[Ffmpeg-devel] WMV3 segfaults in vc1_decode_intra_block()

Nikns Siankin nikns
Mon Dec 11 12:08:22 CET 2006 

Sample: http://pazeme.lv/nokia_n90.wmv

# uname -a
OpenBSD obsd.my.domain 4.0 GENERIC#690 amd64

# gdb ffmpeg_g
GNU gdb 6.3   
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd4.0"...(no debugging symbols found)

(gdb) r -i /tmp/nokia_n90.wmv /tmp/nokia.avi
Starting program: /usr/ports/graphics/ffmpeg/w-ffmpeg-20061211/ffmpeg-cvs-20061211/ffmpeg_g -i 
/tmp/nokia_n90.wmv /tm  p/nokia.avi
FFmpeg version SVN-r7274, Copyright (c) 2000-2006 Fabrice Bellard, et al.
  configuration:  --enable-shared --cc=cc --disable-opts --enable-a52 --enable-pp --enable-gpl 
--enable-pthreads --di  sable-debug --enable-faac --enable-faad
--enable-mp3lame --enable-libogg --enable-vorbis --extra-ldflags=-lm -L/usr/l  ocal/lib 
--extra-cflags=-I/usr/local/include
  libavutil version: 49.1.0
  libavcodec version: 51.26.0
  libavformat version: 51.6.0
  built on Dec 11 2006 12:48:03, gcc: 3.3.5 (propolice)
Compiler did not align stack variables, libavcodec has been misscompiled
and will possible be very slow or may crash, this is not a bug in the   
application but in the compiler
so reporting it anywhere but to the compiler maintainers is senseless!

Seems stream 1 codec frame rate differs from container frame rate: 1000.00 (1000/1) -> 25.00 (25/1)
Input #0, asf, from '/tmp/nokia_n90.wmv':
  Duration: 00:00:27.0, start: 2.000000, bitrate: 597 kb/s
  Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s
  Stream #0.1: Video: wmv3, yuv420p, 640x480, 25.00 fps(r)
Output #0, avi, to '/tmp/nokia.avi':
  Stream #0.0: Video: mpeg4, yuv420p, 640x480, q=2-31, 200 kb/s, 25.00 fps(c)
  Stream #0.1: Audio: mp2, 44100 Hz, stereo, 64 kb/s
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop encoding
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 27339, thread 0x479c6000]
0x000000004b986625 in vc1_decode_intra_block () from /usr/local/lib/libavcodec.so.8.0
(gdb)
(gdb) bt
#0  0x000000004b986625 in vc1_decode_intra_block () from /usr/local/lib/libavcodec.so.8.0
#1  0x000000004b987741 in vc1_decode_p_mb () from /usr/local/lib/libavcodec.so.8.0
#2  0x000000004b98ad5a in vc1_decode_p_blocks () from /usr/local/lib/libavcodec.so.8.0
#3  0x000000004b98b8ff in vc1_decode_frame () from /usr/local/lib/libavcodec.so.8.0   
#4  0x000000004b75c43c in avcodec_decode_video () from /usr/local/lib/libavcodec.so.8.0
#5  0x00000000004061d2 in output_packet ()
#6  0x0000000000406dff in av_encode ()
#7  0x000000000040b035 in main ()
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x4b986605 to 0x4b986645:
0x000000004b986605 <vc1_decode_intra_block+597>:        rexX and    $0x40,%al
0x000000004b986608 <vc1_decode_intra_block+600>:        mov    0x7e8(%r12),%rdx
0x000000004b986610 <vc1_decode_intra_block+608>:        test   %ecx,%ecx
0x000000004b986612 <vc1_decode_intra_block+610>:        movsbl (%rax,%rdx,1),%r11d
0x000000004b986617 <vc1_decode_intra_block+615>:        je     0x4b986ac3 <vc1_decode_intra_block+1811>
0x000000004b98661d <vc1_decode_intra_block+621>:        mov    0x38(%rsp),%ecx
0x000000004b986621 <vc1_decode_intra_block+625>:        test   %ecx,%ecx
0x000000004b986623 <vc1_decode_intra_block+627>:        je     0x4b98662e <vc1_decode_intra_block+638>
0x000000004b986625 <vc1_decode_intra_block+629>:        movsbl 0xffffffffffffffff(%rax,%rdx,1),%edx
0x000000004b98662a <vc1_decode_intra_block+634>:        mov    %edx,0x30(%rsp)
0x000000004b98662e <vc1_decode_intra_block+638>:        test   %r15d,%r15d
0x000000004b986631 <vc1_decode_intra_block+641>:        je     0x4b986643 <vc1_decode_intra_block+659>
0x000000004b986633 <vc1_decode_intra_block+643>:        mov    0x30(%rsp),%eax
0x000000004b986637 <vc1_decode_intra_block+647>:        cmp    $0x3,%r15d
0x000000004b98663b <vc1_decode_intra_block+651>:        cmovle %r11d,%eax
0x000000004b98663f <vc1_decode_intra_block+655>:        mov    %eax,0x30(%rsp)
0x000000004b986643 <vc1_decode_intra_block+659>:        mov    0x48(%rsp),%eax
End of assembler dump.
(gdb) info all-registers
rax            0x0      0
rbx            0x434e5080       1129205888
rcx            0x1      1
rdx            0x4c039000       1275301888
rsi            0x1      1
rdi            0x0      0
rbp            0x411f3a60       0x411f3a60
rsp            0x7f7ffffd75c0   0x7f7ffffd75c0
r8             0x1      1
r9             0x411f3a40       1092565568
r10            0xc      12
r11            0xc      12
r12            0x4b501000       1263538176
r13            0x1      1
r14            0x19     25
r15            0x1      1
rip            0x4b986625       0x4b986625 <vc1_decode_intra_block+629>
eflags         0x210202 2163202
cs             0x1f     31
ss             0x17     23
ds             0x17     23
es             0x17     23
fs             0x17     23
gs             0x17     23
st0            -nan(0x3b3b3b3b3b3b3b3b) (raw 0xffff3b3b3b3b3b3b3b3b)
st1            -nan(0x3b003b003b003b)   (raw 0xffff003b003b003b003b)
st2            -nan(0x3a3a3a3a3a3a3a3a) (raw 0xffff3a3a3a3a3a3a3a3a)
st3            -nan(0x3a003a003a003a)   (raw 0xffff003a003a003a003a)
st4            -nan(0x3838383838383838) (raw 0xffff3838383838383838)
st5            -nan(0x38003800380038)   (raw 0xffff0038003800380038)
st6            -nan(0x3838383838383838) (raw 0xffff3838383838383838)
st7            -nan(0x38003800380038)   (raw 0xffff0038003800380038)
fctrl          0x127f   4735
fstat          0x20     32
ftag           0xaaaa   43690
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0 
fooff          0x0      0 
fop            0x0      0
xmm0           {f = {0x0, 0xc, 0x0, 0x0}}       {f = {0, 12.1138916, 0, 0}}
xmm1           {f = {0x0, 0xc, 0x0, 0x0}}       {f = {0, 12.0681152, 0, 0}}
xmm2           {f = {0x40000000, 0x1, 0x0, 0x0}}        {f = {1.40365254e+16, 1.74816322, 0, 0}}
xmm3           {f = {0x0, 0x1, 0x0, 0x0}}       {f = {1.95156399e-20, 1.63999999, 0, 0}}
---Type <return> to continue, or q <return> to quit---
xmm4           {f = {0x0, 0xffffffff, 0x0, 0x0}}        {f = {1.38496724e-20, -1.35766685, 0, 0}}
xmm5           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {-3.8517049e-18, 0.694354832, 0, 0}}
xmm6           {f = {0x0, 0x0, 0x0, 0x0}}       {f = {1.78844133e-32, -0.160348564, 0, 0}}
xmm7           {f = {0x8b900000, 0xfffffffe, 0x0, 0x0}} {f = {9.98814043e+12, -2.00507355, 0, 0}}
xmm8           {f = {0x0, 0xffffffff, 0x0, 0x0}}        {f = {-4.14729584e-07, -1.28627229, 0, 0}}
xmm9           {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm10          {f = {0x0, 0x1, 0x0, 0x0}}       {f = {0, 1.875, 0, 0}}
xmm11          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}  
xmm12          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}  
xmm13          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}  
xmm14          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}  
xmm15          {f = {0x0, 0x0, 0x0, 0x0}}       {f = {0, 0, 0, 0}}  
mxcsr          0x1fa0   8096
(gdb)

More information about the ffmpeg-devel mailing list