[Ffmpeg-devel] wmv2 segfaults in wmv2_mspel8_h_lowpass()

Nikns Siankin nikns
Wed Jan 3 10:56:59 CET 2007


The same sample http://pazeme.lv/MojoFlix_Drunken-Bull.wmv
with svn 20070102

# uname -a 
OpenBSD obsd.my.domain 4.0 GENERIC#690 amd64


# ffmpeg -i /root/MojoFlix_Drunken-Bull.wmv bu.avi                                                               
FFmpeg version SVN-r7400, Copyright (c) 2000-2006 Fabrice Bellard, et al.
  configuration:  --enable-shared --cc=cc --disable-opts --enable-a52 
--enable-pp --enable-gpl --enable-pthreads --enable-faac --enable-faad 
--enable-mp3lame --enable-libogg --enable-vorbis --extra-ldflags=-lm 
-L/usr/local/lib --extra-cflags=-I/usr/local/include 
  libavutil version: 49.1.0
  libavcodec version: 51.28.0
  libavformat version: 51.7.0
  built on Jan  3 2007 11:18:44, gcc: 3.3.5 (propolice)

Seems stream 1 codec frame rate differs from container frame rate: 1000.00 
(1000/1) -> 30.00 (30/1)
Input #0, asf, from '/root/MojoFlix_Drunken-Bull.wmv':
  Duration: 00:00:33.1, start: 5.000000, bitrate: 492 kb/s
  Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s
  Stream #0.1: Video: wmv2, yuv420p, 320x240, 30.00 fps(r)
Output #0, avi, to 'bu.avi':
  Stream #0.0: Video: mpeg4, yuv420p, 320x240, q=2-31, 200 kb/s, 30.00 fps(c)
  Stream #0.1: Audio: mp2, 44100 Hz, stereo, 64 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding
Segmentation fault (core dumped)  time=6.4 bitrate= 408.4kbits/s    

# gdb ./ffmpeg_g ffmpeg.core                                                                                     
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd4.0"...
Core was generated by `ffmpeg'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.6.3...done.
Loaded symbols for /usr/lib/libpthread.so.6.3
Reading symbols from /usr/lib/libm.so.2.3...done.
Loaded symbols for /usr/lib/libm.so.2.3
Reading symbols from /usr/local/lib/libavformat.so.8.0...done.
Loaded symbols for /usr/local/lib/libavformat.so.8.0
Reading symbols from /usr/local/lib/libavcodec.so.8.0...done.
Loaded symbols for /usr/local/lib/libavcodec.so.8.0
Reading symbols from /usr/local/lib/libavutil.so.2.0...done.
Loaded symbols for /usr/local/lib/libavutil.so.2.0
Reading symbols from /usr/lib/libossaudio.so.3.0...done.
Loaded symbols for /usr/lib/libossaudio.so.3.0
Reading symbols from /usr/lib/libz.so.4.1...done.
Loaded symbols for /usr/lib/libz.so.4.1
Reading symbols from /usr/local/lib/libmp3lame.so.0.1...done.
Loaded symbols for /usr/local/lib/libmp3lame.so.0.1
Reading symbols from /usr/local/lib/libvorbis.so.5.1...done.
Loaded symbols for /usr/local/lib/libvorbis.so.5.1
Reading symbols from /usr/local/lib/libvorbisenc.so.2.2...done.
Loaded symbols for /usr/local/lib/libvorbisenc.so.2.2
Reading symbols from /usr/local/lib/libogg.so.5.3...done.
Loaded symbols for /usr/local/lib/libogg.so.5.3
Reading symbols from /usr/local/lib/libfaac.so.0.0...done.
Loaded symbols for /usr/local/lib/libfaac.so.0.0
Reading symbols from /usr/local/lib/libfaad.so.0.0...done.
Loaded symbols for /usr/local/lib/libfaad.so.0.0
Symbols already loaded for /usr/lib/libpthread.so.6.3
Reading symbols from /usr/lib/libc.so.39.3...done.
Loaded symbols for /usr/lib/libc.so.39.3
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  wmv2_mspel8_h_lowpass (dst=0x7f7ffffca3e0 "?\006", src=0x4d6a9f54 <Address 
0x4d6a9f54 out of bounds>, 
    dstStride=8, srcStride=352, h=352) at dsputil.c:2512
2512            dst[0]= cm[(9*(src[0] + src[1]) - (src[-1] + src[2]) + 8)>>4];
(gdb) 

(gdb) bt
#0  wmv2_mspel8_h_lowpass (dst=0x7f7ffffca3e0 "?\006", src=0x4d6a9f54 <Address 
0x4d6a9f54 out of bounds>, 
    dstStride=8, srcStride=352, h=352) at dsputil.c:2512
#1  0x0000000046dcae85 in put_mspel8_mc32_c (
    dst=0x46bdf6b0 
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666", 
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>, 
"213323"..., 
    src=0x4d6aa0b5 
"44444134679;989:88774676555434354444334433334354444334433332324423455555555654456665555556566655555555665556665666666665776", 
'5' <repeats 16 times>, "3332", '4' <repeats 28 times>, '3' <repeats 18 times>, 
"21332342455"..., stride=352) at dsputil.c:2623
#2  0x0000000046ec4a75 in ff_mspel_motion (s=0x4c7c7000, 
    dest_y=0x46bdf6b0 
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666", 
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>, 
"213323"..., 
    dest_cb=0x4d5e85d8 
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226\225\225\225\225\225\226\226", 
'\225' <repeats 77 times>, 
"\224\224\225\225\224\225\225\224\224\224\223\223\224\225\225\224\224\225\225\225\226\226", 
'\225' <repeats 46 times>, 
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226"..., 
    dest_cr=0x4aa265d8 'z' <repeats 24 times>, "yyyyzzzzzyxxxxxxy", 'x' <repeats 
13 times>, "yyxxxy", 'x' <repeats 28 times>, 'y' <repeats 12 times>, "xxxxyyy", 
'x' <repeats 16 times>, "yyy", 'z' <repeats 74 times>..., 
    ref_picture=0x4c7c7128, pix_op=0x4c7c7f98, motion_x=9, motion_y=-41, h=16) 
at wmv2.c:660
#3  0x0000000046d993b2 in MPV_motion (s=0x4c7c7000, 
    dest_y=0x46bdf6b0 
"22244444134679;69779;9:974676555555545554445544434353444234423232335545655555555654456667777778766655555555665555555565566666666", 
'5' <repeats 19 times>, '4' <repeats 29 times>, '3' <repeats 18 times>, 
"213323"..., 
    dest_cb=0x4d5e85d8 
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226\225\225\225\225\225\226\226", 
'\225' <repeats 77 times>, 
"\224\224\225\225\224\225\225\224\224\224\223\223\224\225\225\224\224\225\225\225\226\226", 
'\225' <repeats 46 times>, 
"\224\224\224\224\224\224\224\225\225\224\224\224\224\224\224\225\225\225\225\225\226\226\226\226"..., 
    dest_cr=0x4aa265d8 'z' <repeats 24 times>, "yyyyzzzzzyxxxxxxy", 'x' <repeats 
13 times>, "yyxxxy", 'x' <repeats 28 times>, 'y' <repeats 12 times>, "xxxxyyy", 
'x' <repeats 16 times>, "yyy", 'z' <repeats 74 times>..., dir=11, 
    ref_picture=0x4c7c7128, pix_op=0x4c7c7f98, qpix_op=0x4c7c8158) at 
mpegvideo.c:3554
#4  0x0000000046d90164 in MPV_decode_mb (s=0x4c7c7000, block=0x4dfeb000) at 
mpegvideo.c:4009
#5  0x0000000046ec5ddf in decode_slice (s=0x4c7c7000) at h263dec.c:240
#6  0x0000000046ec6d66 in ff_h263_decode_frame (avctx=0x43d0a000, 
data=0x7f7ffffcac70, data_size=0x7f7ffffcaae8, 
    buf=0x48893800 
"\210?\201R\2061?g(\237?aMF\031\004d?\002????&\203\221?#l?W1??p\034?V?(\032f??\024\t?@?\020?\0263\v?Q", 
buf_size=1736) at h263dec.c:729
#7  0x0000000046d865fc in avcodec_decode_video (avctx=0x43d0a000, 
picture=0x7f7ffffcac70, 
    got_picture_ptr=0x7f7ffffcaae8, 
    buf=0x48893800 
"\210?\201R\2061?g(\237?aMF\031\004d?\002????&\203\221?#l?W1??p\034?V?(\032f??\024\t?@?\020?\0263\v?Q", 
buf_size=1736) at utils.c:904
#8  0x00000000004061d2 in output_packet (ist=0x412c7300, ist_index=1, 
ost_table=0x49bb3070, nb_ostreams=2, 
    pkt=0x7f7ffffcae60) at ffmpeg.c:1092
#9  0x0000000000406dff in av_encode (output_files=0x811d40, nb_output_files=1, 
input_files=0x811c00, 
    nb_input_files=1, stream_maps=0x811de0, nb_stream_maps=0) at ffmpeg.c:1936
#10 0x000000000040b065 in main (argc=15625, argv=0x7f7ffffcb310) at 
ffmpeg.c:3935

(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x46dca700 to 0x46dca740:
0x0000000046dca700 <wmv2_mspel8_h_lowpass+0>:   mov    6068785(%rip),%r9        
# 0x47394138 <a52_resample+1179640>
0x0000000046dca707 <wmv2_mspel8_h_lowpass+7>:   add    $0x400,%r9
0x0000000046dca70e <wmv2_mspel8_h_lowpass+14>:  test   %r8d,%r8d
0x0000000046dca711 <wmv2_mspel8_h_lowpass+17>:  jle    0x46dca874 
<wmv2_mspel8_h_lowpass+372>
0x0000000046dca717 <wmv2_mspel8_h_lowpass+23>:  movslq %edx,%r11
0x0000000046dca71a <wmv2_mspel8_h_lowpass+26>:  movslq %ecx,%r10
0x0000000046dca71d <wmv2_mspel8_h_lowpass+29>:  data16
0x0000000046dca71e <wmv2_mspel8_h_lowpass+30>:  data16
0x0000000046dca71f <wmv2_mspel8_h_lowpass+31>:  nop    
0x0000000046dca720 <wmv2_mspel8_h_lowpass+32>:  movzbl 0x1(%rsi),%edx
0x0000000046dca724 <wmv2_mspel8_h_lowpass+36>:  movzbl (%rsi),%eax
0x0000000046dca727 <wmv2_mspel8_h_lowpass+39>:  movzbl 0x2(%rsi),%ecx
0x0000000046dca72b <wmv2_mspel8_h_lowpass+43>:  add    %edx,%eax
0x0000000046dca72d <wmv2_mspel8_h_lowpass+45>:  movzbl 
0xffffffffffffffff(%rsi),%edx
0x0000000046dca731 <wmv2_mspel8_h_lowpass+49>:  lea    (%rax,%rax,8),%eax
0x0000000046dca734 <wmv2_mspel8_h_lowpass+52>:  add    %ecx,%edx
0x0000000046dca736 <wmv2_mspel8_h_lowpass+54>:  sub    %edx,%eax
0x0000000046dca738 <wmv2_mspel8_h_lowpass+56>:  add    $0x8,%eax
0x0000000046dca73b <wmv2_mspel8_h_lowpass+59>:  sar    $0x4,%eax
0x0000000046dca73e <wmv2_mspel8_h_lowpass+62>:  cltq   
End of assembler dump.

(gdb) info all-registers
rax            0x160    352
rbx            0x4d6aa0b5       1298833589
rcx            0x160    352
rdx            0x8      8
rsi            0x4d6a9f54       1298833236
rdi            0x7f7ffffca3e0   140187732321248
rbp            0x7f7ffffca3a0   0x7f7ffffca3a0
rsp            0x7f7ffffca358   0x7f7ffffca358
r8             0xb      11
r9             0x47265760       1193695072
r10            0x160    352
r11            0x8      8
r12            0x160    352
r13            0x46bdf6b0       1186854576
r14            0x7f7ffffca3e0   140187732321248
r15            0x9      9
rip            0x46dca720       0x46dca720 <wmv2_mspel8_h_lowpass+32>
eflags         0x210202 2163202
cs             0x1f     31
ss             0x17     23
ds             0x17     23
es             0x17     23
fs             0x17     23
gs             0x17     23
st0            -nan(0x3434343434343434) (raw 0xffff3434343434343434)
st1            -nan(0x34003400340034)   (raw 0xffff0034003400340034)
st2            -nan(0x3434343434343434) (raw 0xffff3434343434343434)
st3            -nan(0x34003400340034)   (raw 0xffff0034003400340034)
st4            -nan(0x32003200320032)   (raw 0xffff0032003200320032)
st5            -nan(0x32003200320032)   (raw 0xffff0032003200320032)
st6            -nan(0x32003200320032)   (raw 0xffff0032003200320032)
st7            <invalid float value>    (raw 0xffff0000000000000000)
fctrl          0x127f   4735
fstat          0x20     32
ftag           0xaaaa   43690
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {f = {0x0, 0xe, 0x0, 0x0}}       {f = {0, 14.963377, 0, 0}}
xmm1           {f = {0x0, 0xf, 0x0, 0x0}}       {f = {0, 15.0331268, 0, 0}}
xmm2           {f = {0x0, 0x2, 0x0, 0x0}}       {f = {1.63648397e-31, 
2.61408162, 5.23048665e-40, 
    -nan(0x7ded0c)}}
xmm3           {f = {0x0, 0x2, 0x0, 0x0}}       {f = {1.63648397e-31, 
2.61408162, 5.23048665e-40, 
    -nan(0x7ded0c)}}
xmm4           {f = {0xc24b42, 0x88000000, 0x0, 0xfffff904}}    {f = {12733250, 
1.1188971e+15, -4.57506084e-21, 
    -1788.73804}}
xmm5           {f = {0xc24b42, 0x0, 0x0, 0x0}}  {f = {12733250, 1.97132904e-26, 
2.06927913e-14, -2.28904872e+26}}
xmm6           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {9.18354962e-41, 
9.18354962e-41, 9.18354962e-41, 
---Type <return> to continue, or q <return> to quit---
xmm7           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {3.23968995e-40, 
-nan(0x7e9d3a), -nan(0x7eba30), 
    7.89598053e-40}}
xmm8           {f = {0x0, 0xffffffff, 0x0, 0x0}}        {f = {-1.76235581e+22, 
-1.52807558, 0, 0}}
xmm9           {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm10          {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm11          {f = {0xffffffff, 0x0, 0x0, 0x0}}        {f = {-1.96473002, 0, 0, 
0}}
xmm12          {f = {0xffffffff, 0x0, 0x0, 0x0}}        {f = {-1.11296916, 0, 0, 
0}}
xmm13          {f = {0x1, 0x0, 0x0, 0x0}}       {f = {1.78104186, 0, 0, 0}}
xmm14          {f = {0x1, 0x0, 0x0, 0x0}}       {f = {1.42799723, 0, 0, 0}}
xmm15          {f = {0x1, 0x0, 0x0, 0x0}}       {f = {1.24683833, 0, 0, 0}}
mxcsr          0x1fa0   8096
(gdb) 





More information about the ffmpeg-devel mailing list