[FFmpeg-trac] #600(avcodec:open): Crash (segmentation fault) decoding a bad flac (my fix incl.)
FFmpeg
trac at avcodec.org
Mon Oct 31 10:15:58 CET 2011
#600: Crash (segmentation fault) decoding a bad flac (my fix incl.)
-------------------------------------+-------------------------------------
Reporter: BJoe | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: flac crash | Blocked By:
SIGSEGV | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* keywords: => flac crash SIGSEGV
* priority: normal => important
* version: unspecified => git-master
* status: new => open
* reproduced: 0 => 1
Comment:
Not reproducible on ia32.
{{{
(gdb) r -i small-fileEEmUGd.flac -f null -
Starting program: ffmpeg_g -i small-fileEEmUGd.flac -f null -
[Thread debugging using libthread_db enabled]
ffmpeg version N-34304-gc0dbab9, Copyright (c) 2000-2011 the FFmpeg
developers
built on Oct 31 2011 10:08:50 with gcc 4.5.3
configuration: --cc=/usr/local/gcc-4.5.3/bin/gcc --disable-optimizations
libavutil 51. 22. 0 / 51. 22. 0
libavcodec 53. 26. 0 / 53. 26. 0
libavformat 53. 18. 0 / 53. 18. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 45. 2 / 2. 45. 2
libswscale 2. 1. 0 / 2. 1. 0
Input #0, flac, from 'small-fileEEmUGd.flac':
Metadata:
track : 4
TITLE : Blackest Eyes
ARTIST : Porcupine Tree
ALBUM : 2007-10-26 New Orleans, LA (tooligan Matrix) [FINAL
MIX]
DATE : 2007
GENRE : Progressive Rock
Duration: 00:05:33.69, bitrate: 736 kb/s
Stream #0:0: Audio: flac, 44100 Hz, stereo, s16
Output #0, null, to 'pipe:':
Metadata:
track : 4
TITLE : Blackest Eyes
ARTIST : Porcupine Tree
ALBUM : 2007-10-26 New Orleans, LA (tooligan Matrix) [FINAL
MIX]
DATE : 2007
GENRE : Progressive Rock
encoder : Lavf53.18.0
Stream #0:0: Audio: pcm_s16le, 44100 Hz, stereo, s16, 1411 kb/s
Stream mapping:
Stream #0.0 -> #0.0 (flac -> pcm_s16le)
Press [q] to stop, [?] for help
[flac @ 0x14afaa0] overread: 266343
Error while decoding stream #0.0
size= -0kB time=00:00:04.73 bitrate= -0.0kbits/s
Program received signal SIGSEGV, Segmentation fault.
0x000000000062d637 in get_ur_golomb_jpegls (gb=0x14a5368, k=9,
limit=2147483647, esc_len=0)
at libavcodec/golomb.h:306
306 UPDATE_CACHE(re, gb);
(gdb) bt
#0 0x000000000062d637 in get_ur_golomb_jpegls (gb=0x14a5368, k=9,
limit=2147483647, esc_len=0)
at libavcodec/golomb.h:306
#1 0x000000000062d72e in get_sr_golomb_flac (gb=0x14a5368, k=9,
limit=2147483647, esc_len=0)
at libavcodec/golomb.h:348
#2 0x000000000062dfa6 in decode_residuals (s=0x14a5340, channel=1,
pred_order=6)
at libavcodec/flacdec.c:274
#3 0x000000000062e42d in decode_subframe_lpc (s=0x14a5340, channel=1,
pred_order=6)
at libavcodec/flacdec.c:361
#4 0x000000000062e92b in decode_subframe (s=0x14a5340, channel=1) at
libavcodec/flacdec.c:443
#5 0x000000000062ed1e in decode_frame (s=0x14a5340) at
libavcodec/flacdec.c:533
#6 0x000000000062eed5 in flac_decode_frame (avctx=0x14afaa0,
data=0x7ffff340b040,
data_size=0x7fffffffc4ec, avpkt=0x7fffffffc4f0) at
libavcodec/flacdec.c:583
#7 0x000000000084479b in avcodec_decode_audio3 (avctx=0x14afaa0,
samples=0x7ffff340b040,
frame_size_ptr=0x7fffffffc4ec, avpkt=0x7fffffffc4f0) at
libavcodec/utils.c:875
#8 0x000000000040a1c5 in output_packet (ist=0x14b1000, ist_index=0,
ost_table=0x14af6a0, nb_ostreams=1,
pkt=0x7fffffffd910) at ffmpeg.c:1666
#9 0x000000000040de7f in transcode (output_files=0x14af910,
nb_output_files=1, input_files=0x14b10d0,
nb_input_files=1) at ffmpeg.c:2636
#10 0x00000000004149fb in main (argc=6, argv=0x7fffffffdde8) at
ffmpeg.c:4506
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x62d617 to 0x62d657:
0x000000000062d617 <get_ur_golomb_jpegls+212>: add %al,(%rax)
0x000000000062d619 <get_ur_golomb_jpegls+214>: add %al,(%rax)
0x000000000062d61b <get_ur_golomb_jpegls+216>: jmp 0x62d651
<get_ur_golomb_jpegls+270>
0x000000000062d61d <get_ur_golomb_jpegls+218>: addl $0x1,-0x10(%rbp)
0x000000000062d621 <get_ur_golomb_jpegls+222>: mov -0x30(%rbp),%rax
0x000000000062d625 <get_ur_golomb_jpegls+226>: mov (%rax),%rax
0x000000000062d628 <get_ur_golomb_jpegls+229>: mov %rax,%rdx
0x000000000062d62b <get_ur_golomb_jpegls+232>: mov -0x10(%rbp),%eax
0x000000000062d62e <get_ur_golomb_jpegls+235>: shr $0x3,%eax
0x000000000062d631 <get_ur_golomb_jpegls+238>: mov %eax,%eax
0x000000000062d633 <get_ur_golomb_jpegls+240>: lea (%rdx,%rax,1),%rax
0x000000000062d637 <get_ur_golomb_jpegls+244>: mov (%rax),%eax
0x000000000062d639 <get_ur_golomb_jpegls+246>: mov %eax,%edi
0x000000000062d63b <get_ur_golomb_jpegls+248>: callq 0x62c9ba
<av_bswap32>
0x000000000062d640 <get_ur_golomb_jpegls+253>: mov -0x10(%rbp),%edx
0x000000000062d643 <get_ur_golomb_jpegls+256>: and $0x7,%edx
0x000000000062d646 <get_ur_golomb_jpegls+259>: mov %edx,%ecx
0x000000000062d648 <get_ur_golomb_jpegls+261>: shl %cl,%eax
0x000000000062d64a <get_ur_golomb_jpegls+263>: mov %eax,-0x14(%rbp)
0x000000000062d64d <get_ur_golomb_jpegls+266>: addl $0x1,-0x18(%rbp)
0x000000000062d651 <get_ur_golomb_jpegls+270>: mov -0x14(%rbp),%eax
0x000000000062d654 <get_ur_golomb_jpegls+273>: mov $0x1,%esi
End of assembler dump.
(gdb) info register
rax 0x4414ffd 71389181
rbx 0x0 0
rcx 0xffffffff 4294967295
rdx 0x32a51c8 53105096
rsi 0x1 1
rdi 0x0 0
rbp 0x7fffffffc0a0 0x7fffffffc0a0
rsp 0x7fffffffc060 0x7fffffffc060
r8 0x62ed62 6483298
r9 0x0 0
r10 0x22 34
r11 0x246 582
r12 0x405500 4216064
r13 0x7fffffffdde0 140737488346592
r14 0x0 0
r15 0x0 0
rip 0x62d637 0x62d637 <get_ur_golomb_jpegls+244>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/600#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list