New submission from Tomas Härdin <tomas.har...@codemill.se>: While hacking with MainConcept's VC-1 encoder I managed to generate several files which crashes the vc1 decoder.
I started with the following sample: http://samples.mplayerhq.hu/V-codecs/WVC1/Test_1440x576_WVC1_6Mbps.wmv I transcoded it to raw video using ffmpeg and fed the result to the example encoder (samples/encoder/sample_enc_vc1 if you have the SDK). Finally I cut it down to size using dd. Commands: ffmpeg -i ~/media/Test_1440x576_WVC1_6Mbps.wmv -vcodec rawvideo test.yuv ./sample_enc_vc1 -v test.yuv -iyuv -w 1440 -h 576 -o out.vc1 dd if=out.vc1 bs=10M count=1 of=double-free.vc1 There's also a second file called double-free2.wmv which I've hacked together using my own system. It triggers the same crash. Files uploaded to /MPlayer/incoming/vc1-double-free Log of transcode attempt of double-free.vc1 -> msmpeg4/wmv follows: tjop...@callisto:~/ffmpeg$ gdb ./ffmpeg_g GNU gdb (GDB) 7.0-ubuntu Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/tjoppen/ffmpeg/ffmpeg_g...done. (gdb) r -i ~/media/ffmpeg-crashes/double-free.vc1 test.wmv Starting program: /home/tjoppen/ffmpeg/ffmpeg_g -i ~/media/ffmpeg-crashes/double-free.vc1 test.wmv [Thread debugging using libthread_db enabled] FFmpeg version git-svn-r24078, Copyright (c) 2000-2010 the FFmpeg developers built on Jul 7 2010 09:51:04 with gcc 4.4.1 configuration: libavutil 50.20. 0 / 50.20. 0 libavcodec 52.79. 1 / 52.79. 1 libavformat 52.73. 0 / 52.73. 0 libavdevice 52. 2. 0 / 52. 2. 0 libavfilter 1.20. 1 / 1.20. 1 libswscale 0.11. 0 / 0.11. 0 [vc1 @ 0x11c4470] max_analyze_duration reached [vc1 @ 0x11c4470] Estimating duration from bitrate, this may be inaccurate Input #0, vc1, from '/home/tjoppen/media/ffmpeg-crashes/double-free.vc1': Duration: N/A, bitrate: N/A Stream #0.0: Video: vc1, yuv420p, 720x576 [PAR 10:11 DAR 25:22], 29.97 fps, 29.97 tbr, 1200k tbn, 29.97 tbc Output #0, asf, to 'test.wmv': Metadata: WM/EncodingSettings: Lavf52.73.0 Stream #0.0: Video: msmpeg4, yuv420p, 720x576 [PAR 10:11 DAR 25:22], q=2-31, 200 kb/s, 1k tbn, 29.97 tbc Stream mapping: Stream #0.0 -> #0.0 Press [q] to stop encoding [vc1 @ 0x11c5740] Bits overconsumption: 85333 > 85264 at 23x25 516.1kbits/s [vc1 @ 0x11c5740] concealing 966 DC, 966 AC, 966 MV errors frame= 558 fps=172 q=31.0 Lsize= 1173kB time=18.62 bitrate= 515.9kbits/s video:1150kB audio:0kB global headers:0kB muxing overhead 1.963623% *** glibc detected *** /home/tjoppen/ffmpeg/ffmpeg_g: munmap_chunk(): invalid pointer: 0x0000000001485be0 *** ======= Backtrace: ========= /lib/libc.so.6[0x7ffff6f3d2f6] /home/tjoppen/ffmpeg/ffmpeg_g[0x8e71a1] /home/tjoppen/ffmpeg/ffmpeg_g[0x659ce5] /home/tjoppen/ffmpeg/ffmpeg_g[0x41c8c9] /home/tjoppen/ffmpeg/ffmpeg_g[0x41c659] /home/tjoppen/ffmpeg/ffmpeg_g[0x432bae] /home/tjoppen/ffmpeg/ffmpeg_g[0x433028] /lib/libc.so.6(__libc_start_main+0xfd)[0x7ffff6ee5abd] /home/tjoppen/ffmpeg/ffmpeg_g[0x429bfd] ======= Memory map: ======== 00400000-00a50000 r-xp 00000000 08:05 4063246 /home/tjoppen/ffmpeg/ffmpeg_g 00c4f000-00c50000 r--p 0064f000 08:05 4063246 /home/tjoppen/ffmpeg/ffmpeg_g 00c50000-00c6a000 rw-p 00650000 08:05 4063246 /home/tjoppen/ffmpeg/ffmpeg_g 00c6a000-01881000 rw-p 00000000 00:00 0 [heap] 7ffff6644000-7ffff665a000 r-xp 00000000 08:05 2588686 /lib/libgcc_s.so.1 7ffff665a000-7ffff6859000 ---p 00016000 08:05 2588686 /lib/libgcc_s.so.1 7ffff6859000-7ffff685a000 r--p 00015000 08:05 2588686 /lib/libgcc_s.so.1 7ffff685a000-7ffff685b000 rw-p 00016000 08:05 2588686 /lib/libgcc_s.so.1 7ffff685b000-7ffff6abb000 rw-p 00000000 00:00 0 7ffff6abb000-7ffff6ac2000 r-xp 00000000 08:05 3358829 /lib/librt-2.10.1.so 7ffff6ac2000-7ffff6cc1000 ---p 00007000 08:05 3358829 /lib/librt-2.10.1.so 7ffff6cc1000-7ffff6cc2000 r--p 00006000 08:05 3358829 /lib/librt-2.10.1.so 7ffff6cc2000-7ffff6cc3000 rw-p 00007000 08:05 3358829 /lib/librt-2.10.1.so 7ffff6cc3000-7ffff6cc5000 r-xp 00000000 08:05 3358804 /lib/libdl-2.10.1.so 7ffff6cc5000-7ffff6ec5000 ---p 00002000 08:05 3358804 /lib/libdl-2.10.1.so 7ffff6ec5000-7ffff6ec6000 r--p 00002000 08:05 3358804 /lib/libdl-2.10.1.so 7ffff6ec6000-7ffff6ec7000 rw-p 00003000 08:05 3358804 /lib/libdl-2.10.1.so 7ffff6ec7000-7ffff702d000 r-xp 00000000 08:05 3358798 /lib/libc-2.10.1.so 7ffff702d000-7ffff722d000 ---p 00166000 08:05 3358798 /lib/libc-2.10.1.so 7ffff722d000-7ffff7231000 r--p 00166000 08:05 3358798 /lib/libc-2.10.1.so 7ffff7231000-7ffff7232000 rw-p 0016a000 08:05 3358798 /lib/libc-2.10.1.so 7ffff7232000-7ffff7237000 rw-p 00000000 00:00 0 7ffff7237000-7ffff724e000 r-xp 00000000 08:05 3358826 /lib/libpthread-2.10.1.so 7ffff724e000-7ffff744d000 ---p 00017000 08:05 3358826 /lib/libpthread-2.10.1.so 7ffff744d000-7ffff744e000 r--p 00016000 08:05 3358826 /lib/libpthread-2.10.1.so 7ffff744e000-7ffff744f000 rw-p 00017000 08:05 3358826 /lib/libpthread-2.10.1.so 7ffff744f000-7ffff7453000 rw-p 00000000 00:00 0 7ffff7453000-7ffff7469000 r-xp 00000000 08:05 3358781 /lib/libz.so.1.2.3.3 7ffff7469000-7ffff7668000 ---p 00016000 08:05 3358781 /lib/libz.so.1.2.3.3 7ffff7668000-7ffff7669000 r--p 00015000 08:05 3358781 /lib/libz.so.1.2.3.3 7ffff7669000-7ffff766a000 rw-p 00016000 08:05 3358781 /lib/libz.so.1.2.3.3 7ffff766a000-7ffff7679000 r-xp 00000000 08:05 3358841 /lib/libbz2.so.1.0.4 7ffff7679000-7ffff7879000 ---p 0000f000 08:05 3358841 /lib/libbz2.so.1.0.4 7ffff7879000-7ffff787a000 r--p 0000f000 08:05 3358841 /lib/libbz2.so.1.0.4 7ffff787a000-7ffff787b000 rw-p 00010000 08:05 3358841 /lib/libbz2.so.1.0.4 7ffff787b000-7ffff78fd000 r-xp 00000000 08:05 3358806 /lib/libm-2.10.1.so 7ffff78fd000-7ffff7afd000 ---p 00082000 08:05 3358806 /lib/libm-2.10.1.so 7ffff7afd000-7ffff7afe000 r--p 00082000 08:05 3358806 /lib/libm-2.10.1.so 7ffff7afe000-7ffff7aff000 rw-p 00083000 08:05 3358806 /lib/libm-2.10.1.so 7ffff7aff000-7ffff7bd9000 r-xp 00000000 08:05 4088629 /usr/lib/libasound.so.2.0.0 7ffff7bd9000-7ffff7dd8000 ---p 000da000 08:05 4088629 /usr/lib/libasound.so.2.0.0 7ffff7dd8000-7ffff7dde000 r--p 000d9000 08:05 4088629 /usr/lib/libasound.so.2.0.0 7ffff7dde000-7ffff7ddf000 rw-p 000df000 08:05 4088629 /usr/lib/libasound.so.2.0.0 7ffff7ddf000-7ffff7dfe000 r-xp 00000000 08:05 2588756 /lib/ld-2.10.1.so 7ffff7fce000-7ffff7fd2000 rw-p 00000000 00:00 0 7ffff7ff9000-7ffff7ffc000 rw-p 00000000 00:00 0 7ffff7ffc000-7ffff7ffd000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffd000-7ffff7ffe000 r--p 0001e000 08:05 2588756 /lib/ld-2.10.1.so 7ffff7ffe000-7ffff7fff000 rw-p 0001f000 08:05 2588756 /lib/ld-2.10.1.so 7ffffffea000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff6efa4b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. in ../nptl/sysdeps/unix/sysv/linux/raise.c (gdb) bt #0 0x00007ffff6efa4b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff6efdf50 in *__GI_abort () at abort.c:92 #2 0x00007ffff6f331b7 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x00007ffff6f3d2f6 in malloc_printerr (action=3, str=0x7ffff6ffec18 "munmap_chunk(): invalid pointer", ptr=<value optimized out>) at malloc.c:6217 #4 0x00000000008e71a1 in av_free (arg=<value optimized out>) at libavutil/mem.c:146 #5 av_freep (arg=<value optimized out>) at libavutil/mem.c:153 #6 0x0000000000659ce5 in free_picture (s=0x122db00) at libavcodec/mpegvideo.c:338 #7 MPV_common_end (s=0x122db00) at libavcodec/mpegvideo.c:751 #8 0x000000000041c8c9 in vc1_decode_end (avctx=<value optimized out>) at libavcodec/vc1dec.c:3308 #9 0x000000000041c659 in avcodec_close (avctx=0x11c5740) at libavcodec/utils.c:703 #10 0x0000000000432bae in av_transcode (nb_output_files=<value optimized out>, nb_input_files=<value optimized out>, nb_stream_maps=<value optimized out>, stream_maps=<value optimized out>, input_files=<value optimized out>, output_files=<value optimized out>) at ffmpeg.c:2657 #11 0x0000000000433028 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4355 (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x7ffff6efa495 to 0x7ffff6efa4d5: 0x00007ffff6efa495 <*__GI_raise+21>: mov $0xf000000,%edx 0x00007ffff6efa49a <*__GI_raise+26>: add $0x8964c689,%eax 0x00007ffff6efa49f <*__GI_raise+31>: add $0x25,%al 0x00007ffff6efa4a1 <*__GI_raise+33>: rolb (%rax) 0x00007ffff6efa4a3 <*__GI_raise+35>: add %al,(%rax) 0x00007ffff6efa4a5 <*__GI_raise+37>: movslq %edi,%rdx 0x00007ffff6efa4a8 <*__GI_raise+40>: movslq %esi,%rsi 0x00007ffff6efa4ab <*__GI_raise+43>: movslq %eax,%rdi 0x00007ffff6efa4ae <*__GI_raise+46>: mov $0xea,%eax 0x00007ffff6efa4b3 <*__GI_raise+51>: syscall 0x00007ffff6efa4b5 <*__GI_raise+53>: cmp $0xfffffffffffff000,%rax 0x00007ffff6efa4bb <*__GI_raise+59>: ja 0x7ffff6efa4d2 <*__GI_raise+82> 0x00007ffff6efa4bd <*__GI_raise+61>: repz retq 0x00007ffff6efa4bf <*__GI_raise+63>: nop 0x00007ffff6efa4c0 <*__GI_raise+64>: test %eax,%eax 0x00007ffff6efa4c2 <*__GI_raise+66>: jg 0x7ffff6efa4a5 <*__GI_raise+37> 0x00007ffff6efa4c4 <*__GI_raise+68>: test $0x7fffffff,%eax 0x00007ffff6efa4c9 <*__GI_raise+73>: jne 0x7ffff6efa4e2 <*__GI_raise+98> 0x00007ffff6efa4cb <*__GI_raise+75>: mov %esi,%eax 0x00007ffff6efa4cd <*__GI_raise+77>: nopl (%rax) 0x00007ffff6efa4d0 <*__GI_raise+80>: jmp 0x7ffff6efa4a5 <*__GI_raise+37> 0x00007ffff6efa4d2 <*__GI_raise+82>: mov 0x336abf(%rip),%rdx # 0x7ffff7230f98 End of assembler dump. (gdb) info all-registers rax 0x0 0 rbx 0x0 0 rcx 0xffffffffffffffff -1 rdx 0x6 6 rsi 0x52c 1324 rdi 0x52c 1324 rbp 0x7fffffffd190 0x7fffffffd190 rsp 0x7fffffffc748 0x7fffffffc748 r8 0x7ffff6ff4e40 140737337314880 r9 0xc699f0 13015536 r10 0x8 8 r11 0x202 514 r12 0x8 8 r13 0x7fffffffca70 140737488341616 r14 0x6e 110 r15 0x7 7 rip 0x7ffff6efa4b5 0x7ffff6efa4b5 <*__GI_raise+53> eflags 0x202 [ IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 st0 -nan(0x000000034) (raw 0xffff0000000000000034) st1 -nan(0x00000000c) (raw 0xffff000000000000000c) st2 -nan(0xf6b004c94584b000) (raw 0xfffff6b004c94584b000) st3 -nan(0x1f6b004c94584b) (raw 0xffff001f6b004c94584b) st4 -nan(0x78007800780078) (raw 0xffff0078007800780078) st5 -nan(0x6f006e006e0070) (raw 0xffff006f006e006e0070) st6 -nan(0x1f40000000000000) (raw 0xffff1f40000000000000) st7 -nan(0x000000001) (raw 0xffff0000000000000001) fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0x0 <repeats 12 times>, 0xff, 0x0, 0x0, 0xff}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff00}, v4_int32 = {0x0, 0x0, 0x0, 0xff0000ff}, v2_int64 = {0x0, 0xff0000ff00000000}, uint128 = 0xff0000ff000000000000000000000000} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0xff00}, v4_int32 = {0x0, 0xff00, 0x0, 0xff000000}, v2_int64 = {0xff0000000000, 0xff00000000000000}, uint128 = 0xff000000000000000000ff0000000000} xmm4 {v4_float = {0x0, 0xb, 0x0, 0x0}, v2_double = {0x11f7e0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xe0, 0xf7, 0x31, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xf7e0, 0x4131, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x4131f7e0, 0x0, 0x0}, v2_int64 = {0x4131f7e000000000, 0x0}, uint128 = 0x00000000000000004131f7e000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x84, 0x0, 0x84, 0x0, 0x84, 0x0, 0x84, 0x0, 0x84, 0x0, 0x84, 0x0, 0x84, 0x0, 0x84, 0x0}, v8_int16 = {0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84, 0x84}, v4_int32 = {0x840084, 0x840084, 0x840084, 0x840084}, v2_int64 = {0x84008400840084, 0x84008400840084}, uint128 = 0x00840084008400840084008400840084} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0, 0x7c, 0x0}, v8_int16 = {0x7c, 0x7c, 0x7c, 0x7c, 0x7c, 0x7c, 0x7c, 0x7c}, v4_int32 = {0x7c007c, 0x7c007c, 0x7c007c, 0x7c007c}, v2_int64 = {0x7c007c007c007c, 0x7c007c007c007c}, uint128 = 0x007c007c007c007c007c007c007c007c} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} ---Type <return> to continue, or q <return> to quit--- xmm8 {v4_float = {0x0, 0xd0, 0x0, 0x0}, v2_double = {0x4380663abb8000, 0x0}, v16_int8 = {0x0, 0xe0, 0xae, 0x8e, 0x19, 0xe0, 0x50, 0x43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe000, 0x8eae, 0xe019, 0x4350, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x8eaee000, 0x4350e019, 0x0, 0x0}, v2_int64 = {0x4350e0198eaee000, 0x0}, uint128 = 0x00000000000000004350e0198eaee000} xmm9 {v4_float = {0x0, 0x10, 0x0, 0x0}, v2_double = {0x2732e5c, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x72, 0x99, 0x83, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0xe000, 0x9972, 0x4183, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe0000000, 0x41839972, 0x0, 0x0}, v2_int64 = {0x41839972e0000000, 0x0}, uint128 = 0x000000000000000041839972e0000000} xmm10 {v4_float = {0x0, 0x4b, 0x0, 0x0}, v2_double = {0x5ffffffffff, 0x0}, v16_int8 = {0x2c, 0xfd, 0xff, 0xff, 0xff, 0xff, 0x97, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xfd2c, 0xffff, 0xffff, 0x4297, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfffffd2c, 0x4297ffff, 0x0, 0x0}, v2_int64 = {0x4297fffffffffd2c, 0x0}, uint128 = 0x00000000000000004297fffffffffd2c} xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xff, 0x18, 0xb8, 0x83, 0x2a, 0x2e, 0x7e, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x18ff, 0x83b8, 0x2e2a, 0x3e7e, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x83b818ff, 0x3e7e2e2a, 0x0, 0x0}, v2_int64 = {0x3e7e2e2a83b818ff, 0x0}, uint128 = 0x00000000000000003e7e2e2a83b818ff} xmm12 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3fe0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x3fe00000, 0x0, 0x0}, v2_int64 = {0x3fe0000000000000, 0x0}, uint128 = 0x00000000000000003fe0000000000000} xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3f60, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x3f600000, 0x0, 0x0}, v2_int64 = {0x3f60000000000000, 0x0}, uint128 = 0x00000000000000003f60000000000000} xmm14 {v4_float = {0x0, 0x10, 0x0, 0x10}, v2_double = {0x2732e5c, 0x2732e5c}, v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x72, 0x99, 0x83, 0x41, 0x0, 0x0, 0x0, 0xe0, 0x72, 0x99, 0x83, 0x41}, v8_int16 = {0x0, 0xe000, 0x9972, 0x4183, 0x0, 0xe000, 0x9972, 0x4183}, v4_int32 = {0xe0000000, 0x41839972, 0xe0000000, 0x41839972}, v2_int64 = {0x41839972e0000000, 0x41839972e0000000}, uint128 = 0x41839972e000000041839972e0000000} xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] ---------- messages: 11119 priority: normal status: new substatus: new title: Crash in VC-1 decoder (double free) type: bug ________________________________________________ FFmpeg issue tracker <iss...@roundup.ffmpeg.org> <https://roundup.ffmpeg.org/issue2076> ________________________________________________
