[MPlayer-users] [Bug_Report - Crash] Segfault in module: decode_audio

Vincent Gerard v.ge at wanadoo.fr
Sun Feb 4 21:32:01 CET 2007


Hello,
Thanks for your reply, here it is a new bug report done with latest SVN 
version.

So, i've done the test again , and the Segfault still occurs.

Mplayer crash when opening an ogm file with vorbis audio, it is reproductible 
on several differents files from the same series.

I have split with ogmsplit an extract of a buggy file and uploaded it to :

ftp://upload.mplayerhq.hu/MPlayer/incoming/
with file name : Bug.ogm.

this file crash at the second 5 for me.

The bug seems to be from ffmpeg vorbis.c decoder, i don't know if it may be 
specific to AMD64 arch. (it crash even with -ao null)


Vincent Gerard.


Debug information with SVN version:

System information :
-----------------------------
distrib : Gentoo 2006.1 64bits, up to date on AMD64.
kernel : 2.6.18-gentoo-r6
libc version 2.4 NPTL
gcc version 4.1.1 (Gentoo 4.1.1-r1)
GNU ld version 2.16.1
GNU assembler 2.16.1

CPUinfo :
--------------------------
processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 4
model name      : AMD Athlon(tm) 64 Processor 3400+
stepping        : 8
cpu MHz         : 2202.906
cache size      : 1024 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm 3dnowext 3dnow
bogomips        : 4410.74
TLB size        : 1024 4K pages
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp
--------------------------------------------


Launch command and Output:

gdb ./mplayer (in the fresh compliled svn directory)

(gdb) r Bug.ogm
Starting program: /home/vincent/mplayer/mplayer Bug.ogm
[Thread debugging using libthread_db enabled]
[New Thread 47058638590400 (LWP 13558)]
MPlayer dev-SVN-r22133-4.1.1 (C) 2000-2007 MPlayer Team
CPU: AMD Athlon(tm) 64 Processor 3400+ (Family: 15, Model: 4, Stepping: 8)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
mplayer: could not connect to socket
mplayer: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Playing Bug.ogm.
[Ogg] stream 0: video (FOURCC DX50), -vid 0
[Ogg] stream 1: audio (Vorbis), -aid 0
Ogg file format detected.
VIDEO:  [DX50]  576x432  24bpp  25.000 fps    0.0 kbps ( 0.0 kbyte/s)
Clip info:
 Software: Made with BeSweet v1.5b23
 Encoder URL: http://DSPguru.doom9.org
 Language: (not specified)
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Selected video codec: [ffodivx] vfm: ffmpeg (FFmpeg MPEG-4)
==========================================================================
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
AUDIO: 48000 Hz, 2 ch, s16le, 80.0 kbit/5.21% (ratio: 10000->192000)
Selected audio codec: [ffvorbis] afm: ffmpeg (FFmpeg Vorbis decoder)
==========================================================================
AO: [oss] 48000Hz 2ch s16le (2 bytes per sample)
Starting playback...
VDec: vo config request - 576 x 432 (preferred colorspace: Planar YV12)
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.33:1 - prescaling to correct movie aspect.
VO: [xv] 576x432 => 576x432 Planar YV12
New_Face failed. Maybe the font path is wrong. 1 ??% ??% ??,?% 0 0
Please supply the text font file (~/.mplayer/subfont.ttf).
subtitle font: load_sub_face failed.
A:   5.2 V:   5.2 A-V:  0.003 ct:  0.116 132/132  4%  0%  0.4% 0 0
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47058638590400 (LWP 13558)]
0x00000000007f7e99 in vorbis_residue_decode (vc=0xd54110, vr=0xd68e10, 
ch=2 '\002', do_not_decode=0x7ffffeefdd10 "",
    vec=0xd56ce0, vlen=1024) at vorbis.c:1512
1512                                            
vec[voffs     ]+=codebook.codevectors[coffs+l  ];  // FPMATH

-----------------------
Gdb backtrace : 
(gdb)bt
0x00000000007f7e99 in vorbis_residue_decode (vc=0xd54110, vr=0xd68e10, 
ch=2 '\002', do_not_decode=0x7ffffeefdd10 "",
    vec=0xd56ce0, vlen=1024) at vorbis.c:1512
#1  0x00000000007f92d4 in vorbis_parse_audio_packet (vc=0xd54110) at 
vorbis.c:1658
#2  0x00000000007f9988 in vorbis_decode_frame (avccontext=<value optimized 
out>, data=0x2aaaaab29710,
    data_size=0x7ffffeefde84, buf=<value optimized out>, buf_size=185) at 
vorbis.c:1773
#3  0x00000000005f2c72 in avcodec_decode_audio2 (avctx=0xd52e60, samples=0x2, 
frame_size_ptr=0xffffffff, buf=0xd56f20 "",
    buf_size=4676) at utils.c:945
#4  0x00000000004f5d50 in decode_audio (sh_audio=0xc95b20,
    buf=0x2aaaaab29710 "©á^á\026ãÍâwä$ä@åÓä\201åßä\216å¨ä­
å\225ä\næêä\212æ\220å²æüå\020æ¥åÕä¨ä±ã­
ã-ãDãRãrãÒãÕã7äìã$äpãÇã»âåã¨âïä\233ã)æÌä\205æ*å$æÇä/æ³ä3çyå\235è®æ\tê\027èïë(êcîÓì\022ð¹î¨ï\217î¢íØìÁëNëÅê¥êÇéðéïçFè±å\bæïã\027ä²â\216âsáþà<à\177ßÞßéÞ\020áðߣãZâ¾æ@åÔé\033è=íXë\214ñ\237ï]ö\213ô"..., 
minlen=6400, maxlen=<value optimized out>) at ad_ffmpeg.c:161
#5  0x00000000004bd768 in decode_audio (sh_audio=0xc95b20,
    
buf=0xd6d830 "Ë\025z\026\026\026Ï\026ð\026¹\027\024\030ó\0307\031#\032\005\032ï\032'\032\021\033\203\031y\0325\0303\031Q\026H\027ø\023Ý\024\212\021Y\022^\017\005\020I\r \rÓ\n¹\nô\al\aU\005\206\004©\003Æ\002ý\002/\002É\002\"\002\223\002\021\002\\\002ì\001I\002Ò\001'\002\222\001\225\001Þ", 
minlen=<value optimized out>, maxlen=<value optimized out>) at 
dec_audio.c:387
#6  0x00000000004732cb in main (argc=<value optimized out>, argv=0x0) at 
mplayer.c:3193

----------------

(gdb)disass $pc-32 $pc+32

Dump of assembler code from 0x7f7e79 to 0x7f7eb9:
0x00000000007f7e79 <vorbis_residue_decode+1865>:        lea    (%r14,%r8,1),
%rdx
0x00000000007f7e7d <vorbis_residue_decode+1869>:        xor    %esi,%esi
0x00000000007f7e7f <vorbis_residue_decode+1871>:        movzbl %sil,%eax
0x00000000007f7e83 <vorbis_residue_decode+1875>:        movss  (%rcx),%xmm0
0x00000000007f7e87 <vorbis_residue_decode+1879>:        lea    (%r10,%rax,1),
%rax
0x00000000007f7e8b <vorbis_residue_decode+1883>:        add    $0x2,%esi
0x00000000007f7e8e <vorbis_residue_decode+1886>:        inc    %r12
0x00000000007f7e91 <vorbis_residue_decode+1889>:        add    $0x4,%r8
0x00000000007f7e95 <vorbis_residue_decode+1893>:        shl    $0x2,%rax
0x00000000007f7e99 <vorbis_residue_decode+1897>:        addss  (%rdi,%rax,1),
%xmm0
0x00000000007f7e9e <vorbis_residue_decode+1902>:        movss  %xmm0,(%rcx)
0x00000000007f7ea2 <vorbis_residue_decode+1906>:        add    $0x4,%rcx
0x00000000007f7ea6 <vorbis_residue_decode+1910>:        movss  (%rdx),%xmm0
0x00000000007f7eaa <vorbis_residue_decode+1914>:        addss  0x4(%rdi,
%rax,1),%xmm0
0x00000000007f7eb0 <vorbis_residue_decode+1920>:        movzbl %sil,%eax
0x00000000007f7eb4 <vorbis_residue_decode+1924>:        movss  %xmm0,(%rdx)
0x00000000007f7eb8 <vorbis_residue_decode+1928>:        add    $0x4,%rdx
End of assembler dump.

--------------------

(gdb) info all-registers
rax            0x3fffffff0      17179869168
rbx            0x8      8
rcx            0xd56f20 13987616
rdx            0xd57f20 13991712
rsi            0x2      2
rdi            0xcc73f0 13399024
rbp            0x7ffffeefdcd0   0x7ffffeefdcd0
rsp            0x7ffffeefdb80   0x7ffffeefdb80
r8             0x1244   4676
r9             0xffffffff       4294967295
r10            0xfffffffc       4294967292
r11            0x4      4
r12            0x91     145
r13            0xd857f0 14178288
r14            0xd56ce0 13987040
r15            0x2b     43
rip            0x7f7e99 0x7f7e99 <vorbis_residue_decode+1897>
eflags         0x210216 [ PF AF IF RF ID ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            -nan(0x7272727272727272) (raw 0xffff7272727272727272)
st1            -nan(0x72007200720072)   (raw 0xffff0072007200720072)
st2            -nan(0x7474747474747474) (raw 0xffff7474747474747474)
st3            -nan(0x74007400740074)   (raw 0xffff0074007400740074)
st4            -nan(0x72007200720072)   (raw 0xffff0072007200720072)
st5            -nan(0x75007500750075)   (raw 0xffff0075007500750075)
st6            -nan(0x75007500750075)   (raw 0xffff0075007500750075)
st7            <invalid float value>    (raw 0xffff0000000000000000)
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0xfffffe40, 0x0, 0x0}, v2_double = 
{0x8000000000000000, 0x0}, v16_int8 = {0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0xe0, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
v8_int16 = {0x0, 0x0, 0x0, 0xc3e0, 0x0, 0x0, 0x0,
    0x0}, v4_int32 = {0x0, 0xc3e00000, 0x0, 0x0}, v2_int64 = 
{0xc3e0000000000000, 0x0},
  uint128 = 0x0000000000000000c3e0000000000000}
xmm3           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0xba, 0x49, 0x37, 0x31, 0xd8, 0x39,
    0xb4, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x49ba, 
0x3137, 0x39d8, 0x3fb4, 0x0, 0x0, 0x0, 0x0},
  v4_int32 = {0x313749ba, 0x3fb439d8, 0x0, 0x0}, v2_int64 = 
{0x3fb439d8313749ba, 0x0},
  uint128 = 0x00000000000000003fb439d8313749ba}
xmm4           {v4_float = {0x0, 0x2, 0x0, 0x0}, v2_double = {0x5, 0x0}, 
v16_int8 = {0x0, 0x0, 0x0, 0x80, 0xc2, 0xf5,
    0x14, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 
0x8000, 0xf5c2, 0x4014, 0x0, 0x0, 0x0, 0x0},
  v4_int32 = {0x80000000, 0x4014f5c2, 0x0, 0x0}, v2_int64 = 
{0x4014f5c280000000, 0x0},
  uint128 = 0x00000000000000004014f5c280000000}
xmm5           {v4_float = {0x0, 0x2, 0x0, 0x0}, v2_double = {0x5, 0x0}, 
v16_int8 = {0x40, 0x35, 0x1e, 0xde, 0x31, 0xf9,
    0x14, 0x40, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x80}, v8_int16 = {0x3540, 
0xde1e, 0xf931, 0x4014, 0x0, 0x8000, 0x0,
    0x8000}, v4_int32 = {0xde1e3540, 0x4014f931, 0x80000000, 0x80000000}, 
v2_int64 = {0x4014f931de1e3540,
    0x8000000080000000}, uint128 = 0x80000000800000004014f931de1e3540}
xmm6           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, 
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0,
    0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 
0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
    0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0}, uint128 
= 0x00000000000000003ff0000000000000}
xmm7           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0,
    0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 
0x3fe0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
    0x0, 0x3fe00000, 0x0, 0x0}, v2_int64 = {0x3fe0000000000000, 0x0}, uint128 
= 0x00000000000000003fe0000000000000}
xmm8           {v4_float = {0x0, 0x2, 0x0, 0x0}, v2_double = {0x3, 0x0}, 
v16_int8 = {0x0, 0x0, 0x0, 0x60, 0xd9, 0x8, 0x9,
    0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x6000, 
0x8d9, 0x4009, 0x0, 0x0, 0x0, 0x0},
  v4_int32 = {0x60000000, 0x400908d9, 0x0, 0x0}, v2_int64 = 
{0x400908d960000000, 0x0},
  uint128 = 0x0000000000000000400908d960000000}
xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---
xmm15          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]



More information about the MPlayer-users mailing list