 23090849 r9 0x16056a0 23090848 r10 0x5aa1 23201 r11 0x3415 13333 r12 0xef 239 r13 0x1 1 r14 0x0 0 r15 0x15fa428 23045160 rip 0x8d07d0 0x8d07d0 <ff_msrle_decode+1824> eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0