[issue2527] ffmpeg crashes on 4xm files with invalid headers

Carl Eugen Hoyos Sun, 16 Jan 2011 10:58:27 -0800

Carl Eugen Hoyos <ceho...@rainbow.studorg.tuwien.ac.at> added the comment:


Backtrace has changed after r26392:
(gdb) r -i 4xm_crash.4xm -f null -
Starting program: ffmpeg_g -i 4xm_crash.4xm -f null -
[Thread debugging using libthread_db enabled]
FFmpeg version SVN-r26394, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jan 16 2011 19:53:30 with gcc 4.5.2
  configuration: --cc='/usr/local/gcc-4.5.2/bin/gcc -m32'
  libavutil     50.36. 0 / 50.36. 0
  libavcore      0.16. 1 /  0.16. 1
  libavcodec    52.108. 0 / 52.108. 0
  libavformat   52.93. 0 / 52.93. 0
  libavdevice   52. 2. 3 / 52. 2. 3
  libavfilter    1.74. 0 /  1.74. 0
  libswscale     0.12. 0 /  0.12. 0
[4xm @ 0x8b8ccc0] Estimating duration from bitrate, this may be inaccurate
Input #0, 4xm, from '4xm_crash.4xm':
  Duration: 00:00:14.00, start: 0.000000, bitrate: 664 kb/s
    Stream #0.0: Video: 4xm, rgb565le, 648x480, 1 tbr, 1 tbn, 1 tbc
    Stream #0.1: Audio: adpcm_4xm, 22050 Hz, 2 channels, s16, 705 kb/s
[buffer @ 0x8b93760] w:648 h:480 pixfmt:rgb565le
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf52.93.0
    Stream #0.0: Video: rawvideo, rgb565le, 648x480, q=2-31, 200 kb/s, 90k tbn,
1 tbc
    Stream #0.1: Audio: pcm_s16le, 22050 Hz, 2 channels, s16, 705 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
  Stream #0.1 -> #0.1
Press [q] to stop encoding

Program received signal SIGSEGV, Segmentation fault.
mcdc (dc=0, scale=1, stride=648, h=2, log2w=<value optimized out>, src=<value
optimized out>, dst=<value optimized out>) at libavcodec/4xm.c:309
309                 LE_CENTRIC_MUL(dst,     src,     scale, dc);
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x842c850 to 0x842c890:
0x0842c850 <mcdc+178>:  inc    %esp
0x0842c851 <mcdc+179>:  test   %ebx,%ebx
0x0842c853 <mcdc+181>:  jle    0x842c7c0 <decode_p_block+464>
0x0842c859 <mcdc+187>:  mov    0x40(%esp),%ebp
0x0842c85d <mcdc+191>:  xor    %eax,%eax
0x0842c85f <mcdc+193>:  xor    %edx,%edx
0x0842c861 <mcdc+195>:  mov    0x3c(%esp),%ebx
0x0842c865 <mcdc+199>:  lea    0x0(%ebp,%ebp,1),%esi
0x0842c869 <mcdc+203>:  mov    0x44(%esp),%ebp
0x0842c86d <mcdc+207>:  lea    0x0(%esi),%esi
0x0842c870 <mcdc+210>:  mov    (%ecx,%eax,1),%edi
0x0842c873 <mcdc+213>:  add    $0x1,%edx
0x0842c876 <mcdc+216>:  mov    %edi,(%ebx,%eax,1)
0x0842c879 <mcdc+219>:  mov    0x4(%ecx,%eax,1),%edi
0x0842c87d <mcdc+223>:  mov    %edi,0x4(%ebx,%eax,1)
0x0842c881 <mcdc+227>:  mov    0x8(%ecx,%eax,1),%edi
0x0842c885 <mcdc+231>:  mov    %edi,0x8(%ebx,%eax,1)
0x0842c889 <mcdc+235>:  mov    0xc(%ecx,%eax,1),%edi
0x0842c88d <mcdc+239>:  mov    %edi,0xc(%ebx,%eax,1)
End of assembler dump.
(gdb) info registers
eax            0x0      0
ecx            0x287c   10364
edx            0x0      0
ebx            0xd7a75020       -676900832
esp            0xffffb980       0xffffb980
ebp            0x2      0x2
esi            0x510    1296
edi            0x8b9f14d        146403661
eip            0x842c870        0x842c870 <mcdc+210>
eflags         0x210246 [ PF ZF IF RF ID ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99

----------
topic:  -avformat

________________________________________________
FFmpeg issue tracker <iss...@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue2527>
________________________________________________

[issue2527] ffmpeg crashes on 4xm files with invalid headers

Reply via email to