[Ffmpeg-devel] wmv2 segfaults in wmv2_mspel8_h_lowpass()
Nikns Siankin
nikns
Wed Jan 3 10:56:59 CET 2007
The same sample http://pazeme.lv/MojoFlix_Drunken-Bull.wmv
with svn 20070102
# uname -a
OpenBSD obsd.my.domain 4.0 GENERIC#690 amd64
# ffmpeg -i /root/MojoFlix_Drunken-Bull.wmv bu.avi
FFmpeg version SVN-r7400, Copyright (c) 2000-2006 Fabrice Bellard, et al.
configuration: --enable-shared --cc=cc --disable-opts --enable-a52
--enable-pp --enable-gpl --enable-pthreads --enable-faac --enable-faad
--enable-mp3lame --enable-libogg --enable-vorbis --extra-ldflags=-lm
-L/usr/local/lib --extra-cflags=-I/usr/local/include
libavutil version: 49.1.0
libavcodec version: 51.28.0
libavformat version: 51.7.0
built on Jan 3 2007 11:18:44, gcc: 3.3.5 (propolice)
Seems stream 1 codec frame rate differs from container frame rate: 1000.00
(1000/1) -> 30.00 (30/1)
Input #0, asf, from '/root/MojoFlix_Drunken-Bull.wmv':
Duration: 00:00:33.1, start: 5.000000, bitrate: 492 kb/s
Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s
Stream #0.1: Video: wmv2, yuv420p, 320x240, 30.00 fps(r)
Output #0, avi, to 'bu.avi':
Stream #0.0: Video: mpeg4, yuv420p, 320x240, q=2-31, 200 kb/s, 30.00 fps(c)
Stream #0.1: Audio: mp2, 44100 Hz, stereo, 64 kb/s
Stream mapping:
Stream #0.1 -> #0.0
Stream #0.0 -> #0.1
Press [q] to stop encoding
Segmentation fault (core dumped) time=6.4 bitrate= 408.4kbits/s
# gdb ./ffmpeg_g ffmpeg.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd4.0"...
Core was generated by `ffmpeg'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.6.3...done.
Loaded symbols for /usr/lib/libpthread.so.6.3
Reading symbols from /usr/lib/libm.so.2.3...done.
Loaded symbols for /usr/lib/libm.so.2.3
Reading symbols from /usr/local/lib/libavformat.so.8.0...done.
Loaded symbols for /usr/local/lib/libavformat.so.8.0
Reading symbols from /usr/local/lib/libavcodec.so.8.0...done.
Loaded symbols for /usr/local/lib/libavcodec.so.8.0
Reading symbols from /usr/local/lib/libavutil.so.2.0...done.
Loaded symbols for /usr/local/lib/libavutil.so.2.0
Reading symbols from /usr/lib/libossaudio.so.3.0...done.
Loaded symbols for /usr/lib/libossaudio.so.3.0
Reading symbols from /usr/lib/libz.so.4.1...done.
Loaded symbols for /usr/lib/libz.so.4.1
Reading symbols from /usr/local/lib/libmp3lame.so.0.1...done.
Loaded symbols for /usr/local/lib/libmp3lame.so.0.1
Reading symbols from /usr/local/lib/libvorbis.so.5.1...done.
Loaded symbols for /usr/local/lib/libvorbis.so.5.1
Reading symbols from /usr/local/lib/libvorbisenc.so.2.2...done.
Loaded symbols for /usr/local/lib/libvorbisenc.so.2.2
Reading symbols from /usr/local/lib/libogg.so.5.3...done.
Loaded symbols for /usr/local/lib/libogg.so.5.3
Reading symbols from /usr/local/lib/libfaac.so.0.0...done.
Loaded symbols for /usr/local/lib/libfaac.so.0.0
Reading symbols from /usr/local/lib/libfaad.so.0.0...done.
Loaded symbols for /usr/local/lib/libfaad.so.0.0
Symbols already loaded for /usr/lib/libpthread.so.6.3
Reading symbols from /usr/lib/libc.so.39.3...done.
Loaded symbols for /usr/lib/libc.so.39.3
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 wmv2_mspel8_h_lowpass (dst=0x7f7ffffca3e0 "?\006", src=0x4d6a9f54 <Address
0x4d6a9f54 out of bounds>,
dstStride=8, srcStride=352, h=352) at dsputil.c:2512
2512 dst[0]= cm[(9*(src[0] + src[1]) - (src[-1] + src[2]) + 8)>>4];
(gdb)
(gdb) bt
#0 wmv2_mspel8_h_lowpass (dst=0x7f7ffffca3e0 "?\006", src=0x4d6a9f54 <Address
0x4d6a9f54 out of bounds>,
dstStride=8, srcStride=352, h=352) at dsputil.c:2512
#1 0x0000000046dcae85 in put_mspel8_mc32_c (
dst=0x46bdf6b0
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666",
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>,
"213323"...,
src=0x4d6aa0b5
"44444134679;989:88774676555434354444334433334354444334433332324423455555555654456665555556566655555555665556665666666665776",
'5' <repeats 16 times>, "3332", '4' <repeats 28 times>, '3' <repeats 18 times>,
"21332342455"..., stride=352) at dsputil.c:2623
#2 0x0000000046ec4a75 in ff_mspel_motion (s=0x4c7c7000,
dest_y=0x46bdf6b0
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666",
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>,
"213323"...,
dest_cb=0x4d5e85d8
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226\225\225\225\225\225\226\226",
'\225' <repeats 77 times>,
"\224\224\225\225\224\225\225\224\224\224\223\223\224\225\225\224\224\225\225\225\226\226",
'\225' <repeats 46 times>,
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226"...,
dest_cr=0x4aa265d8 'z' <repeats 24 times>, "yyyyzzzzzyxxxxxxy", 'x' <repeats
13 times>, "yyxxxy", 'x' <repeats 28 times>, 'y' <repeats 12 times>, "xxxxyyy",
'x' <repeats 16 times>, "yyy", 'z' <repeats 74 times>...,
ref_picture=0x4c7c7128, pix_op=0x4c7c7f98, motion_x=9, motion_y=-41, h=16)
at wmv2.c:660
#3 0x0000000046d993b2 in MPV_motion (s=0x4c7c7000,
dest_y=0x46bdf6b0
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666",
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>,
"213323"...,
dest_cb=0x4d5e85d8
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226\225\225\225\225\225\226\226",
'\225' <repeats 77 times>,
"\224\224\225\225\224\225\225\224\224\224\223\223\224\225\225\224\224\225\225\225\226\226",
'\225' <repeats 46 times>,
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226"...,
dest_cr=0x4aa265d8 'z' <repeats 24 times>, "yyyyzzzzzyxxxxxxy", 'x' <repeats
13 times>, "yyxxxy", 'x' <repeats 28 times>, 'y' <repeats 12 times>, "xxxxyyy",
'x' <repeats 16 times>, "yyy", 'z' <repeats 74 times>..., dir=11,
ref_picture=0x4c7c7128, pix_op=0x4c7c7f98, qpix_op=0x4c7c8158) at
mpegvideo.c:3554
#4 0x0000000046d90164 in MPV_decode_mb (s=0x4c7c7000, block=0x4dfeb000) at
mpegvideo.c:4009
#5 0x0000000046ec5ddf in decode_slice (s=0x4c7c7000) at h263dec.c:240
#6 0x0000000046ec6d66 in ff_h263_decode_frame (avctx=0x43d0a000,
data=0x7f7ffffcac70, data_size=0x7f7ffffcaae8,
buf=0x48893800
"\210?\201R\2061?g(\237?aMF\031\004d?\002????&\203\221?#l?W1??p\034?V?(\032f??\024\t?@?\020?\0263\v?Q",
buf_size=1736) at h263dec.c:729
#7 0x0000000046d865fc in avcodec_decode_video (avctx=0x43d0a000,
picture=0x7f7ffffcac70,
got_picture_ptr=0x7f7ffffcaae8,
buf=0x48893800
"\210?\201R\2061?g(\237?aMF\031\004d?\002????&\203\221?#l?W1??p\034?V?(\032f??\024\t?@?\020?\0263\v?Q",
buf_size=1736) at utils.c:904
#8 0x00000000004061d2 in output_packet (ist=0x412c7300, ist_index=1,
ost_table=0x49bb3070, nb_ostreams=2,
pkt=0x7f7ffffcae60) at ffmpeg.c:1092
#9 0x0000000000406dff in av_encode (output_files=0x811d40, nb_output_files=1,
input_files=0x811c00,
nb_input_files=1, stream_maps=0x811de0, nb_stream_maps=0) at ffmpeg.c:1936
#10 0x000000000040b065 in main (argc=15625, argv=0x7f7ffffcb310) at
ffmpeg.c:3935
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x46dca700 to 0x46dca740:
0x0000000046dca700 <wmv2_mspel8_h_lowpass+0>: mov 6068785(%rip),%r9
# 0x47394138 <a52_resample+1179640>
0x0000000046dca707 <wmv2_mspel8_h_lowpass+7>: add $0x400,%r9
0x0000000046dca70e <wmv2_mspel8_h_lowpass+14>: test %r8d,%r8d
0x0000000046dca711 <wmv2_mspel8_h_lowpass+17>: jle 0x46dca874
<wmv2_mspel8_h_lowpass+372>
0x0000000046dca717 <wmv2_mspel8_h_lowpass+23>: movslq %edx,%r11
0x0000000046dca71a <wmv2_mspel8_h_lowpass+26>: movslq %ecx,%r10
0x0000000046dca71d <wmv2_mspel8_h_lowpass+29>: data16
0x0000000046dca71e <wmv2_mspel8_h_lowpass+30>: data16
0x0000000046dca71f <wmv2_mspel8_h_lowpass+31>: nop
0x0000000046dca720 <wmv2_mspel8_h_lowpass+32>: movzbl 0x1(%rsi),%edx
0x0000000046dca724 <wmv2_mspel8_h_lowpass+36>: movzbl (%rsi),%eax
0x0000000046dca727 <wmv2_mspel8_h_lowpass+39>: movzbl 0x2(%rsi),%ecx
0x0000000046dca72b <wmv2_mspel8_h_lowpass+43>: add %edx,%eax
0x0000000046dca72d <wmv2_mspel8_h_lowpass+45>: movzbl
0xffffffffffffffff(%rsi),%edx
0x0000000046dca731 <wmv2_mspel8_h_lowpass+49>: lea (%rax,%rax,8),%eax
0x0000000046dca734 <wmv2_mspel8_h_lowpass+52>: add %ecx,%edx
0x0000000046dca736 <wmv2_mspel8_h_lowpass+54>: sub %edx,%eax
0x0000000046dca738 <wmv2_mspel8_h_lowpass+56>: add $0x8,%eax
0x0000000046dca73b <wmv2_mspel8_h_lowpass+59>: sar $0x4,%eax
0x0000000046dca73e <wmv2_mspel8_h_lowpass+62>: cltq
End of assembler dump.
(gdb) info all-registers
rax 0x160 352
rbx 0x4d6aa0b5 1298833589
rcx 0x160 352
rdx 0x8 8
rsi 0x4d6a9f54 1298833236
rdi 0x7f7ffffca3e0 140187732321248
rbp 0x7f7ffffca3a0 0x7f7ffffca3a0
rsp 0x7f7ffffca358 0x7f7ffffca358
r8 0xb 11
r9 0x47265760 1193695072
r10 0x160 352
r11 0x8 8
r12 0x160 352
r13 0x46bdf6b0 1186854576
r14 0x7f7ffffca3e0 140187732321248
r15 0x9 9
rip 0x46dca720 0x46dca720 <wmv2_mspel8_h_lowpass+32>
eflags 0x210202 2163202
cs 0x1f 31
ss 0x17 23
ds 0x17 23
es 0x17 23
fs 0x17 23
gs 0x17 23
st0 -nan(0x3434343434343434) (raw 0xffff3434343434343434)
st1 -nan(0x34003400340034) (raw 0xffff0034003400340034)
st2 -nan(0x3434343434343434) (raw 0xffff3434343434343434)
st3 -nan(0x34003400340034) (raw 0xffff0034003400340034)
st4 -nan(0x32003200320032) (raw 0xffff0032003200320032)
st5 -nan(0x32003200320032) (raw 0xffff0032003200320032)
st6 -nan(0x32003200320032) (raw 0xffff0032003200320032)
st7 <invalid float value> (raw 0xffff0000000000000000)
fctrl 0x127f 4735
fstat 0x20 32
ftag 0xaaaa 43690
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {f = {0x0, 0xe, 0x0, 0x0}} {f = {0, 14.963377, 0, 0}}
xmm1 {f = {0x0, 0xf, 0x0, 0x0}} {f = {0, 15.0331268, 0, 0}}
xmm2 {f = {0x0, 0x2, 0x0, 0x0}} {f = {1.63648397e-31,
2.61408162, 5.23048665e-40,
-nan(0x7ded0c)}}
xmm3 {f = {0x0, 0x2, 0x0, 0x0}} {f = {1.63648397e-31,
2.61408162, 5.23048665e-40,
-nan(0x7ded0c)}}
xmm4 {f = {0xc24b42, 0x88000000, 0x0, 0xfffff904}} {f = {12733250,
1.1188971e+15, -4.57506084e-21,
-1788.73804}}
xmm5 {f = {0xc24b42, 0x0, 0x0, 0x0}} {f = {12733250, 1.97132904e-26,
2.06927913e-14, -2.28904872e+26}}
xmm6 {f = {0x0, 0x0, 0x0, 0x0}} {f = {9.18354962e-41,
9.18354962e-41, 9.18354962e-41,
---Type <return> to continue, or q <return> to quit---
xmm7 {f = {0x0, 0x0, 0x0, 0x0}} {f = {3.23968995e-40,
-nan(0x7e9d3a), -nan(0x7eba30),
7.89598053e-40}}
xmm8 {f = {0x0, 0xffffffff, 0x0, 0x0}} {f = {-1.76235581e+22,
-1.52807558, 0, 0}}
xmm9 {f = {0x0, 0x1, 0x0, 0x0}} {f = {0, 1.875, 0, 0}}
xmm10 {f = {0x0, 0x1, 0x0, 0x0}} {f = {0, 1.875, 0, 0}}
xmm11 {f = {0xffffffff, 0x0, 0x0, 0x0}} {f = {-1.96473002, 0, 0,
0}}
xmm12 {f = {0xffffffff, 0x0, 0x0, 0x0}} {f = {-1.11296916, 0, 0,
0}}
xmm13 {f = {0x1, 0x0, 0x0, 0x0}} {f = {1.78104186, 0, 0, 0}}
xmm14 {f = {0x1, 0x0, 0x0, 0x0}} {f = {1.42799723, 0, 0, 0}}
xmm15 {f = {0x1, 0x0, 0x0, 0x0}} {f = {1.24683833, 0, 0, 0}}
mxcsr 0x1fa0 8096
(gdb)
More information about the ffmpeg-devel
mailing list