[Ffmpeg-devel] [Bug] h264 decoder crash (sample included)

Baptiste Coudurier baptiste.coudurier
Wed Feb 7 17:55:31 CET 2007 

Hi

Christopher Lux wrote:
> Dominik 'Rathann' Mierzejewski <dominik at rangers.eu.org> wrote:
> 
>> That's all and well, but keep in mind that we do not have enough
>> manpower to deal with bad bugreports. If you care so much about
>> this bug, make sure you report it properly. You are of course
>> welcome to help us with handling those reports.
> 
> I only hope after this off topic discussion about my mistake trying
> to upload a compressed sample this bug receives some attention and is
> not ignored completely because of the initial problems.
> 
> Has someone had the time to look into the sample and tried to confirm
> that the problem is with ffmpeg and not due to issues of this (and
> other skyoneHD) stream(s)?
> 

>From latest svn:
[h264 @ 0x86074e0]non existing PPS referenced
[h264 @ 0x86074e0]decode_slice_header error
[h264 @ 0x86074e0]non existing PPS referenced
[h264 @ 0x86074e0]decode_slice_header error

[...]

[h264 @ 0x85f9400]illegal short term buffer state detected
[h264 @ 0x85f9400]concealing 4080 DC, 4080 AC, 4080 MV errors
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]PAFF interlacing is not implemented
[h264 @ 0x85f9400]concealing 4080 DC, 4080 AC, 4080 MV errors

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213696320 (LWP 15376)]
0x082285e0 in put_pixels16_mmx (block=0x89ea4a0 "feffddcb`_____^_",
pixels=0x206800 <Address 0x206800 out of bounds>, line_size=3904, h=16)
    at i386/dsputil_mmx.c:434
434         __asm __volatile(

(gdb) bt
#0  0x082285e0 in put_pixels16_mmx (block=0x89ea4a0 "feffddcb`_____^_",
pixels=0x206800 <Address 0x206800 out of bounds>, line_size=3904, h=16)
    at i386/dsputil_mmx.c:434
#1  0x080e26c3 in MPV_motion (s=0x87ccac0, dest_y=<value optimized out>,
dest_cb=<value optimized out>, dest_cr=<value optimized out>, dir=0,
    ref_picture=0x87ccbac, pix_op=<value optimized out>,
qpix_op=0x87cd86c) at mpegvideo.c:3051
#2  0x080e6120 in MPV_decode_mb (s=0x87ccac0, block=0x885d570) at
mpegvideo.c:4008
#3  0x081f55c8 in ff_er_frame_end (s=0x87ccac0) at error_resilience.c:40
#4  0x083900b3 in decode_nal_units (h=0x87ccac0, buf=0x9271e38 "",
buf_size=1514) at h264.c:8227
#5  0x083924b3 in decode_frame (avctx=0x86a0380, data=0xbfd5e064,
data_size=0xbfd5e1f0, buf=0x9271e38 "", buf_size=1514) at h264.c:8322
#6  0x080c92b0 in avcodec_decode_video (avctx=0x86a0380,
picture=0xbfd5e064, got_picture_ptr=0xbfd5e1f0, buf=0x9271e38 "",
buf_size=1514)
    at utils.c:910
#7  0x08065fe4 in output_packet (ist=0x86aa8f0, ist_index=0,
ost_table=0x86aa5a0, nb_ostreams=2, pkt=0xbfd5e820) at ffmpeg.c:1093
#8  0x080683a5 in main (argc=Cannot access memory at address 0xf40
) at ffmpeg.c:1937

(gdb) info all-registers
eax            0x1e80   7808
ecx            0xf40    3904
edx            0x10     16
ebx            0x206800 2123776
esp            0xbfd5d2f4       0xbfd5d2f4
ebp            0x0      0x0
esi            0x89ea4a0        144614560
edi            0x0      0
eip            0x82285e0        0x82285e0 <put_pixels16_mmx+32>
eflags         0x10282  [ SF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            -nan(0x6264666969686767) (raw 0xffff6264666969686767)
st1            -nan(0x6768676761626763) (raw 0xffff6768676761626763)
st2            -nan(0x696b69665e5b595e) (raw 0xffff696b69665e5b595e)
st3            -nan(0x303030300000000)  (raw 0xffff0303030300000000)
st4            -nan(0x848484827b79797a) (raw 0xffff848484827b79797a)
st5            -nan(0x1000101010001)    (raw 0xffff0001000101010001)
st6            -nan(0x003030003)        (raw 0xffff0000000003030003)
st7            <invalid float value>    (raw 0xffff0000000000000000)

[...]

(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x82285c0 to 0x8228600:
0x082285c0 <put_pixels16_mmx+0>:        sub    $0x8,%esp
0x082285c3 <put_pixels16_mmx+3>:        mov    %ebx,(%esp)
0x082285c6 <put_pixels16_mmx+6>:        mov    0x14(%esp),%ecx
0x082285ca <put_pixels16_mmx+10>:       mov    %esi,0x4(%esp)
0x082285ce <put_pixels16_mmx+14>:       mov    0x10(%esp),%ebx
0x082285d2 <put_pixels16_mmx+18>:       mov    0xc(%esp),%esi
0x082285d6 <put_pixels16_mmx+22>:       mov    0x18(%esp),%edx
0x082285da <put_pixels16_mmx+26>:       lea    (%ecx,%ecx,1),%eax
0x082285dd <put_pixels16_mmx+29>:       lea    0x0(%esi),%esi
0x082285e0 <put_pixels16_mmx+32>:       movq   (%ebx),%mm0
0x082285e3 <put_pixels16_mmx+35>:       movq   0x8(%ebx),%mm4
0x082285e7 <put_pixels16_mmx+39>:       movq   (%ebx,%ecx,1),%mm1
0x082285eb <put_pixels16_mmx+43>:       movq   0x8(%ebx,%ecx,1),%mm5
0x082285f0 <put_pixels16_mmx+48>:       movq   %mm0,(%esi)
0x082285f3 <put_pixels16_mmx+51>:       movq   %mm4,0x8(%esi)
0x082285f7 <put_pixels16_mmx+55>:       movq   %mm1,(%esi,%ecx,1)
0x082285fb <put_pixels16_mmx+59>:       movq   %mm5,0x8(%esi,%ecx,1)

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312

More information about the ffmpeg-devel mailing list