[issue2550] Further crash in vorbis decoder

Sat, 15 Jan 2011 08:25:32 -0800 

New submission from Carl Eugen Hoyos <[email protected]>:

(related to issue 2548)
Original report:
http://code.google.com/p/chromium/issues/detail?id=68115
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/122724
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/122703
(Fixed by the part of the patch not applied in r26365.)

(gdb) r -i out.webm.139771.2965 -f null -
Starting program: ffmpeg_g -i out.webm.139771.2965 -f null -
[Thread debugging using libthread_db enabled]
FFmpeg version SVN-r26363, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jan 15 2011 13:55:53 with gcc 4.5.2
  configuration: --cc=/usr/local/gcc-4.5.2/bin/gcc
  libavutil     50.36. 0 / 50.36. 0
  libavcore      0.16. 1 /  0.16. 1
  libavcodec    52.108. 0 / 52.108. 0
  libavformat   52.93. 0 / 52.93. 0
  libavdevice   52. 2. 3 / 52. 2. 3
  libavfilter    1.73. 1 /  1.73. 1
  libswscale     0.12. 0 /  0.12. 0
[matroska,webm @ 0x117f510] Invalid track number 2050
[matroska,webm @ 0x117f510] Invalid stream 2050 or size 18378
[matroska,webm @ 0x117f510] Estimating duration from bitrate, this may be 
inaccurate
Input #0, matroska,webm, from 'out.webm.139771.2965':
  Duration: 00:00:01.17, start: 0.000000, bitrate: N/A
    Stream #0.0: Audio: vorbis, 44100 Hz, stereo, s16
    Stream #0.1: Video: vp8, yuv420p, 200x600, PAR 1:1 DAR 1:3, 25 fps, 25 tbr,
1k tbn, 25 tbc
[buffer @ 0x1215ac0] w:200 h:600 pixfmt:yuv420p
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf52.93.0
    Stream #0.0: Video: rawvideo, yuv420p, 200x600 [PAR 1:1 DAR 1:3], q=2-31,
200 kb/s, 90k tbn, 25 tbc
    Stream #0.1: Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding
[vp8 @ 0x11862d0] Invalid start code 0xde019d
Error while decoding stream #0.1
[vp8 @ 0x11862d0] Discarding interframe without a prior keyframe!
Error while decoding stream #0.1
Error while decoding stream #0.1s

Program received signal SIGSEGV, Segmentation fault.
av_interleaved_write_frame (s=0x11c0900, pkt=0x7fffffffcc10) at
libavformat/utils.c:3062
3062        if(st->codec->codec_type == AVMEDIA_TYPE_AUDIO && pkt->size==0)
(gdb) bt
#0  av_interleaved_write_frame (s=0x11c0900, pkt=0x7fffffffcc10) at
libavformat/utils.c:3062
#1  0x0000000000405f2d in write_frame (s=0x11c0900, pkt=0x7fffffffcc10,
avctx=0x11bd950, bsfc=0x0) at ffmpeg.c:760
#2  0x0000000000408060 in do_audio_out (size=4096, buf=<value optimized out>,
ist=0x1215a20, ost=0x11a88a0, s=0x11c0900) at ffmpeg.c:1007
#3  output_packet (size=4096, buf=<value optimized out>, ist=0x1215a20,
ost=0x11a88a0, s=0x11c0900) at ffmpeg.c:1667
#4  0x000000000040b08c in transcode (nb_output_files=1, nb_input_files=1,
stream_maps=0x0, nb_stream_maps=0, input_files=0xc3bbc0, output_files=0xc3b8a0)
at ffmpeg.c:2636
#5  0x000000000040f91f in main (argc=<value optimized out>, argv=<value
optimized out>) at ffmpeg.c:4361
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x4afc49 to 0x4afc89:
0x00000000004afc49:     (bad)
0x00000000004afc4a:     test   %al,(%rax)
0x00000000004afc4c:     add    %al,(%rax)
0x00000000004afc4e:     add    %al,(%rax)
0x00000000004afc50 <av_interleaved_write_frame+0>:      push   %r13
0x00000000004afc52 <av_interleaved_write_frame+2>:      push   %r12
0x00000000004afc54 <av_interleaved_write_frame+4>:      mov    %rsi,%r12
0x00000000004afc57 <av_interleaved_write_frame+7>:      push   %rbp
0x00000000004afc58 <av_interleaved_write_frame+8>:      push   %rbx
0x00000000004afc59 <av_interleaved_write_frame+9>:      mov    %rdi,%rbx
0x00000000004afc5c <av_interleaved_write_frame+12>:     sub    $0x58,%rsp
0x00000000004afc60 <av_interleaved_write_frame+16>:     movslq 0x1c(%rsi),%rax
0x00000000004afc64 <av_interleaved_write_frame+20>:     mov   
0x30(%rdi,%rax,8),%rsi
0x00000000004afc69 <av_interleaved_write_frame+25>:     mov    0x8(%rsi),%rax
0x00000000004afc6d <av_interleaved_write_frame+29>:     cmpl   $0x1,0x108(%rax)
0x00000000004afc74 <av_interleaved_write_frame+36>:     je     0x4afd50
<av_interleaved_write_frame+256>
0x00000000004afc7a <av_interleaved_write_frame+42>:     mov    %r12,%rdx
0x00000000004afc7d <av_interleaved_write_frame+45>:     mov    %rbx,%rdi
0x00000000004afc80 <av_interleaved_write_frame+48>:     callq  0x4a7750
<compute_pkt_fields2>
0x00000000004afc85 <av_interleaved_write_frame+53>:     test   %eax,%eax
0x00000000004afc87 <av_interleaved_write_frame+55>:     js     0x4afd80
<av_interleaved_write_frame+304>
End of assembler dump.
(gdb) info registers
rax            0x1      1
rbx            0x11c0900        18614528
rcx            0x0      0
rdx            0x11bd950        18602320
rsi            0x4100000041000000       4683743613555834880
rdi            0x11c0900        18614528
rbp            0x0      0x0
rsp            0x7fffffffc730   0x7fffffffc730
r8             0xc32540 12789056
r9             0xfffffffffffffff0       -16
r10            0x1      1
r11            0x1000   4096
r12            0x7fffffffcc10   140737488342032
r13            0x11bd950        18602320
r14            0x1215a20        18962976
r15            0x11a90f8        18518264
rip            0x4afc69 0x4afc69 <av_interleaved_write_frame+25>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa2   [ DE PE IM DM ZM OM UM PM ]

----------
messages: 13444
priority: normal
status: open
substatus: open
title: Further crash in vorbis decoder
topic: avcodec
type: bug

________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2550>
________________________________________________

Reply via email to