[Ffmpeg-devel] [BUG] [PATCH] RV10 crash
Diego Biurrun
diego
Fri Apr 14 23:30:27 CEST 2006
A peculiar bug report arrived in Bugzilla yesterday:
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=479
It's a RM file with RV10/RV13 video that crashes MPlayer (even with
libavformat demuxer) and xine, but not ffplay. Roberto moved it to our
samples collection already:
http://www.mplayerhq.hu/MPlayer/samples/real/VC-RV10/rv10-null-pointer-500k.rm
The bug report came with a patch to libavcodec/rv10.c that makes the
crash go away. I've attached the patch to this mail.
I have verified the crash on PPC, Roberto on x86.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805494784 (LWP 15449)]
ff_er_frame_end (s=0x10716d70) at error_resilience.c:688
688 if(pic->ref_index[i])
(gdb) bt
#0 ff_er_frame_end (s=0x10716d70) at error_resilience.c:688
#1 0x1030165c in rv10_decode_frame (avctx=0x10716a00, data=0x10716920,
data_size=0x7fc04428,
buf=0x10837b70 "??7\217?\212??A?'8\236??r\022e?\r??G\031???\v???<d~e??7\225\022$?\215D?oWx\216`CKN#Fb??\\\002??@d?\224??<?*\036?;??\002?.3H\030????W\215\\3\n?Bj\020???c?&<?Y?\215cEsCV0???\235\004\227Qt?#?0?M?O\025\203\026\0040&K\207\201pbn?\b\031?\017??J??=?p\211.?.\234<?S\215\016\005 FFB\213\001\221?hV\001\200?y\204\020`B?\200P\202\025\037?='&???\f????"..., buf_size=391) at rv10.c:741
#2 0x101c457c in avcodec_decode_video (avctx=0x10716a00, picture=0x0,
got_picture_ptr=0x20004482, buf=0x10 <Address 0x10 out of bounds>,
buf_size=391) at utils.c:946
#3 0x100d470c in decode (sh=0x106f0b40, data=0x10716920, len=391,
flags=277052272) at vd_ffmpeg.c:819
#4 0x100cdf88 in decode_video (sh_video=0x106f0b40, start=0x10837b60 "",
in_size=415, drop_frame=0, pts=-9.2233720368547758e+18) at dec_video.c:316
#5 0x1004dfa8 in main (argc=<value optimized out>, argv=<value optimized out>)
at mplayer.c:3556
Let me know if you need more information.
Diego
-------------- next part --------------
--- libavcodec/rv10.c 2006-04-13 01:46:22.000000000 +0200
+++ libavcodec/rv10.c 2006-04-13 14:13:36.000000000 +0200
@@ -737,7 +737,7 @@
rv10_decode_packet(avctx, buf, buf_size);
}
- if(s->mb_y>=s->mb_height){
+ if(s->current_picture_ptr != NULL && s->mb_y>=s->mb_height){
ff_er_frame_end(s);
MPV_frame_end(s);
More information about the ffmpeg-devel
mailing list