[FFmpeg-devel] fix memleak in h264_parser: introduced bug?
vmrsss
vmrsss
Fri Apr 10 16:04:49 CEST 2009
Hello.
There seems to be a problem with the recent changes to
ff_h264_decode_rbsp_trailing(), which causes ffmpeg to crash.
Below is the GDB trace. Is this worth a bug a report? regards.
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x00000260
> 0x009c11fb in ff_h264_decode_rbsp_trailing ()
> (gdb) bt
> #0 0x009c11fb in ff_h264_decode_rbsp_trailing ()
> #1 0x01502dc0 in ?? ()
> (gdb) disass $pc-32 $pc+32
> Dump of assembler code from 0x9c11db to 0x9c121b:
> 0x009c11db <ff_h264_decode_rbsp_trailing+4063>: add %cl,
> 0x37e82404(%ecx)
> 0x009c11e1 <ff_h264_decode_rbsp_trailing+4069>: sahf
> 0x009c11e2 <ff_h264_decode_rbsp_trailing+4070>: data16
> 0x009c11e3 <ff_h264_decode_rbsp_trailing+4071>: add %cl,
> 0x5182444(%ebx)
> 0x009c11e9 <ff_h264_decode_rbsp_trailing+4077>: shrb $0x24,0x4890000
> 0x009c11f0 <ff_h264_decode_rbsp_trailing+4084>: call 0x102b01b
> <dyld_stub_av_freep>
> 0x009c11f5 <ff_h264_decode_rbsp_trailing+4089>: mov 0x18(%esp),%edx
> 0x009c11f9 <ff_h264_decode_rbsp_trailing+4093>: mov (%edx),%eax
> 0x009c11fb <ff_h264_decode_rbsp_trailing+4095>: mov 0x260(%eax),
> %ecx
> 0x009c1201 <ff_h264_decode_rbsp_trailing+4101>: test %ecx,%ecx
> 0x009c1203 <ff_h264_decode_rbsp_trailing+4103>: jle 0x9c125d
> <ff_h264_decode_rbsp_trailing+4193>
> 0x009c1205 <ff_h264_decode_rbsp_trailing+4105>: mov %edx,%ebp
> 0x009c1207 <ff_h264_decode_rbsp_trailing+4107>: movl $0x0,0x1c(%esp)
> 0x009c120f <ff_h264_decode_rbsp_trailing+4115>: mov 0x2ab08(%ebp),
> %edi
> 0x009c1215 <ff_h264_decode_rbsp_trailing+4121>: test %edi,%edi
> 0x009c1217 <ff_h264_decode_rbsp_trailing+4123>: je 0x9c1249
> <ff_h264_decode_rbsp_trailing+4173>
> 0x009c1219 <ff_h264_decode_rbsp_trailing+4125>: lea 0x2ad8(%edi),
> %esi
> End of assembler dump.
> (gdb) info all-registers
> eax 0x0 0
> ecx 0x2 2
> edx 0x1500000 22020096
> ebx 0x1f79 8057
> esp 0xbfffdc50 0xbfffdc50
> ebp 0x1500000 0x1500000
> esi 0x1423430 21115952
> edi 0x1809200 25203200
> eip 0x9c11fb 0x9c11fb <ff_h264_decode_rbsp_trailing+4095>
> eflags 0x210286 2163334
> cs 0x17 23
> ss 0x1f 31
> ds 0x1f 31
> es 0x1f 31
> fs 0x0 0
> gs 0x37 55
> st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
> st1 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
> st2 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
> st3 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
> st4 <invalid float value> (raw 0xffff0000000000000000)
> st5 <invalid float value> (raw 0xffff0000000000000000)
> st6 <invalid float value> (raw 0xffff0000000000000000)
> st7 145192 (raw 0x40108dca000000000000)
> fctrl 0x37f 895
> fstat 0x20 32
> ftag 0xffff 65535
> fiseg 0x17 23
> fioff 0x124942d 19174445
> foseg 0x1f 31
> fooff 0xbfffdb1c -1073751268
> fop 0x19c 412
> xmm0 {
> v4_float = {0, 0, 0, 3.57331108e-43},
> v2_double = {0, 1.2598673968951787e-321},
> v16_int8 = '\0' <repeats 15 times>, "?",
> v8_int16 = {0, 0, 0, 0, 0, 0, 0, 255},
> v4_int32 = {0, 0, 0, 255},
> v2_int64 = {0, 255},
> uint128 = 18374686479671623680
> } (raw 0xff000000000000000000000000000000)
> xmm1 {
> v4_float = {1.35648315e-19, 4.00462996e-11, 1.5367961e-16,
> 0.000152803957},
> v2_double = {6.0208449096432092e-154, 1.5490963614234521e-129},
> v16_int8 = " %0.0 %1.79 :",
> v8_int16 = {8224, 9520, 11824, 8224, 9521, 11831, 14624, 14848},
> v4_int32 = {538977584, 774905888, 623980087, 958413312},
> v2_int64 = {2314891097331998752, 2679974067978648064},
> uint128 = 0x202025302e30202025312e3739203a00
> } (raw 0x003a2039372e31252020302e30252020)
> xmm2 {
> v4_float = {0, 0, 2.34184089e-38, -nan(0x7fffff)},
> v2_double = {0, 7.0641644859886621e-304},
> v16_int8 = "\000\000\000\000\000\000\000\000\000?\000?????",
> v8_int16 = {0, 0, 0, 0, 255, 255, -1, -1},
> v4_int32 = {0, 0, 16711935, -1},
> v2_int64 = {0, 71777218572845055},
> uint128 = 18446744073692839680
> } (raw 0xffffffffff00ff000000000000000000)
> xmm3 {
> v4_float = {0, 0, 0, 0},
> v2_double = {0, 0},
> v16_int8 = '\0' <repeats 15 times>,
> v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0},
> v4_int32 = {0, 0, 0, 0},
> v2_int64 = {0, 0},
> uint128 = 0
> } (raw 0x00000000000000000000000000000000)
> xmm4 {
> v4_float = {0, 0, 1.75, 0},
> v2_double = {0, 0.5},
> v16_int8 = "\000\000\000\000\000\000\000\000??\000\000\000\000\000",
> v8_int16 = {0, 0, 0, 0, 16352, 0, 0, 0},
> v4_int32 = {0, 0, 1071644672, 0},
> v2_int64 = {0, 4602678819172646912},
> uint128 = 57407
> } (raw 0x000000000000e03f0000000000000000)
> xmm5 {
> v4_float = {2.79467286e+20, 0, 0, 0},
> v2_double = {2.5867673112991909e+161, 0},
> v16_int8 = "arf4", '\0' <repeats 11 times>,
> v8_int16 = {24946, 26164, 0, 0, 0, 0, 0, 0},
> v4_int32 = {1634887220, 0, 0, 0},
> v2_int64 = {7021787142548357120, 0},
> uint128 = 0x61726634000000000000000000000000
> } (raw 0x00000000000000000000000034667261)
> xmm6 {
> v4_float = {1.46939036e-39, 1.46939036e-39, 1.46939036e-39,
> 1.46939036e-39},
> v2_double = {2.2251078109579301e-308, 2.2251078109579301e-308},
> v16_int8 =
> "\000\020\000\020\000\020\000\020\000\020\000\020\000\020\000\020",
> v8_int16 = {16, 16, 16, 16, 16, 16, 16, 16},
> v4_int32 = {1048592, 1048592, 1048592, 1048592},
> v2_int64 = {4503668347895824, 4503668347895824},
> uint128 = 0x00100010001000100010001000100010
> } (raw 0x10001000100010001000100010001000)
> xmm7 {
> v4_float = {9.18368975e-41, 9.18368975e-41, 9.18368975e-41,
> 9.18368975e-41},
> v2_double = {1.3906923818487063e-309, 1.3906923818487063e-309},
> v16_int8 =
> "\000\001\000\001\000\001\000\001\000\001\000\001\000\001\000\001",
> v8_int16 = {1, 1, 1, 1, 1, 1, 1, 1},
> v4_int32 = {65537, 65537, 65537, 65537},
> v2_int64 = {281479271743489, 281479271743489},
> uint128 = 0x00010001000100010001000100010001
> } (raw 0x01000100010001000100010001000100)
> mxcsr 0x1fa1 8097
> mm0 {
> uint64 = -9187201950435737472,
> v2_int32 = {-2139062144, -2139062144},
> v4_int16 = {-32640, -32640, -32640, -32640},
> v8_int8 = "????????"
> } (raw 0x8080808080808080)
> mm1 {
> uint64 = -9187201950435737472,
> v2_int32 = {-2139062144, -2139062144},
> v4_int16 = {-32640, -32640, -32640, -32640},
> v8_int8 = "????????"
> } (raw 0x8080808080808080)
> mm2 {
> uint64 = -9187201950435737472,
> v2_int32 = {-2139062144, -2139062144},
> v4_int16 = {-32640, -32640, -32640, -32640},
> v8_int8 = "????????"
> } (raw 0x8080808080808080)
> mm3 {
> uint64 = -9187201950435737472,
> v2_int32 = {-2139062144, -2139062144},
> v4_int16 = {-32640, -32640, -32640, -32640},
> v8_int8 = "????????"
> } (raw 0x8080808080808080)
> mm4 {
> uint64 = 0,
> v2_int32 = {0, 0},
> v4_int16 = {0, 0, 0, 0},
> v8_int8 = "\000\000\000\000\000\000\000"
> } (raw 0x0000000000000000)
> mm5 {
> uint64 = 0,
> v2_int32 = {0, 0},
> v4_int16 = {0, 0, 0, 0},
> v8_int8 = "\000\000\000\000\000\000\000"
> } (raw 0x0000000000000000)
> mm6 {
> uint64 = 0,
> v2_int32 = {0, 0},
> v4_int16 = {0, 0, 0, 0},
> v8_int8 = "\000\000\000\000\000\000\000"
> } (raw 0x0000000000000000)
> mm7 {
> uint64 = -8229765369066160128,
> v2_int32 = {0, -1916141568},
> v4_int16 = {0, 0, 0, -29238},
> v8_int8 = "\000\000\000\000\000\000?"
> } (raw 0x8dca000000000000)
> (gdb)
>
More information about the ffmpeg-devel
mailing list