Carl Eugen Hoyos <[email protected]> added the comment:
Please always post complete backtrace etc.
(gdb) r -i crash_pirateszz_2_s25_r003.fuzz.sample -f null -
Starting program: ffmpeg_g -i crash_pirateszz_2_s25_r003.fuzz.sample -f null -
FFmpeg version SVN-r26076, Copyright (c) 2000-2010 the FFmpeg developers
built on Dec 23 2010 02:49:54 with gcc 4.4.5
configuration: --enable-debug=3 --disable-asm --disable-optimizations
--cc='/usr/local/gcc-4.4.5/bin/gcc -m32'
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 0 / 0.16. 0
libavcodec 52.100. 0 / 52.100. 0
libavformat 52.88. 0 / 52.88. 0
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.69. 0 / 1.69. 0
libswscale 0.12. 0 / 0.12. 0
[mpeg1video @ 0x8ace5c0] matrix damaged
[mpeg1video @ 0x8ace5c0] sequence header damaged
[mpeg1video @ 0x8ace5c0] matrix damaged
[mpeg1video @ 0x8ace5c0] sequence header damaged
[mpeg1video @ 0x8ace5c0] matrix damaged
[mpeg1video @ 0x8ace5c0] sequence header damaged
[mpeg1video @ 0x8ace5c0] Missing picture start code
Last message repeated 15 times
[mpegvideo @ 0x8acbcc0] max_analyze_duration reached
[mpegvideo @ 0x8acbcc0] Estimating duration from bitrate, this may be inaccurate
Seems stream 0 codec frame rate differs from container frame rate: 6.66
(60000/9009) -> 120000.00 (120000/1)
Input #0, mpegvideo, from 'crash_pirateszz_2_s25_r003.fuzz.sample':
Duration: 00:00:08.35, bitrate: 9800 kb/s
Stream #0.0: Video: mpeg2video, yuv420p, 720x4576 [PAR 4576:405 DAR 16:9],
9800 kb/s, 17.53 fps, 120k tbr, 1200k tbn, 6.66 tbc
[buffer @ 0x8bb3640] w:720 h:4576 pixfmt:yuv420p
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf52.88.0
Stream #0.0: Video: rawvideo, yuv420p, 720x4576 [PAR 113:10 DAR 1017:572],
q=2-31, 200 kb/s, 90k tbn, 120k tbc
Stream mapping:
Stream #0.0 -> #0.0
Press [q] to stop encoding
[mpeg2video @ 0x8ace5c0] matrix damaged
[...]
mpeg2video @ 0x8ace5c0] Warning MVs not available
[mpeg2video @ 0x8ace5c0] concealing 1380 DC, 1380 AC, 1380 MV errors
Program received signal SIGSEGV, Segmentation fault.
0xf7d91b56 in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0xf7d91b56 in memcpy () from /lib/libc.so.6
#1 0x08beb068 in ?? ()
#2 0x08438e37 in av_image_copy (dst_data=0x8ad1344, dst_linesizes=0x8ad1364,
src_data=0x8beb068, src_linesizes=0x8beb078, pix_fmt=PIX_FMT_YUV420P, width=720,
height=4576) at libavcore/imgutils.c:263
#3 0x08069f57 in request_frame (link=0x8beb3c0) at
libavfilter/vsrc_buffer.c:125
#4 0x0805f4e5 in avfilter_request_frame (link=0x8beb3c0) at
libavfilter/avfilter.c:333
#5 0x0805a6da in get_filtered_video_frame (ctx=0x8beb210, frame=0xffffc314,
picref_ptr=0x8beaf70, tb=0xffffc2ac) at cmdutils.c:826
#6 0x0804fc67 in output_packet (ist=0x8beaf00, ist_index=0,
ost_table=0x8beafa0, nb_ostreams=1, pkt=0xffffc520) at ffmpeg.c:1645
#7 0x08053d8c in transcode (output_files=0x858e800, nb_output_files=1,
input_files=0x858e000, nb_input_files=1, stream_maps=0x0, nb_stream_maps=0) at
ffmpeg.c:2648
#8 0x0805833f in main (argc=6, argv=0xffffcfc4) at ffmpeg.c:4358
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xf7d91b36 to 0xf7d91b76:
0xf7d91b36 <memcpy+38>: push %ss
0xf7d91b37 <memcpy+39>: movsb %ds:(%esi),%es:(%edi)
0xf7d91b38 <memcpy+40>: dec %ecx
0xf7d91b39 <memcpy+41>: test $0x3,%esi
0xf7d91b3f <memcpy+47>: je 0xf7d91b4d <memcpy+61>
0xf7d91b41 <memcpy+49>: movsb %ds:(%esi),%es:(%edi)
0xf7d91b42 <memcpy+50>: dec %ecx
0xf7d91b43 <memcpy+51>: test $0x3,%esi
0xf7d91b49 <memcpy+57>: je 0xf7d91b4d <memcpy+61>
0xf7d91b4b <memcpy+59>: movsb %ds:(%esi),%es:(%edi)
0xf7d91b4c <memcpy+60>: dec %ecx
0xf7d91b4d <memcpy+61>: push %eax
0xf7d91b4e <memcpy+62>: mov %ecx,%eax
0xf7d91b50 <memcpy+64>: shr $0x2,%ecx
0xf7d91b53 <memcpy+67>: and $0x3,%eax
0xf7d91b56 <memcpy+70>: rep movsl %ds:(%esi),%es:(%edi)
0xf7d91b58 <memcpy+72>: mov %eax,%ecx
0xf7d91b5a <memcpy+74>: rep movsb %ds:(%esi),%es:(%edi)
0xf7d91b5c <memcpy+76>: pop %eax
0xf7d91b5d <memcpy+77>: mov %eax,%edi
0xf7d91b5f <memcpy+79>: mov %edx,%esi
0xf7d91b61 <memcpy+81>: mov 0x4(%esp),%eax
0xf7d91b65 <memcpy+85>: ret
0xf7d91b66 <memcpy+86>: shr %ecx
0xf7d91b68 <memcpy+88>: jae 0xf7d91b6b <memcpy+91>
0xf7d91b6a <memcpy+90>: movsb %ds:(%esi),%es:(%edi)
0xf7d91b6b <memcpy+91>: shr %ecx
0xf7d91b6d <memcpy+93>: jae 0xf7d91b71 <memcpy+97>
0xf7d91b6f <memcpy+95>: movsw %ds:(%esi),%es:(%edi)
0xf7d91b71 <memcpy+97>: rep movsl %ds:(%esi),%es:(%edi)
0xf7d91b73 <memcpy+99>: jmp 0xf7d91b5d <memcpy+77>
0xf7d91b75: nop
End of assembler dump.
(gdb) info register
eax 0x0 0
ecx 0x50 80
edx 0x168 360
ebx 0x180 384
esp 0xffffc018 0xffffc018
ebp 0xffffc038 0xffffc038
esi 0x8d52000 148185088
edi 0xf68bc3b8 -158612552
eip 0xf7d91b56 0xf7d91b56 <memcpy+70>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
----------
priority: normal -> important
status: new -> open
substatus: new -> reproduced
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2441>
________________________________________________
