[MPlayer-advusers] segfault on jpeg image

Wed Jan 17 19:58:47 CET 2007

Moin,

A friend just told me that he could segfault MPlayer
by using http://dod.vgmix.com/past/dec06/chrono.jpg
as input:

---
(gdb) run -v /tmp/chrono.jpg 
Starting program: /home/attila/src/mplayer/mplayer/mplayer -v /tmp/chrono.jpg
[Thread debugging using libthread_db enabled]
[New Thread 47728641852496 (LWP 10818)]
MPlayer dev-SVN-r21951-4.1.2 (C) 2000-2007 MPlayer Team
CPU: AMD Athlon(tm) 64 Processor 3700+ (Family: 15, Model: 55, Stepping: 2)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
get_path('codecs.conf') -> '/home/attila/.mplayer/codecs.conf'
Reading /home/attila/.mplayer/codecs.conf: Can't open '/home/attila/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '/tmp/chrono.jpg'
init_freetype
get_path('font/font.desc') -> '/home/attila/.mplayer/font/font.desc'
Bitmap font /home/attila/.mplayer/font/font.desc loaded successfully! (140 chars)
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
get_path('fonts') -> '/home/attila/.mplayer/fonts'
Using nanosleep() timing
get_path('input.conf') -> '/home/attila/.mplayer/input.conf'
Can't open input config file /home/attila/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('chrono.jpg.conf') -> '/home/attila/.mplayer/chrono.jpg.conf'

Playing /tmp/chrono.jpg.
get_path('sub/') -> '/home/attila/.mplayer/sub/'
[file] File size is 431151 bytes
STREAM: [file] /tmp/chrono.jpg
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename /tmp/chrono.jpg ext: .jpg
Checking for Nullsoft Streaming Video
Checking for MOV
Checking for VIVO
Checking for PVA
Checking for MPEG-TS...
TRIED UP TO POSITION 66850, FOUND 47, packet_size= 0, SEEMS A TS? 0
Checking for LMLM4 Stream Format
Invalid packet in LMLM4 stream: ch=65496 size=1067582
LMLM4 Stream Format not found
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)  
MPEG packet stats: p100: 15  p101: 3 p1B6: 0 p12x: 0 sli: 3 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 0 PES: 0  MP3: 203, synced: 0
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)  
MPEG packet stats: p100: 14  p101: 3 p1B6: 0 p12x: 0 sli: 3 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 0 PES: 0  MP3: 203, synced: 0
==> Found video stream: 0
ds_fill_buffer: EOF reached (stream: video)  
LAVF_check: image2 sequence
libavformat file format detected.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47728641852496 (LWP 10818)]
mp_seek (h=<value optimized out>, pos=-1, whence=2) at demux_lavf.c:129
129             pos += stream->end_pos;
(gdb) bt
#0  mp_seek (h=<value optimized out>, pos=-1, whence=2) at demux_lavf.c:129
#1  0x000000000059549b in url_fsize (s=0x7ffffc4e6bb0) at aviobuf.c:175
#2  0x00000000005a725d in img_read_packet (s1=<value optimized out>, 
    pkt=0xc7d0c0) at img2.c:253
#3  0x00000000005914be in av_read_frame_internal (s=0xc7c100, 
    pkt=0x7ffffc5036f0) at utils.c:796
#4  0x00000000005934cf in av_find_stream_info (ic=0xc7c100) at utils.c:1841
#5  0x0000000000539bd4 in demux_open_lavf (demuxer=0xc79970)
    at demux_lavf.c:225
#6  0x00000000004f0e79 in demux_open_stream (stream=0xc78fb0, 
    file_format=<value optimized out>, force=0, audio_id=-1, video_id=-1, 
    dvdsub_id=-2, filename=0xc2b380 "/tmp/chrono.jpg") at demuxer.c:767
#7  0x00000000004f1135 in demux_open (vs=0xc78fb0, file_format=7, 
    audio_id=4564256, video_id=-1, dvdsub_id=0, 
    filename=0xc2b380 "/tmp/chrono.jpg") at demuxer.c:862
#8  0x00000000004540c4 in main (argc=3, argv=0x7ffffc504c58) at mplayer.c:4246
(gdb) p stream
$1 = (stream_t *) 0x0
---

Happy debugging.

				Attila Kinali

-- 
Lotus Notes ist eine verteilte Datenbankapplikation,
als Sample ist eine miese Groupware dabei ;)
                       -- Lukas Beeler