[Ffmpeg-devel] SIGSEGV in h264.c, stream is available for debugging

Dario Andrade dario
Tue Sep 6 01:16:15 CEST 2005


 

I've got a SIGSEGV decoding h264, the stream was generated by x264.

 

The following stream was recorded live and begins from the middle:

 

 <http://www.datscom.com.br/~dario/dump.SIGSEGV.h264>
http://bule.ip.tv/~dario/dump.SIGSEGV.h264

 

the following command line reproduces the fault (the source code is updated
from cvs as of 09/05/2005 08:13pm GMT-3).

 

$ ./ffmpeg -i dump.SIGSEGV.h264 -f null dump.SIGSEGV.h264.null

ffmpeg version CVS, build 3211266, Copyright (c) 2000-2004 Fabrice Bellard

  configuration:  --disable-ffserver --disable-ffplay --enable-memalign-hack
--enable-mingw32 --source-path=c:/cygwin/home/dario/ffmpeg

  built on Sep  5 2005 19:18:54, gcc: 3.2.3 (mingw special 20030504-1)

Input #0, h264, from 'dump.SIGSEGV.h264':

  Duration: N/A, bitrate: N/A

  Stream #0.0: Video: h264, yuv420p, 320x240, 10.00 fps

Output #0, null, to 'dump.SIGSEGV.h264.null':

  Stream #0.0: Video: rawvideo, yuv420p, 320x240, 10.00 fps, q=2-31, 200
kb/s

Stream mapping:

  Stream #0.0 -> #0.0

frame=  104 q=0.0 size=       0kB time=10.4 bitrate=   0.0kbits/s

 

Here are the requested bug reporting data:

 

(gdb) r -i dump.SIGSEGV.h264 -f null dump.SIGSEGV.h264.null

Starting program: C:\cygwin\home\dario\ffmpeg/ffmpeg_g.exe -i
dump.SIGSEGV.h264 -f null dump.SIGSEGV.h264.null

 

Program received signal SIGSEGV, Segmentation fault.

decode_frame (avctx=0x3de270, data=0x22f9d0, data_size=0x22f898,

    buf=0xe66ac8 "", buf_size=895) at h264.c:7553

7553                if(h->delayed_pic[i]->key_frame ||
h->delayed_pic[i]->poc==0)

(gdb) bt

#0  decode_frame (avctx=0x3de270, data=0x22f9d0, data_size=0x22f898,

    buf=0xe66ac8 "", buf_size=895) at h264.c:7553

#1  0x0045d69a in avcodec_decode_video (avctx=0x3de270, picture=0x22f9d0,

    got_picture_ptr=0x22f898, buf=0xe66ac8 "", buf_size=895) at utils.c:625

#2  0x0040cda9 in output_packet (ist=0xd5ced0, ist_index=0,

    ost_table=0xd31d60, nb_ostreams=1, pkt=0x22fb30) at ffmpeg.c:1266

#3  0x00406026 in av_encode (output_files=0x7100f0, nb_output_files=1,

    input_files=0x710000, nb_input_files=1, stream_maps=0x710140,

    nb_stream_maps=0) at ffmpeg.c:2102

#4  0x004048e5 in main (argc=6, argv=0x3d2de0) at ffmpeg.c:4520

 

(gdb) disass $pc-32 $pc+32

Dump of assembler code from 0x5d53d6 to 0x5d5416:

0x5d53d6 <decode_frame+438>:    out    %al,(%dx)

0x5d53d7 <decode_frame+439>:    add    %eax,(%eax)

0x5d53d9 <decode_frame+441>:    inc    %esi

0x5d53da <decode_frame+442>:    mov    %esi,0xffffffd8(%ebp)

0x5d53dd <decode_frame+445>:    test   %ecx,%ecx

0x5d53df <decode_frame+447>:    jne    0x5d53e8 <decode_frame+456>

0x5d53e1 <decode_frame+449>:    movl   $0x1,0x50(%eax)

0x5d53e8 <decode_frame+456>:    mov    0x1ee18(%ebx),%eax

0x5d53ee <decode_frame+462>:    xor    %ecx,%ecx

0x5d53f0 <decode_frame+464>:    test   %eax,%eax

0x5d53f2 <decode_frame+466>:    je     0x5d541a <decode_frame+506>

0x5d53f4 <decode_frame+468>:    mov    %eax,%esi

0x5d53f6 <decode_frame+470>:    mov    0x30(%esi),%edx

0x5d53f9 <decode_frame+473>:    test   %edx,%edx

0x5d53fb <decode_frame+475>:    jne    0x5d5407 <decode_frame+487>

0x5d53fd <decode_frame+477>:    mov    0xe4(%esi),%edi

0x5d5403 <decode_frame+483>:    test   %edi,%edi

0x5d5405 <decode_frame+485>:    jne    0x5d540e <decode_frame+494>

0x5d5407 <decode_frame+487>:    movl   $0x1,0xffffffd4(%ebp)

0x5d540e <decode_frame+494>:    inc    %ecx

0x5d540f <decode_frame+495>:    mov    0x1ee18(%ebx,%ecx,4),%esi

End of assembler dump.

 

(gdb) info all-registers

eax            0xda51b0 14307760

ecx            0x11     17

edx            0x0      0

ebx            0xd84fc0 14176192

esp            0x22f7a0 0x22f7a0

ebp            0x22f7d8 0x22f7d8

esi            0x1      1

edi            0x32     50

eip            0x5d53f6 0x5d53f6

eflags         0x10202  66050

cs             0x1b     27

ss             0x23     35

ds             0x23     35

es             0x23     35

fs             0x3b     59

gs             0x0      0

st0            -nan(0x6e6e6e6e6e6e6e6e) (raw 0xffff6e6e6e6e6e6e6e6e)

st1            -nan(0x6e6e6e6e6e6e6e6e) (raw 0xffff6e6e6e6e6e6e6e6e)

st2            -nan(0x6e68566b686b6c72) (raw 0xffff6e68566b686b6c72)

st3            -nan(0x6e00680056006b)   (raw 0xffff006e00680056006b)

st4            0        (raw 0xffff0000000000000000)

st5            0        (raw 0xffff0000000000000000)

st6            0        (raw 0xffff0000000000000000)

st7            0        (raw 0xffff0000000000000000)

fctrl          0xffff037f       -64641

fstat          0xffff0020       -65504

ftag           0xffffffff       -1

fiseg          0x1b     27

fioff          0x4065e9 4220393

foseg          0xffff0023       -65501

fooff          0xd5cf08 14012168

fop            0x1ca    458

 

(gdb) l h264.c:7550

7545            }

7546

7547            while(h->delayed_pic[pics]) pics++;

7548            h->delayed_pic[pics++] = cur;

7549            if(cur->reference == 0)

7550                cur->reference = 1;

7551

7552            for(i=0; h->delayed_pic[i]; i++)

7553                if(h->delayed_pic[i]->key_frame ||
h->delayed_pic[i]->poc==0)             <---------- ERROR in here!!

7554                    cross_idr = 1;

7555

7556            out = h->delayed_pic[0];

7557            for(i=1; h->delayed_pic[i] && !h->delayed_pic[i]->key_frame;
i++)

7558                if(h->delayed_pic[i]->poc < out->poc){

7559                    out = h->delayed_pic[i];

7560                    out_idx = i;

7561                }

7562

7563            out_of_order = !cross_idr && prev && out->poc < prev->poc;

7564            if(prev && pics <= s->avctx->has_b_frames)

 

(gdb) info locals

out = (Picture *) 0xffffffff

cur = (Picture *) 0xda61a0

prev = (Picture *) 0xda6338

out_idx = 0

pics = 16

cross_idr = 0

dropped_frame = 0

s = (MpegEncContext *) 0xd84fc0

buf_index = 895

buf_index = 895

 

(gdb) out h

(H264Context *) 0xda51b0

 

(gdb) out h->delayed_pic

{0xbaadf00d <repeats 16 times>}

 

 

I really hope someone could try to figure out what's going on. That bug is
fatally crashing the whole app.

 

Thanks a lot,

Dario Andrade

IP.TV

 





More information about the ffmpeg-devel mailing list