[Mplayer-advusers] mplayer segfaults on avis with defect headers

Attila Kinali kinali at gmx.net
Sun Apr 20 14:02:08 CEST 2003


Hi,

Ever tried to play an AVI with defect headers ?
You'll get in 90% of the cases a segfault.

One example is:
---
(gdb) run King\ of\ Bandits\ Jing\ -\ 08.avi -v
Starting program: /home/attila/src/mplayer/main/mplayer King\ of\ Bandits\ Jing\ -\ 08.avi -v
[New Thread 16384 (LWP 9631)]
Using GNU internationalization
Original domain: messages
Original dirname: /usr/share/locale
Current domain: mplayer
Current dirname: /usr/local/share/locale


MPlayer dev-CVS-030228-14:06-2.95.4 (C) 2000-2003 Arpad Gereoffy (see DOCS)

CPU: Advanced Micro Devices Duron SF Spitfire (Family: 6, Stepping: 1)
Detected cache-line size is 64 bytes
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 0 SSE2: 0
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx

Reading config file /usr/local/etc/mplayer/mplayer.conf: Datei oder Verzeichnis nicht gefunden
Reading config file /home/attila/.mplayer/config
Reading /home/attila/.mplayer/codecs.conf: can't open '/home/attila/.mplayer/codecs.conf': Datei oder Verzeichnis nicht gefunden
Reading /usr/local/etc/mplayer/codecs.conf: 53 audio & 141 video codecs
CommandLine: 'King of Bandits Jing - 08.avi' '-v'
get_path('font/font.desc') -> '/home/attila/.mplayer/font/font.desc'
Font /home/attila/.mplayer/font/font.desc loaded successfully! (140 chars)
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Linux RTC init error in ioctl (rtc_irqp_set 1024): Keine Berechtigung
Try adding "echo 1024 > /proc/sys/dev/rtc/max-user-freq" to your system startup scripts.
Using usleep() timing
get_path('input.conf') -> '/home/attila/.mplayer/input.conf'
Can't open input config file /home/attila/.mplayer/input.conf : Datei oder Verzeichnis nicht gefunden
Can't open input config file /usr/local/etc/mplayer/input.conf : Datei oder Verzeichnis nicht gefunden
Falling back on default (hardcoded) input config
get_path('King of Bandits Jing - 08.avi.conf') -> '/home/attila/.mplayer/King of Bandits Jing - 08.avi.conf'

Playing King of Bandits Jing - 08.avi
Not an URL!
[file] File size is 216621056 bytes
STREAM: [file] King of Bandits Jing - 08.avi
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
Checking for YUV4MPEG2
DEMUXER: freeing demuxer at 0x84515f8  
ASF_check: not ASF guid!
DEMUXER: freeing demuxer at 0x84515f8  
Checking for NuppelVideo
DEMUXER: freeing demuxer at 0x84515f8  
Checking for REAL
DEMUXER: freeing demuxer at 0x84515f8  
Checking for SMJPEG
DEMUXER: freeing demuxer at 0x84515f8  
Searching demuxer type for filename King of Bandits Jing - 08.avi ext: .avi
Trying demuxer 3 based on filename extension
stream_seek: WARNING! Can't seek to 0x227E5460 !
stream_seek: WARNING! Can't seek to 0x494C2052 !
ds_fill_buffer: EOF reached (stream: video)  
AVI: Missing video stream!? Contact the author, it may be a bug :(
Checking for MOV
DEMUXER: freeing demuxer at 0x84526c8  
Checking for VIVO
header block 1 size: 12
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
DEMUXER: freeing demuxer at 0x84526c8  
Checking for PVA
DEMUXER: freeing demuxer at 0x84526c8  
************Checking for TS************
NOT A TS FILE1
TRIED UP TO POSITION 1000000, FUOND 62, packet_size= 0
DEMUXER: freeing demuxer at 0x84526c8  
sync_mpeg_ps: seems to be MP3 stream...
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)  
MPEG packet stats: p100: 3  p101: 0 p1B6: 0 p12x: 4 sli: 1 a: 1 b: 0 c: 0 idr: 0 sps: 0 pps: 0 PES: 0  MP3: 104 
==> Found audio stream: 0
======= WAVE Format =======
Format Tag: 85 (0x55)
Channels: 2
Samplerate: 48000
avg byte/sec: 16000
Block align: 1
bits/sample: 0
cbSize: 12
mp3.wID=1
mp3.fdwFlags=0x2
mp3.nBlockSize=384
mp3.nFramesPerBlock=1
mp3.nCodecDelay=1393
demux_audio: audio data 0x284E - 0x0  
Audio file detected.
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
dec_audio: Allocating 4608 + 65536 = 70144 bytes for output buffer
mp3lib: made decode tables with MMX optimization
mp3lib: using 3DNow!Ex optimized decore!
MP3lib: init layer2&3 finished, tables done
MPEG 1.0, Layer III, 48000 Hz 128 kbit Joint-Stereo, BPF: 384
Channels: 2, copyright: No, original: Yes, CRC: No, emphasis: 0
AUDIO: 48000 Hz, 2 ch, 16 bit (0x10), ratio: 16000->192000 (128.0 kbit)
Selected audio codec: [mp3] afm:mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
Checking audio filter chain for 48000Hz/2ch/16bit -> 48000Hz/2ch/16bit...
[libaf] Adding filter dummy 
[dummy] Was reinitialized, rate=48000Hz, nch = 2, format = 0x00000001 and bps = 2
AF_pre: af format: 2 bps, 2 ch, 48000 hz, little endian signed int 
AF_pre: 48000Hz 2ch Signed 16-bit (Little-Endian)
ao2: 48000 Hz  2 chans  Signed 16-bit (Little-Endian)
audio_setup: using '/dev/dsp' dsp device
audio_setup: sample format: Signed 16-bit (Little-Endian) (requested: Signed 16-bit (Little-Endian))
audio_setup: using 2 channels (requested: 2)
audio_setup: using 48000 Hz samplerate (requested: 48000)
audio_setup: frags:  16/16  (4096 bytes/frag)  free:  65536
AO: [oss] 48000Hz 2ch Signed 16-bit (Little-Endian) (2 bps)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
Building audio filter chain for 48000Hz/2ch/16bit -> 48000Hz/2ch/16bit...
[dummy] Was reinitialized, rate=48000Hz, nch = 2, format = 0x00000001 and bps = 2
[dummy] Was reinitialized, rate=48000Hz, nch = 2, format = 0x00000001 and bps = 2
Video: no video
Freeing 0 unused video chunks
Starting playback...
mp3lib: layer-1 audio not yet supported!
mp3lib: layer-1 audio not yet supported!
big_values too large!                                                        
mp3lib: layer-1 audio not yet supported!
Blocktype == 0 and window-switching == 1 not allowed.                        

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 9631)]
III_get_scale_factors_1 (scf=0xbfffe3ac, gr_info=0xbfffe240) at layer3.c:487
487        int num0 = slen[0][gr_info->scalefac_compress];
(gdb) p num0
$1 = 137717120
(gdb) p gr_info
$2 = (struct gr_info_s *) 0xbfffe240
(gdb) p slen
$3 = {"\0\0\0\0\003\001\001\001\002\002\002\003\003\003\004\004", 
  "\0\001\002\003\0\001\002\003\001\002\003\001\002\003\002\003"}
(gdb) p gr_info->scalefac_compress
$4 = 3221218341
(gdb) p slen[0][gr_info->scalefac_compress] 
Cannot access memory at address 0xc831b1a5
(gdb) p slen[0]                            
$5 = "\0\0\0\0\003\001\001\001\002\002\002\003\003\003\004\004"
---


I saw also some other types of segfaults. Depends on the file.
How to reproduce ? Just take a random AVI, overwrite the "RIFF"
at the beginning by something random and try to play it.


Greetings

		Attila Kinali

-- 
Emacs ist für mich kein Editor. Für mich ist das genau das gleiche, als wenn
ich nach einem Fahrrad (für die Sonntagbrötchen) frage und einen pangalaktischen
Raumkreuzer mit 10 km Gesamtlänge bekomme. Ich weiß nicht, was ich damit soll.
		-- Frank Klemm, de.comp.os.unix.discussion



More information about the MPlayer-advusers mailing list