[Ffmpeg-devel] RE: FFV1 codec crashes on files written with 0.4.9pre1

Andreas Matthies a.matthies
Thu Feb 9 18:38:23 CET 2006 

> > If you'd read my mail exactly you would have noticed that 
> my bug report is
> > about "latest ffmpeg (and newer FFDSHOW filter and VLC) 
> crashes on these
> > files" which means current CVS segfaults on avi files with 
> FFV1 stream
> > written with an earlier version. I know that FFV1 is still 
> (and probably
> > will stay) experimental with no guaranty that later 
> versions will play older
> > files. But segfaulting isn't the best option IMHO.
> 
> gdb/debugger output then please! (or a ffv1 file which causes 
> this, i suspect
> ~1k of it will be enough, if so just attach it)
> 

Test file is in Michael's private mailbox. Here's the backtrace:

(gdb) r -i ../ffv1test.avi
Starting program: c:\devel\ffmpeg\ffmpeg/ffmpeg_g.exe -i ../ffv1test.avi

Program received signal SIGSEGV, Segmentation fault.
decode_line (s=0xe41d70, w=384, sample=0x22fa50, plane_index=0, bits=8)
    at rangecoder.h:96
96          int range1= (c->range * (*state)) >> 8;
(gdb) bt
#0  decode_line (s=0xe41d70, w=384, sample=0x22fa50, plane_index=0, bits=8)
    at rangecoder.h:96
#1  0x005ad3a8 in decode_frame (avctx=0x3dd230, data=0x22fae0,
    data_size=0x22fadc, buf=0x3dd990 "?????v?\206`gl(f\006u??? ?",
    buf_size=3199) at ffv1.c:792
#2  0x0046068a in avcodec_decode_video (avctx=0x3dd230, picture=0x22fae0,
    got_picture_ptr=0x22fadc, buf=0x3dd990 "?????v?\206`gl(f\006u??? ?",
    buf_size=3199) at utils.c:940
#3  0x004161ef in try_decode_frame (st=0x3d28f0,
    data=0x3dd990 "?????v?\206`gl(f\006u??? ?", size=3199) at utils.c:1818
#4  0x0041327b in av_find_stream_info (ic=0x3dc290) at utils.c:2007
#5  0x00408384 in opt_input_file (filename=0x3d2412 "../ffv1test.avi")
    at ffmpeg.c:2912
#6  0x0040ea5c in parse_options (argc=3, argv=0x3d24a0, options=0x402e70)
    at cmdutils.c:99
#7  0x00403c9f in main (argc=3, argv=0x3d24a0) at ffmpeg.c:4263
(gdb) print state
$2 = (uint8_t *) 0x0

This is probably a consequence of read_header failing before allocating f->plane[i]->state.
What about testing if read_header(f); fails in decode_frame and then immediately abort.

Of course a much better solution would be to make the read_header() not fail on old files... Maybe it's not that hard, but I can't.

- Andreas

More information about the ffmpeg-devel mailing list