[Ffmpeg-devel] random crashes decoding MP3s
Jacob Meuser
jakemsr
Fri Mar 31 21:13:04 CEST 2006
hola,
I'm seeing occasional random crashes decoding VBR MP3s to WAV, ie:
$ ffmpeg file_vbr.mp3 file.wav
this is from FFmpeg CVS as of about 9 hours ago on OpenBSD
-current. I also see the crashes with FFmpeg CVS from 03/21/06.
here is the gdb info:
puff:~/wavs/gd/04-15-78% gdb -c ffmpeg.core ffmpeg
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd3.9"...
(no debugging symbols found)
Core was generated by `ffmpeg'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.6.2...done.
Loaded symbols for /usr/lib/libpthread.so.6.2
Reading symbols from /usr/local/lib/libavformat.so.8.0...done.
Loaded symbols for /usr/local/lib/libavformat.so.8.0
Reading symbols from /usr/local/lib/libavcodec.so.8.0...done.
Loaded symbols for /usr/local/lib/libavcodec.so.8.0
Reading symbols from /usr/local/lib/libavutil.so.2.0...done.
Loaded symbols for /usr/local/lib/libavutil.so.2.0
Reading symbols from /usr/lib/libossaudio.so.3.0...done.
Loaded symbols for /usr/lib/libossaudio.so.3.0
Reading symbols from /usr/lib/libm.so.2.2...done.
Loaded symbols for /usr/lib/libm.so.2.2
Reading symbols from /usr/lib/libz.so.4.1...done.
Loaded symbols for /usr/lib/libz.so.4.1
Symbols already loaded for /usr/lib/libpthread.so.6.2
Reading symbols from /usr/lib/libc.so.39.0...done.
Loaded symbols for /usr/lib/libc.so.39.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 0x000000004677216e in huffman_decode (s=0x42456000, g=0x7f7ffffd6c74,
exponents=0x7f7ffffd5e80, end_pos=6046) at mpegaudiodec.c:1656
1656 y = code_table[code];
(gdb) bt full
#0 0x000000004677216e in huffman_decode (s=0x42456000, g=0x7f7ffffd6c74,
exponents=0x7f7ffffd5e80, end_pos=6046) at mpegaudiodec.c:1656
s_index = 76
linbits = 6
x = 4720
y = 19
v = 538
i = 1
j = 224
last_gb = {buffer = 0x424561ef "0?u1?\02008+14\2130ho0",
buffer_end = 0x7f7ffffd75e8 "", index = 4085, size_in_bits = 8776}
vlc = (VLC *) 0x46d15cb0
code_table = (uint8_t *) 0x4dc4ef00 ""
#1 0x00000000467736ba in mp_decode_layer3 (s=0x42456000)
at mpegaudiodec.c:2357
sc = (uint8_t *) 0x0
slen = 4720
slen1 = 0
slen2 = 0
nb_granules = 2
main_data_begin = 1111843311
gr = 1
ch = 0
i = 538
j = 19
k = 1111847488
n = 538
bits_pos = 4091
bits_left = 538
granules = {{{scfsi = 0 '\0', part2_3_length = 2040, big_values = 192,
global_gain = 153, scalefac_compress = 0, block_type = 1 '\001',
switch_point = 0 '\0', table_select = {29, 26, 0}, subblock_gain = {0,
0, 0}, scalefac_scale = 0 '\0', count1table_select = 1 '\001',
region_size = {18, 174, 0}, preflag = 0, short_start = 13,
long_end = 22, scale_factors = '\0' <repeats 39 times>, sb_hybrid = {
-1577320, -5780645, -379415, 23160281, 25966313, 28152530, -4380511,
-8599582, -3896965, -10614381, -3459102, 1041793, 2953748, 6171880,
10068436, 1034048, -9215532, 1142164, 1565448, 2546380, 3102728,
6967240, -1208424, 988432, 1545452, -386616, 1725630, 1558329,
4838375, -241639, -11849912, -5749124, -334232, -8193084, -837420,
-358016, -1020944, -899248, 1020148, 701960, 1205368, 3025688, 936516,
299200, -2093699, 2278517, 4611360, 3392461, 413744, 1869484, 530756,
636452, -304196, 902484, 1676040, 902172, 532756, 3249412, 1306632,
2120156, -999052, -1849944, -1626572, -3474191, -1759655, -2756539,
-1378588, -1419772, 816864, -488012, -737012, -656516, -715140,
-1505272, 30716, 482504, 1131124, 2209136, -1313400, -498356, 910459,
624168, 682729, 800272, 212840, -205052, -190440, 232676, 403288,
-594144, -220368, -770256, -325836, 233352, 381900, 717488, -7096,
-218044, 221424, -47418, -1210438, -791278, 515948, -1164160, -712812,
-757400, -950984, -1263608, 62292, 94608, -222148, -853024, 167528,
244996, 747644, 1870180, 519760, 638650, -481086, -1021106, -995436,
-1081472, -51380, -99252, -430624, -1423316, -141928, -679756,
-274644, -1149532, -623972, 203236, 589128, 758404, 318208, 343312,
87428, 856200, 292020, -97548, -429220, -569296, -8732, -59092,
128392, 214564, 45672, 104600, -175040, -171828, 123940, 4260, -27881,
-7264, -25451, -3668, -1568, 184372, 231484, 162592, 13656, 183736,
83144, -150388, -285824, -252736, -403044, -513476, 968, -502364,
-164121, -45402, 24843, -47690, -94864, -71588, 208252, 157812,
-18560, 192088, 33252, -3860, -124508, -105040, -33140, -153804,
27180, -5828, -48368, -1697, -49, -48541, -14340, -31888, -44824,
-54152, 7612, 41696, 11904, 42512...}}, {scfsi = 0 '\0',
part2_3_length = 1955, big_values = 262, global_gain = 161,
scalefac_compress = 0, block_type = 2 '\002', switch_point = 0 '\0',
table_select = {27, 20, 0}, subblock_gain = {0, 0, 0},
scalefac_scale = 0 '\0', count1table_select = 1 '\001', region_size = {
18, 244, 0}, preflag = 0, short_start = 0, long_end = 0,
scale_factors = '\0' <repeats 39 times>, sb_hybrid = {-4244764,
11526727, 10971271, 349920, -1514017, -35549682, 1031682, 4244764,
3397186, 21898235, -1031682, 737938, -3604620, 5366668, -9083074,
-471175, 1348174, -8820755, -238443, -8560373, 3397186, 12944664,
-2221855, 6794509, -55109, 1348174, 1187287, 238443, -2221855,
-3397186, 6070079, 2038657, -1514017, -238443, -55109, -1187287,
4244764, 1514017, -4028491, -1187287, -600838, 349920, 238443,
-5598724, -471175, -2221855, -2408912, 5833211, 471175, 2038657,
-600838, -1348174, -2038657, -238443, 349920, 2794005, 600838,
-1031682, -600838, -238443, -138866, 2991776, 1031682, 737938,
-600838, -238443, 238443, 471175, 2408912, -1348174, 881744, -1514017,
471175, -600838, 881744, -2794005, 0 <repeats 500 times>}}}, {{
scfsi = 0 '\0', part2_3_length = 2051, big_values = 159,
global_gain = 152, scalefac_compress = 0, block_type = 1 '\001',
switch_point = 0 '\0', table_select = {29, 26, 0}, subblock_gain = {0,
0, 0}, scalefac_scale = 0 '\0', count1table_select = 1 '\001',
region_size = {18, 141, 0}, preflag = 0, short_start = 13,
long_end = 22, scale_factors = '\0' <repeats 39 times>, sb_hybrid = {
-2191115, -8223285, -6082296, 16978399, 32803159, 35294424, 520421,
-110347, -7053914, -11796164, -4298420, 361355, 1926904, 1730220,
2215744, 1166360, 838192, 2637464, 1584116, 3535792, 2386948, 5702328,
60988, -1239064, -1970860, -1557988, 2437278, -1527808, 4531438,
4134496, -2746284, 3972908, -1091620, -3690236, -867076, 2172536,
2122888, 2230844, -104568, 1884060, 954836, 1411972, 1147456, 1989096,
339911, 230340, 541013, 752844, 43796, 2769208, 2289012, 1337848,
-772264, 495568, 538200, 747872, 128660, 1178452, 1121060, 805784,
851112, 1506528, -500566, 117722, 288960, -178066, -233352, 136576,
348856, -569852, -321264, 433820, 279012, 210172, -1108328, -2015016,
-718516, -1618764, -1239164, -1241872, -1184062, -2953375, -107597,
-1101611, -520604, -458968, -138824, -752708, -215144, 363624, -6480,
-104140, -636840, -1214440, -265372, -1382544, -324400, -48896,
-313663, 66240, 443907, -266636, -155348, 661648, -6400, 807056,
1687300, 1321480, -674560, -621328, 1378608, 1895880, 1094032,
2955236, 640952, 356608, 359970, 1642081, 2068863, 5095837, 2069136,
963772, -4162900, -6040684, -1325148, -2769296, -19928, 306088,
276668, 911216, 1000040, 460716, -624264, -408316, -379212, -263904,
376012, -630576, -680476, 128820, 716896, 391152, -653144, -670092,
-84940, -160944, -47568, -109120, 114340, 213260, 131360, 251032,
40305, 256313, 281336, 193169, 5572, 163600, -115356, 68608, -32344,
-389436, 10428, 12952, 80872, -9928, -74928, 154360, 102224, 98860,
20462, -57447, -58753, -37399, -58412, 30816, 120776, 21276, -90844,
-66852, 134100, 32988, -78064, 130472, -10744, 1924, 19224, -164904,
-149074, -90277, 29301, 8783, 57584, 29724, 6048, 24876, -12704,
57036, 37020, 5812...}}, {scfsi = 0 '\0', part2_3_length = 1922,
big_values = 160, global_gain = 155, scalefac_compress = 0,
block_type = 2 '\002', switch_point = 0 '\0', table_select = {28, 26,
0}, subblock_gain = {0, 0, 0}, scalefac_scale = 0 '\0',
count1table_select = 0 '\0', region_size = {18, 142, 0}, preflag = 0,
short_start = 0, long_end = 0, scale_factors = '\0' <repeats 39 times>,
sb_hybrid = {0 <repeats 576 times>}}}}
g = (GranuleDef *) 0x7f7ffffd6c74
exponents = {-49 <repeats 576 times>}
#2 0x0000000046773eba in mp_decode_frame (s=0x42456000, samples=0x46d6b000)
at mpegaudiodec.c:2424
i = 1040
nb_frames = 0
ch = 19
samples_ptr = (OUT_INT *) 0x0
#3 0x000000004677419a in decode_frame (avctx=0x40ccec00, data=0x46d6b000,
data_size=0x7f7ffffd8a3c, buf=0x45d22800 "???D\032\200\a?`L\205w@\003",
buf_size=0) at mpegaudiodec.c:2602
s = (MPADecodeContext *) 0x42456000
header = 4720
buf_ptr = (uint8_t *) 0x45d22c14 ""
len = 1040
out_size = 1304751872
#4 0x0000000046678e66 in avcodec_decode_audio (avctx=0x40ccec00,
samples=0x1270, frame_size_ptr=0x4dc4ef00,
buf=0xfffffff8 <Address 0xfffffff8 out of bounds>, buf_size=538)
at utils.c:971
ret = 538
#5 0x00000000004062b8 in __register_frame_info ()
No symbol table info available.
#6 0x0000000000406e12 in __register_frame_info ()
No symbol table info available.
#7 0x000000000040b593 in main ()
No symbol table info available.
(gdb)
what seems most strange is that the crashes are random. often
just running the process a second time works. I'm decoding several
MP3 files. ffmpeg crashes about 20% of the time. the backtrace
looks very similar every time (ie, huffman_decode() is always #0).
--
<jakemsr at jakemsr.com>
More information about the ffmpeg-devel
mailing list