[issue1277] Crash when decoding MPEG1/SVQ3 video with threads enabled

uur Sun, 26 Jul 2009 11:22:52 -0700

uur <[email protected]> added the comment:

same problem occured with a svq3 encoded video.


----------
title: Crash when decoding MPEG1 video with threads enabled -> Crash when 
decoding MPEG1/SVQ3 video with threads enabled

_____________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/roundup/ffmpeg/issue1277>
_____________________________________________________

GNU gdb Red Hat Linux (6.5-37.el5_2.2rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols 
found)
Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) r -an -threads 2 -i 4181f34e723c5b4fe16f88c2f0d7e4f5 -f null /dev/null
Starting program: /usr/local/ffmpeg/bin/ffmpeg -an -threads 2 -i 
4181f34e723c5b4fe16f88c2f0d7e4f5 -f null /dev/null
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
FFmpeg version SVN-r19461, Copyright (c) 2000-2009 Fabrice Bellard, et al.
  configuration: --prefix=/usr/local/ffmpeg --enable-version3 
--enable-libopencore-amrnb --enable-libmp3lame --enable-gpl --enable-nonfree 
--enable-libfaac --enable-libfaad --enable-libx264 --enable-pthreads 
--enable-libxvid --disable-ffplay --disable-ffserver --enable-avfilter 
--enable-avfilter-lavf --enable-shared
  libavutil     50. 3. 0 / 50. 3. 0
  libavcodec    52.32. 0 / 52.32. 0
  libavformat   52.36. 0 / 52.36. 0
  libavdevice   52. 2. 0 / 52. 2. 0
  libavfilter    0. 5. 0 /  0. 5. 0
  libswscale     0. 7. 1 /  0. 7. 1
  built on Jul 20 2009 19:37:19, gcc: 4.1.2 20071124 (Red Hat 4.1.2-42)
[New Thread -1208584512 (LWP 10381)]
[New Thread -1208587376 (LWP 10384)]
[New Thread -1219077232 (LWP 10385)]

Seems stream 0 codec frame rate differs from container frame rate: 600.00 
(600/1) -> 24.00 (24/1)
[New Thread -1229567088 (LWP 10386)]
[New Thread -1240056944 (LWP 10387)]
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '4181f34e723c5b4fe16f88c2f0d7e4f5':
  Duration: 00:02:26.98, start: 0.000000, bitrate: 1110 kb/s
    Stream #0.0(eng): Video: svq3, yuvj420p, 480x260, 24 tbr, 600 tbn, 600 tbc
    Stream #0.1(eng): Audio: qdm2, 44100 Hz, 2 channels, s16
[New Thread -1250546800 (LWP 10388)]
[New Thread -1261036656 (LWP 10389)]
Output #0, null, to '/dev/null':
    Stream #0.0(eng): Video: rawvideo, yuvj420p, 480x260, q=2-31, 200 kb/s, 90k 
tbn, 24 tbc
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208584512 (LWP 10381)]
0x00e4dd49 in ff_h264_decode_rbsp_trailing () from 
/usr/local/ffmpeg/lib/libavcodec.so.52
(gdb) bt
#0  0x00e4dd49 in ff_h264_decode_rbsp_trailing () from 
/usr/local/ffmpeg/lib/libavcodec.so.52
#1  0x00005000 in ?? ()
#2  0x086fd730 in ?? ()
#3  0x00000010 in ?? ()
#4  0x00000000 in ?? ()
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xe4dd29 to 0xe4dd69:
0x00e4dd29 <ff_h264_decode_rbsp_trailing+6089>: add    %cl,0x2e4085(%ecx)
0x00e4dd2f <ff_h264_decode_rbsp_trailing+6095>: add    %cl,0x2e3085(%ecx)
0x00e4dd35 <ff_h264_decode_rbsp_trailing+6101>: add    %cl,0x26082(%ebx)
0x00e4dd3b <ff_h264_decode_rbsp_trailing+6107>: add    %al,0x31207ec0(%ebp)
0x00e4dd41 <ff_h264_decode_rbsp_trailing+6113>: fisttpl 0xae089db4(%ebx)
0x00e4dd47 <ff_h264_decode_rbsp_trailing+6119>: add    (%eax),%al
0x00e4dd49 <ff_h264_decode_rbsp_trailing+6121>: mov    0xa64(%esi),%ecx
0x00e4dd4f <ff_h264_decode_rbsp_trailing+6127>: test   %ecx,%ecx
0x00e4dd51 <ff_h264_decode_rbsp_trailing+6129>: je     0xe4ddcd 
<ff_h264_decode_rbsp_trailing+6253>
0x00e4dd53 <ff_h264_decode_rbsp_trailing+6131>: mov    0x260(%edx),%eax
0x00e4dd59 <ff_h264_decode_rbsp_trailing+6137>: add    $0x1,%ebx
0x00e4dd5c <ff_h264_decode_rbsp_trailing+6140>: cmp    %ebx,%eax
0x00e4dd5e <ff_h264_decode_rbsp_trailing+6142>: jg     0xe4dd42 
<ff_h264_decode_rbsp_trailing+6114>
0x00e4dd60 <ff_h264_decode_rbsp_trailing+6144>: mov    0xee68(%ebp),%edx
0x00e4dd66 <ff_h264_decode_rbsp_trailing+6150>: test   %edx,%edx
0x00e4dd68 <ff_h264_decode_rbsp_trailing+6152>: jne    0xe4dd6f 
<ff_h264_decode_rbsp_trailing+6159>
End of assembler dump.
(gdb) info all-registers
eax            0x2      2
ecx            0x5018   20504
edx            0x86fd730        141547312
ebx            0x1      1
esp            0xbfda75e0       0xbfda75e0
ebp            0x87470c0        0x87470c0
esi            0x0      0
edi            0x100c   4108
eip            0xe4dd49 0xe4dd49 <ff_h264_decode_rbsp_trailing+6121>
eflags         0x10202  [ IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            24       (raw 0x4003c000000000000000)
st4            1.000000000000000015902891109759918e+100 (raw 
0x414b924d692ca61be800)
st5            1.000000000000000015902891109759918e+100 (raw 
0x414b924d692ca61be800)
st6            0        (raw 0x00000000000000000000)
st7            0        (raw 0x00000000000000000000)
fctrl          0x37f    895
fstat          0x4020   16416
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x8053e5c        134561372
foseg          0x7b     123
fooff          0x0      0
fop            0x5d8    1496
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}}
mm3            {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000}, 
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}
---Type <return> to continue, or q <return> to quit---
mm4            {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800, 
0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c, 0x924d}, 
  v8_int8 = {0x0, 0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
mm5            {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800, 
0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c, 0x924d}, 
  v8_int8 = {0x0, 0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}}
mm7            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}}

[issue1277] Crash when decoding MPEG1/SVQ3 video with threads enabled

Reply via email to