[MPlayer-dev-eng] weird bug in libmpeg2
Gianluigi Tiesi
mplayer at netfarm.it
Mon Aug 2 22:22:22 CEST 2010
Hi,
I've got a difficult to trace bug in libmpeg2
I've a sample in upload ftp 'mpeg12-crash.ts'
the bug is triggered using -vc mpeg12 decoder
(gdb) bt
#0 0x0822c7b6 in MC_put1_16 (height=16, dest=0xf79e2020 "", ref=0x359ecc91 <Address 0x359ecc91 out of bounds>, stride=720) at libmpeg2/motion_comp_mmx.c:544
#1 0x0822ce58 in MC_put_o_16_mmxext (dest=0xf79e2020 "", ref=0x359ecc91 <Address 0x359ecc91 out of bounds>, stride=720, height=16) at libmpeg2/motion_comp_mm
the ref array is uninit
the ref array comes from fbuf
MC_put1_16 does movq (%eax),%mm0
with eax a bad pointer, better to say unint as stated by valgrind
and heap alloc pattern on win32
looks like it has something to do with:
b_type = (mpeg2dec->decoder.coding_type == B_TYPE);
mpeg2_init_fbuf (&(mpeg2dec->decoder), mpeg2dec->fbuf[0]->buf,
mpeg2dec->fbuf[b_type + 1]->buf,
mpeg2dec->fbuf[b_type]->buf);
b_type = 0
fbuf[0] is ok
fbuf[1] is uninit
Hope someone can make a bit more light than me here
Regards
--
Gianluigi Tiesi <sherpya at netfarm.it>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
More information about the MPlayer-dev-eng
mailing list