[FFmpeg-trac] #3220(avcodec:open): mpeg2 decoder crash

FFmpeg trac at avcodec.org
Thu Dec 12 10:01:08 CET 2013 

#3220: mpeg2 decoder crash
-------------------------------------+-------------------------------------
             Reporter:  kyh96403     |                    Owner:
                 Type:  defect       |                   Status:  open
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  mpeg2video   |               Blocked By:
  crash SIGSEGV regression           |  Reproduced by developer:  1
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:  mpeg2 => mpeg2video crash SIGSEGV regression
 * status:  new => open
 * reproduced:  0 => 1


Comment:

 Regression since 1dab49c3 / bacc2869
 {{{
 (gdb) r -i The\ program\ crashes_cut.ts
 Starting program: ffmpeg_g -i The\ program\ crashes_cut.ts
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-59017-g551a679 Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Dec 12 2013 09:50:32 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      52. 58.100 / 52. 58.100
   libavcodec     55. 45.101 / 55. 45.101
   libavformat    55. 22.100 / 55. 22.100
   libavdevice    55.  5.102 / 55.  5.102
   libavfilter     3. 92.100 /  3. 92.100
   libswscale      2.  5.101 /  2.  5.101
   libswresample   0. 17.104 /  0. 17.104
   libpostproc    52.  3.100 / 52.  3.100

 Program received signal SIGSEGV, Segmentation fault.
 av_frame_new_side_data (frame=0x0, type=type at entry=AV_FRAME_DATA_STEREO3D,
 size=size at entry=8)
     at libavutil/frame.c:557
 557         if (frame->nb_side_data > INT_MAX / sizeof(*frame->side_data)
 - 1)
 (gdb) bt
 #0  av_frame_new_side_data (frame=0x0,
 type=type at entry=AV_FRAME_DATA_STEREO3D, size=size at entry=8)
     at libavutil/frame.c:557
 #1  0x0000000000cce683 in av_stereo3d_create_side_data (frame=<optimized
 out>)
     at libavutil/stereo3d.c:33
 #2  0x0000000000906486 in mpeg_decode_user_data (buf_size=114828,
 p=<optimized out>,
     avctx=0x17d71a0) at libavcodec/mpeg12dec.c:2229
 #3  decode_chunks (avctx=avctx at entry=0x17d71a0,
 picture=picture at entry=0x1809800,
     got_output=got_output at entry=0x7fffffffd1ec, buf=0x182d260 "",
 buf_size=115019)
     at libavcodec/mpeg12dec.c:2430
 #4  0x00000000009067ab in mpeg_decode_frame (avctx=0x17d71a0,
 data=0x1809800,
     got_output=0x7fffffffd1ec, avpkt=<optimized out>) at
 libavcodec/mpeg12dec.c:2643
 #5  0x0000000000a3a4d8 in avcodec_decode_video2 (avctx=0x17d71a0,
 picture=0x1809800,
     got_picture_ptr=got_picture_ptr at entry=0x7fffffffd1ec,
 avpkt=avpkt at entry=0x7fffffffd220)
     at libavcodec/utils.c:2107
 #6  0x00000000005d62cd in try_decode_frame (s=s at entry=0x17d3100,
 st=st at entry=0x17d6ec0,
     avpkt=avpkt at entry=0x1809660, options=0x17d7ac0) at
 libavformat/utils.c:2508
 #7  0x00000000005dec90 in avformat_find_stream_info (ic=0x17d3100,
 options=0x17d7ac0)
     at libavformat/utils.c:3048
 #8  0x000000000046d4f2 in open_input_file (o=o at entry=0x7fffffffd6c0,
 filename=<optimized out>)
     at ffmpeg_opt.c:861
 #9  0x000000000046b6a4 in open_files (inout=inout at entry=0xd3e9bf "input",
     open_file=open_file at entry=0x46d0b0 <open_input_file>, l=<optimized
 out>, l=<optimized out>)
     at ffmpeg_opt.c:2583
 #10 0x0000000000473139 in ffmpeg_parse_options (argc=argc at entry=3,
 argv=argv at entry=0x7fffffffdd78)
     at ffmpeg_opt.c:2620
 #11 0x0000000000463ef8 in main (argc=3, argv=0x7fffffffdd78) at
 ffmpeg.c:3521
 (gdb) disass $pc-27,$pc+32
 Dump of assembler code from 0xcb61e0 to 0xcb621b:
    0x0000000000cb61e0 <av_frame_new_side_data+0>:       mov
 %rbx,-0x20(%rsp)
    0x0000000000cb61e5 <av_frame_new_side_data+5>:       mov
 %rbp,-0x18(%rsp)
    0x0000000000cb61ea <av_frame_new_side_data+10>:      mov    %rdi,%rbx
    0x0000000000cb61ed <av_frame_new_side_data+13>:      mov
 %r12,-0x10(%rsp)
    0x0000000000cb61f2 <av_frame_new_side_data+18>:      mov
 %r13,-0x8(%rsp)
    0x0000000000cb61f7 <av_frame_new_side_data+23>:      sub    $0x38,%rsp
 => 0x0000000000cb61fb <av_frame_new_side_data+27>:      mov
 0x228(%rdi),%eax
    0x0000000000cb6201 <av_frame_new_side_data+33>:      cmp
 $0xffffffe,%eax
    0x0000000000cb6206 <av_frame_new_side_data+38>:      ja     0xcb62b8
 <av_frame_new_side_data+216>
    0x0000000000cb620c <av_frame_new_side_data+44>:      mov    %esi,%r13d
    0x0000000000cb620f <av_frame_new_side_data+47>:      lea
 0x1(%rax),%esi
    0x0000000000cb6212 <av_frame_new_side_data+50>:      mov
 0x220(%rdi),%rdi
    0x0000000000cb6219 <av_frame_new_side_data+57>:      mov    %edx,%r12d
 End of assembler dump.
 (gdb) info register
 rax            0x5      5
 rbx            0x0      0
 rcx            0x17f59c0        25123264
 rdx            0x8      8
 rsi            0x2      2
 rdi            0x0      0
 rbp            0x17d71a0        0x17d71a0
 rsp            0x7fffffffcec0   0x7fffffffcec0
 r8             0x17f59c0        25123264
 r9             0x1c08c  114828
 r10            0x1      1
 r11            0x7ffff5f7b360   140737320039264
 r12            0x8      8
 r13            0x1c08c  114828
 r14            0x17f59c0        25123264
 r15            0x18493ab        25465771
 rip            0xcb61fb 0xcb61fb <av_frame_new_side_data+27>
 eflags         0x10206  [ PF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3220#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list