[MPlayer-users] bug? (segfault/heap corruption)
Joe Neeman
neeman at webone.com.au
Sun Aug 22 03:26:23 CEST 2004
I'm trying to play the GameSpy Doom3 movies and mplayer keeps
segfaulting. The file in question can be found at
http://www.fileplanet.com/files/140000/143880.shtml (truncating the file
didn't work, unfortunately). It segfaults in a call to malloc; I've
included some debugging info at the end of the email. In this example,
it segfaults in module read_subtitles_file, but if I add the option
-noautosub then it segfaults in init_audio_codec (also with a call to
malloc). I'm using gentoo/amd64 with kernel 2.6.7-gentoo-r13. Here is
various information as requested in the docs:
ls -l /lib/libc[.-]*
-rwxr-xr-x 1 root root 2205640 Aug 12 09:21 /lib/libc-2.3.4.so
lrwxrwxrwx 1 root root 13 Aug 13 06:50 /lib/libc.so.6 ->
libc-2.3.4.so
gcc -v
Reading specs from /usr/lib/gcc-lib/x86_64-pc-linux-gnu/3.3.3/specs
Configured with: /var/tmp/portage/gcc-3.3.3-r6/work/gcc-3.3.3/configure
--prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/3.3
--includedir=/usr/lib/gcc-lib/x86_64-pc-linux-gnu/3.3.3/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.3
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.3/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.3/info
--enable-shared --host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-system-zlib --enable-languages=c,c++ --enable-threads=posix
--enable-long-long --disable-checking --disable-libunwind-exceptions
--enable-cstdio=stdio --enable-version-specific-runtime-libs
--with-gxx-include-dir=/usr/lib/gcc-lib/x86_64-pc-linux-gnu/3.3.3/include/g++-v3 --with-local-prefix=/usr/local --enable-shared --enable-nls --without-included-gettext --disable-multilib --enable-__cxa_atexit --enable-clocale=generic
Thread model: posix
gcc version 3.3.3 20040412 (Gentoo Linux 3.3.3-r6, ssp-3.3.2-2,
pie-8.7.6)
ld -v
GNU ld version 2.15.90.0.1.1 20040303
as --version
GNU assembler 2.15.90.0.1.1 20040303
Copyright 2002 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms
of
the GNU General Public License. This program has absolutely no
warranty.
This assembler was configured for a target of `x86_64-pc-linux-gnu'.
cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 5
model name : AMD Opteron(tm) Processor 242
stepping : 10
cpu MHz : 1592.799
cache size : 1024 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm
3dnowext 3dnow
bogomips : 3129.34
TLB size : 1088 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts ttp
processor : 1
vendor_id : AuthenticAMD
cpu family : 15
model : 5
model name : AMD Opteron(tm) Processor 242
stepping : 10
cpu MHz : 1592.799
cache size : 1024 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm
3dnowext 3dnow
bogomips : 3178.49
TLB size : 1088 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts ttp
Here is the cli output:
mplayer -v doom3_fullintro_640.mov
Using GNU internationalization
Original domain: messages
Original dirname: /usr/share/locale
Current domain: mplayer
Current dirname: /usr/local/share/locale
MPlayer dev-CVS-040822-08:14-3.3.3 (C) 2000-2004 MPlayer Team
CPU: Advanced Micro Devices 64-bit CPU
Reading config file /usr/local/etc/mplayer/mplayer.conf: No such file or
directory
Reading config file /home/joe/.mplayer/config
Reading /home/joe/.mplayer/codecs.conf: Can't open
'/home/joe/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open
'/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
CommandLine: '-v' 'doom3_fullintro_640.mov'
init_freetype
get_path('font/font.desc') -> '/home/joe/.mplayer/font/font.desc'
font: can't open file: /home/joe/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using Unoptimized OnScreenDisplay
Using Linux hardware RTC timing (1024Hz).
get_path('input.conf') -> '/home/joe/.mplayer/input.conf'
Can't open input config file /home/joe/.mplayer/input.conf: No such file
or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such
file or directory
Falling back on default (hardcoded) input config
get_path('doom3_fullintro_640.mov.conf') ->
'/home/joe/.mplayer/doom3_fullintro_640.mov.conf'
Playing doom3_fullintro_640.mov.
[file] File size is 74939772 bytes
STREAM: [file] doom3_fullintro_640.mov
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
Checking for YUV4MPEG2
DEMUXER: freeing demuxer at 0x96ef80
ASF_check: not ASF guid!
DEMUXER: freeing demuxer at 0x96ef80
Checking for Nullsoft Streaming Video
DEMUXER: freeing demuxer at 0x96ef80
Checking for NuppelVideo
DEMUXER: freeing demuxer at 0x96ef80
Checking for REAL
DEMUXER: freeing demuxer at 0x96ef80
Checking for SMJPEG
DEMUXER: freeing demuxer at 0x96ef80
DEMUXER: freeing demuxer at 0x9701b0
DEMUXER: freeing demuxer at 0x9701b0
Searching demuxer type for filename doom3_fullintro_640.mov ext: .mov
Trying demuxer 7 based on filename extension
Checking for MOV
MOV: 'WIDE' chunk found!
MOV: Movie DATA found!
MOV: Movie DATA found!
MOV: Movie header found!
QuickTime/MOV file format detected.
MOV: Movie header (100 bytes): tscale=2997 dur=412500
--------------
MOV: Track #0:
MOV: Track header!
tkhd len=84 ver=0 flags=0x0 id=1 dur=412500 lay=0 vol=0
MOV: unknown chunk: load 16
MOV: Edit atom!
MOV: Edit list table (2 entries) (ver:0,flags:0)
MOV: entry#0: duration: 412200 start time: 0 speed: 1.0x
MOV: entry#1: duration: 300 start time: 412200 speed: 0.3x
MOV: Media stream!
MOV: Media header!
MOV: Handler header: mhlr/vide (appl) Apple Video Media Handler
MOV: Media info!
MOV: Video header!
MOV: Handler header: dhlr/alis (appl) Apple Alias Data Handler
MOV: unknown chunk: dinf 28
MOV: Sample info!
MOV: Description list! (cnt:1)
MOV: desc #0: SVQ3 (1951 bytes)
MOV: Sample duration table! (1 blocks)
MOV: Syncing samples (keyframes) table! (82 entries) (ver:0,flags:0)
MOV: Sample->Chunk mapping table! (551 blocks) (ver:0,flags:0)
MOV: Sample size table! (entries=4123 ss=0) (ver:0,flags:0)
MOV: Chunk offset table! (551 chunks)
MOV track #0: 551 chunks, 4123 samples
pts=412300 scale=2997 time=137.571
EL#0: pts=0 1st_sample=0 frames=4122 (137.538s) pts_offs=0
EL#1: pts=412200 1st_sample=4122 frames=1 (0.100s) pts_offs=0
==> Found video stream: 0
MOV: Found unknown movie atom SMI (1877)!
Image size: 640 x 480 (32 bpp)
Display size: 640 x 480
Fourcc: SVQ3 Codec: 'Sorenson Video 3'
--------------
MOV: Track #1:
MOV: Track header!
tkhd len=84 ver=0 flags=0x0 id=2 dur=412495 lay=0 vol=256
MOV: Edit atom!
MOV: Edit list table (2 entries) (ver:0,flags:545460846592)
MOV: entry#0: duration: 200 start time: -1 speed: 1.0x
MOV: entry#1: duration: 412295 start time: 0 speed: 1.0x
MOV: Media stream!
MOV: Media header!
MOV: Handler header: mhlr/soun (appl) Apple Sound Media Handler
MOV: Media info!
MOV: Sound header!
MOV: Handler header: dhlr/alis (appl) Apple Alias Data Handler
MOV: unknown chunk: dinf 28
MOV: Sample info!
MOV: Description list! (cnt:1)
MOV: desc #0: ima4 (36 bytes)
MOV: Sample duration table! (1 blocks)
MOV: Sample->Chunk mapping table! (231 blocks) (ver:0,flags:0)
MOV: Sample size table! (entries=6066816 ss=1) (ver:0,flags:0)
MOV: Chunk offset table! (280 chunks)
MOV track #1: 280 chunks, 0 samples
pts=6066816 scale=44100 time=137.570
==> Found audio stream: 1
Audio bits: 16 chans: 2 rate: 44100
Audio header: samp/pack=64 bytes/pack=34 bytes/frame=68 bytes/samp=2
MOV: Found unknown audio atom Fourcc: ima4
--------------
Quicktime Clip Info:
Author: GameSpy.com
Copyright: GameSpy Industries
MOV: longest streams: A: #1 (280 samples) V: #0 (4123 samples)
[V] filefmt:7 fourcc:0x33515653 size:640x480 fps:29.97 ftime:=0.0334
Clip info:
author: GameSpy.com
copyright: GameSpy Industries
get_path('sub/') -> '/home/joe/.mplayer/sub/'
MPlayer interrupted by signal 11 in module: read_subtitles_file
- MPlayer crashed by bad usage of CPU/FPU/RAM.
Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
disassembly. Details in
DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
gcc version. If you think it's MPlayer's fault, please read
DOCS/HTML/en/bugreports.html and follow the instructions there. We
can't and
won't help unless you provide this information when reporting a
possible bug.
DEMUXER: freeing demuxer at 0x9701b0
DEMUXER: freeing sh_video at 0x9875a0
MPlayer interrupted by signal 2 in module: free_demuxer
Killed
And the debugging info:
cat mplayer.bug
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/local/bin/mplayer -v
~/movies/doom3_fullintro_640.mov'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000002a97eb33ed in mallopt () from /lib/libc.so.6
#0 0x0000002a97eb33ed in mallopt () from /lib/libc.so.6
#1 0x0000002a97eb2361 in malloc () from /lib/libc.so.6
#2 0x0000002a97ecf350 in opendir () from /lib/libc.so.6
#3 0x0000000000423148 in sub_filenames (
path=0x98a7b0 "/home/joe/.mplayer/sub/",
fname=0x95af00 "/home/joe/movies/doom3_fullintro_640.mov")
at subreader.c:1844
#4 0x00000000004125a1 in main (argc=3, argv=0x7fbffff3a8) at
mplayer.c:1655
Dump of assembler code from 0x2a97eb33cd to 0x2a97eb340d:
0x0000002a97eb33cd <mallopt+861>: sub %esp,%edi
0x0000002a97eb33cf <mallopt+863>: lea (%r12,%r9,1),%rdx
0x0000002a97eb33d3 <mallopt+867>: or $0x5,%r12
0x0000002a97eb33d7 <mallopt+871>: cmp %r15,%rbx
0x0000002a97eb33da <mallopt+874>: mov %rdx,0xa8(%rbx)
0x0000002a97eb33e1 <mallopt+881>: cmovne %r12,%r14
0x0000002a97eb33e5 <mallopt+885>: or $0x1,%rdi
0x0000002a97eb33e9 <mallopt+889>: mov %r14,0x8(%r9)
0x0000002a97eb33ed <mallopt+893>: mov %rdi,0x8(%rdx)
0x0000002a97eb33f1 <mallopt+897>: jmpq 0x2a97eb30db
<mallopt+107>
0x0000002a97eb33f6 <mallopt+902>: mov 0x8(%r9),%rdi
0x0000002a97eb33fa <mallopt+906>: and $0xfffffffffffffff8,%rdi
0x0000002a97eb33fe <mallopt+910>: cmp %r12,%rdi
0x0000002a97eb3401 <mallopt+913>: jae 0x2a97eb3414
<mallopt+932>
0x0000002a97eb3403 <mallopt+915>: mov 0x18(%r9),%r9
0x0000002a97eb3407 <mallopt+919>: mov 0x8(%r9),%rdi
0x0000002a97eb340b <mallopt+923>: and $0xfffffffffffffff8,%rdi
End of assembler dump.
rax 0x20080 131200
rbx 0x2a98052940 182939101504
rcx 0x1c 28
rdx 0x9ac0b0 10141872
rsi 0x4 4
rdi 0xaa6d4446a9f2cfa9 -6166197244510679127
rbp 0x2a980529f8 0x2a980529f8
rsp 0x7fbfffdd70 0x7fbfffdd70
r8 0x20061 131169
r9 0x98c050 10010704
r10 0x10000000 268435456
r11 0x2a98052940 182939101504
r12 0x20065 131173
r13 0x1c 28
r14 0x20061 131169
r15 0x2a98052940 182939101504
rip 0x2a97eb33ed 0x2a97eb33ed <mallopt+893>
eflags 0x10286 66182
ds 0x33 51
es 0x2b 43
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0.033366702497005462646484375 (raw
0x3ffa88ab860000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {f = {0x1d, 0x0, 0x0, 0x0}} {f = {29.9699993, 0, 0,
0}}
xmm1 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm2 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm3 {f = {0x0, 0x0, 0x0, 0x0}} {f = {2.32830782e-10, 0,
0, 0}}
xmm4 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0.00392156886, 0,
0, 0}}
xmm5 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm6 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm7 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm8 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm9 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm10 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm11 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm12 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm13 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm14 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm15 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
mxcsr 0x1fa0 8096
Any relevant info I've missed out on?
Cheers,
Joe
More information about the MPlayer-users
mailing list