[FFmpeg-cvslog] r16688 - in trunk/libavformat: Makefile id3v2.c id3v2.h mp3.c mpc.c raw.c

Alex Converse alex.converse
Tue Jan 20 07:31:36 CET 2009 

On Tue, Jan 20, 2009 at 1:15 AM, Mike Melanson <mike at multimedia.cx> wrote:
> Baptiste Coudurier wrote:
>> Hi Mike,
>>
>> Mike Melanson wrote:
>>> alexc wrote:
>>>> Author: alexc
>>>> Date: Mon Jan 19 22:54:06 2009
>>>> New Revision: 16688
>>>>
>>>> Log:
>>>> Fix probing of files with ID3v2 tags. Discussed at http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2009-January/059302.html
>>>>
>>>> Modified:
>>>>    trunk/libavformat/Makefile
>>>>    trunk/libavformat/id3v2.c
>>>>    trunk/libavformat/id3v2.h
>>>>    trunk/libavformat/mp3.c
>>>>    trunk/libavformat/mpc.c
>>>>    trunk/libavformat/raw.c
>>> SEGFAULT.
>>>
>>> This crashes when reading any Amazon-purchased MP3. Since they're keyed
>>> to me, no, I'm not going to upload a sample. Do you have any you can
>>> test? Otherwise, I suggest you spend 99 cents for one.
>>
>> Can gdb output still be provided ?
>
> It seems to vary a bit by platform. This is for Linux / x86_64 / gcc 4.3.2:
>
> (gdb) r -i g.mp3
> Starting program: /home/fate/build64/ffmpeg_g -i g.mp3
> FFmpeg version SVN-r16690, Copyright (c) 2000-2009 Fabrice Bellard, et al.
>   configuration:
>   libavutil     49.14. 0 / 49.14. 0
>   libavcodec    52.11. 0 / 52.11. 0
>   libavformat   52.24. 1 / 52.24. 1
>   libavdevice   52. 1. 0 / 52. 1. 0
>   built on Jan 19 2009 22:04:29, gcc: 4.3.2
>
> Program received signal SIGSEGV, Segmentation fault.
> mp3_read_probe (p=<value optimized out>)
>     at /home/fate/ffmpeg/libavutil/x86/bswap.h:42
> 42          __asm__("bswap   %0" : "+r" (x));
> (gdb) bt
> #0  mp3_read_probe (p=<value optimized out>)
>     at /home/fate/ffmpeg/libavutil/x86/bswap.h:42
> #1  0x000000000042eb24 in av_open_input_file (ic_ptr=0x7fff0e8e1e38,
>     filename=0x7fff0e8e39d8 "g.mp3", fmt=0xb32f20,
>     buf_size=<value optimized out>, ap=0x7fff0e8e1e00)
>     at /home/fate/ffmpeg/libavformat/utils.c:350
> #2  0x00000000004237f3 in opt_input_file (filename=0x7fff0e8e39d8 "g.mp3")
>     at /home/fate/ffmpeg/ffmpeg.c:2804
> #3  0x0000000000426ae7 in parse_options (argc=3, argv=0x7fff0e8e2098,
>     options=0x841480, parse_arg_function=0x4247e0 <opt_output_file>)
>     at /home/fate/ffmpeg/cmdutils.c:162
> #4  0x0000000000422d2f in main (argc=3, argv=0x7fff0e8e2098)
>     at /home/fate/ffmpeg/ffmpeg.c:3907
>
>
> On Linux / PowerPC / month-old gcc-svn:
>
> (gdb) r -i g.mp3
> Starting program: /home/melanson/ffmpeg/build/ffmpeg_g -i g.mp3
> FFmpeg version SVN-r16690, Copyright (c) 2000-2009 Fabrice Bellard, et al.
>   configuration: --enable-gpl --cc=ccache
> /usr/local/gcc-142964-20081230/bin/gcc
>   libavutil     49.14. 0 / 49.14. 0
>   libavcodec    52.11. 0 / 52.11. 0
>   libavformat   52.24. 1 / 52.24. 1
>   libavdevice   52. 1. 0 / 52. 1. 0
>   built on Jan 19 2009 21:54:45, gcc: 4.4.0 20081127 (experimental)
>
> Program received signal SIGSEGV, Segmentation fault.
> mp3_read_probe (p=<value optimized out>)
>     at /home/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:374
> 374                 fsize = ff_mpa_decode_header(&avctx, header,
> &sample_rate, &sample_rate, &sample_rate, &sample_rate);
> (gdb) bt
> #0  mp3_read_probe (p=<value optimized out>)
>     at /home/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:374
> #1  0x1002c8a0 in av_open_input_file (ic_ptr=0x7ff14098,
>     filename=0x7ff146a7 "g.mp3", fmt=0x1052d5a8,
>     buf_size=<value optimized out>, ap=0x7ff1409c)
>     at /home/melanson/ffmpeg/ffmpeg-main/libavformat/utils.c:350
> #2  0x10019928 in opt_input_file (filename=0x7ff146a7 "g.mp3")
>     at /home/melanson/ffmpeg/ffmpeg-main/ffmpeg.c:2804
> #3  0x100229b8 in parse_options (argc=3, argv=0x7ff14524,
> options=0x10435740,
>     parse_arg_function=<value optimized out>)
>     at /home/melanson/ffmpeg/ffmpeg-main/cmdutils.c:162
> #4  0x1002021c in main (argc=3, argv=<value optimized out>)
>     at /home/melanson/ffmpeg/ffmpeg-main/ffmpeg.c:3907
>
>
> On Mac OS X / x86_64 / gcc 4.0.1:
>
> (gdb) r -i g.mp3
> Starting program: /Users/melanson/ffmpeg/build-x64/ffmpeg_g -i g.mp3
> warning: posix_spawn failed, trying execvp, error: 86
> Reading symbols for shared libraries ++++. done
> FFmpeg version SVN-r16690, Copyright (c) 2000-2009 Fabrice Bellard, et al.
>   configuration: --enable-gpl --arch=x86_64 --extra-cflags=-m64
> --extra-ldflags=-m64
>   libavutil     49.14. 0 / 49.14. 0
>   libavcodec    52.11. 0 / 52.11. 0
>   libavformat   52.24. 1 / 52.24. 1
>   libavdevice   52. 1. 0 / 52. 1. 0
>   built on Jan 19 2009 20:16:36, gcc: 4.0.1 (Apple Inc. build 5484)
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x0000000100893f17
> mp3_read_probe (p=<value temporarily unavailable, due to optimizations>)
> at /Users/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:373
> 373                 header = AV_RB32(buf2);
> (gdb) bt
> #0  mp3_read_probe (p=<value temporarily unavailable, due to
> optimizations>) at /Users/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:373
> #1  0x0000000000000000 in ?? ()
>
>
> On Mac OS X / x86_32 / gcc 4.0.1:
>
> (gdb) r -i g.mp3
> Starting program: /Users/melanson/ffmpeg/build-x32/ffmpeg_g -i g.mp3
> Reading symbols for shared libraries ++++. done
> FFmpeg version SVN-r16690, Copyright (c) 2000-2009 Fabrice Bellard, et al.
>   configuration: --enable-gpl --disable-decoder=cavs
>   libavutil     49.14. 0 / 49.14. 0
>   libavcodec    52.11. 0 / 52.11. 0
>   libavformat   52.24. 1 / 52.24. 1
>   libavdevice   52. 1. 0 / 52. 1. 0
>   built on Jan 19 2009 20:07:37, gcc: 4.0.1 (Apple Inc. build 5484)
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x00841f17
> mp3_read_probe (p=0xbfffec40) at
> /Users/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:373
> 373                 header = AV_RB32(buf2);
> (gdb) bt
> #0  mp3_read_probe (p=0xbfffec40) at
> /Users/melanson/ffmpeg/ffmpeg-main/libavformat/mp3.c:373
> #1  0xbfffe450 in ?? ()
> Previous frame inner to this frame (gdb could not unwind past this frame)
>

I think I see what it was. The maximum buffer size was being
calculated using the post-ID3v2 start on the actual start of the
buffer. Does this fix it for you?

Sorry,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-mp3-probe-crash.diff
Type: text/x-diff
Size: 391 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/attachments/20090120/dc738a9c/attachment.diff>

More information about the ffmpeg-cvslog mailing list