[FFmpeg-trac] #1361(avcodec:new): Crash reading yop
FFmpeg
trac at avcodec.org
Mon May 28 15:44:28 CEST 2012
#1361: Crash reading yop
-------------------------------------+-------------------------------------
Reporter: cehoyos | Owner:
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git- | Keywords: yop crash
master | SIGSEGV
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
{{{
(gdb) r -vcodec yop -i blox.avi
Starting program: ffmpeg_g -vcodec yop -i blox.avi
[Thread debugging using libthread_db enabled]
[New Thread 0xb79116c0 (LWP 20591)]
ffmpeg version N-41080-g394b692 Copyright (c) 2000-2012 the FFmpeg
developers
built on May 28 2012 14:04:27 with gcc 4.3.2
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --enable-gpl --enable-
libopenjpeg --enable-libvorbis --enable-libspeex --enable-libmp3lame
--enable-libtheora --extra-ldflags=-lm --enable-libvpx --enable-libxavs
libavutil 51. 55.100 / 51. 55.100
libavcodec 54. 23.100 / 54. 23.100
libavformat 54. 6.101 / 54. 6.101
libavdevice 54. 0.100 / 54. 0.100
libavfilter 2. 77.100 / 2. 77.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79116c0 (LWP 20591)]
0x086ba8f7 in yop_decode_init (avctx=0x901e700) at libavcodec/yop.c:95
95 s->num_pal_colors = avctx->extradata[0];
(gdb) bt
#0 0x086ba8f7 in yop_decode_init (avctx=0x901e700) at libavcodec/yop.c:95
#1 0x08590345 in avcodec_open2 (avctx=0x901e700, codec=Cannot access
memory at address 0x4
)
at libavcodec/utils.c:925
#2 0x0819e8ac in avformat_find_stream_info (ic=0x9018440,
options=0x90183c0)
at libavformat/utils.c:2485
#3 0x0805682b in opt_input_file (o=0xbfbf1228, opt=0xbfbf3280 "i",
filename=0xbfbf3282 "blox.avi") at ffmpeg.c:4327
#4 0x08062d72 in parse_option (optctx=0xbfbf1228, opt=0xbfbf3280 "i",
arg=0xbfbf3282 "blox.avi", options=0x88e7540) at cmdutils.c:305
#5 0x08063103 in parse_options (optctx=0xbfbf1228, argc=5,
argv=0xbfbf1454,
options=0x88e7540, parse_arg_function=0x805d420 <opt_output_file>)
at cmdutils.c:338
#6 0x0805c4f6 in main (argc=5, argv=0xbfbf1454) at ffmpeg.c:5906
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x86ba8d7 to 0x86ba917:
0x086ba8d7 <yop_decode_init+90>: adc $0x24,%al
0x086ba8d9 <yop_decode_init+92>: call 0x87f4cb0
<av_image_check_size>
0x086ba8de <yop_decode_init+97>: test %eax,%eax
0x086ba8e0 <yop_decode_init+99>: js 0x86ba8a1
<yop_decode_init+36>
0x086ba8e2 <yop_decode_init+101>: movl $0xb,0x90(%ebx)
0x086ba8ec <yop_decode_init+111>: mov %esi,(%esp)
0x086ba8ef <yop_decode_init+114>: call 0x858de80
<avcodec_get_frame_defaults>
0x086ba8f4 <yop_decode_init+119>: mov 0x64(%ebx),%eax
0x086ba8f7 <yop_decode_init+122>: movzbl (%eax),%ecx
0x086ba8fa <yop_decode_init+125>: mov %ecx,0x16c(%esi)
0x086ba900 <yop_decode_init+131>: movzbl 0x1(%eax),%edx
0x086ba904 <yop_decode_init+135>: mov %edx,0x170(%esi)
0x086ba90a <yop_decode_init+141>: movzbl 0x2(%eax),%edx
0x086ba90e <yop_decode_init+145>: mov %ecx,%eax
0x086ba910 <yop_decode_init+147>: add 0x170(%esi),%eax
0x086ba916 <yop_decode_init+153>: cmp $0x100,%eax
End of assembler dump.
(gdb) info register
eax 0x0 0
ecx 0x0 0
edx 0x901f100 151122176
ebx 0x901e700 151119616
esp 0xbfbf0c90 0xbfbf0c90
ebp 0x90183c0 0x90183c0
esi 0x901f100 151122176
edi 0x8a81880 145234048
eip 0x86ba8f7 0x86ba8f7 <yop_decode_init+122>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1361>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list