[MPlayer-advusers] AVI: segfault in video_read_properties() (video.c:88) if no stream format chunk has been seen

Attila Kinali attila at kinali.ch
Wed Jul 11 17:17:23 CEST 2007 

Heyo,

First bugreport comming from my zzuf setup :-)

MPlayer segfaults in video_read_properties() whenn trying
to access s_video->bih which is being allocated in 
libmpdemux/aviheader.c:262, but only if a stream format chunk
("strf") has been seen.

---schnipp---
MPlayer dev-SVN-r23766-4.1.2 (C) 2000-2007 MPlayer Team
CPU: AMD Athlon(tm) 64 Processor 3700+ (Family: 15, Model: 55, Stepping: 2)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
get_path('codecs.conf') -> '/home/attila/.mplayer/codecs.conf'
Reading /home/attila/.mplayer/codecs.conf: Can't open '/home/attila/.mplayer/cod
ecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/c
odecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug
CommandLine: '-vo' 'null' '-ao' 'null' '-benchmark' '-nosound' '/data/outsource/
misc/amv/oh!mygoddess & to love you more (dj mystik).avi' '-v'
init_freetype
get_path('font/font.desc') -> '/home/attila/.mplayer/font/font.desc'
Bitmap font /home/attila/.mplayer/font/font.desc loaded successfully! (140 chars
)
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
get_path('fonts') -> '/home/attila/.mplayer/fonts'
Using nanosleep() timing
get_path('input.conf') -> '/home/attila/.mplayer/input.conf'
Can't open input config file /home/attila/.mplayer/input.conf: No such file or d
irectory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or 
directory
Falling back on default (hardcoded) input config
get_path('oh!mygoddess & to love you more (dj mystik).avi.conf') -> '/home/attil
a/.mplayer/oh!mygoddess & to love you more (dj mystik).avi.conf'

Playing /data/outsource/misc/amv/oh!mygoddess & to love you more (dj mystik).avi
.
get_path('sub/') -> '/home/attila/.mplayer/sub/'
[file] File size is 43184128 bytes
STREAM: [file] /data/outsource/misc/amv/oh!mygoddess & to love you more (dj myst
ik).avi
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
AVI file format detected.
list_end=0x2292
CHUNK avih  len=56
======= AVI Header =======
us/frame: 33333  (fps=30.000)
max bytes/sec: 0
padding: 0
MainAVIHeader.dwFlags: (272) HAS_INDEX IS_INTERLEAVED
frames  total: 40475   initial: 0
streams: 2
Suggested BufferSize: 0
Size:  33408 x 480
==========================
list_end=0x10F4
CHUNK strh  len=56
==> Found video stream: 0
[aviheader] Video stream found, -vid 0
====== STREAM Header =====
Type: vids   FCC: div3 (33766964)
Flags: 0
Priority: 0   Language: 0
InitialFrames: 4096
Rate: 3000/100 = 30.000
Start: 0   Len: 7707
Suggested BufferSize: 40919
Quality 10000
Sample size: 0
==========================
CHUNK stræ  len=40               <------------- note, strf has been fuzzed
CHUNK JUNK  len=4120
CHUNK NIST  len=4234
list_end=0x2292
CHUNK `mlh  len=248
list_end=0x230C
CHUNK INAM  len=17
hdr=Name  size=17
Name      : To Love Xou More
CHUNK ISBJ  len=17
hdr=Subject  size=17
Subject   : To Lovd You More
CHUNK IART  len=8388616
hdr=Artist  size=8388616
Artist    : icechai
Broken chunk?  chunksize=8388366  (id=IART)
CHUNK JUNO  len=1260
CHUNK LISV  len=42926142
CHUNK idx1  len=246400
Reading INDEX block, 15400 chunks for 40475 frames (fpos=42936398).
CHUNK JUNK  len=1322
AVI index offset: 0x0 (movi=0x0 idx0=0x5 idx1=0x1F3A)
Auto-selected AVI video ID = 0
ChunkID mismatch! raw= idx=00dc  
ChunkSize mismatch! raw=0 idx=23408  
AVI video size=2382131318 (6968) audio size=0 (0)
[...]
Program terminated with signal 11, Segmentation fault.
0  0x0000000000552212 in video_read_properties (sh_video=0xedaaf0)
    at video.c:88
88              sh_video->format=sh_video->bih->biCompression;
(gdb) bt
#0  0x0000000000552212 in video_read_properties (sh_video=0xedaaf0)
    at video.c:88
#1  0x0000000000454696 in main (argc=9, argv=0x7fffe7746e38) at mplayer.c:3074
(gdb) l
83      // Determine image properties:
84      switch(video_codec){
85       case VIDEO_OTHER: {
86       if((d_video->demuxer->file_format == DEMUXER_TYPE_ASF) || (d_video->demuxer->file_format == DEMUXER_TYPE_AVI)) {
87        // display info: 
88              sh_video->format=sh_video->bih->biCompression;
89      
90          sh_video->disp_w=sh_video->bih->biWidth;
91          sh_video->disp_h=abs(sh_video->bih->biHeight);
92      
(gdb) p sh_video->bih
$1 = (BITMAPINFOHEADER *) 0x0

---schnapp---


Could someone have a look at this?

Thanks in advance

			Attila Kinali


-- 
Praised are the Fountains of Shelieth, the silver harp of the waters,
But blest in my name forever this stream that stanched my thirst!
                         -- Deed of Morred

More information about the MPlayer-advusers mailing list