[MPlayer-users] lavcac3enc=1 Crashing mplayer

Matthew Nichols mjnichol at uwaterloo.ca
Thu Jan 10 12:41:37 CET 2008 

I'm using the latest from SVN (from about 8 hours ago). From my tests so 
far, it seems that lavcac3enc (or a closely related component) is 
causing mplayer to crash. Most often, the crash happens within 1 second, 
and is the result of a realloc call failing:

....
Starting playback...
[libaf] Reallocating memory in module lavcac3enc, old len = 0, new len = 
21857
Increasing filtered audio buffer size from 0 to 18432
Increasing filtered audio buffer size from 18432 to 43008
*** glibc detected *** /home/mjnichol/mplayer/mplayer: realloc(): 
invalid pointer: 0x0000000000f4ac00 ***
*** glibc detected *** ./mplayer: realloc(): invalid pointer: 
0x0000000000f4ac10 ***
======= Backtrace: =========
/lib64/libc.so.6(realloc+0x363)[0x37f82763e3]
./mplayer(decode_audio+0x200)[0x4a3e90]
./mplayer(main+0x163a)[0x43f34a]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x37f821e074]
./mplayer(cos+0x279)[0x43b3d9]


The crash does NOT happen if:

The input file is not more than 2 channels OR
You pass 0 as the first parameter to lavcac3enc (telling it output a raw 
AC3 stream)
(Also I have not had any crashes when I don't use lavcac3enc)

So, my guess is that the code that adds the extra information to the 
stream to allow it to do SPDIF passthrough is at fault. But for some 
reason, is only affected if the input file is more than 2 channels.

If you'd like to try this out, you can easily create a multi-channel wav 
file using:

sox -M a.wav a.wav a.wav a.wav a.wav a.wav test.wav

where a.wav is any (preferably short) wav file you can file on your hard 
drive.

Then call

mplayer -af lavcac3enc=1 test.wav

(but make sure to turn down/off your speakers if your sound card doesn't 
support SPDIF passthrough properly)

Sometimes mplayer doesn't crash until the file is finished playing, and 
in that case, a call to "free" causes the crash. If I specify -ao 
alsa:device=hw=1.1 (my SPDIF output device), it seems to crash on 
realloc, whereas if I don't, it seems to crash on "free"

Backtrace when "realloc" causes crash:

(gdb) bt
#0  0x00000037f8230ec5 in raise () from /lib64/libc.so.6
#1  0x00000037f8232970 in abort () from /lib64/libc.so.6
#2  0x00000037f826b0db in __libc_message () from /lib64/libc.so.6
#3  0x00000037f82763e3 in realloc () from /lib64/libc.so.6
#4  0x00000000004a3e90 in decode_audio (sh_audio=0xe5aab0, minlen=65536)
     at dec_audio.c:399
#5  0x000000000043f34a in main (argc=<value optimized out>,
     argv=<value optimized out>) at mplayer.c:1807

Backtrace when "free" causes crash:

(gdb) bt
#0  0x00000037f8230ec5 in raise () from /lib64/libc.so.6
#1  0x00000037f8232970 in abort () from /lib64/libc.so.6
#2  0x00000037f826b0db in __libc_message () from /lib64/libc.so.6
#3  0x00000037f8272832 in _int_free () from /lib64/libc.so.6
#4  0x00000037f8275f2c in free () from /lib64/libc.so.6
#5  0x00000000004fdc1a in uninit (af=0xe5ac70) at af_lavcac3enc.c:142
#6  0x00000000004ed89f in af_remove (s=0xe5abe0, af=0xe5ac70) at af.c:230
#7  0x00000000004ed8e8 in af_uninit (s=0x7dba) at af.c:341
#8  0x00000000004a406a in uninit_audio (sh_audio=0xe5aab0) at 
dec_audio.c:290
#9  0x000000000043cdfc in uninit_player (mask=<value optimized out>)
     at mplayer.c:584
#10 0x00000000004406ea in main (argc=<value optimized out>, argv=0x0)
     at mplayer.c:3650


System info:

Distribution: Fedora 8

[mjnichol at lakota mplayer]$ uname -a
Linux lakota.----.---- 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:36 EST 
2007 x86_64 x86_64 x86_64 GNU/Linux

[mjnichol at lakota mplayer]$ ls -l /lib/libc[.-]*
-rwxr-xr-x 1 root root 1692524 2007-10-18 04:49 /lib/libc-2.7.so
lrwxrwxrwx 1 root root      11 2007-11-07 18:15 /lib/libc.so.6 -> 
libc-2.7.so

[mjnichol at lakota mplayer]$ gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--enable-checking=release --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions 
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada 
--enable-java-awt=gtk --disable-dssi --enable-plugin 
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre 
--enable-libgcj-multifile --enable-java-maintainer-mode 
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --with-cpu=generic 
--host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)

[mjnichol at lakota mplayer]$ ld -v
GNU ld version 2.17.50.0.18-1 20070731

[mjnichol at lakota mplayer]$ as -version
GNU assembler version 2.17.50.0.18-1 20070731

[mjnichol at lakota mplayer]$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz
stepping        : 11
cpu MHz         : 2997.003
cache size      : 4096 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge 
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor 
ds_cpl vmx est tm2 ssse3 cx16 xtpr lahf_lm
bogomips        : 5997.07
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

(repeated 3 more times)

More information about the MPlayer-users mailing list