[FFmpeg-trac] #1155(undetermined:new): jpeg: crash with lowres when s->flipped == 1

FFmpeg trac at avcodec.org
Sat Mar 31 17:33:28 CEST 2012 

#1155: jpeg: crash with lowres when s->flipped == 1
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:
  undetermined                       |  unspecified
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 https://roundup.libav.org/file556/inteljpeg.avi

 {{{
 (gdb) r -vlowres 1 -i inteljpeg.avi
 Starting program: d:\mingw\msys\1.0\ffmpeg-head-4246032\ffmpeg_g.exe
 -vlowres 1
 -i inteljpeg.avi
 [New Thread 2816.0xa7c]
 ffmpeg version 0.9.1.git-4246032 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on Mar 22 2012 16:12:00 with gcc 4.6.1
   configuration: --disable-ffprobe
   libavutil      51. 44.100 / 51. 44.100
   libavcodec     54. 12.100 / 54. 12.100
   libavformat    54.  2.100 / 54.  2.100
   libavdevice    53.  4.100 / 53.  4.100
   libavfilter     2. 65.102 /  2. 65.102
   libswscale      2.  1.100 /  2.  1.100
   libswresample   0.  7.100 /  0.  7.100
 [mp3 @ 0397f980] Header missing

 Program received signal SIGSEGV, Segmentation fault.
 put_pixels_clamped4_c (line_size=-96,
     pixels=0x3f081f0 <Address 0x3f081f0 out of bounds>, block=0x3ee1c70)
     at libavcodec/dsputil.c:394
 394             pixels[0] = av_clip_uint8(block[0]);
 (gdb) bt
 #0  put_pixels_clamped4_c (line_size=-96,
     pixels=0x3f081f0 <Address 0x3f081f0 out of bounds>, block=0x3ee1c70)
     at libavcodec/dsputil.c:394
 #1  ff_jref_idct4_put (dest=0x3f081f0 <Address 0x3f081f0 out of bounds>,
     line_size=-96, block=0x3ee1c70) at libavcodec/dsputil.c:2755
 #2  0x005df0d6 in mjpeg_decode_scan (reference=0x0, Al=0, Ah=0,
     nb_components=3, s=0x3ee16c0, mb_bitmask=<optimized out>)
     at libavcodec/mjpegdec.c:1029
 #3  ff_mjpeg_decode_sos (s=0x3ee16c0, mb_bitmask=<optimized out>,
     reference=<optimized out>) at libavcodec/mjpegdec.c:1250
 #4  ff_mjpeg_decode_frame (avctx=0x3ee0920, data=0x22f6e8,
     data_size=0x22f898, avpkt=0x22f658) at libavcodec/mjpegdec.c:1696
 #5  0x004fb828 in avcodec_decode_video2 (avctx=0x3ee0920,
 picture=0x22f6e8,
     got_picture_ptr=0x22f898, avpkt=0x22f850) at libavcodec/utils.c:1358
 #6  0x00434f17 in try_decode_frame (st=0x3981260, avpkt=<optimized out>,
     options=<optimized out>) at libavformat/utils.c:2263
 #7  0x0043c777 in avformat_find_stream_info (ic=0x3972340,
 options=0x3981800)
     at libavformat/utils.c:2568
 #8  0x0040d985 in opt_input_file (o=0x22fdb8, opt=0x3980e17 "i",
     filename=<optimized out>) at ffmpeg.c:3735
 #9  0x00411d17 in parse_option (optctx=0x22fdb8, opt=<optimized out>,
     arg=0x3980e19 "inteljpeg.avi", options=0xafc6c0) at cmdutils.c:300
 #10 0x00411f7a in parse_options (optctx=0x22fdb8, argc=5,
     argv=<optimized out>, options=0xafc6c0,
     parse_arg_function=0x40ee28 <opt_output_file>) at cmdutils.c:333
 #11 0x00a9facd in main (argc=5, argv=0x3980d80) at ffmpeg.c:5176
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1155>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list