[MPlayer-users] All XVID encoded videos with size 624x352 cause mplayer to segfault (current and previous svn snapshots)

Mike Gorchak mike.gorchak.qnx at gmail.com
Sun Feb 3 21:54:37 CET 2013 

Hi,

I've a problem with playing 624x352 xvid videos using mplayer. It
segfaults in the ff_put_pixels16_sse2() function (ffmpeg part), in
place where it tries to write data to destination buffer. This mplayer
is running under QNX, which uses mmap() with anonymous memory
allocation flags for relatively large sizes. So each buffer overlow
will cause segmentation fault immediately.

All videos with other sizes are played fine (i've not checked all
possible sizes, but common like 720x576 work fine).

ffplay and ffmpeg library compiled with the same options as mplayer
playing this video without segfaults, so I think the problem is
somewhere in buffer allocation at mplayer side. The same sources built
under win32 and linux also work fine, I think because of heap memory
allocation instead of mmap().

Thanks!

Here is a gdb trace:

#0  0x0861620b in ff_put_pixels16_sse2 (dest_y=09CBF018,
ptr_y=09C3C018, linesize=640, h=16)
#1  0x084d5533 in mpeg_motion (s=0x10, dest_y=<value optimized out>,
    dest_cb=<value optimized out>, dest_cr=0x9cf6018 '\200' <repeats
200 times>...,
    field_select=0, ref_picture=0x99640b8, pix_op=0x99653e0,
motion_x=0, motion_y=0, h=152182848,
    mb_y=0) at libavcodec/mpegvideo_motion.c:324
#2  0x084d817a in ff_MPV_motion (s=0x9963d00, dest_y=0x9cbf018 "",
    dest_cb=0x9d03c18 '\200' <repeats 200 times>...,
    dest_cr=0x9cf6018 '\200' <repeats 200 times>..., dir=0,
ref_picture=0x99640b8,
    pix_op=0x99653e0, qpix_op=0x99654e8) at libavcodec/mpegvideo_motion.c:818
#3  0x084c0a97 in ff_MPV_decode_mb (s=0x9963d00, block=0x9bf3900) at
libavcodec/mpegvideo.c:2628
#4  0x0838577b in decode_slice (s=0x9963d00) at libavcodec/h263dec.c:260
#5  0x08386781 in ff_h263_decode_frame (avctx=0x9966360,
data=0x996e420, got_frame=0x80467cc,
    avpkt=0x8046698) at libavcodec/h263dec.c:683
#6  0x08581663 in avcodec_decode_video2 (avctx=0x9966360, picture=0x996e420,
    got_picture_ptr=0x80467cc, avpkt=<value optimized out>) at
libavcodec/utils.c:1624
#7  0x08164e6c in decode (sh=0x981e488, data=0x9bbd910, len=9890, flags=0)
    at libmpcodecs/vd_ffmpeg.c:827
#8  0x08095752 in decode_video (sh_video=0x981e488, start=0x9bbd910
"", in_size=9890,
    drop_frame=0, pts=0.04171011470281543, full_frame=0x804689c) at
libmpcodecs/dec_video.c:398
#9  0x0805cbbf in update_video (blit_frame=<value optimized out>) at
mplayer.c:2469
#10 0x08060f6c in main (argc=2, argv=0x8047998) at mplayer.c:3773

Here is verbose mplayer output:

MPlayer UNKNOWN-4.4.2 (C) 2000-2013 MPlayer Team
CPU vendor name: GenuineIntel  max cpuid level: 13
CPU: Intel(R) Pentium(R) CPU B950 @ 2.10GHz (Family: 6, Model: 42, Stepping: 7)
extended cpuid-level: 8
extended cache-info: 16801856
Detected cache-line size is 64 bytes
Testing OS support for SSE... yes.
Testing OS support for SSE2... yes.
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNowExt: 0 SSE: 1 SSE2: 1 SSE3: 1
SSSE3: 1 SSE4: 1 SSE4.2: 1 AVX: 0
Compiled with runtime CPU detection.
get_path('codecs.conf') -> '/root/.mplayer/codecs.conf'
Reading optional codecs config file /root/.mplayer/codecs.conf: No
such file or directory
Reading optional codecs config file /usr/etc/mplayer/codecs.conf: 202
audio & 421 video codecs
init_freetype
get_path('font/font.desc') -> '/root/.mplayer/font/font.desc'
font: can't open file: /root/.mplayer/font/font.desc
Bitmap font /usr/share/mplayer/font/font.desc loaded successfully! (200 chars)
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
get_path('fonts') -> '/root/.mplayer/fonts'
Configuration: --prefix=/usr --disable-x11 --disable-xss --disable-xv
--disable-xinerama --disable-vm --disable-xf86keysym --disable-sdl
--disable-gl --disable-matrixview --enable-runtime-cpudetection
--disable-fontconfig
CommandLine: '-v' 'Family.Guy.9x10.Friends.of.Peter.G.[filiza.ru][glanz.ru].avi'
Using nanosleep() timing
get_path('input.conf') -> '/root/.mplayer/input.conf'
Reading optional input config file /root/.mplayer/input.conf: No such
file or directory
Parsing input config file /usr/etc/mplayer/input.conf
Input config file /usr/etc/mplayer/input.conf parsed: 92 binds
get_path('Family.Guy.9x10.Friends.of.Peter.G.[filiza.ru][glanz.ru].avi.conf')
-> '/root/.mplayer/Family.Guy.9x10.Friends.of.Peter.G.[filiza.ru][glanz.ru].avi.conf'

Playing Family.Guy.9x10.Friends.of.Peter.G.[filiza.ru][glanz.ru].avi.
get_path('sub/') -> '/root/.mplayer/sub/'
[file] File size is 207589376 bytes
STREAM: [file] Family.Guy.9x10.Friends.of.Peter.G.[filiza.ru][glanz.ru].avi
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
libavformat version 54.61.104 (internal)
Configuration: --enable-gpl --enable-postproc
LAVF_check: AVI (Audio Video Interleaved)
AVI file format detected.
list_end=0x334E
======= AVI Header =======
us/frame: 41710  (fps=23.975)
max bytes/sec: 0
padding: 0
MainAVIHeader.dwFlags: (272) HAS_INDEX IS_INTERLEAVED
frames  total: 32050   initial: 0
streams: 3
Suggested BufferSize: 0
Size:  624 x 352
==========================
list_end=0x111E
==> Found video stream: 0
[aviheader] Video stream found, -vid 0
====== STREAM Header =====
Type: vids   FCC: XVID (44495658)
Flags: 0
Priority: 0   Language: 0
InitialFrames: 0
Rate: 959/40 = 23.975
Start: 0   Len: 32050
Suggested BufferSize: 122782
Quality -1
Sample size: 0
==========================
Found 'bih', 82 bytes of 40
======= VIDEO Format ======
  biSize 82
  biWidth 624
  biHeight 352
  biPlanes 1
  biBitCount 24
  biCompression 1145656920='XVID'
  biSizeImage 658944
Unknown extra header dump: [0] [0] [1] [b0] [f5] [0] [0] [1] [b5] [9]
[0] [0] [1] [0] [0] [0] [1] [20] [8] [86] [87] [ff] [ff] [a] [ad] [89]
[c2] [16] [a] [31] [0] [0] [1] [b2] [58] [76] [69] [44] [30] [30] [35]
[30]
===========================
Regenerating keyframe table for MPEG-4 video.
list_end=0x21B0
==> Found audio stream: 1
[aviheader] Audio stream found, -aid 1
====== STREAM Header =====
Type: auds   FCC:  (0)
Flags: 0
Priority: 0   Language: 0
InitialFrames: 1
Rate: 16000/384 = 41.667
Start: 0   Len: 55700
Suggested BufferSize: 8064
Quality -1
Sample size: 384
==========================
Found 'wf', 30 bytes of 18
======= WAVE Format =======
Format Tag: 85 (0x55)
Channels: 2
Samplerate: 48000
avg byte/sec: 16000
Block align: 384
bits/sample: 0
cbSize: 12
mp3.wID=1
mp3.fdwFlags=0x2
mp3.nBlockSize=384
mp3.nFramesPerBlock=1
mp3.nCodecDelay=0
==========================================================================
list_end=0x3242
==> Found audio stream: 2
[aviheader] Audio stream found, -aid 2
====== STREAM Header =====
Type: auds   FCC:  (0)
Flags: 0
Priority: 0   Language: 0
InitialFrames: 1
Rate: 16000/384 = 41.667
Start: 0   Len: 55700
Suggested BufferSize: 8064
Quality -1
Sample size: 384
==========================
Found 'wf', 30 bytes of 18
======= WAVE Format =======
Format Tag: 85 (0x55)
Channels: 2
Samplerate: 48000
avg byte/sec: 16000
Block align: 384
bits/sample: 0
cbSize: 12
mp3.wID=1
mp3.fdwFlags=0x2
mp3.nBlockSize=384
mp3.nFramesPerBlock=1
mp3.nCodecDelay=0
==========================================================================
list_end=0x334E
AVI: dmlh found (size=248) (total_frames=32050)
list_end=0x338E
hdr=Software  size=44
Software  : VirtualDubMod 1.5.10.2 (build 2542/release)
list_end=0xC4813E4
Found movie at 0x380C - 0xC4813E4
Reading INDEX block, 96128 chunks for 32050 frames (fpos=206050284).
AVI index offset: 0x3808 (movi=0x380C idx0=0x4 idx1=0x1F8C)
Auto-selected AVI audio ID = 1
Auto-selected AVI video ID = 0
AVI: Searching for audio stream (id:1)
AVI video size=162473332 (32050) audio size=21388800 (55700)
VIDEO:  [XVID]  624x352  24bpp  23.975 fps  972.3 kbps (118.7 kbyte/s)
Auto-selected AVI audio ID = 1
[V] filefmt:3  fourcc:0x44495658  size:624x352  fps:23.975  ftime:=0.0417
Clip info:
 Software: VirtualDubMod 1.5.10.2 (build 2542/release)
Load subtitles in ./
get_path('sub/') -> '/root/.mplayer/sub/'
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
libavcodec version 54.91.100 (internal)
Configuration: --enable-gpl --enable-postproc
INFO: libavcodec init OK!
Selected video codec: [ffodivx] vfm: ffmpeg (FFmpeg MPEG-4)
==========================================================================
==========================================================================
Opening audio decoder: [mpg123] MPEG 1.0/2.0/2.5 layers I, II, III
dec_audio: Allocating 8192 + 131072 = 139264 bytes for output buffer.
MPEG 1.0 layer III, 128 kbit/s, 48000 Hz joint-stereo
AUDIO: 48000 Hz, 2 ch, s16le, 128.0 kbit/8.33% (ratio: 16000->192000)
Selected audio codec: [mpg123] afm: mpg123 (MPEG 1.0/2.0/2.5 layers I, II, III)
==========================================================================
Building audio filter chain for 48000Hz/2ch/s16le -> 0Hz/0ch/??...
[libaf] Adding filter dummy
[dummy] Was reinitialized: 48000Hz/2ch/s16le
[dummy] Was reinitialized: 48000Hz/2ch/s16le
Trying every known audio driver...
qsa-init: requested format: 48000 Hz, 2 channels, 9
qsa-init: compiled for QSA 0.5.2
qsa-init: used format: 48000 Hz, 2 channels, 9
AO: [qsa] 48000Hz 2ch s16le (2 bytes per sample)
AO: Description: QSA audio output
AO: Author: Mike Gorchak <mike.gorchak.qnx at gmail.com>
Building audio filter chain for 48000Hz/2ch/s16le -> 48000Hz/2ch/s16le...
[dummy] Was reinitialized: 48000Hz/2ch/s16le
[dummy] Was reinitialized: 48000Hz/2ch/s16le
Starting playback...
XXX initial  v_pts=0.000  a_pos=8064 (0.504)
Increasing filtered audio buffer size from 0 to 133120
[ffmpeg] aspect_ratio: 1.772727
VDec: vo config request - 624 x 352 (preferred colorspace: Planar YV12)
Trying filter chain: vo
Could not find matching colorspace - retrying with -vf scale...
Opening video filter: [scale]
SwScale params: -1 x -1 (-1=no scaling)
Trying filter chain: scale vo
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.77:1 - prescaling to correct movie aspect.
VO Config (624x352->624x352,flags=0,'MPlayer',0x32315659)
SwScaler: reducing / aligning filtersize 1 -> 4
SwScaler: reducing / aligning filtersize 1 -> 4
SwScaler: reducing / aligning filtersize 1 -> 1
SwScaler: reducing / aligning filtersize 5 -> 4
[swscaler @ 8e643e0]BICUBIC scaler, from yuv420p to yuyv422 using MMXEXT
[swscaler @ 8e643e0]624x352 -> 624x352
[swscaler @ 8e643e0]lum srcW=624 srcH=352 dstW=624 dstH=352 xInc=65536
yInc=65536
[swscaler @ 8e643e0]chr srcW=312 srcH=176 dstW=312 dstH=352 xInc=65536
yInc=32768
REQ: flags=0xE4B7  req=0x0
VO: [photon] 624x352 => 624x352 Packed YUY2
VO: Description: Photon YUV/BGR renderer
VO: Author: Mike Gorchak <mike.gorchak.qnx at gmail.com>
vo_photon: using direct layer access (fastest)
*** [scale] Allocating mp_image_t, 640x352x12bpp YUV planar, 337920 bytes
*** [scale] Allocating mp_image_t, 640x352x12bpp YUV planar, 337920 bytes
Memory fault (core dumped)

More information about the MPlayer-users mailing list