[FFmpeg-trac] #1360(avcodec:new): Crash when decoding xan_wc3

FFmpeg trac at avcodec.org
Mon May 28 15:41:51 CEST 2012 

#1360: Crash when decoding xan_wc3
-------------------------------------+-------------------------------------
               Reporter:  cehoyos    |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  important  |              Component:  avcodec
                Version:  git-       |               Keywords:  xan_wc3
  master                             |  crash SIGSEGV
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 {{{
 (gdb) r -vcodec xan_wc3 -i blox.avi -f null -
 Starting program: ffmpeg_g -vcodec xan_wc3 -i blox.avi -f null -
 [Thread debugging using libthread_db enabled]
 [New Thread 0xb79096c0 (LWP 20453)]
 ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg
 developers
   built on May 28 2012 14:04:27 with gcc 4.3.2
   configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-
 libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame
 --enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
   libavutil      51. 55.100 / 51. 55.100
   libavcodec     54. 23.100 / 54. 23.100
   libavformat    54.  6.101 / 54.  6.101
   libavdevice    54.  0.100 / 54.  0.100
   libavfilter     2. 77.100 /  2. 77.100
   libswscale      2.  1.100 /  2.  1.100
   libswresample   0. 15.100 /  0. 15.100
   libpostproc    52.  0.100 / 52.  0.100
 Input #0, avi, from 'blox.avi':
   Duration: 00:00:12.64, start: 0.000000, bitrate: 788 kb/s
     Stream #0:0: Video: xan_wc3 (BLOX / 0x584F4C42), pal8, 320x240, 23.97
 tbr, 23.97 tbn, 23.97 tbc
 [buffer @ 0x9020660] w:320 h:240 pixfmt:pal8 tb:100/2397 sar:0/1
 sws_param:flags=2
 [buffersink @ 0x9012960] No opaque field provided
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf54.6.101
     Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k
 tbn, 23.97 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (xan_wc3 -> rawvideo)
 Press [q] to stop, [?] for help
 [xan_wc3 @ 0x901e700] No palette found
 Error while decoding stream #0:0
 [xan_wc3 @ 0x901e700] No palette found
 Error while decoding stream #0:0

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0xb79096c0 (LWP 20453)]
 xan_decode_frame (avctx=0x901e700, data=0x9012da0, data_size=0xbf9995e4,
     avpkt=0xbf999220) at libavcodec/xan.c:518
 518                 tag  = bytestream_get_le32(&buf);
 (gdb) bt
 #0  xan_decode_frame (avctx=0x901e700, data=0x9012da0,
 data_size=0xbf9995e4,
     avpkt=0xbf999220) at libavcodec/xan.c:518
 #1  0x0858e1a5 in avcodec_decode_video2 (avctx=0x901e700,
 picture=0x9012da0,
     got_picture_ptr=0xbf9994c4, avpkt=0x95d) at libavcodec/utils.c:1464
 #2  0x08058a3e in output_packet (ist=0x901efa0, pkt=0xbf99a95c)
     at ffmpeg.c:2645
 #3  0x0805b410 in transcode () at ffmpeg.c:3662
 #4  0x0805c556 in main (argc=144186336, argv=0x0) at ffmpeg.c:5926
 (gdb) disass $pc-32 $pc+32
 Dump of assembler code from 0x86b569e to 0x86b56de:
 0x086b569e <xan_decode_frame+222>:      std
 0x086b569f <xan_decode_frame+223>:      or     %cl,(%edi)
 0x086b56a1 <xan_decode_frame+225>:      mov    -0x1(%edx),%ss
 0x086b56a4 <xan_decode_frame+228>:      (bad)
 0x086b56a5 <xan_decode_frame+229>:      incl   0x5624247c(%ecx)
 0x086b56ab <xan_decode_frame+235>:      inc    %edi
 0x086b56ac <xan_decode_frame+236>:      inc    %ecx
 0x086b56ad <xan_decode_frame+237>:      and    %cl,(%edi)
 0x086b56af <xan_decode_frame+239>:      test   %al,-0x1(%edi,%edi,8)
 0x086b56b3 <xan_decode_frame+243>:      decl   0xa82494(%ebx)
 0x086b56b9 <xan_decode_frame+249>:      add    %al,(%eax)
 0x086b56bb <xan_decode_frame+251>:      lea    0x8(%ebx),%ebp
 0x086b56be <xan_decode_frame+254>:      mov    (%ebx),%esi
 0x086b56c0 <xan_decode_frame+256>:      sub    %ebp,%edx
 0x086b56c2 <xan_decode_frame+258>:      mov    %esi,0x24(%esp)
 0x086b56c6 <xan_decode_frame+262>:      mov    -0x4(%ebp),%eax
 0x086b56c9 <xan_decode_frame+265>:      bswap  %eax
 0x086b56cb <xan_decode_frame+267>:      cmp    %edx,%eax
 0x086b56cd <xan_decode_frame+269>:      jle    0x86b56d1
 <xan_decode_frame+273>
 0x086b56cf <xan_decode_frame+271>:      mov    %edx,%eax
 0x086b56d1 <xan_decode_frame+273>:      cmpl   $0x544c4150,0x24(%esp)
 0x086b56d9 <xan_decode_frame+281>:      jne    0x86b5678
 <xan_decode_frame+184>
 0x086b56db <xan_decode_frame+283>:      cmp    $0x2ff,%eax
 End of assembler dump.
 (gdb) info register
 eax            0x8410f8df       -2079262497
 ecx            0x901e700        151119616
 edx            0x9013cca        151076042
 ebx            0x8d122d87       -1928188537
 esp            0xbf998fa0       0xbf998fa0
 ebp            0x8d122d8f       0x8d122d8f
 esi            0xfa7b97af       -92563537
 edi            0xffffffff       -1
 eip            0x86b56be        0x86b56be <xan_decode_frame+254>
 eflags         0x10286  [ PF SF IF RF ]
 cs             0x73     115
 ss             0x7b     123
 ds             0x7b     123
 es             0x7b     123
 fs             0x0      0
 gs             0x33     51
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1360>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list