id	summary	reporter	owner	description	type	status	priority	component	version	resolution	keywords	cc	blockedby	blocking	reproduced	analyzed
782	mpegaudiodec segfault	bluepin		"I have a rare and hardly reproducible error but I will take any suggestion on how to prevent it. 

From what I understand from the coredumps : A mpeg layer 3 stream is detected as a layer 1 stream, then  mp_decode_layer1 is called, followed by a segfault in UPDATE_CACHE(re, s). This could be indeed a bad stream, a random bit flip but ffmpeg should not segfault because of that.

Stack trace: 
#0  0x08338083 in mp_decode_layer1 (s=0xa94707a0, samples=0x98b00040, buf=<value optimized out>, buf_size=256) at /opt/icecast/src/ffmpeg/libavcodec/get_bits.h:285
#1  mp_decode_frame (s=0xa94707a0, samples=0x98b00040, buf=<value optimized out>, buf_size=256) at /opt/icecast/src/ffmpeg/libavcodec/mpegaudiodec.c:1715
#2  0x08339bb7 in decode_frame (avctx=0x9a8e3c0, data=0x98b00040, data_size=0xacb3f5c, avpkt=0xb48b7228) at /opt/icecast/src/ffmpeg/libavcodec/mpegaudiodec.c:1816
#3  0x0841588e in avcodec_decode_audio3 (avctx=0x9a8e3c0, samples=0x98b00040, frame_size_ptr=0xacb3f5c, avpkt=0x2) at /opt/icecast/src/ffmpeg/libavcodec/utils.c:839

In Frame 1 : gdb: p *s yields: 
 {frame_size = 256, error_protection = 0, layer = 1, sample_rate = 48000, sample_rate_index = 1, bit_rate = 256000, nb_channels = 2, mode = 0, mode_ext = 2, lsf = 0, 
  last_buf = [[lots of other stuff]]
{scfsi = 0 '\000', part2_3_length = 0, big_values = 0, global_gain = 0, scalefac_compress = 0, block_type = 0 '\000', switch_point = 0 '\000', 
        table_select = {0, 0, 0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\000', count1table_select = 0 '\000', region_size = {0, 0, 0}, preflag = 0, short_start = 0, long_end = 0, 
        scale_factors = '\000' <repeats 39 times>, sb_hybrid = {0 <repeats 576 times>}}}}, adu_mode = 0, dither_state = 14709380, error_recognition = 1, avctx = 0x9a8e3c0, mpadsp = {
    apply_window_float = 0x84f5530 <apply_window_mp3>, apply_window_fixed = 0x8340600 <ff_mpadsp_apply_window_fixed>, dct32_float = 0x85a7180 <ff_dct32_float_sse2>, 
    dct32_fixed = 0x8555da0 <ff_dct32_fixed>}}

From the exact same stream a captured packet looked like :

{frame_size = 418, error_protection = 0, layer = 3, sample_rate = 44100, sample_rate_index = 0, bit_rate = 128000, nb_channels = 2, mode = 0, mode_ext = 0, lsf = 0, last_buf = '\000' <repeats 1047 times>, last_buf_size = 0, free_format_next_header = 0, gb = {buffer = 0x8d6f764 ""\347\017\362\345 ك8bP\\\244\033\060g\fJ\rh\251f\fቁ\256\025,\301\234\061\060\254\231\255\363\037÷\266\357\006X9\""p2X\251\322\006\212ڱV=\205\251R\236\257\267M\200 \214\207\031"", buffer_end = 0x8d6f902 """", index = 0, size_in_bits = 3312}, in_gb = {buffer = 0x0, buffer_end = 0x0, index = 0, size_in_bits = 0}, synth_buf = {{0 <repeats 1024 times>}, {0 <repeats 1024 times>}}, synth_buf_offset = {0, 0}, sb_samples = {{{0 <repeats 32 times>} <repeats 36 times>}, {{0 <repeats 32 times>} <repeats 36 times>}}, mdct_buf = {{0 <repeats 576 times>}, {0 <repeats 576 times>}}, granules = {{{scfsi = 0 '\000', part2_3_length = 0, big_values = 0, global_gain = 0, scalefac_compress = 0, block_type = 0 '\000', switch_point = 0 '\000', table_select = {0, 0, 0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\000', count1table_select = 0 '\000', region_size = {0, 0, 0}, preflag = 0, short_start = 0, long_end = 0, scale_factors = '\000' <repeats 39 times>, sb_hybrid = {0 <repeats 576 times>}}, {scfsi = 0 '\000', part2_3_length = 0, big_values = 0, global_gain = 0, scalefac_compress = 0, block_type = 0 '\000', switch_point = 0 '\000', table_select = {0, 0, 0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\000', count1table_select = 0 '\000', region_size = {0, 0, 0}, preflag = 0, short_start = 0, long_end = 0, scale_factors = '\000' <repeats 39 times>, sb_hybrid = {0 <repeats 576 times>}}}, {{scfsi = 0 '\000', part2_3_length = 0, big_values = 0, global_gain = 0, scalefac_compress = 0, block_type = 0 '\000', switch_point = 0 '\000', table_select = {0, 0, 0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\000', count1table_select = 0 '\000', region_size = {0, 0, 0}, preflag = 0, short_start = 0, long_end = 0, scale_factors = '\000' <repeats 39 times>, sb_hybrid = {0 <repeats 576 times>}}, {scfsi = 0 '\000', part2_3_length = 0, big_values = 0, global_gain = 0, scalefac_compress = 0, block_type = 0 '\000', switch_point = 0 '\000', table_select = {0, 0, 0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\000', count1table_select = 0 '\000', region_size = {0, 0, 0}, preflag = 0, short_start = 0, long_end = 0, scale_factors = '\000' <repeats 39 times>, sb_hybrid = {0 <repeats 576 times>}}}}, adu_mode = 0, dither_state = 0, error_recognition = 1, avctx = 0x8d6fb00, mpadsp = {apply_window_float = 0x85aa0c0 <apply_window_mp3>, apply_window_fixed = 0x83f3a40 <ff_mpadsp_apply_window_fixed>, dct32_float = 0x866c420 <ff_dct32_float_sse2>, dct32_fixed = 0x860b490 <ff_dct32_fixed>}}

I have 2 coredumps available with the same issue. If directed as such, I can extract more info from them."	defect	closed	normal	avcodec	unspecified	needs_more_info	crash				0	0