[MPlayer-users] Bug in Cinepack decoder
J.A. Gutierrez
spd at shiva.cps.unizar.es
Wed Apr 28 11:16:34 CEST 2004
Hello
While working on the code to synchronize players on LAN
http://giga.cps.unizar.es/~spd/src/graphics/mplayer/
(see messages with subject "Synchronization of players in LAN"
in mplayer-dev-eng from Nov. 2003), I have found a reproducible
way to crash mplayer:
Linux Distributions:
Linux Red Hat 7.2, Red Hat 9.0, Mandrakelinux release 10.1
Kernel:
Several, including 2.4.26 SMP
libc
Several, including libc-2.3.3.so
gcc versions:
Several, from 2.96 to 3.3.2
Hardware:
From PIII to PIV Intel(R) XEON(TM) CPU 1.80GHz
Several video cards, all from NVidia, using NVidia drivers.
The problem appears when playing Cinepak Video and frames has to be dropped.
You can edit mplayer.c so dropping is forced:
---------------------------------------------------------------------------
*** mplayer.c 2004-04-27 19:08:15.000000000 +0200
--- mplayer_orig.c 2003-10-04 03:24:50.000000000 +0200
***************
*** 83,96 ****
#include "input/input.h"
-
int slave_mode=0;
int verbose=0;
int identify=0;
static int quiet=0;
! int mp_udp=0;
! char *mp_tcpsrv=NULL;
!
#define ABS(x) (((x)>=0)?(x):(-(x)))
#define ROUND(x) ((int)((x)<0 ? (x)-0.5 : (x)+0.5))
--- 83,93 ----
#include "input/input.h"
int slave_mode=0;
int verbose=0;
int identify=0;
static int quiet=0;
!
#define ABS(x) (((x)>=0)?(x):(-(x)))
#define ROUND(x) ((int)((x)<0 ? (x)-0.5 : (x)+0.5))
***************
*** 2068,2090 ****
time_frame+=frame_time; // for nosound
// check for frame-drop:
current_module="check_framedrop";
! /* if(sh_audio && !d_audio->eof){*/
! /* float delay=playback_speed*audio_out->get_delay();*/
! /* float d=delay-sh_audio->delay;*/
// we should avoid dropping to many frames in sequence unless we
// are too late. and we allow 100ms A-V delay here:
! /* if(d<-dropped_frames*frame_time-0.100){*/
! if ( total_frame_cnt % 5 )
! {
drop_frame=frame_dropping;
++drop_frame_cnt;
++dropped_frames;
! }
! /* } else {*/
! /* drop_frame=dropped_frames=0;*/
! /* }*/
++total_frame_cnt;
! /* }*/
// decode:
current_module="decode_video";
// printf("Decode! %p %d \n",start,in_size);
--- 2065,2084 ----
time_frame+=frame_time; // for nosound
// check for frame-drop:
current_module="check_framedrop";
! if(sh_audio && !d_audio->eof){
! float delay=playback_speed*audio_out->get_delay();
! float d=delay-sh_audio->delay;
// we should avoid dropping to many frames in sequence unless we
// are too late. and we allow 100ms A-V delay here:
! if(d<-dropped_frames*frame_time-0.100){
drop_frame=frame_dropping;
++drop_frame_cnt;
++dropped_frames;
! } else {
! drop_frame=dropped_frames=0;
! }
++total_frame_cnt;
! }
// decode:
current_module="decode_video";
// printf("Decode! %p %d \n",start,in_size);
---------------------------------------------------------------------------
With this modifications, mplayer will crash (see report below)
MPlayer interrupted by signal 11 in module: decode_video
The same .avi file is played if no dropping happens.
The original .avi file is 201 Mb long, but I could provide the
first 2 Mb, which seems enough to make mplayer crash.
http://giga.cps.unizar.es/~spd/src/graphics/mplayer/tns.avi
---------------------------------------------------------------------------
(gdb) run
Starting program: /home/spd/MPlayer-1.0pre2/mplayer -framedrop -autosync 0 -v -nosound -vo x11 tn.avi
MPlayer 1.0pre2-3.3.2 (C) 2000-2003 MPlayer Team
CPU: Intel Pentium 4/Xeon/Celeron Northwood 1785 MHz (Family: 8, Stepping: 4)
Detected cache-line size is 64 bytes
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Playing tn.avi
[file] File size is 201769984 bytes
STREAM: [file] tn.avi
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
AVI file format detected.
list_end=0xD4
======= AVI Header =======
us/frame: 40000 (fps=25.000)
max bytes/sec: 4865558
padding: 0
MainAVIHeader.dwFlags: (2064) HAS_INDEX TRUST_CKTYPE
frames total: 1800 initial: 0
streams: 1
Suggested BufferSize: 203698
Size: 1024 x 768
==========================
list_end=0xD4
==> Found video stream: 0
====== STREAM Header =====
Type: vids FCC: (0)
Flags: 0
Priority: 0 Language: 0
InitialFrames: 0
Rate: 25025/1001 = 25.000
Start: 0 Len: 1800
Suggested BufferSize: 203698
Quality -1
Sample size: 0
==========================
found 'bih', 40 bytes of 40
======= VIDEO Format ======
biSize 40
biWidth 1024
biHeight 768
biPlanes 1
biBitCount 24
biCompression 1684633187='cvid'
biSizeImage 218196
===========================
Broken chunk? chunksize=1816 (id=JUNK)
list_end=0xC06520C
Found movie at 0x800 - 0xC06520C
Reading INDEX block, 1800 chunks for 1800 frames (fpos=0xc065214)
stream_seek: WARNING! Can't seek to 0x10B22DFCC !
AVI index offset: 0x7FC (movi=0x800 idx0=0x4 idx1=0x2A27C)
Auto-selected AVI video ID = 0
AVI_NI: No audio stream found -> no sound.
AVI video size=201724364 (1800) audio size=0 (0)
VIDEO: [cvid] 1024x768 24bpp 25.000 fps 22413.8 kbps (2736.1 kbyte/s)
[V] filefmt:3 fourcc:0x64697663 size:1024x768 fps:25.00 ftime:=0.0400
get_path('sub/') -> '/home/spd/.mplayer/sub/'
get_path('default.sub') -> '/home/spd/.mplayer/default.sub'
X11 opening display: :0.0
vo: X11 color mask: FFFFFF (R:FF0000 G:FF00 B:FF)
vo: X11 running at 1600x1200 with depth 24 and 32 bpp (":0.0" => local display)
[x11] Detected wm supports NetWM.
[x11] Detected wm supports FULLSCREEN state.
[x11] Detected wm supports ABOVE state.
[x11] Detected wm supports BELOW state.
[x11] Current fstype setting honours FULLSCREEN ABOVE BELOW X atoms
Disabling DPMS
DPMSDisable stat: 1
==========================================================================
Opening video decoder: [vfw] Win32/VfW video codecs
======= Win32 (VFW) VIDEO Codec init =======
Loading codec DLL: 'iccvid.dll'
get_path('registry') -> '/home/spd/.mplayer/registry'
Loaded DLL driver iccvid.dll
ICDecompressGetFormatSize ret: 40
ICDecompressGetFormat OK
VDec: vo config request - 1024 x 768 (preferred csp: Packed YUY2)
[PP] Using codec's postprocessing, max q = 9.
Trying filter chain: vo
VDec: using BGR 24-bit as output csp (no 0)
Movie-Aspect is undefined - no prescaling applied.
VO Config (1024x768->1024x768,flags=0,'MPlayer',0x42475218)
VO: [x11] 1024x768 => 1024x768 BGR 24-bit
VO: Description: X11 ( XImage/Shm )
VO: Author: Aaron Holtzman <aholtzma at ess.engr.uvic.ca>
Sharing memory.
SwScaler: using unscaled BGR 24-bit -> BGR 32-bit special converter
ICDecompressQuery OK
Input format:
======= VIDEO Format ======
biSize 40
biWidth 1024
biHeight 768
biPlanes 1
biBitCount 24
biCompression 1684633187='cvid'
biSizeImage 218196
===========================
Output format:
======= VIDEO Format ======
biSize 40
biWidth 1024
biHeight -768
biPlanes 1
biBitCount 24
biCompression 0=''
biSizeImage 2359296
===========================
INFO: Win32 video codec init OK!
Selected video codec: [cvidvfw] vfm:vfw (Cinepak Video)
==========================================================================
Audio: no sound
Freeing 0 unused audio chunks
Starting playback...
*** [vo] Allocating mp_image_t, 1024x768x24bpp BGR packed, 2359296 bytes
V: 0.0 1 0% 0% 0.0% 0 0 0%
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 643)]
0x08509115 in ?? ()
(gdb) bt
#0 0x08509115 in ?? ()
#1 0x410a97d4 in ?? ()
#2 0x410a97d4 in ?? ()
#3 0x00007bf6 in ?? ()
#4 0x084f96b8 in ?? ()
#5 0x6ea26790 in ?? ()
#6 0x410a97d8 in ?? ss $pc-32 $pc+32
Dump of assembler code from 0x85090f5 to 0x8509135:
0x085090f5: add %al,(%eax)
0x085090f7: je 0x85090cd
0x085090f9: add %edx,%edx
0x085090fb: jae 0x8509207
0x08509101: je 0x85090de
0x08509103: mov (%esi),%eax
0x08509105: add $0x4,%esi
0x08509108: xor %ebx,%ebx
0x0850910a: mov %al,%bl
0x0850910c: shl $0x4,%ebx
0x0850910f: mov 0x85028e8(%ebx),%ebp
0x08509115: mov %ebp,(%edi)
0x08509117: mov 0x85028f0(%ebx),%ebp
0x0850911d: mov %ebp,0xc00(%edi)
0x08509123: mov 0x85028f4(%ebx),%ebp
0x08509129: mov 0x85028ee(%ebx),%bp
0x08509130: xor %ebx,%ebx
0x08509132: mov %ah,%bl
0x08509134: shl $0x4,%ebx
End of assembler dump.
--
finger spd at shiva.cps.unizar.es for PGP /
.mailcap tip of the day: / La vida es una carcel
application/ms-tnef; cat '%s' > /dev/null / con las puertas abiertas
text/x-vcard; cat '%s' > /dev/null / (A. Calamaro)
More information about the MPlayer-users
mailing list