[FFmpeg-trac] #2707(avformat:new): Crash in mxg demuxer on sparc

FFmpeg trac at avcodec.org
Tue Jun 25 01:44:00 CEST 2013 

#2707: Crash in mxg demuxer on sparc
-------------------------------------+-------------------------------------
               Reporter:  cehoyos    |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  normal     |              Component:  avformat
                Version:  git-       |               Keywords:  crash mxg
  master                             |  sparc
             Blocked By:             |               Blocking:
Reproduced by developer:  0          |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 Sparc Niagara, 32bit compilation
 {{{
 (gdb) r -i fate-suite/mxpeg/m1.mxg
 Starting program: ffmpeg_g -i fate-suite/mxpeg/m1.mxg
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/sparc-linux-gnu/libthread_db.so.1".
 ffmpeg version N-54176-gf48366c Copyright (c) 2000-2013 the FFmpeg
 developers
   built on Jun 24 2013 14:29:37 with gcc 4.6 (Debian 4.6.3-14)
   configuration:
   libavutil      52. 37.101 / 52. 37.101
   libavcodec     55. 17.100 / 55. 17.100
   libavformat    55.  9.100 / 55.  9.100
   libavdevice    55.  2.100 / 55.  2.100
   libavfilter     3. 77.101 /  3. 77.101
   libswscale      2.  3.100 /  2.  3.100
   libswresample   0. 17.102 /  0. 17.102

 Program received signal SIGBUS, Bus error.
 0x00160e0c in mxg_find_startmarker (p=0x1001f42 "\377", <incomplete
 sequence \340>,
     end=0x1002340 "1\r\n\372", <incomplete sequence \350>) at
 libavformat/mxg.c:77
 77              uint32_t x = *(uint32_t*)p;
 (gdb) bt
 #0  0x00160e0c in mxg_find_startmarker (p=0x1001f42 "\377", <incomplete
 sequence \340>,
     end=0x1002340 "1\r\n\372", <incomplete sequence \350>) at
 libavformat/mxg.c:77
 #1  0x001611c8 in mxg_read_packet (s=0xffde60, pkt=0xffffccb0) at
 libavformat/mxg.c:150
 #2  0x001b63e8 in ff_read_packet (s=0xffde60, pkt=0xffffccb0) at
 libavformat/utils.c:642
 #3  0x001b8e4c in read_frame_internal (s=0xffde60, pkt=0xffffd040)
     at libavformat/utils.c:1294
 #4  0x001bbf08 in avformat_find_stream_info (ic=0xffde60,
 options=0xffe3d0)
     at libavformat/utils.c:2757
 #5  0x00072c64 in open_input_file (o=0xffffd340, filename=<optimized out>)
     at ffmpeg_opt.c:814
 #6  0x000700ec in open_files (l=0xff202c, inout=0x881d78 "input",
     open_file=0x728a0 <open_input_file>) at ffmpeg_opt.c:2483
 #7  0x00076c4c in ffmpeg_parse_options (argc=<optimized out>,
 argv=0xffffd814)
     at ffmpeg_opt.c:2520
 #8  0x0006dc10 in main (argc=3, argv=0xffffd814) at ffmpeg.c:3368
 (gdb) disass $pc-28,$pc+32
 Dump of assembler code from 0x160df0 to 0x160e2c:
    0x00160df0 <mxg_read_header+408>:    nop
    0x00160df4 <mxg_find_startmarker+0>: save  %sp, -104, %sp
    0x00160df8 <mxg_find_startmarker+4>: st  %i0, [ %fp + 0x44 ]
    0x00160dfc <mxg_find_startmarker+8>: st  %i1, [ %fp + 0x48 ]
    0x00160e00 <mxg_find_startmarker+12>:        b  %xcc, 0x160efc
 <mxg_find_startmarker+264>
    0x00160e04 <mxg_find_startmarker+16>:        nop
    0x00160e08 <mxg_find_startmarker+20>:        ld  [ %fp + 0x44 ], %g1
 => 0x00160e0c <mxg_find_startmarker+24>:        ld  [ %g1 ], %g1
    0x00160e10 <mxg_find_startmarker+28>:        st  %g1, [ %fp + -4 ]
    0x00160e14 <mxg_find_startmarker+32>:        ld  [ %fp + -4 ], %g2
    0x00160e18 <mxg_find_startmarker+36>:        sethi  %hi(0x1010000), %g1
    0x00160e1c <mxg_find_startmarker+40>:        or  %g1, 0x101, %g1     !
 0x1010101
    0x00160e20 <mxg_find_startmarker+44>:        add  %g2, %g1, %g1
    0x00160e24 <mxg_find_startmarker+48>:        xnor  %g0, %g1, %g2
    0x00160e28 <mxg_find_startmarker+52>:        ld  [ %fp + -4 ], %g1
 (gdb) info register
 g0             0x0      0
 g1             0x1001f42        16785218
 g2             0x100233d        16786237
 g3             0x323d3130       842871088
 g4             0x403    1027
 g5             0x1001f40        16785216
 g6             0xffffffff       -1
 g7             0xf7ff6eb0       -134254928
 o0             0xffde60 16768608
 o1             0xffffccb0       -13136
 o2             0x8801d8 8913368
 o3             0x4c4b40 5000000
 o4             0x0      0
 o5             0xffde60 16768608
 sp             0xffffcac0       0xffffcac0
 o7             0x1b63e0 1795040
 l0             0x88ee18 8973848
 l1             0x88edf0 8973808
 l2             0xffde60 16768608
 l3             0x8431f0 8663536
 l4             0xf4240  1000000
 l5             0x57415200       1463898624
 l6             0x1000   4096
 l7             0x1      1
 i0             0x1001f42        16785218
 i1             0x1002340        16786240
 i2             0x40000  262144
 i3             0xffe480 16770176
 i4             0x80000000       -2147483648
 i5             0x1006460        16802912
 fp             0xffffcb28       0xffffcb28
 i7             0x1611c0 1446336
 y              0x0      0
 psr            0xff000084       [ #2 S #24 #25 #26 #27 #28 #29 #30 #31 ]
 wim            *value not available*
 tbr            *value not available*
 pc             0x160e0c 0x160e0c <mxg_find_startmarker+24>
 npc            0x160e10 0x160e10 <mxg_find_startmarker+28>
 fsr            0x0      [ ]
 csr            *value not available*
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2707>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list