mplayer segfaults in certain .mpg files

10 Oct 2003

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello there,
when running mplayer on a certain file, I get the following output (from within gdb, does the same thing normally):

Starting program: /usr/local/bin/mplayer -v file.mpg
[New Thread 1086106912 (LWP 23646)]
Using GNU internationalization
Original domain: messages
Original dirname: /usr/share/locale
Current domain: mplayer
Current dirname: /usr/local/share/locale

MPlayer dev-CVS-031010-20:28-3.3.1 (C) 2000-2003 MPlayer Team

CPU: Advanced Micro Devices Athlon 4 /Athlon MP/XP Palomino 1600 MHz (Family: 6, Stepping: 2)
Detected cache-line size is 64 bytes
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 0
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE

Reading config file /usr/local/etc/mplayer/mplayer.conf: No such file or directory
Reading config file /home/prat/.mplayer/config
Reading /home/prat/.mplayer/codecs.conf: Can't open '/home/prat/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf
CommandLine: '-v' 'file.mpg'
get_path('font/font.desc') -> '/home/prat/.mplayer/font/font.desc'
font: can't open file: /home/prat/.mplayer/font/font.desc
Font /usr/local/share/mplayer/font/font.desc loaded successfully! (206 chars)
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using Linux hardware RTC timing (1024Hz).
get_path('input.conf') -> '/home/prat/.mplayer/input.conf'
Can't open input config file /home/prat/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or
directory
Falling back on default (hardcoded) input config
get_path('file.mpg.conf') -> '/home/prat/.mplayer/file.mpg.conf'

Playing file.mpg
[file] File size is 237709436 bytes
STREAM: [file] file.mpg
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
Checking for YUV4MPEG2
DEMUXER: freeing demuxer at 0x8566538
ASF_check: not ASF guid!
DEMUXER: freeing demuxer at 0x8566538
Checking for NuppelVideo
DEMUXER: freeing demuxer at 0x8566538
Checking for REAL
DEMUXER: freeing demuxer at 0x8566538
Checking for SMJPEG
DEMUXER: freeing demuxer at 0x8566538
DEMUXER: freeing demuxer at 0x8566da0
Searching demuxer type for filename file.mpg ext: .mpg
Checking for MOV
DEMUXER: freeing demuxer at 0x8566da0
Checking for VIVO
header block 1 size: 0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
DEMUXER: freeing demuxer at 0x8566da0
Checking for PVA
DEMUXER: freeing demuxer at 0x8566da0
Checking for MPEG-TS...
TRIED UP TO POSITION 66391, FOUND 0, packet_size= 71
DEMUXER: freeing demuxer at 0x8566da0
system stream synced at 0xB (0)!
==> Found video stream: 0
MPEG-PS file format detected.
==> Found audio stream: 0
Searching for sequence header... OK!
VIDEO:  MPEG1  352x240  (aspect 12)  29.970 fps  1150.0 kbps (143.8 kbyte/s)
[V] filefmt:2  fourcc:0x10000001  size:352x240  fps:29.97  ftime:=0.0334
get_path('sub/') -> '/home/prat/.mplayer/sub/'
get_path('default.sub') -> '/home/prat/.mplayer/default.sub'
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
dec_audio: Allocating 4608 + 65536 = 70144 bytes for output buffer
mp3lib: made decode tables with MMX optimization
mp3lib: using 3DNow!Ex optimized decore!
MP3lib: init layer2&3 finished, tables done
MPEG 1.0, Layer II, 44100 Hz 224 kbit Stereo, BPF: 732
Channels: 2, copyright: No, original: No, CRC: No, emphasis: 0
AUDIO: 44100 Hz, 2 ch, 16 bit (0x10), ratio: 28000->176400 (224.0 kbit)
Selected audio codec: [mp3] afm:mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
X11 opening display: :0.0
vo: X11 color mask:  FFFF  (R:F800 G:7E0 B:1F)
vo: X11 running at 1024x768 with depth 16 and 16 bpp (":0.0" => local display)
[x11] Detected wm supports layers.
[x11] Using workaround for Metacity bugs.
[x11] Detected wm supports NetWM.
[x11] Detected wm supports FULLSCREEN state.
[x11] Detected wm supports ABOVE state.
[x11] Detected wm supports BELOW state.
[x11] Current fstype setting honours FULLSCREEN ABOVE BELOW X atoms
==========================================================================
Opening video decoder: [mpegpes] MPEG 1/2 Video passthrough
VDec: vo config request - 352 x 240 (preferred csp: Mpeg PES)
Trying filter chain: vo
Could not find matching colorspace - retrying with -vop scale...
Opening video filter: [scale]
SwScale params: -1 x -1 (-1=no scaling)
Trying filter chain: scale vo
The selected video_out device is incompatible with this codec.
VDecoder init failed :(
Opening video decoder: [libmpeg2] MPEG 1/2 Video decoder libmpeg2-v0.3.1
Selected video codec: [mpeg12] vfm:libmpeg2 (MPEG 1 or 2 (libmpeg2))
==========================================================================
Checking audio filter chain for 44100Hz/2ch/16bit -> 44100Hz/2ch/16bit...
[libaf] Adding filter dummy
[dummy] Was reinitialized, rate=44100Hz, nch = 2, format = 0x00000001 and bps =
2
AF_pre: af format: 2 bps, 2 ch, 44100 hz, little endian signed int
AF_pre: 44100Hz 2ch Signed 16-bit (Little-Endian)
ao2: 44100 Hz  2 chans  Signed 16-bit (Little-Endian)
audio_setup: using '/dev/sound/dsp' dsp device
audio_setup: sample format: Signed 16-bit (Little-Endian) (requested: Signed 16-bit (Little-Endian))
audio_setup: using 2 channels (requested: 2)
audio_setup: using 44100 Hz samplerate (requested: 44100)
audio_setup: frags:   8/8  (8192 bytes/frag)  free:  65536
AO: [oss] 44100Hz 2ch Signed 16-bit (Little-Endian) (2 bps)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
Building audio filter chain for 44100Hz/2ch/16bit -> 44100Hz/2ch/16bit...
[dummy] Was reinitialized, rate=44100Hz, nch = 2, format = 0x00000001 and bps =
2
[dummy] Was reinitialized, rate=44100Hz, nch = 2, format = 0x00000001 and bps =
2
Starting playback...
VDec: vo config request - 352 x 240 (preferred csp: Planar YV12)
Trying filter chain: vo
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.33:1 - prescaling to correct movie aspect.
VO Config (352x240->352x264,flags=0,'MPlayer',0x32315659)
VO: [xv] 352x240 => 352x264 Planar YV12
VO: Description: X11/Xv
VO: Author: Gerd Knorr <kraxel@goldbach.in-berlin.de> and others
Xvideo image format: 0x32595559 (YUY2) packed
Xvideo image format: 0x32315659 (YV12) planar
Xvideo image format: 0x59565955 (UYVY) packed
Xvideo image format: 0x30323449 (I420) planar
using Xvideo port 105 for hw scaling
[xv] dx: 0 dy: 0 dw: 352 dh: 264
*** [vo] Allocating mp_image_t, 352x240x12bpp YUV planar, 126720 bytes
[xv] dx: 0 dy: 0 dw: 352 dh: 264
*** [vo] Allocating mp_image_t, 352x240x12bpp YUV planar, 126720 bytes%
*** [vo] Allocating mp_image_t, 352x240x12bpp YUV planar, 126720 bytes%
A:  47.3 V:  47.3 A-V: -0.001 ct:  0.073  335/335   2%  2%  0.7% 0 0 0%
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1086106912 (LWP 23646)]
0x0813368b in mpeg2_set_buf (mpeg2dec=0x857e150, buf=0x85a1968, id=0x85a1948)
    at decode.c:383
383         if (mpeg2dec->custom_fbuf && !mpeg2dec->fbuf[1]->buf[0]){
(gdb) bt
#0  0x0813368b in mpeg2_set_buf (mpeg2dec=0x857e150, buf=0x85a1968,
    id=0x85a1948) at decode.c:383
#1  0x080f1534 in decode (sh=0x8564a88, data=0x85a1968, len=139977040, flags=0)
    at vd_libmpeg2.c:145
#2  0x080ec333 in decode_video (sh_video=0x8564a88, start=0x85a1948 "",
    in_size=140122440, drop_frame=0) at dec_video.c:304
#3  0x0808577a in main (argc=3, argv=0xbffff8e4) at mplayer.c:2085
#4  0x405c3750 in __libc_start_main () from /lib/tls/libc.so.6
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x813366b to 0x81336ab:
0x0813366b <mpeg2_set_buf+59>:  mov    (%esi),%eax
0x0813366d <mpeg2_set_buf+61>:  test   %ecx,%ecx
0x0813366f <mpeg2_set_buf+63>:  mov    %eax,(%edx)
0x08133671 <mpeg2_set_buf+65>:  mov    0x4(%esi),%eax
0x08133674 <mpeg2_set_buf+68>:  mov    %eax,0x4(%edx)
0x08133677 <mpeg2_set_buf+71>:  mov    0x8(%esi),%eax
0x0813367a <mpeg2_set_buf+74>:  mov    %eax,0x8(%edx)
0x0813367d <mpeg2_set_buf+77>:  mov    0x10(%ebp),%eax
0x08133680 <mpeg2_set_buf+80>:  mov    %eax,0xc(%edx)
0x08133683 <mpeg2_set_buf+83>:  je     0x81336a8 <mpeg2_set_buf+120>
0x08133685 <mpeg2_set_buf+85>:  mov    0x398(%ebx),%edx
0x0813368b <mpeg2_set_buf+91>:  mov    (%edx),%eax
0x0813368d <mpeg2_set_buf+93>:  test   %eax,%eax
0x0813368f <mpeg2_set_buf+95>:  jne    0x81336a8 <mpeg2_set_buf+120>
0x08133691 <mpeg2_set_buf+97>:  mov    (%esi),%eax
0x08133693 <mpeg2_set_buf+99>:  movl   $0x0,0xc(%edx)
0x0813369a <mpeg2_set_buf+106>: mov    %eax,(%edx)
0x0813369c <mpeg2_set_buf+108>: mov    0x4(%esi),%eax
0x0813369f <mpeg2_set_buf+111>: mov    %eax,0x4(%edx)
0x081336a2 <mpeg2_set_buf+114>: mov    0x8(%esi),%eax
0x081336a5 <mpeg2_set_buf+117>: mov    %eax,0x8(%edx)
0x081336a8 <mpeg2_set_buf+120>: mov    0xfffffff8(%ebp),%ebx
- ---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) info all-registers
eax            0x85a1948        140122440
ecx            0x1      1
edx            0x0      0
ebx            0x857e150        139977040
esp            0xbfffd430       0xbfffd430
ebp            0xbfffd448       0xbfffd448
esi            0x85a1968        140122472
edi            0x857e150        139977040
eip            0x813368b        0x813368b
eflags         0x10202  66050
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            -nan(0x5a0598005a0598)   (raw 0xffff005a0598005a0598)
st1            -nan(0xffa6fa68ffa6fa68) (raw 0xffffffa6fa68ffa6fa68)
st2            -nan(0x14768efffd39c5)   (raw 0xffff0014768efffd39c5)
st3            -nan(0xffe008a4ff5b3030) (raw 0xffffffe008a4ff5b3030)
st4            -nan(0x4060d0004060d)    (raw 0xffff0004060d0004060d)
st5            0.1000000000000000055511151231257827     (raw 0x3ffbccccccccccccd000)
- ---Type <return> to continue, or q <return> to quit---
st6            -0.1000000000000000055511151231257827    (raw 0xbffbccccccccccccd000)
st7            0.0320487017642343395714375764438131     (raw 0x3ffa83457fdf4e69edf0)
fctrl          0x37f    895
fstat          0x120    288
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
- ---Type <return> to continue, or q <return> to quit---
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
- ---Type <return> to continue, or q <return> to quit---
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
    0x8000000000000000, 0x8000000000000000}, v16_int8 = {
    0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
    0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
    0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
    0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
mxcsr          0x1f80   8064
mm0            {uint64 = 0x5a0598005a0598, v2_int32 = {0x5a0598, 0x5a0598},
  v4_int16 = {0x598, 0x5a, 0x598, 0x5a}, v8_int8 = {0x98, 0x5, 0x5a, 0x0,
    0x98, 0x5, 0x5a, 0x0}}
mm1            {uint64 = 0xffa6fa68ffa6fa68, v2_int32 = {0xffa6fa68,
    0xffa6fa68}, v4_int16 = {0xfa68, 0xffa6, 0xfa68, 0xffa6}, v8_int8 = {0x68,
    0xfa, 0xa6, 0xff, 0x68, 0xfa, 0xa6, 0xff}}
mm2            {uint64 = 0x14768efffd39c5, v2_int32 = {0xfffd39c5, 0x14768e},
  v4_int16 = {0x39c5, 0xfffd, 0x768e, 0x14}, v8_int8 = {0xc5, 0x39, 0xfd,
- ---Type <return> to continue, or q <return> to quit---
    0xff, 0x8e, 0x76, 0x14, 0x0}}
mm3            {uint64 = 0xffe008a4ff5b3030, v2_int32 = {0xff5b3030,
    0xffe008a4}, v4_int16 = {0x3030, 0xff5b, 0x8a4, 0xffe0}, v8_int8 = {0x30,
    0x30, 0x5b, 0xff, 0xa4, 0x8, 0xe0, 0xff}}
mm4            {uint64 = 0x4060d0004060d, v2_int32 = {0x4060d, 0x4060d},
  v4_int16 = {0x60d, 0x4, 0x60d, 0x4}, v8_int8 = {0xd, 0x6, 0x4, 0x0, 0xd,
    0x6, 0x4, 0x0}}
mm5            {uint64 = 0xccccccccccccd000, v2_int32 = {0xccccd000,
    0xcccccccc}, v4_int16 = {0xd000, 0xcccc, 0xcccc, 0xcccc}, v8_int8 = {0x0,
    0xd0, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc}}
mm6            {uint64 = 0xccccccccccccd000, v2_int32 = {0xccccd000,
    0xcccccccc}, v4_int16 = {0xd000, 0xcccc, 0xcccc, 0xcccc}, v8_int8 = {0x0,
    0xd0, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc}}
mm7            {uint64 = 0x83457fdf4e69edf0, v2_int32 = {0x4e69edf0,
    0x83457fdf}, v4_int16 = {0xedf0, 0x4e69, 0x7fdf, 0x8345}, v8_int8 = {0xf0,
    0xed, 0x69, 0x4e, 0xdf, 0x7f, 0x45, 0x83}}

It doesn't dump a core.

I'm running RedHat 9 + a few rawhide packages (gcc, glibc) on a vanilla 2.6.0-test7 kernel (the same happens on vanilla 2.4.22 kernel)

[prat@tribblesoft2 prat]$ ls -l /lib/libc[.-]*
- -rwxr-xr-x    1 root     root      1573216 Sep 30 12:15 /lib/libc-2.3.2.so
lrwxrwxrwx    1 root     root           13 Oct  4 03:45 /lib/libc.so.6 -> libc-2.3.2.so

[prat@tribblesoft2 prat]$ X -version

XFree86 Version 4.3.0 (Red Hat Linux release: 4.3.0-2)
Release Date: 27 February 2003
X Protocol Version 11, Revision 0, Release 6.6
Build Operating System: Linux 2.4.20-3bigmem i686 [ELF]
Build Date: 27 February 2003
Build Host: porky.devel.redhat.com

        Before reporting problems, check http://www.XFree86.Org/
        to make sure that you have the latest version.
Module Loader present
OS Kernel: Linux version 2.6.0-test7 (prat@tribblesoft2) (gcc version 3.3.1 20030930 (Red Hat Linux 3.3.1-6)) #1 Wed Oct 8 15:42:36 CDT 2003 P

[prat@tribblesoft2 prat]$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.1/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --host=i386-redhat-linux
Thread model: posix
gcc version 3.3.1 20030930 (Red Hat Linux 3.3.1-6)

[prat@tribblesoft2 prat]$ ld -v
GNU ld version 2.14.90.0.4 20030523

[prat@tribblesoft2 prat]$ as --version
GNU assembler 2.14.90.0.4 20030523
Copyright 2002 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty.
This assembler was configured for a target of `i386-redhat-linux'.

[prat@tribblesoft2 prat]$ cat /proc/cpuinfo
processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 6
model           : 6
model name      : AMD Athlon(TM) XP 1900+
stepping        : 2
cpu MHz         : 1600.274
cache size      : 256 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow
bogomips        : 3170.30

Video card: NVIDIA GeForce 4 Ti 4200 running NVIDIA's latest drivers (4496)

Sad to say that I don't know your code well enough to figure this out. Doesn't signal 11 usually mean a hardware failure? Strange that it doesn't do this on most files...
- ----
Alex Tribble <alext96@softhome.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/h2/ybgiwzIBQRqMRAiDTAJwN4G4CpVnceH4sl+qFDTCe521AugCfa625
Vb9HxmUWS9kkI8NIWvXfsSc=
=lYz9
-----END PGP SIGNATURE-----

Alex Tribble

tags

participants (2)