[Ffmpeg-devel] WMV3 segfaults in vc1_decode_intra_block()

Nikns Siankin nikns
Mon Dec 11 12:21:15 CET 2006


Here without --disable-debug:

# gdb ffmpeg_g  
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd4.0"...
(gdb) r -i /tmp/nokia_n90.wmv /tmp/nokia.avi
Starting program: /usr/ports/graphics/ffmpeg/w-ffmpeg-20061211/ffmpeg-cvs-20061211/ffmpeg_g -i /tmp/nokia_n90.wmv 
/tmp/nokia.avi
FFmpeg version SVN-r7274, Copyright (c) 2000-2006 Fabrice Bellard, et al.
  configuration:  --enable-shared --cc=cc --disable-opts --enable-a52 --enable-pp --enable-gpl --enable-pthreads 
--enable-faac --enable-faad --enable-mp3lame --enable-libogg --enable-vorbis --extra-ldflags=-lm -L/usr/local/lib 
--extra-cflags=-I/usr/local/include 
  libavutil version: 49.1.0
  libavcodec version: 51.26.0
  libavformat version: 51.6.0
  built on Dec 11 2006 13:16:55, gcc: 3.3.5 (propolice)
Compiler did not align stack variables, libavcodec has been misscompiled
and will possible be very slow or may crash, this is not a bug in the
application but in the compiler
so reporting it anywhere but to the compiler maintainers is senseless!

Seems stream 1 codec frame rate differs from container frame rate: 1000.00 (1000/1) -> 25.00 (25/1)
Input #0, asf, from '/tmp/nokia_n90.wmv':
  Duration: 00:00:27.0, start: 2.000000, bitrate: 597 kb/s
  Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s
  Stream #0.1: Video: wmv3, yuv420p, 640x480, 25.00 fps(r)
Output #0, avi, to '/tmp/nokia.avi':
  Stream #0.0: Video: mpeg4, yuv420p, 640x480, q=2-31, 200 kb/s, 25.00 fps(c)
  Stream #0.1: Audio: mp2, 44100 Hz, stereo, 64 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 26087, thread 0x44118000]
0x00000000481b2725 in vc1_decode_intra_block (v=0x42890000, block=0x45671080, n=1, coded=1, mquant=1151639552, 
codingset=0) at vc1.c:3075
3075        if(dc_pred_dir && c_avail) q2 = s->current_picture.qscale_table[mb_pos - 1];
(gdb) bt   
#0  0x00000000481b2725 in vc1_decode_intra_block (v=0x42890000, block=0x45671080, n=1, coded=1, mquant=1151639552, 
codingset=0) at vc1.c:3075
#1  0x00000000481b3841 in vc1_decode_p_mb (v=0x0) at vc1.c:3389
#2  0x00000000481b6e5a in vc1_decode_p_blocks (v=0x0) at vc1.c:3966
#3  0x00000000481b79ff in vc1_decode_frame (avctx=0x4489d000, data=0x7f7ffffe32e0, data_size=0x7f7ffffe3158, 
buf=0x0, buf_size=6634) at vc1.c:4294
#4  0x0000000047f8853c in avcodec_decode_video (avctx=0x4489d000, picture=0x7f7ffffe32e0, 
got_picture_ptr=0x7f7ffffe3158, 
    buf=0x4cf21000 
"???????\016HX\003\177??Q5\\`??d?1M*e\032)?????\223??m1?\003??t??\214\f???\236\035?&\210??T#?\tf??q?\020????n(?\017\177\206?_?DF\f\220???\220t??R\001\0233\016\203Vk\v??\006F\f+\205\"\031;j`?x\003\006???\f\030\002$bA?$*?R??\200D\214/???z\200Rp\rq?c}?iq\037\235??", 
buf_size=6634) at utils.c:903
#5  0x00000000004061d2 in output_packet (ist=0x4fb6a580, ist_index=1, ost_table=0x43528070, nb_ostreams=2, 
pkt=0x7f7ffffe34d0) at ffmpeg.c:1092
#6  0x0000000000406dff in av_encode (output_files=0x811d40, nb_output_files=1, input_files=0x811c00, 
nb_input_files=1, stream_maps=0x811de0, 
    nb_stream_maps=0) at ffmpeg.c:1936
#7  0x000000000040b035 in main (argc=23437, argv=0x7f7ffffe3988) at ffmpeg.c:3931
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x481b2705 to 0x481b2745:
0x00000000481b2705 <vc1_decode_intra_block+597>:        rexX and    $0x40,%al
0x00000000481b2708 <vc1_decode_intra_block+600>:        mov    0x7e8(%r12),%rdx
0x00000000481b2710 <vc1_decode_intra_block+608>:        test   %ecx,%ecx
0x00000000481b2712 <vc1_decode_intra_block+610>:        movsbl (%rax,%rdx,1),%r11d
0x00000000481b2717 <vc1_decode_intra_block+615>:        je     0x481b2bc3 <vc1_decode_intra_block+1811>
0x00000000481b271d <vc1_decode_intra_block+621>:        mov    0x38(%rsp),%ecx
0x00000000481b2721 <vc1_decode_intra_block+625>:        test   %ecx,%ecx
0x00000000481b2723 <vc1_decode_intra_block+627>:        je     0x481b272e <vc1_decode_intra_block+638>
0x00000000481b2725 <vc1_decode_intra_block+629>:        movsbl 0xffffffffffffffff(%rax,%rdx,1),%edx
0x00000000481b272a <vc1_decode_intra_block+634>:        mov    %edx,0x30(%rsp)
0x00000000481b272e <vc1_decode_intra_block+638>:        test   %r15d,%r15d
0x00000000481b2731 <vc1_decode_intra_block+641>:        je     0x481b2743 <vc1_decode_intra_block+659>
0x00000000481b2733 <vc1_decode_intra_block+643>:        mov    0x30(%rsp),%eax
0x00000000481b2737 <vc1_decode_intra_block+647>:        cmp    $0x3,%r15d
0x00000000481b273b <vc1_decode_intra_block+651>:        cmovle %r11d,%eax
0x00000000481b273f <vc1_decode_intra_block+655>:        mov    %eax,0x30(%rsp)
0x00000000481b2743 <vc1_decode_intra_block+659>:        mov    0x48(%rsp),%eax
End of assembler dump.
(gdb) info all-registers
rax            0x0      0
rbx            0x45671080       1164382336
rcx            0x1      1
rdx            0x44a4a000       1151639552
rsi            0x1      1
rdi            0x0      0
rbp            0x46fb3a60       0x46fb3a60
rsp            0x7f7ffffe2ee0   0x7f7ffffe2ee0
r8             0x1      1
r9             0x46fb3a40       1190869568
r10            0xc      12
r11            0xc      12
r12            0x42890000       1116274688
r13            0x1      1
r14            0x19     25
r15            0x1      1
rip            0x481b2725       0x481b2725 <vc1_decode_intra_block+629>
eflags         0x210202 2163202
cs             0x1f     31
ss             0x17     23
ds             0x17     23
es             0x17     23
fs             0x17     23
gs             0x17     23
st0            -nan(0x3b3b3b3b3b3b3b3b) (raw 0xffff3b3b3b3b3b3b3b3b)
st1            -nan(0x3b003b003b003b)   (raw 0xffff003b003b003b003b)
st2            -nan(0x3a3a3a3a3a3a3a3a) (raw 0xffff3a3a3a3a3a3a3a3a)
st3            -nan(0x3a003a003a003a)   (raw 0xffff003a003a003a003a)
st4            -nan(0x3838383838383838) (raw 0xffff3838383838383838)
st5            -nan(0x38003800380038)   (raw 0xffff0038003800380038)
st6            -nan(0x3838383838383838) (raw 0xffff3838383838383838)
st7            -nan(0x38003800380038)   (raw 0xffff0038003800380038)
fctrl          0x127f   4735
fstat          0x20     32
ftag           0xaaaa   43690
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {f = {0x0, 0xc, 0x0, 0x0}}       {f = {0, 12.1138916, 0, 0}}
xmm1           {f = {0x0, 0xc, 0x0, 0x0}}       {f = {0, 12.0681152, 0, 0}}
xmm2           {f = {0x40000000, 0x1, 0x0, 0x0}}        {f = {1.40365254e+16, 1.74816322, 0, 0}}
xmm3           {f = {0x0, 0x1, 0x0, 0x0}}       {f = {1.95156399e-20, 1.63999999, 0, 0}}
xmm4           {f = {0x0, 0xffffffff, 0x0, 0x0}}        {f = {1.38496724e-20, -1.35766685, 0, 0}}
xmm5           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {-3.8517049e-18, 0.694354832, 0, 0}}
xmm6           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {1.78844133e-32, -0.160348564, 0, 0}}
xmm7           {f = {0x8b900000, 0xfffffffe, 0x0, 0x0}} {f = {9.98814043e+12, -2.00507355, 0, 0}}
xmm8           {f = {0x0, 0xffffffff, 0x0, 0x0}}        {f = {-4.14729584e-07, -1.28627229, 0, 0}}
xmm9           {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm10          {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm11          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm12          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm13          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm14          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
xmm15          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}
mxcsr          0x1fa0   8096
(gdb) 





More information about the ffmpeg-devel mailing list