[FFmpeg-trac] #2724(avcodec:open): rv10 crash with low mem

FFmpeg trac at avcodec.org
Mon Jul 1 02:42:37 CEST 2013 

#2724: rv10 crash with low mem
-------------------------------------+-------------------------------------
             Reporter:  ami_stuff    |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  crash        |               Blocked By:
  SIGSEGV abort real                 |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:  crash abort => crash SIGSEGV abort real
 * status:  new => open
 * reproduced:  0 => 1


Comment:

 I can only reproduce the original crash with 32bit compilation.
 {{{
 $ ulimit -Sv 96800

 ...

 Core was generated by `ffmpeg_g -i rv1.rm -f null -'.
 Program terminated with signal 11, Segmentation fault.
 #0  0x081cbe64 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
 pseq=0xffac69b8,
     len=1385, pkt=0xffac6b68, vst=0x99a0880, pb=0x99a8240, s=0x999fca0,
 rm=<optimized out>)
     at libavformat/rmdec.c:724
 724         AV_WL32(vst->pkt.data - 7 + 8*vst->cur_slice, 1);
 (gdb) bt
 #0  0x081cbe64 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
 pseq=0xffac69b8,
     len=1385, pkt=0xffac6b68, vst=0x99a0880, pb=0x99a8240, s=0x999fca0,
 rm=<optimized out>)
     at libavformat/rmdec.c:724
 #1  ff_rm_parse_packet (s=s at entry=0x999fca0, pb=0x99a8240,
 st=st at entry=0x99a0220,
     ast=0x99a0880, len=len at entry=1396, pkt=pkt at entry=0xffac6b68,
 seq=seq at entry=0xffac69b8,
     flags=0, timestamp=-9223372036854775808) at libavformat/rmdec.c:779
 #2  0x081cc438 in rm_read_packet (s=0x999fca0, pkt=0xffac6b68) at
 libavformat/rmdec.c:925
 #3  0x08209717 in ff_read_packet (s=s at entry=0x999fca0,
 pkt=pkt at entry=0xffac6b68)
     at libavformat/utils.c:642
 #4  0x0820c079 in read_frame_internal (s=s at entry=0x999fca0,
 pkt=pkt at entry=0xffac6f18)
     at libavformat/utils.c:1294
 #5  0x0820ccba in av_read_frame (s=0x999fca0, pkt=pkt at entry=0xffac6f18)
     at libavformat/utils.c:1398
 #6  0x080bb026 in get_input_packet (pkt=0xffac6ef8, f=0x99a7d60) at
 ffmpeg.c:2852
 #7  process_input (file_index=0) at ffmpeg.c:2889
 #8  0x080a7f10 in transcode_step () at ffmpeg.c:3159
 #9  transcode () at ffmpeg.c:3211
 #10 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3389
 print vst->pkt
 $2 = {buf = 0x0, pts = -9223372036854775808, dts = -9223372036854775808,
 data = 0x0,
   size = 0, stream_index = 0, flags = 0, side_data = 0x0, side_data_elems
 = 0, duration = 0,
   destruct = 0x0, priv = 0x0, pos = -1, convergence_duration = 0}
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2724#comment:6>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list