[MPlayer-users] [BugReport] corrupt .nuv crashes mplayer

Tülay Sözbir-Seidel 520076833260-0001 at t-online.de
Sat May 11 21:02:01 CEST 2002 

Hello Arpi,

Thanks for your quick response.

Am Saturday 11 May 2002 17:23 schrieb mplayer-users-request at mplayerhq.hu:
> > #0  0x080a7185 in lzo1x_decompress ()
> > #1  0x0809e168 in decode_nuv ()
> > #2  0x0809403e in mpcodecs_get_image ()
> > #3  0x080921b7 in decode_video ()
> > #4  0x08064bae in main ()
> > #5  0x404be7ee in __libc_start_main () from /lib/libc.so.6
>
> Why dont you have line numbers ?
> Forget to compile with --enable-debug ?
> Or did you strip the binary ?

I don't know what went wrong. I might have missed the "=3" after 
"--enable-debug" or indeed accidentely stripped the binary. Here is a crash 
report with the line numbers. Surprisingly it now crashes reproducible at a 
different part of the program.

I browsed a bit in the code. Looks like the corrupt .nuv contains a 
rtjpeg_frameheader with a packetlength of 1952653362. Which leads to  memcpy 
that fails.

Thanx again for the great player!

Jörg


js at art:~> gdb mpdir/main/mplayer
GNU gdb 20010316
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-suse-linux"...
(gdb) run -v -vo sdl "hello.nuv"
Starting program: /home/js/mpdir/main/mplayer -v -vo sdl "hello.nuv"
[New Thread 1024 (LWP 6995)]


MPlayer CVS-020509-22:47-2.95.3 (C) 2000-2002 Arpad Gereoffy (see DOCS!)

CPU vendor name: AuthenticAMD  max cpuid level: 1
CPU: Advanced Micro Devices Athlon K75 Pluto,Orion (Type: 6, Stepping: 2)
extended cpuid-level: 6
CPUflags: Type: 6 MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 0 SSE2: 0
Compiled for x86 CPU with features: MMX MMX2 3DNow 3DNowEx
Reading /home/js/.mplayer/codecs.conf: 34 audio & 92 video codecs
CommandLine: '-v' '-vo' 'sdl' 'hello.nuv'
get_path('font/font.desc') -> '/home/js/.mplayer/font/font.desc'
font: can't open file: /home/js/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Linux RTC init error: Permission denied
Using usleep() timing
get_path('input.conf') -> '/home/js/.mplayer/input.conf'
Can't open input config file /home/js/.mplayer/input.conf : No such file or 
directory
Falling back on default (hardcoded) config
Setting up lirc support...
NEW LIRC init was successful.
Playing hello.nuv
Not an URL!
File size is 167936 bytes
Checking for YUV4MPEG2
DEMUXER: freeing demuxer at 0x8283030
ASF_check: not ASF guid!
DEMUXER: freeing demuxer at 0x8283030
Checking for NuppelVideo
Detected NuppelVideo file format!
==> Found video stream: 0
==> Found audio stream: 0
[V] filefmt:13  fourcc:0x3156554E  size:352x288  fps:25.00  ftime:=0.0400
get_path('sub/') -> '/home/js/.mplayer/sub/'
Detected audio codec: [pcm] drv:2 (Uncompressed PCM)
Initializing audio codec...
Selecting Audio Decoder: [pcm] Uncompressed PCM audio decoder
dec_audio: Allocating 2048 + 65536 = 67584 bytes for output buffer
AUDIO: srate=44100  chans=2  bps=2  sfmt=0x10  ratio: 176400->176400
==========================================================================
Opening Video Decoder: [nuv] NuppelVideo decoder
VDec: vo config request - 352 x 288, Planar I420
[PP] Sorry, postprocessing is not available
vo_debug: query(Planar I420) returned 0x437 (i=0)
Movie-Aspect is undefined - no prescaling applied.
video_out->init(352x288->352x288,flags=0,'MPlayer',0x30323449)
VO: [sdl] 352x288 => 352x288 Planar I420
VO: Description: SDL YUV/RGB/BGR renderer (SDL v1.1.7+ only!)
VO: Author: Ryan C. Gordon <icculus at lokigames.com>, Felix Buenemann 
<atmosfear at users.sourceforge.net>
SDL: Mapping I420 to IYUV
SDL: Using 0x56555949 (Planar IYUV) image format
SDL: deactivating XScreensaver/DPMS
SDL: X11 Resolution 1280x1024
SDL: Using driver: x11
SDL: using hardware-surface
SDL: setting windowed mode
Detected video codec: [nuv] drv:15 prio:0 (NuppelVideo)
==========================================================================
AO: [oss] 44100Hz Stereo Signed 16-bit (Little-Endian)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
ao2: 44100 Hz  2 chans  Signed 16-bit (Little-Endian)
audio_setup: using '/dev/dsp' dsp device
audio_setup: sample format: Signed 16-bit (Little-Endian) (requested: Signed 
16-bit (Little-Endian))
audio_setup: using 2 channels (requested: 2)
audio_setup: using 44100 Hz samplerate (requested: 44100)
audio_setup: frags: 128/128  (1024 bytes/frag)  free: 131072
Start playing...
*** [vo] Allocating mp_image_t, 352x288x12bpp YUV planar, 152064 bytes
Found RTjpeg tables (size: 512, width: 352, height: 288)
A:   0.0 V:-1073744.5 A-V:1073744.500 ct:  0.000    1/  1   0%  0%  0.0% 0 0 
0%
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 6995)]
0x4051c587 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x4051c587 in memcpy () from /lib/libc.so.6
#1  0x081116a7 in ds_read_packet (ds=0x82686b8, stream=0x8277320, 
len=1952653374, pts=808463.938, pos=166326,
    flags=0) at ../libmpdemux/stream.h:141
#2  0x0811fa8c in demux_nuv_fill_buffer (demuxer=0x8283030) at demux_nuv.c:176
#3  0x081118b9 in demux_fill_buffer (demux=0x8283030, ds=0x8268658) at 
demuxer.c:282
#4  0x08111a8f in ds_fill_buffer (ds=0x8268658) at demuxer.c:340
#5  0x08111b24 in demux_read_data (ds=0x8268658, mem=0x8283898 "o", len=65536) 
at demuxer.c:358
#6  0x08091b5b in decode_audio (sh_audio=0x8268850, buf=0x8283898 "o", 
minlen=65536, maxlen=67584)
    at ad_pcm.c:66
#7  0x0808fa7e in decode_audio (sh_audio=0x8268850, buf=0x8283898 "o", 
minlen=65536, maxlen=67584)
    at dec_audio.c:130
#8  0x080648ce in main (argc=5, argv=0xbffff5d4, envp=0xbffff5ec) at 
mplayer.c:1473
#9  0x404be7ee in __libc_start_main () from /lib/libc.so.6
(gdb) disass $eip-32 $eip+32
Dump of assembler code from 0x4051c567 to 0x4051c5a7:
0x4051c567 <memcpy+7>:  or     %cl,0xd7891045(%ebx)
0x4051c56d <memcpy+13>: mov    0xc(%ebp),%esi
0x4051c570 <memcpy+16>: cmp    $0x7,%eax
0x4051c573 <memcpy+19>: jbe    0x4051c590 <memcpy+48>
0x4051c575 <memcpy+21>: mov    %edx,%ecx
0x4051c577 <memcpy+23>: neg    %ecx
0x4051c579 <memcpy+25>: and    $0x3,%ecx
0x4051c57c <memcpy+28>: sub    %ecx,%eax
0x4051c57e <memcpy+30>: cld
0x4051c57f <memcpy+31>: repz movsb %ds:(%esi),%es:(%edi)
0x4051c581 <memcpy+33>: mov    %eax,%ecx
0x4051c583 <memcpy+35>: shr    $0x2,%ecx
0x4051c586 <memcpy+38>: cld
0x4051c587 <memcpy+39>: repz movsl %ds:(%esi),%es:(%edi)
0x4051c589 <memcpy+41>: and    $0x3,%eax
0x4051c58c <memcpy+44>: lea    0x0(%esi,1),%esi
0x4051c590 <memcpy+48>: mov    %eax,%ecx
0x4051c592 <memcpy+50>: cld
0x4051c593 <memcpy+51>: repz movsb %ds:(%esi),%es:(%edi)
0x4051c595 <memcpy+53>: mov    %edx,%eax
0x4051c597 <memcpy+55>: pop    %esi
0x4051c598 <memcpy+56>: pop    %edi
0x4051c599 <memcpy+57>: mov    %ebp,%esp
0x4051c59b <memcpy+59>: pop    %ebp
0x4051c59c <memcpy+60>: ret
0x4051c59d <Letext>:    lea    0x0(%esi),%esi
0x4051c5a0 <_wordcopy_fwd_aligned>:     push   %ebp
0x4051c5a1 <_wordcopy_fwd_aligned+1>:   mov    %esp,%ebp
0x4051c5a3 <_wordcopy_fwd_aligned+3>:   push   %edi
0x4051c5a4 <_wordcopy_fwd_aligned+4>:   push   %esi
0x4051c5a5 <_wordcopy_fwd_aligned+5>:   push   %ebx
0x4051c5a6 <_wordcopy_fwd_aligned+6>:   call   0x4051c5ab 
<_wordcopy_fwd_aligned+11>
End of assembler dump.

More information about the MPlayer-users mailing list