[FFmpeg-trac] #2093(avcodec:new): ffplay: crash when seeking with the mouse
FFmpeg
trac at avcodec.org
Thu Jan 3 15:40:02 CET 2013
#2093: ffplay: crash when seeking with the mouse
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: crash | Blocked By:
SIGSEGV leak | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by ami_stuff):
Replying to [comment:8 cehoyos]:
> Is the crash thread-related?
probably yes, I get different bt with -threads 2
{{{
(gdb) r -threads 2 problem.rm
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe
-threads 2
problem.rm
[New Thread 212.0x7b4]
[New Thread 212.0x7c]
[New Thread 212.0x510]
[New Thread 212.0x490]
[New Thread 212.0x180]
[New Thread 212.0x6a8]
[New Thread 212.0x770]
[New Thread 212.0x5e8]
[New Thread 212.0x350]
[New Thread 212.0x594]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 212.0x510]
0x0050f132 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
pseq=0x506fb80, len=11651, pkt=0x506fc78, vst=0x4d782f0, pb=0x4d78b78,
s=<optimized out>, rm=<optimized out>) at libavformat/rmdec.c:714
714 AV_WL32(vst->pkt.data - 7 + 8*vst->cur_slice, 1);
(gdb) bt
#0 0x0050f132 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
pseq=0x506fb80, len=11651, pkt=0x506fc78, vst=0x4d782f0, pb=0x4d78b78,
s=<optimized out>, rm=<optimized out>) at libavformat/rmdec.c:714
#1 ff_rm_parse_packet (s=0x4d70600, pb=0x4d78b78, st=0x4d77d28,
ast=0x4d782f0, len=44092, pkt=0x506fc78, seq=0x506fb80, flags=55,
timestamp=4212203523) at libavformat/rmdec.c:765
#2 0x0050f6bc in rm_read_packet (s=0x4d70600, pkt=0x506fc78)
at libavformat/rmdec.c:911
#3 0x0046cde5 in ff_read_packet (s=0x4d70600, pkt=0x506fc78)
at libavformat/utils.c:745
#4 0x0046f69e in read_frame_internal (s=0x4d70600, pkt=0x506fe98)
at libavformat/utils.c:1379
#5 0x004702e3 in av_read_frame (s=0x4d70600, pkt=0x506fe98)
at libavformat/utils.c:1480
#6 0x004079d7 in read_thread (arg=0x4bb0020) at ffplay.c:2755
#7 0x681097ee in SDL_RunThread (data=0x4d703a0)
at ./src/thread/SDL_thread.c:204
#8 0x681327d3 in RunThread (data=0x4d704a0)
at ./src/thread/win32/SDL_systhread.c:74
#9 RunThreadViaBeginThreadEx (data=0x4d704a0)
at ./src/thread/win32/SDL_systhread.c:95
#10 0x77c2a3b0 in msvcrt!_endthreadex () from
C:\WINDOWS\system32\msvcrt.dll
#11 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#12 0x00000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x50f112 to 0x50f152:
0x0050f112 <ff_rm_parse_packet+982>: mov %eax,0x60(%ebx)
0x0050f115 <ff_rm_parse_packet+985>: mov %edx,0x64(%ebx)
0x0050f118 <ff_rm_parse_packet+988>: cmpl $0x2,0x1c(%esp)
0x0050f11d <ff_rm_parse_packet+993>: je 0x50f420
<ff_rm_parse_packet+1764
>
0x0050f123 <ff_rm_parse_packet+999>: mov 0x54(%ebx),%eax
0x0050f126 <ff_rm_parse_packet+1002>: inc %eax
0x0050f127 <ff_rm_parse_packet+1003>: mov %eax,0x54(%ebx)
0x0050f12a <ff_rm_parse_packet+1006>: cmp 0x58(%ebx),%eax
0x0050f12d <ff_rm_parse_packet+1009>: jg 0x50f15f
<ff_rm_parse_pac
ket+1059>
0x0050f12f <ff_rm_parse_packet+1011>: mov 0x10(%ebx),%edx
=> 0x0050f132 <ff_rm_parse_packet+1014>: movl
$0x1,-0x7(%edx,%eax,8)
0x0050f13a <ff_rm_parse_packet+1022>: mov 0x54(%ebx),%edx
0x0050f13d <ff_rm_parse_packet+1025>: mov 0x10(%ebx),%ecx
0x0050f140 <ff_rm_parse_packet+1028>: mov 0x58(%ebx),%eax
0x0050f143 <ff_rm_parse_packet+1031>: neg %eax
0x0050f145 <ff_rm_parse_packet+1033>: shl $0x3,%eax
0x0050f148 <ff_rm_parse_packet+1036>: add 0x4c(%ebx),%eax
0x0050f14b <ff_rm_parse_packet+1039>: dec %eax
0x0050f14c <ff_rm_parse_packet+1040>: mov
%eax,-0x3(%ecx,%edx,8)
0x0050f150 <ff_rm_parse_packet+1044>: mov 0x4c(%ebx),%eax
End of assembler dump.
(gdb) info all-registers
eax 0x3 3
ecx 0x1b 27
edx 0x0 0
ebx 0x4d782f0 81232624
esp 0x506fad8 0x506fad8
ebp 0x506fc78 0x506fc78
esi 0x4d78b78 81234808
edi 0x2d83 11651
eip 0x50f132 0x50f132 <ff_rm_parse_packet+1014>
eflags 0x10293 [ CF AF SF IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 <invalid float value> (raw 0x00600000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 2 (raw 0x40008000000000000000)
st4 2 (raw 0x40008000000000000000)
st5 1000000 (raw 0x4012f424000000000000)
st6 1357223895.203125 (raw 0x401da1cb2fae68000000)
st7 -1357223776.4751251 (raw 0xc01da1cb2ec0f3439800)
fctrl 0xffff027f -64897
fstat 0xffff0120 -65248
ftag 0xffffffff -1
fiseg 0x1b 27
fioff 0x102fb81d 271562781
foseg 0xffff0023 -65501
fooff 0x12f780 1243008
fop 0x11c 284
xmm0 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0,
0x8d,
0x4, 0x68, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x68, 0x4000, 0x1db, 0x7c91}, v4_int32 =
{0x7c919c0c,
0x48d0000, 0x40000068, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000068}, uint128 = 0x7c9101db40000068048d00007c919c0c}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc0, 0x27, 0x13, 0x68, 0x88, 0x0,
0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x27c0,
0x6813, 0x88, 0x0, 0x0, 0x0, 0x1db, 0x7c91}, v4_int32 = {0x681327c0,
0x88, 0x0, 0x7c9101db}, v2_int64 = {0x88681327c0, 0x7c9101db00000000},
uint128 = 0x7c9101db0000000000000088681327c0}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x4, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x4, 0x0, 0x68, 0x4d7, 0x1db, 0x7c91}, v4_int32 = {0x4d70388,
0x4,
0x4d70068, 0x7c9101db}, v2_int64 = {0x404d70388, 0x7c9101db04d70068},
uint128 = 0x7c9101db04d700680000000404d70388}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x8, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x8, 0x0, 0x68, 0x4d7, 0x9ffa, 0x7c91}, v4_int32 = {0x4d70388,
0x8, 0x4d70068, 0x7c919ffa}, v2_int64 = {0x804d70388,
0x7c919ffa04d70068}, uint128 = 0x7c919ffa04d700680000000804d70388}
xmm4 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0,
0x8d,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 =
{0x7c919c0c,
0x48d0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048d00007c919c0c}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x10, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x10, 0x0, 0x68, 0x4d7, 0x1db, 0x7c91}, v4_int32 = {0x4d70388,
0x10, 0x4d70068, 0x7c9101db}, v2_int64 = {0x1004d70388,
0x7c9101db04d70068}, uint128 = 0x7c9101db04d700680000001004d70388}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x24, 0xff, 0x22, 0x0, 0x14, 0x0, 0x0, 0x0, 0x20, 0x0, 0xbb,
0x4, 0xd4, 0xfa, 0x1, 0x1}, v8_int16 = {0xff24, 0x22, 0x14, 0x0, 0x20,
0x4bb, 0xfad4, 0x101}, v4_int32 = {0x22ff24, 0x14, 0x4bb0020,
0x101fad4},
v2_int64 = {0x140022ff24, 0x101fad404bb0020},
uint128 = 0x0101fad404bb0020000000140022ff24}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x34, 0xfb, 0x22, 0x0, 0x28, 0x0, 0x0, 0x0, 0xa0, 0xb0,
0x24,
0x0, 0x0, 0x0, 0x24, 0x0}, v8_int16 = {0xfb34, 0x22, 0x28, 0x0,
0xb0a0,
0x24, 0x0, 0x24}, v4_int32 = {0x22fb34, 0x28, 0x24b0a0, 0x240000},
v2_int64 = {0x280022fb34, 0x2400000024b0a0},
uint128 = 0x002400000024b0a0000000280022fb34}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm5 {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000},
v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x24, 0xf4}}
mm6 {uint64 = 0xa1cb2fae68000000, v2_int32 = {0x68000000,
0xa1cb2fae}, v4_int16 = {0x0, 0x6800, 0x2fae, 0xa1cb}, v8_int8 = {0x0,
0x0, 0x0, 0x68, 0xae, 0x2f, 0xcb, 0xa1}}
mm7 {uint64 = 0xa1cb2ec0f3439800, v2_int32 = {0xf3439800,
0xa1cb2ec0}, v4_int16 = {0x9800, 0xf343, 0x2ec0, 0xa1cb}, v8_int8 =
{0x0,
0x98, 0x43, 0xf3, 0xc0, 0x2e, 0xcb, 0xa1}}
(gdb)
}}}
> Does it crash with -threads 1
it crashes with -threads 1 or 2 (or others), but the displayed output by
ffplay changes
> (or --disable-pthreads --disable-w32threads)?
I will try this later.
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2093#comment:9>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list