[Ffmpeg-devel] FFMpeg crash on decoding H.264 incomplete frame.

Alexander Chemeris ipse.sipx
Wed Nov 29 14:12:55 CET 2006 

Hello all,

I'm trying to decode H.264 stream, coming from RTP stream.
Sometimes FFMpeg crash on incomplete frames.

For example execute:
% ffmpeg -f h264 -i crash.h264
FFmpeg version SVN-r7070, Copyright (c) 2000-2006 Fabrice Bellard, et al.
 configuration:  --extra-cflags=-I/shared/include
--extra-ldflags=-L/shared/lib --enable-memalign-hack --enable-shared
--disable-static --enable-mp3lame --enable-xvid --enable-a52
--enable-libogg --enable-vorbis --enable-faac --enable-faad
--enable-x264 --enable-pp --enable-amr_wb --enable-amr_nb
--enable-avisynth --enable-dts --enable-libgsm --enable-gpl
 libavutil version: 49.0.2
 libavcodec version: 51.25.0
 libavformat version: 51.6.0
 built on Nov 14 2006 19:00:23, gcc: 3.4.6
..... crash here.


If you remove last byte from crash.h264 it proceed fine:
% ffmpeg -f h264 -i crash.h264
FFmpeg version SVN-r7070, Copyright (c) 2000-2006 Fabrice Bellard, et al.
 configuration:  --extra-cflags=-I/shared/include
--extra-ldflags=-L/shared/lib --enable-memalign-hack --enable-shared
--disable-static --enable-mp3lame --enable-xvid --enable-a52
--enable-libogg --enable-vorbis --enable-faac --enable-faad
--enable-x264 --enable-pp --enable-amr_wb --enable-amr_nb
--enable-avisynth --enable-dts --enable-libgsm --enable-gpl
 libavutil version: 49.0.2
 libavcodec version: 51.25.0
 libavformat version: 51.6.0
 built on Nov 14 2006 19:00:23, gcc: 3.4.6
[h264 @ 10338000]prefix too large at 12 12
[h264 @ 10338000]error while decoding MB 12 12
[h264 @ 10338000]concealing 97 DC, 97 AC, 97 MV errors
Input #0, h264, from 'crash.h264':
 Duration: N/A, bitrate: N/A
 Stream #0.0: Video: h264, yuv420p, 320x240, 10.00 fps(r)
Must supply at least one output file

GDB output:
gdb --args ffmpeg -f h264 -i crash.h264
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...(no debugging symbols found)...
(gdb) run
Starting program: C:\Program Files\FFmpeg/ffmpeg.exe -f h264 -i crash.h264

Program received signal SIGSEGV, Segmentation fault.
0x101e7882 in _libmsvcrt_a_iname ()
(gdb) bt
#0  0x101e7882 in _libmsvcrt_a_iname ()
#1  0x7c917bb8 in _libmsvcrt_a_iname ()
#2  0x00f74f2c in ?? ()
#3  0x00403142 in _size_of_stack_reserve__ ()
Cannot access memory at address 0xf008188
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x101e7862 to 0x101e78a2:
0x101e7862 <_libmsvcrt_a_iname+845286>: lea    (%ebx,%edi,1),%eax
0x101e7865 <_libmsvcrt_a_iname+845289>: cmp    $0x3f,%eax
0x101e7868 <_libmsvcrt_a_iname+845292>:
   jle    0x101e7b18 <_libmsvcrt_a_iname+845980>
0x101e786e <_libmsvcrt_a_iname+845298>: and    $0x1f,%eax
0x101e7871 <_libmsvcrt_a_iname+845301>: mov    0x0(%ebp),%esi
0x101e7874 <_libmsvcrt_a_iname+845304>: mov    0x1036e3b0(,%eax,4),%ebx
0x101e787b <_libmsvcrt_a_iname+845311>: mov    %esi,0x44(%esp,1)
0x101e787f <_libmsvcrt_a_iname+845315>: shl    $0x4,%ebx
0x101e7882 <_libmsvcrt_a_iname+845318>: mov    0x10455004(%ebx),%edx
0x101e7888 <_libmsvcrt_a_iname+845324>: mov    0x8(%ebp),%ebx
0x101e788b <_libmsvcrt_a_iname+845327>: mov    %ebx,%edi
0x101e788d <_libmsvcrt_a_iname+845329>: mov    %ebx,%ecx
0x101e788f <_libmsvcrt_a_iname+845331>: sar    $0x3,%edi
0x101e7892 <_libmsvcrt_a_iname+845334>: and    $0x7,%ecx
0x101e7895 <_libmsvcrt_a_iname+845337>: mov    (%esi,%edi,1),%eax
0x101e7898 <_libmsvcrt_a_iname+845340>: bswap  %eax
0x101e789a <_libmsvcrt_a_iname+845342>: shl    %cl,%eax
0x101e789c <_libmsvcrt_a_iname+845344>: shr    $0xf8,%eax
0x101e789f <_libmsvcrt_a_iname+845347>: movswl 0x2(%edx,%eax,4),%esi
End of assembler dump.
(gdb) info all-registers
eax            0x1e     30
ecx            0xf74fb0 16207792
edx            0xf770a8 16216232
ebx            0x6656f630       1716975152
esp            0x22ee30 0x22ee30
ebp            0xf770a8 0xf770a8
esi            0xf73e37 16203319
edi            0xff     255
eip            0x101e7882       0x101e7882
eflags         0x210206 2163206
cs             0x1b     27
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x3b     59
gs             0x0      0
st0            -nan(0x09b999694)        (raw 0xffff000000009b999694)
st1            -nan(0x7a007a007a007a)   (raw 0xffff007a007a007a007a)
st2            -nan(0x098969391)        (raw 0xffff0000000098969391)
st3            -nan(0x0918f8c8a)        (raw 0xffff00000000918f8c8a)
st4            -nan(0x08d8b8886)        (raw 0xffff000000008d8b8886)
st5            -nan(0x70707077f7f7f7f)  (raw 0xffff070707077f7f7f7f)
st6            -nan(0x20002000200020)   (raw 0xffff0020002000200020)
---Type <return> to continue, or q <return> to quit---
st7            0        (raw 0xffff0000000000000000)
fctrl          0xffff037f       -64641
fstat          0xffff4020       -49120
ftag           0xffffaaaa       -21846
fiseg          0x1b     27
fioff          0x1010b777       269530999
foseg          0xffff0023       -65501
fooff          0x22f278 2290296
fop            0x1c9    457
(gdb)

This crash occur very often and I hope it could be fixed - it stop using H.264
in our project for video conversations. :(

--
Regards,
Alexander Chemeris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash.h264
Type: application/octet-stream
Size: 4380 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20061129/e546f2d8/attachment.obj>

More information about the ffmpeg-devel mailing list