[FFmpeg-trac] #14(avformat:new): Crash when reading mkv file

FFmpeg trac at avcodec.org
Wed Mar 23 11:30:48 CET 2011 

#14: Crash when reading mkv file
------------------------+----------------------
  Reporter:  cehoyos    |      Owner:  michael
      Type:  defect     |     Status:  new
  Priority:  important  |  Component:  avformat
   Version:             |   Keywords:
Blocked By:             |   Blocking:
Reproduced:  0          |   Analyzed:  0
------------------------+----------------------
 Attached file crashes current FFmpeg in metadata.c.

 {{{
 (gdb) r -i crash.mkv
 FFmpeg version git-N-28581-g4fa0e24, Copyright (c) 2000-2011 the FFmpeg
 developers
   built on Mar 23 2011 06:04:48 with gcc 4.5.2
   configuration: --cc=/usr/local/gcc-4.5.2/bin/gcc --enable-gpl
   libavutil    50. 40. 0 / 50. 40. 0
   libavcodec   52.114. 0 / 52.114. 0
   libavformat  52.103. 0 / 52.103. 0
   libavdevice  52.  3. 0 / 52.  3. 0
   libavfilter   1. 76. 0 /  1. 76. 0
   libswscale    0. 12. 0 /  0. 12. 0

 Program received signal SIGSEGV, Segmentation fault.
 av_metadata_set2 (pm=0x188, key=0x7fffffffd470 "LANGUAGE", value=0x11ef000
 "fra", flags=0)
     at libavformat/metadata.c:51
 51          AVMetadata *m= *pm;
 (gdb) bt
 #0  av_metadata_set2 (pm=0x188, key=0x7fffffffd470 "LANGUAGE",
 value=0x11ef000 "fra", flags=0)
     at libavformat/metadata.c:51
 #1  0x0000000000488507 in matroska_convert_tag (s=0x11ed650,
 list=0x11eef68, metadata=0x188, prefix=0x0)
     at libavformat/matroskadec.c:1063
 #2  0x000000000048a4c2 in matroska_convert_tags (s=0x11ed650) at
 libavformat/matroskadec.c:1101
 #3  matroska_read_header (s=0x11ed650) at libavformat/matroskadec.c:1547
 #4  0x00000000004e9c11 in av_open_input_stream (ic_ptr=0x7fffffffdbb8,
 pb=0x11f66f0,
     filename=0x7fffffffe28c "crash.mkv", fmt=0xc86980, ap=0x7fffffffdb80)
 at libavformat/utils.c:491
 #5  0x00000000004ea129 in av_open_input_file (ic_ptr=<value optimized
 out>,
     filename=<value optimized out>, fmt=0xc86980, buf_size=<value
 optimized out>,
     ap=<value optimized out>) at libavformat/utils.c:647
 #6  0x000000000040c758 in opt_input_file (filename=0x7fffffffe28c
 "crash.mkv") at ffmpeg.c:3148
 #7  0x0000000000410702 in parse_options (argc=3, argv=0x7fffffffde18,
 options=0x8efc60,
     parse_arg_function=0x40edf0 <opt_output_file>) at cmdutils.c:220
 #8  0x000000000040f9b2 in main (argc=3, argv=0x7fffffffde18) at
 ffmpeg.c:4324
 (gdb) disass $pc-32 $pc+32
 Dump of assembler code from 0x494727 to 0x494767:
 0x0000000000494727 <av_metadata_set2+7>:        fs
 0x0000000000494728 <av_metadata_set2+8>:        and    $0xe0,%al
 0x000000000049472a <av_metadata_set2+10>:       mov    %ecx,%ebp
 0x000000000049472c <av_metadata_set2+12>:       mov    %r13,-0x18(%rsp)
 0x0000000000494731 <av_metadata_set2+17>:       mov    %r14,-0x10(%rsp)
 0x0000000000494736 <av_metadata_set2+22>:       mov    %rdi,%r13
 0x0000000000494739 <av_metadata_set2+25>:       mov    %r15,-0x8(%rsp)
 0x000000000049473e <av_metadata_set2+30>:       mov    %rbx,-0x30(%rsp)
 0x0000000000494743 <av_metadata_set2+35>:       sub    $0x48,%rsp
 0x0000000000494747 <av_metadata_set2+39>:       mov    (%rdi),%rbx
 0x000000000049474a <av_metadata_set2+42>:       mov    %rdx,%r14
 0x000000000049474d <av_metadata_set2+45>:       xor    %edx,%edx
 0x000000000049474f <av_metadata_set2+47>:       mov    %rsi,%r12
 0x0000000000494752 <av_metadata_set2+50>:       mov    %rbx,%rdi
 0x0000000000494755 <av_metadata_set2+53>:       callq  0x4945d0
 <av_metadata_get>
 0x000000000049475a <av_metadata_set2+58>:       test   %rbx,%rbx
 0x000000000049475d <av_metadata_set2+61>:       mov    %rax,%r15
 0x0000000000494760 <av_metadata_set2+64>:       je     0x494878
 <av_metadata_set2+344>
 0x0000000000494766 <av_metadata_set2+70>:       test   %r15,%r15
 End of assembler dump.
 (gdb) info registers
 rax            0x8      8
 rbx            0x11eef80        18804608
 rcx            0x0      0
 rdx            0x11ef000        18804736
 rsi            0x7fffffffd470   140737488344176
 rdi            0x188    392
 rbp            0x0      0x0
 rsp            0x7fffffffd410   0x7fffffffd410
 r8             0xfeff7efef6047cff       -72199435500356353
 r9             0x101010101010101        72340172838076673
 r10            0x0      0
 r11            0x7ffff6d7edd6   140737334734294
 r12            0x7fffffffd470   140737488344176
 r13            0x188    392
 r14            0x0      0
 r15            0x11eef68        18804584
 rip            0x494747 0x494747 <av_metadata_set2+39>
 eflags         0x10202  [ IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
 }}}

-- 
Ticket URL: <http://avcodec.org/trac/ffmpeg/ticket/14>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list