[MPlayer-dev-eng] Little bug in asf demuxer

Gianluigi Tiesi mplayer at netfarm.it
Sat Jul 23 13:40:48 CEST 2005


System info:
Distribution: Debian Unstable (sid)
Linux elenoire 2.6.12.2 #1 Mon Jul 4 02:18:14 CEST 2005 i686 GNU/Linux
libc 2.3.2
gcc version 4.0.1 (Debian 4.0.1-2)
Binutils 2.16.1

same problem on mingw gcc 3.4.4 - binutils 2.16

Related media: MasterCard.asf (go ahead until almost the end of the clip)

upload on ftp: ftp://mplayerhq.hu/MPlayer/incoming/Mastercard.{asf,txt}

mplayer output (-v -v)

...
timeGetTime() => 1131485058
IsRectEmpty(0x85ed7c8) => TRUE
IsRectEmpty(0x85ed7b8) => TRUE
IsRectEmpty(0x85ed7c8) => TRUE
timeGetTime() => 1131485061
LeaveCriticalSection(0x85ecb4c) 0x85ecc60
*** ftime=0.067 ***
delay=0.365556
### A:  73.106 (  72.696)  V:  72.633  A-V: 0.0630
A:  72.7 V:  72.6 A-V:  0.063 ct: -0.039 1042/1042  5%  1%  2.0% 0 0
decaudio: minlen=6004 maxlen=32768 declen=6004 (max=196608)
decaudio: declen=6004 out=6004 (max 32768)
ds_fill_buffer(d_video) called
 E5 41 04 1E 22 FC 7A B5 39 48 8E 01 C9 3B 5B 2A
Explicit packet size specified: 26101817
Warning! plen>packetsize! (26101817>2512)
seg 0: 09 1C 01 00 E8 02 7E 04 2B B7 EA CD 6D 7D 58 43
ASF_parser: warning! segment len=26101661
 48 B0 9E 54 47 85 30 88 A2 3C 66 70 91 50 4B 19
Explicit packet size specified: 21662
Warning! plen>packetsize! (21662>2512)
seg 0: 70 91 50 4B 19 00 00 08 CA 12 38 12 76 1B 01 00
unknown segment type (rlen): 0x00
ASF_parser: warning! segment len=21646
 04 6A 17 D0 DC C4 23 2E 43 73 ED 01 D0 55 A5 42
seg 0: ED 01 D0 55 A5 42 00 00 08 CA 12 9C 12 76 1B 01
 39 DF E9 7A 30 74 AD 4C 09 C6 5C 46 D4 C5 FF BA
Explicit packet size specified: 233
seg 0: FF BA 00 00 08 09 5D 05 00 13 76 1B 01 00 15 01

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212282880 (LWP 22246)]
0x08137b2d in demux_asf_fill_buffer (demux=0x85bfb38) at demux_asf.c:310
310                       case 3: len=LOAD_LE32(p);p+=4;break;  // dword


backtrace:
#0  0x08137b2d in demux_asf_fill_buffer (demux=0x85bfb38) at demux_asf.c:310
#1  0x081334d7 in demux_fill_buffer (demux=0x85bfb38, ds=0x85bf0b0)
    at demuxer.c:380
#2  0x08133e51 in ds_get_next_pts (ds=0x85bf0b0) at demuxer.c:592
#3  0x081305ee in video_read_frame (sh_video=0x85c07b8,
    frame_time_ptr=0xbf9d35f4, start=0xbf9d35f0, force_fps=0) at video.c:569
#4  0x0806c86c in main (argc=4, argv=0xbf9d38d4) at mplayer.c:2324

-> problem is p pointer (oversized packet len probably due to a bad media)
$1 = (unsigned char *) 0x1b5c0df5 <Address 0x1b5c0df5 out of bounds>


Bye
-- 
Gianluigi Tiesi <sherpya at netfarm.it>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/




More information about the MPlayer-dev-eng mailing list