* Alessandro Ghedini <gh...@debian.org>, 2015-03-06, 15:05:
$ mpv crash.mp4
Playing: crash.mp4
[libav/video] h264: AVC: nal size 889
[libav/video] h264: no frame!
[libav/demuxer] mov,mp4,m4a,3gp,3g2,mj2: stream 0, offset 0x8c69: partial file
(+) Video --vid=1 (*) (h264)
File tags:
Title: 860240514032667
Opening video filter: [expand aspect=1440/900]
[expand] Expand: -1 x -1, -1 ; -1, aspect: 1.600000, round: 1
[libav/video] h264: AVC: nal size 889
[libav/video] h264: AVC: nal size 889
[libav/video] h264: no frame!
VO: [xv] 3642x720 => 3642x2276 yuv420p
V: 00:00:00 / 00:00:15 (0%)
Exiting... (End of file)
*** Error in `mpv': free(): invalid pointer: 0xedf28020 ***
Aborted
I can't reproduce.
Could you try with these options?
-vo=xv -vf=expand=::::1440/900
Apparently they are needed to trigger the crash. I forgot I had them in
my mpv.conf.
Could you please also provide a backtrace (with both mpv and libav
debug symbols)?
Here it is:
#0 0xf763d425 in __kernel_vsyscall ()
#1 0xf5b9d307 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xf5b9e9c3 in __GI_abort () at abort.c:89
#3 0xf5bdb6f8 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0xf5cd165c
"*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#4 0xf5be176a in malloc_printerr (action=<optimized out>, str=0xf5ccd172 "free():
invalid pointer", ptr=0xedf28020) at malloc.c:4996
#5 0xf5be23bd in _int_free (av=0x80808080, p=<optimized out>, have_lock=0) at
malloc.c:3840
#6 0xf7720de2 in m_refcount_unref (ref=0xf87cc910) at ../video/mp_image.c:102
#7 0xf7758736 in ta_free (ptr=0xf87c4970) at ../ta/ta.c:259
#8 0xf77228f2 in unref_image (ptr=0xf87c4970) at ../video/mp_image_pool.c:109
#9 0xf7720de2 in m_refcount_unref (ref=0xf87cc7f0) at ../video/mp_image.c:102
#10 0xf7758736 in ta_free (ptr=0xf88f4178) at ../ta/ta.c:259
#11 0xf774e451 in uninit (vo=0xf87ba090) at ../video/out/vo_xv.c:694
#12 0xf7741e72 in vo_thread (ptr=0xf87ba090) at ../video/out/vo.c:754
#13 0xf63daefb in start_thread (arg=0xefcfcb40) at pthread_create.c:309
#14 0xf5c5862e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
Although Valgrind output might be more helpful, according to which an
out-of-bounds write happens early on:
==2574== Invalid write of size 4
==2574== at 0x482F85D: memset (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==2574== by 0x1CA7A0: memset (string3.h:84)
==2574== by 0x1CA7A0: memset_pic (memcpy_pic.h:57)
==2574== by 0x1CA7A0: mp_image_clear (mp_image.c:440)
==2574== by 0x1F86F6: allocate_xvimage (vo_xv.c:542)
==2574== by 0x1F86F6: reconfig (vo_xv.c:471)
==2574== by 0x1EA222: run_reconfig (vo.c:345)
==2574== by 0x16AD5F: mp_dispatch_queue_process (dispatch.c:197)
==2574== by 0x1EA535: vo_thread (vo.c:720)
==2574== by 0x5A87EFA: start_thread (pthread_create.c:309)
==2574== by 0x624162D: clone (clone.S:129)
==2574== Address 0xefbb000 is not stack'd, malloc'd or (recently) free'd
It would also be nice if you could test the package in experimental
that uses ffmpeg instead of libav.
I'll try it later today.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
