[FFmpeg-trac] #2365(avcodec:open): aas4 regression (crash)
FFmpeg
trac at avcodec.org
Fri Mar 15 00:51:11 CET 2013
#2365: aas4 regression (crash)
-------------------------------------+-------------------------------------
Reporter: ami_stuff | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: aasc | Blocked By:
regression crash SIGSEGV | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avcodec
* priority: normal => important
* version: unspecified => git-master
* keywords: => aasc regression crash SIGSEGV
Comment:
Regression since 80e9e63
{{{
(gdb) r -i aas4_8bpp.avi -f null -
Starting program: ffmpeg_g -i aas4_8bpp.avi -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-50945-g1f68bac Copyright (c) 2000-2013 the FFmpeg
developers
built on Mar 15 2013 00:47:24 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl --enable-indev=jack
libavutil 52. 19.100 / 52. 19.100
libavcodec 55. 0.100 / 55. 0.100
libavformat 55. 0.100 / 55. 0.100
libavdevice 55. 0.100 / 55. 0.100
libavfilter 3. 45.103 / 3. 45.103
libswscale 2. 2.100 / 2. 2.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 2.100 / 52. 2.100
Input #0, avi, from 'aas4_8bpp.avi':
Duration: 00:00:12.60, start: 0.000000, bitrate: 3043 kb/s
Stream #0:0: Video: aasc (AAS4 / 0x34534141), pal8, 320x240, 5 tbr, 5
tbn, 5 tbc
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.0.100
Stream #0:0: Video: rawvideo, pal8, 320x240, q=2-31, 200 kb/s, 90k
tbn, 5 tbc
Stream mapping:
Stream #0:0 -> #0:0 (aasc -> rawvideo)
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920,
pic=<optimized out>)
at libavcodec/msrledec.c:215
215 *output++ = pix[0];
(gdb) bt
#0 msrle_decode_8_16_24_32 (gb=0x15fa428, depth=8, avctx=0x15f5920,
pic=<optimized out>) at libavcodec/msrledec.c:215
#1 ff_msrle_decode (avctx=avctx at entry=0x15f5920, pic=pic at entry=0x15fa440,
depth=depth at entry=8, gb=gb at entry=0x15fa428) at
libavcodec/msrledec.c:261
#2 0x0000000000a8ab6c in aasc_decode_frame (avctx=0x15f5920,
data=0x15f8ec0,
got_frame=0x7fffffffd87c, avpkt=<optimized out>) at
libavcodec/aasc.c:104
#3 0x00000000009a140b in avcodec_decode_video2 (avctx=0x15f5920,
picture=picture at entry=0x15f8ec0,
got_picture_ptr=got_picture_ptr at entry=0x7fffffffd87c,
avpkt=avpkt at entry=0x7fffffffdae0) at libavcodec/utils.c:1915
#4 0x000000000045d840 in decode_video (ist=ist at entry=0x15f7900,
pkt=pkt at entry=0x7fffffffdae0,
got_output=got_output at entry=0x7fffffffd87c)
at ffmpeg.c:1682
#5 0x0000000000460d37 in output_packet (pkt=0x7fffffffda80,
ist=0x15f7900)
at ffmpeg.c:1877
#6 process_input (file_index=<optimized out>) at ffmpeg.c:3032
#7 0x00000000004508d0 in transcode_step () at ffmpeg.c:3128
#8 transcode () at ffmpeg.c:3180
#9 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:3357
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x8d07b0 to 0x8d07f0:
0x00000000008d07b0 <ff_msrle_decode+1792>: (bad)
0x00000000008d07b1 <ff_msrle_decode+1793>: decl 0x29(%rbp)
0x00000000008d07b4 <ff_msrle_decode+1796>: retq
0x00000000008d07b5 <ff_msrle_decode+1797>: xor %ecx,%ecx
0x00000000008d07b7 <ff_msrle_decode+1799>: test %r11,%r11
0x00000000008d07ba <ff_msrle_decode+1802>: jle 0x8d07c8
<ff_msrle_decode+1816>
0x00000000008d07bc <ff_msrle_decode+1804>: lea 0x2(%r9),%rcx
0x00000000008d07c0 <ff_msrle_decode+1808>: mov %rcx,(%r15)
0x00000000008d07c3 <ff_msrle_decode+1811>: movzbl 0x1(%r9),%ecx
0x00000000008d07c8 <ff_msrle_decode+1816>: lea -0x1(%rdx),%edx
0x00000000008d07cb <ff_msrle_decode+1819>: lea
0x1(%rax,%rdx,1),%rdx
=> 0x00000000008d07d0 <ff_msrle_decode+1824>: mov %cl,(%rax)
0x00000000008d07d2 <ff_msrle_decode+1826>: add $0x1,%rax
0x00000000008d07d6 <ff_msrle_decode+1830>: cmp %rdx,%rax
0x00000000008d07d9 <ff_msrle_decode+1833>: jne 0x8d07d0
<ff_msrle_decode+1824>
0x00000000008d07db <ff_msrle_decode+1835>: mov (%r15),%r9
0x00000000008d07de <ff_msrle_decode+1838>: mov 0x8(%r15),%r11
0x00000000008d07e2 <ff_msrle_decode+1842>: add %ebx,%r14d
0x00000000008d07e5 <ff_msrle_decode+1845>: jmpq 0x8d0188
<ff_msrle_decode+216>
0x00000000008d07ea <ff_msrle_decode+1850>: mov %r11,%rcx
0x00000000008d07ed <ff_msrle_decode+1853>: sub %r8,%rcx
End of assembler dump.
(gdb) info register
rax 0xffffffffd0d4864f -791378353
rbx 0xff 255
rcx 0xa 10
rdx 0xffffffffd0d4874e -791378098
rsi 0x15fa440 23045184
rdi 0x15f5920 23025952
rbp 0x8 0x8
rsp 0x7fffffffd4e0 0x7fffffffd4e0
r8 0x16056a1 23090849
r9 0x16056a0 23090848
r10 0x5aa1 23201
r11 0x3415 13333
r12 0xef 239
r13 0x1 1
r14 0x0 0
r15 0x15fa428 23045160
rip 0x8d07d0 0x8d07d0 <ff_msrle_decode+1824>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2365#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list