New submission from Alfred Daw <[email protected]>:
I first found this on MPlayer but tracked it down to revision 25218 ofFFmpeg.
In MPlayer and ffplay when I play a h264 video file and try to skip forward
using the arrow keys, I get the error shown in the backtrace.
Uploaded a sample of the file that breaks it to the samples server "Crash while
seeking in ffmpeg r25218 and newer.mkv".
----------
files: ffmpegbacktrace.txt
messages: 12059
priority: normal
status: new
substatus: new
title: Crash after seeking in h264 videos
type: bug
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2250>
________________________________________________
[sacar...@wibble:~/src/ffmpeg] $ gdb ./ffplay_g
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-slamd64-linux"...
(gdb) r /home/sacarasc/sata1/xchat/\[SGKK\]\ Bleach\ -\ 279\ \(848x480\ h264\
AAC\)\ \[49190D22\].mkv
Starting program: /home/sacarasc/src/ffmpeg/ffplay_g
/home/sacarasc/sata1/xchat/\[SGKK\]\ Bleach\ -\ 279\ \(848x480\ h264\ AAC\)\
\[49190D22\].mkv
[Thread debugging using libthread_db enabled]
FFplay version SVN-r25218, Copyright (c) 2003-2010 the FFmpeg developers
built on Sep 27 2010 23:33:05 with gcc 4.2.4
configuration: --prefix=/usr --libdir=/usr/lib64 --enable-gpl
--enable-version3 --enable-nonfree --enable-pthreads --enable-libfaac
--enable-libmp3lame --enable-libx264 --enable-libxvid --enable-x11grab
--disable-vdpau --enable-libopencore-amrnb --enable-libopencore-amrwb
libavutil 50.29. 0 / 50.29. 0
libavcore 0. 9. 0 / 0. 9. 0
libavcodec 52.91. 1 / 52.91. 1
libavformat 52.78. 5 / 52.78. 5
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.46. 0 / 1.46. 0
libswscale 0.11. 0 / 0.11. 0
[New Thread 0x7f7a493d6700 (LWP 4552)]
[New Thread 0x42380950 (LWP 4555)]
[New Thread 0x42b81950 (LWP 4556)]
[matroska,webm @ 0x1352df0] max_analyze_duration reached
[matroska,webm @ 0x1352df0] Estimating duration from bitrate, this may be
inaccurate
Input #0, matroska,webm, from '/home/sacarasc/sata1/xchat/[SGKK] Bleach - 279
(848x480 h264 AAC) [49190D22].mkv':
Duration: 00:24:13.36, start: 0.000000, bitrate: N/A
Chapter #0.0: start 0.000000, end 21.063000
Metadata:
title : Prologue
Chapter #0.1: start 21.063000, end 111.278000
Metadata:
title : OP
Chapter #0.2: start 111.278000, end 558.224000
Metadata:
title : Part A
Chapter #0.3: start 558.224000, end 1309.725000
Metadata:
title : Part B
Chapter #0.4: start 1309.725000, end 1399.648000
Metadata:
title : ED
Chapter #0.5: start 1399.648000, end 1453.360000
Metadata:
title : Preview
Stream #0.0(jpn): Video: h264, yuv420p, 848x480, PAR 160:159 DAR 16:9,
23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc
Metadata:
title : AVC (480p)
Stream #0.1(jpn): Audio: aac, 48000 Hz, stereo, s16
Metadata:
title : AAC (2 Ch)
Stream #0.2(eng): Subtitle: [0][0][0][0] / 0x0000
Metadata:
title : ASS
Stream #0.3: Attachment: [0][0][0][0] / 0x0000
Metadata:
filename : BaskervilleCyrLTStd-Upright.otf
Stream #0.4: Attachment: [0][0][0][0] / 0x0000
Metadata:
filename : Candara.ttf
Stream #0.5: Attachment: [0][0][0][0] / 0x0000
Metadata:
filename : Cataneo-BT-Regular.ttf
Stream #0.6: Attachment: [0][0][0][0] / 0x0000
Metadata:
filename : ClearfaceGothicLTStd-Roman.otf
[New Thread 0x41a80950 (LWP 4557)]
[New Thread 0x43382950 (LWP 4558)]
[New Thread 0x43b83950 (LWP 4559)]
63.74 A-V: 62.533 s:0.0 aq= 319KB vq= 3245KB sq= 0B f=0/0 f=0/0
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x43382950 (LWP 4558)]
0x0000000000863f2d in av_image_copy (dst_data=0x1504450,
dst_linesizes=0x1504470, src_data=0x0, src_linesizes=0x20, pix_fmt=<value
optimized out>, width=848,
height=480) at libavcore/imgutils.c:182
182 av_image_copy_plane(dst_data[i], dst_linesizes[i],
(gdb) bt
#0 0x0000000000863f2d in av_image_copy (dst_data=0x1504450,
dst_linesizes=0x1504470, src_data=0x0, src_linesizes=0x20, pix_fmt=<value
optimized out>, width=848,
height=480) at libavcore/imgutils.c:182
#1 0x000000000055588e in decode_slice_header (h=0x14c2e70, h0=0x14c2e70) at
libavcodec/h264.c:1915
#2 0x000000000055f558 in decode_nal_units (h=0x14c2e70, buf=0x1551970 "",
buf_size=31501) at libavcodec/h264.c:2851
#3 0x000000000055fd5f in decode_frame (avctx=0x13797f0, data=0x1531d80,
data_size=0x43381f1c, avpkt=0x0) at libavcodec/h264.c:3012
#4 0x00000000006baac6 in avcodec_decode_video2 (avctx=0x13797f0,
picture=0x1531d80, got_picture_ptr=0x43381f1c, avpkt=0x43381ed0) at
libavcodec/utils.c:614
#5 0x000000000040dd9b in input_request_frame (link=0x1531eb0) at ffplay.c:1581
#6 0x0000000000410301 in video_thread (arg=0x7f7a455ad010) at ffplay.c:1813
#7 0x00007f7a475d5587 in ?? () from /usr/lib64/libSDL-1.2.so.0
#8 0x00007f7a47617199 in ?? () from /usr/lib64/libSDL-1.2.so.0
#9 0x00007f7a473ad3f7 in start_thread () from /lib64/libpthread.so.0
#10 0x00007f7a471211dd in clone () from /lib64/libc.so.6
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x863f0d to 0x863f4d:
0x0000000000863f0d <av_image_copy+349>: rex.R and $0x34,%al
0x0000000000863f10 <av_image_copy+352>: lea 0x7(%rax),%edx
0x0000000000863f13 <av_image_copy+355>: lea -0x1(%r9),%eax
0x0000000000863f17 <av_image_copy+359>: sar $0x3,%edx
0x0000000000863f1a <av_image_copy+362>: cmp $0x1,%eax
0x0000000000863f1d <av_image_copy+365>: jbe 0x8640c4 <av_image_copy+788>
0x0000000000863f23 <av_image_copy+371>: mov 0x38(%rsp),%rsi
0x0000000000863f28 <av_image_copy+376>: mov 0x40(%rsp),%rax
0x0000000000863f2d <av_image_copy+381>: mov (%rsi,%r9,4),%ecx
0x0000000000863f31 <av_image_copy+385>: mov 0x48(%rsp),%rsi
0x0000000000863f36 <av_image_copy+390>: mov (%rax,%r9,8),%r12
0x0000000000863f3a <av_image_copy+394>: mov (%rsi,%r9,4),%eax
0x0000000000863f3e <av_image_copy+398>: mov 0x50(%rsp),%rsi
0x0000000000863f43 <av_image_copy+403>: mov (%rsi,%r9,8),%rbp
0x0000000000863f47 <av_image_copy+407>: test %rbp,%rbp
0x0000000000863f4a <av_image_copy+410>: je 0x863f9f <av_image_copy+495>
0x0000000000863f4c <av_image_copy+412>: test %r12,%r12
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x1e0 480
rcx 0x0 0
rdx 0x350 848
rsi 0x20 32
rdi 0x1504450 22037584
rbp 0x14c2e70 0x14c2e70
rsp 0x43381b70 0x43381b70
r8 0xa927c0 11085760
r9 0x0 0
r10 0x3 3
r11 0x43381be0 1127750624
r12 0x14f6ea4 21982884
r13 0x14c2e70 21769840
r14 0x3 3
r15 0x14c76ac 21788332
rip 0x863f2d 0x863f2d <av_image_copy+381>
eflags 0x10282 [ SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x63 99
gs 0x0 0
st0 -nan(0x7b7b7a7979797978) (raw 0xffff7b7b7a7979797978)
st1 -nan(0x7b7b7b79797a7a78) (raw 0xffff7b7b7b79797a7a78)
st2 -nan(0x7b7b7a7a7a797979) (raw 0xffff7b7b7a7a7a797979)
st3 -nan(0x10000010100) (raw 0xffff0000010000010100)
st4 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st5 -nan(0x10101010101) (raw 0xffff0000010101010101)
st6 -inf (raw 0xffff0000000000000000)
st7 -nan(0x202020202020202) (raw 0xffff0202020202020202)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
---Type <return> to continue, or q <return> to quit---
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x1a, 0x0, 0x0}, v2_double = {0x4ca11c22,
0x0}, v16_int8 = {0xdc, 0xa0, 0x8e, 0x8, 0x47, 0x28, 0xd3, 0x41, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0, 0x0}, v8_int16 = {0xa0dc, 0x88e, 0x2847, 0x41d3, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x88ea0dc, 0x41d32847, 0x0, 0x0}, v2_int64 =
{0x41d32847088ea0dc, 0x0},
uint128 = 0x000000000000000041d32847088ea0dc}
xmm1 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x2f, 0xdd, 0x24, 0x6, 0x81, 0xa5, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x2f00, 0x24dd, 0x8106, 0x3fa5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x24dd2f00, 0x3fa58106, 0x0, 0x0}, v2_int64 = {0x3fa5810624dd2f00,
0x0},
uint128 = 0x00000000000000003fa5810624dd2f00}
xmm2 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double =
{0xffffffffffffffc2, 0x0}, v16_int8 = {0xbf, 0x58, 0xf2, 0x9d, 0x22, 0x44,
0x4f, 0xc0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x58bf, 0x9df2, 0x4422, 0xc04f,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x9df258bf, 0xc04f4422, 0x0, 0x0}, v2_int64 = {
0xc04f44229df258bf, 0x0}, uint128 = 0x0000000000000000c04f44229df258bf}
xmm3 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x2f, 0xdd, 0x24, 0x6, 0x81, 0xa5, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x2f00, 0x24dd, 0x8106, 0x3fa5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x24dd2f00, 0x3fa58106, 0x0, 0x0}, v2_int64 = {0x3fa5810624dd2f00,
0x0},
uint128 = 0x00000000000000003fa5810624dd2f00}
xmm4 {v4_float = {0x0, 0x2, 0x0, 0x0}, v2_double = {0xa, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0x4024, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x40240000, 0x0, 0x0}, v2_int64 = {0x4024000000000000, 0x0},
uint128 = 0x00000000000000004024000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1,
0x1, 0x0, 0x1},
v8_int16 = {0x1, 0x1, 0x100, 0x0, 0x100, 0x100, 0x101, 0x100}, v4_int32 =
{0x10001, 0x100, 0x1000100, 0x1000101}, v2_int64 = {0x10000010001,
0x100010101000100},
uint128 = 0x01000101010001000000010000010001}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0,
0x0, 0x1, 0x2},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x102, 0x0, 0x201}, v4_int32 = {0x0,
0x0, 0x1020000, 0x2010000}, v2_int64 = {0x0, 0x201000001020000},
uint128 = 0x02010000010200000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x3 <repeats 16 times>}, v8_int16 = {0x303, 0x303, 0x303, 0x303,
0x303, 0x303,
0x303, 0x303}, v4_int32 = {0x3030303, 0x3030303, 0x3030303, 0x3030303},
v2_int64 = {0x303030303030303, 0x303030303030303},
uint128 = 0x03030303030303030303030303030303}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0xfffffe7f}, v2_double =
{0x8000000000000000, 0xde808a8e98bcea00}, v16_int8 = {0x6f, 0x70, 0x71, 0x73,
0x73, 0x76, 0x7a,
0x7f, 0x8b, 0xa1, 0xb3, 0xb8, 0xba, 0xbf, 0xc0, 0xc3}, v8_int16 = {0x706f,
0x7371, 0x7673, 0x7f7a, 0xa18b, 0xb8b3, 0xbfba, 0xc3c0}, v4_int32 =
{0x7371706f,
0x7f7a7673, 0xb8b3a18b, 0xc3c0bfba}, v2_int64 = {0x7f7a76737371706f,
0xc3c0bfbab8b3a18b}, uint128 = 0xc3c0bfbab8b3a18b7f7a76737371706f}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xff <repeats 16 times>},
v8_int16 = {0xffff,
0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 =
{0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff}, v2_int64 =
{0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x69, 0x69, 0x69, 0x6a,
0x69, 0x68, 0x66, 0x67,
0x65, 0x66, 0x66, 0x64, 0x64, 0x61, 0x63, 0x61}, v8_int16 = {0x6969,
0x6a69, 0x6869, 0x6766, 0x6665, 0x6466, 0x6164, 0x6163}, v4_int32 =
{0x6a696969, 0x67666869,
---Type <return> to continue, or q <return> to quit---
0x64666665, 0x61636164}, v2_int64 = {0x676668696a696969,
0x6163616464666665}, uint128 = 0x6163616464666665676668696a696969}
xmm11 {v4_float = {0x0, 0x80000000, 0xc0000000, 0xe0000000}, v2_double
= {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xdb, 0xdb, 0xdb, 0xdb,
0xdb,
0xdb, 0xda, 0xda, 0xda, 0xd9, 0xd9, 0xd9, 0xd9, 0xd9, 0xd9, 0xd9}, v8_int16
= {0xdbdb, 0xdbdb, 0xdbdb, 0xdada, 0xd9da, 0xd9d9, 0xd9d9, 0xd9d9}, v4_int32 = {
0xdbdbdbdb, 0xdadadbdb, 0xd9d9d9da, 0xd9d9d9d9}, v2_int64 =
{0xdadadbdbdbdbdbdb, 0xd9d9d9d9d9d9d9da}, uint128 =
0xd9d9d9d9d9d9d9dadadadbdbdbdbdbdb}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0,
0x1, 0x0, 0x1},
v8_int16 = {0x101, 0x101, 0x101, 0x0, 0x101, 0x0, 0x100, 0x100}, v4_int32 =
{0x1010101, 0x101, 0x101, 0x1000100}, v2_int64 = {0x10101010101,
0x100010000000101},
uint128 = 0x01000100000001010000010101010101}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xff <repeats 16 times>},
v8_int16 = {0xffff,
0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 =
{0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff}, v2_int64 =
{0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x1 <repeats 16 times>}, v8_int16 = {0x101, 0x101, 0x101, 0x101,
0x101, 0x101,
0x101, 0x101}, v4_int32 = {0x1010101, 0x1010101, 0x1010101, 0x1010101},
v2_int64 = {0x101010101010101, 0x101010101010101},
uint128 = 0x01010101010101010101010101010101}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
(gdb)
