[issue2386] h264_mp4toannexb filter crashes

Thu, 25 Nov 2010 19:39:00 -0800 

New submission from Kieran K <kie...@kunhya.com>:

http://www.aktiv-verlag.com/~webvideos/videos/2010/Surfcup.mp4

----------
files: typescript
messages: 12681
priority: normal
status: new
substatus: new
title: h264_mp4toannexb filter crashes
type: bug

________________________________________________
FFmpeg issue tracker <iss...@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue2386>
________________________________________________
$ gdb ffmpeg_g
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-cygwin".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /cygdrive/d/mpc-hc/ffmpeg-clean/ffmpeg/ffmpeg_g...done.

(gdb) run -i "C:\Documents and Settings\KieranK\Desktop\Surfcup.mp4" -vcodec 
copy -vbssf h264_mp4toannexb -y out.h264
Starting program: /cygdrive/d/mpc-hc/ffmpeg-clean/ffmpeg/ffmpeg_g -i 
"C:\Documents and Settings\KieranK\Desktop\Surfcup.mp4" -vcodec copy -vbsf 
h264_mp4toannexb -y out.h264
[New Thread 16300.0x3ae0]
warning: Can not parse XML library list; XML support was disabled at compile 
time
[New Thread 16300.0x354c]

Program received signal SIGSEGV, Segmentation fault.
0x006df716 in h264_mp4toannexb_filter (bsfc=0x24dc930, avctx=0x24d5bc0, 
    args=0x0, poutbuf=0x22b4e8, poutbuf_size=0x22b4ec, buf=0x24eb630 "", 
    buf_size=3233, keyframe=1) at libavcodec/h264_mp4toannexb_bsf.c:117
117             memset(out + total_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
(gdb) Undefined command: "btb".  Try "help".
(gdb) #0  0x006df716 in h264_mp4toannexb_filter (bsfc=0x24dc930, 
avctx=0x24d5bc0, 
    args=0x0, poutbuf=0x22b4e8, poutbuf_size=0x22b4ec, buf=0x24eb630 "", 
    buf_size=3233, keyframe=1) at libavcodec/h264_mp4toannexb_bsf.c:117
#1  0x00403655 in write_frame (s=0x24d4a20, pkt=0x22b7d0, avctx=0x24d5bc0, 
    bsfc=0x24dc930) at ffmpeg.c:744
#2  0x0040595f in output_packet (ist=0x24daef0, ist_index=0, 
    ost_table=0x24db030, nb_ostreams=1, pkt=0x22cb68) at ffmpeg.c:1715
#3  0x00409c82 in transcode (output_files=0x84c, nb_output_files=0, 
    input_files=0x0, nb_input_files=2359296, stream_maps=0x7c927784, 
    nb_stream_maps=2377752) at ffmpeg.c:2628
#4  0x00007918 in ?? ()
#5  0x0040a15e in main (argc=2280512, argv=0x1000000) at ffmpeg.c:4319
(gdb) Dump of assembler code from 0x6df6f6 to 0x6df740:
   0x006df6f6 <h264_mp4toannexb_filter+1014>:   jmp    0x6df620 
<h264_mp4toannexb_filter+800>
   0x006df6fb <h264_mp4toannexb_filter+1019>:   movzbl 0x6(%ecx),%eax
   0x006df6ff <h264_mp4toannexb_filter+1023>:   lea    0x7(%ecx),%ebp
   0x006df702 <h264_mp4toannexb_filter+1026>:   movb   $0x1,0x2f(%esp)
   0x006df707 <h264_mp4toannexb_filter+1031>:   mov    %al,0x2e(%esp)
   0x006df70b <h264_mp4toannexb_filter+1035>:   jmp    0x6df612 
<h264_mp4toannexb_filter+786>
   0x006df710 <h264_mp4toannexb_filter+1040>:   mov    0x28(%esp),%eax
   0x006df714 <h264_mp4toannexb_filter+1044>:   add    %ebx,%eax
=> 0x006df716 <h264_mp4toannexb_filter+1046>:   movl   $0x0,(%eax)
   0x006df71c <h264_mp4toannexb_filter+1052>:   movl   $0x0,0x4(%eax)
   0x006df723 <h264_mp4toannexb_filter+1059>:   mov    0x54(%esp),%ecx
   0x006df727 <h264_mp4toannexb_filter+1063>:   mov    0x18(%ecx),%eax
   0x006df72a <h264_mp4toannexb_filter+1066>:   mov    %eax,(%esp)
   0x006df72d <h264_mp4toannexb_filter+1069>:   call   0x8862b0 <av_free>
   0x006df732 <h264_mp4toannexb_filter+1074>:   mov    0x54(%esp),%eax
   0x006df736 <h264_mp4toannexb_filter+1078>:   mov    0x28(%esp),%edx
   0x006df73a <h264_mp4toannexb_filter+1082>:   mov    0x14(%esp),%ecx
   0x006df73e <h264_mp4toannexb_filter+1086>:   mov    %ebx,0x1c(%eax)
End of assembler dump.
(gdb) eax            0x0        0
ecx            0x24db140        38646080
edx            0xffffffea       -22
ebx            0x0      0
esp            0x22b450 0x22b450
ebp            0x24db147        0x24db147
esi            0x0      0
edi            0x22b7d0 2275280
eip            0x6df716 0x6df716 <h264_mp4toannexb_filter+1046>
eflags         0x210246 [ PF ZF IF RF ID ]
cs             0x1b     27
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x3b     59
gs             0x0      0
st0            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st2            0.4000000000259499570594810824442078     (raw 
0x3ffdcccccccd05dd53be)
st3            5.7340440618696742929035486834997265e-11 (raw 
0x3fdcfc2f98c4aad7bcc7)
st4            90000    (raw 0x400fafc8000000000000)
st5            1.1111111111111111110870530225397911e-05 (raw 
0x3feeba69dbdd3ac1---Type <return> to continue, or q <return> to quit---3d7c)
st6            1.000000000000000015902891109759918e+100 (raw 
0x414b924d692ca61be800)
st7            0        (raw 0x00000000000000000000)
fctrl          0xffff037f       -64641
fstat          0xffff4020       -49120
ftag           0xffffffff       -1
fiseg          0x1b     27
fioff          0x409909 4233481
foseg          0xffff0023       -65501
fooff          0x0      0
fop            0x5d8    1496
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---xmm3           {v4_float 
= {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 
    0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8000, 0x0, 0x0, 0x0, 0x8000, 0x0, 
    0x0}, v4_int32 = {0x80000000, 0x0, 0x80000000, 0x0}, v2_int64 = {
    0x80000000, 0x80000000}, uint128 = 0x00000000800000000000000080000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 
    0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8000, 0x0, 0x0, 0x0, 0x8000, 0x0, 
    0x0}, v4_int32 = {0x80000000, 0x0, 0x80000000, 0x0}, v2_int64 = {
    0x80000000, 0x80000000}, uint128 = 0x00000000800000000000000080000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 
    0x8000}, v4_int32 = {0x0, 0x80000000, 0x0, 0x80000000}, v2_int64 = {
    0x8000000000000000, 0x8000000000000000}, 
  uint128 = 0x80000000000000008000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x80, 
    0x0, 0x0, 0x0, 0x80}, v8_int16 = {0x0, 0x8000, 0x0, 0x8000, 0x0, 0x8000, 
    0x0, 0x8000}, v4_int32 = {0x80000000, 0x80000000, 0x80000000, 
---Type <return> to continue, or q <return> to quit---    0x80000000}, v2_int64 
= {0x8000000080000000, 0x8000000080000000}, 
  uint128 = 0x80000000800000008000000080000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 
    0x80808080}, v4_int16 = {0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {
    0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm1            {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 
    0x80808080}, v4_int16 = {0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {
    0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80}}
mm2            {uint64 = 0xcccccccd05dd53be, v2_int32 = {0x5dd53be, 
    0xcccccccd}, v4_int16 = {0x53be, 0x5dd, 0xcccd, 0xcccc}, v8_int8 = {0xbe, 
    0x53, 0xdd, 0x5, 0xcd, 0xcc, 0xcc, 0xcc}}
mm3            {uint64 = 0xfc2f98c4aad7bcc7, v2_int32 = {0xaad7bcc7, 
    0xfc2f98c4}, v4_int16 = {0xbcc7, 0xaad7, 0x98c4, 0xfc2f}, v8_int8 = {
    0xc7, 0xbc, 0xd7, 0xaa, 0xc4, 0x98, 0x2f, 0xfc}}
mm4            {uint64 = 0xafc8000000000000, v2_int32 = {0x0, 0xafc80000}, 
  v4_int16 = {0x0, 0x0, 0x0, 0xafc8}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0xc8, 0xaf}}
mm5            {uint64 = 0xba69dbdd3ac13d7c, v2_int32 = {0x3ac13d7c, 
    0xba69dbdd}, v4_int16 = {0x3d7c, 0x3ac1, 0xdbdd, 0xba69}, v8_int8 = {
    0x7c, 0x3d, 0xc1, 0x3a, 0xdd, 0xdb, 0x69, 0xba}}
mm6            {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800, 
    0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c, 0x924d}, v8_int8 = {0x0, 
    0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
---Type <return> to continue, or q <return> to quit---mm7            {uint64 = 
0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

Reply via email to