Opened 12 years ago
Closed 10 years ago
#2093 closed defect (fixed)
ffplay: crash when seeking with the mouse
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | git-master | Keywords: | crash SIGSEGV leak |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket2077/problem.rm
(gdb) r problem.rm
Starting program: d:\mingw\msys\1.0\ffmpeg-head-23fba3e\ffplay_g.exe problem.rm
[New Thread 1752.0x138]
[New Thread 1752.0xd70]
[New Thread 1752.0xc14]
[New Thread 1752.0xff8]
[New Thread 1752.0xfe8]
[New Thread 1752.0x224]
[New Thread 1752.0x718]
[New Thread 1752.0xf38]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1752.0x718]
0x005e149b in ff_MPV_frame_end (s=0x3fb4020) at libavcodec/mpegvideo.c:1371
1371 s->last_lambda_for [s->pict_type] = s->current_picture_ptr->f.quality;
(gdb) bt
#0 0x005e149b in ff_MPV_frame_end (s=0x3fb4020)
at libavcodec/mpegvideo.c:1371
#1 0x0099602b in ff_rv34_decode_frame (avctx=0x3f977e0, data=0x4547960,
got_picture_ptr=0xdedfd44, avpkt=0xdedfc58) at libavcodec/rv34.c:1656
#2 0x0052bc97 in avcodec_decode_video2 (avctx=0x3f977e0, picture=0x4547960,
got_picture_ptr=0xdedfd44, avpkt=0xdedfcf8) at libavcodec/utils.c:1442
#3 0x004059a4 in get_video_frame (pkt=<optimized out>, pts=<optimized out>,
frame=<optimized out>, is=<optimized out>) at ffplay.c:1497
#4 input_request_frame (link=0x3fe1e80) at ffplay.c:1675
#5 0x0040f051 in avfilter_request_frame (link=0x3fe1e80)
at libavfilter/avfilter.c:549
#6 0x0040ce5f in av_buffersink_get_buffer_ref (ctx=0x3fcfc20,
bufref=0xdedff14, flags=0) at libavfilter/sink_buffer.c:131
#7 0x0040212b in video_thread (arg=0x3e90040) at ffplay.c:1842
#8 0x681097ee in SDL_RunThread (data=0x45effc8)
at ./src/thread/SDL_thread.c:204
#9 0x681327d3 in RunThread (data=0x449c158)
at ./src/thread/win32/SDL_systhread.c:74
#10 RunThreadViaBeginThreadEx (data=0x449c158)
at ./src/thread/win32/SDL_systhread.c:95
#11 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#12 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#13 0x00000000 in ?? ()
(gdb)
Change History (18)
comment:1 by , 12 years ago
| Priority: | normal → important |
|---|
comment:2 by , 12 years ago
comment:4 by , 12 years ago
It crashes here with mine and not mine build.
There is also a huge mam alloc when I run "ffplay problem.rm" or "ffmpeg -i problem.rm".
The crash also happens when I press a few times left arrow on the keyboard to seek backward.
I can't reproduce the crash with ffmpeg.
(gdb) r problem.rm
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe problem.rm
[New Thread 1848.0x710]
[New Thread 1848.0x13c]
[New Thread 1848.0x23c]
[New Thread 1848.0x698]
[New Thread 1848.0x2f8]
[New Thread 1848.0x194]
[New Thread 1848.0x1c0]
[New Thread 1848.0x6a4]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1848.0x1c0]
0x0067ba93 in ff_MPV_frame_end (s=0x4d9dd40) at libavcodec/mpegvideo.c:1592
1592 s->last_lambda_for [s->pict_type] = s->current_picture_ptr->f.qualit
y;
(gdb) bt
#0 0x0067ba93 in ff_MPV_frame_end (s=0x4d9dd40)
at libavcodec/mpegvideo.c:1592
#1 0x009ca897 in ff_rv34_decode_frame (avctx=0x4d77760, data=0x515de10,
got_picture_ptr=0xfabfefc, avpkt=0xfabfbf0) at libavcodec/rv34.c:1656
#2 0x00561a5e in avcodec_decode_video2 (avctx=0x4d77760, picture=0x515de10,
got_picture_ptr=0xfabfefc, avpkt=0xfabfe90) at libavcodec/utils.c:1621
#3 0x00402245 in get_video_frame (serial=<optimized out>,
pkt=<optimized out>, pts=<optimized out>, frame=<optimized out>,
is=<optimized out>) at ffplay.c:1663
#4 video_thread (arg=0x4bb0020) at ffplay.c:1837
#5 0x681097ee in SDL_RunThread (data=0x51e77b0)
at ./src/thread/SDL_thread.c:204
#6 0x681327d3 in RunThread (data=0x51e7ba0)
at ./src/thread/win32/SDL_systhread.c:74
#7 RunThreadViaBeginThreadEx (data=0x51e7ba0)
at ./src/thread/win32/SDL_systhread.c:95
#8 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#9 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#10 0x00000000 in ?? ()
(gdb)
comment:5 by , 12 years ago
Your output looks incomplete and please add the missing information to the backtrace, see http://ffmpeg.org/bugreports.html
comment:6 by , 12 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | crash SIGSEGV leak added |
| Version: | unspecified → git-master |
I can only reproduce a memleak:
==24531== 41,104 (112 direct, 40,992 indirect) bytes in 1 blocks are definitely lost in loss record 165 of 165 ==24531== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24531== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24531== by 0xBAEA51: av_mallocz (mem.c:92) ==24531== by 0x45AA84: alloc_buffer (cmdutils.c:1834) ==24531== by 0x45FDF5: codec_get_buffer (cmdutils.c:1889) ==24531== by 0x899080: ff_alloc_picture (mpegvideo.c:282) ==24531== by 0x89B969: ff_MPV_frame_start (mpegvideo.c:1408) ==24531== by 0x92153A: ff_rv34_decode_frame (rv34.c:1677) ==24531== by 0x99430A: avcodec_decode_video2 (utils.c:1621) ==24531== by 0x4576F7: video_thread (ffplay.c:1663) ==24531== by 0x5335E95: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4) ==24531== by 0x5378CD8: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4)
comment:7 by , 12 years ago
by default there is no output to console when program is linked to libsdl under mingw.
here is an output from modified libsdl + ffplay combination (not my build):
C:\>ffplay problem.rm
ffplay version N-48409-g43adc62 Copyright (c) 2003-2013 the FFmpeg developers
built on Jan 2 2013 18:44:16 with gcc 4.7.2 (GCC)
configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av
isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab
le-libass --enable-libbluray --enable-libcaca --enable-libfreetype --enable-libg
sm --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --e
nable-libopenjpeg --enable-libopus --enable-librtmp --enable-libschroedinger --e
nable-libtheora --enable-libtwolame --enable-libvo-aacenc --enable-libvo-amrwben
c --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxavs --enable-
libxvid --enable-zlib
libavutil 52. 13.100 / 52. 13.100
libavcodec 54. 85.100 / 54. 85.100
libavformat 54. 59.100 / 54. 59.100
libavdevice 54. 3.102 / 54. 3.102
libavfilter 3. 30.102 / 3. 30.102
libswscale 2. 1.103 / 2. 1.103
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 2.100 / 52. 2.100
[rm @ 02607b60] Unsupported stream type 000003a4
[rm @ 02607b60] Unsupported stream type 00000292
[rm @ 02607b60] DATA tag in middle of chunk, file may be broken.
[rm @ 02607b60] DTS discontinuity in stream 3: packet 10 with DTS 2228226, packe
t 11 with DTS 8453465
[rm @ 02607b60] DTS discontinuity in stream 3: packet 15 with DTS 8462709, packe
t 16 with DTS 311043454
[rm @ 02607b60] DTS discontinuity in stream 3: packet 36 with DTS 164687, packet
37 with DTS 209101495
[rm @ 02607b60] DTS discontinuity in stream 3: packet 59 with DTS 16297, packet
60 with DTS 8487753
[rm @ 02607b60] DTS discontinuity in stream 3: packet 67 with DTS 8520781, packe
t 68 with DTS 914045114
[rm @ 02607b60] max_analyze_duration 5000000 reached at 5000000
Input #0, rm, from 'problem.rm':
Metadata:
Audiences : 16k Substream for 28k Dial-up;28k Dial-up;56k Dial-up;256k
DSL or Cable;
audioMode : music
Creation Date : 4/30/2005 11:23:03
Generated By : RealProducer(R) Plus 10.0 for Windows, Build 10.0.0.545
Modification Date: 4/30/2005 11:29:42
videoMode : normal
ASMRuleBook : #($Bandwidth < 20000),Stream7Bandwidth = 10000, Stream8Ban
dwidth = 6000;#($Bandwidth >= 20000) && ($Bandwidth < 34000),Stream7B
title :
author :
copyright : (C) 2004
comment :
Duration: 00:03:43.49, start: 0.000000, bitrate: 292 kb/s
Stream #0:0: Data: none
Stream #0:1: Data: none
Stream #0:2: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:3: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 12 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:4: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 26 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:5: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 180 kb/s, 25
fps, 25 tbr, 1k tbn, 1k tbc
Stream #0:6: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 6 kb/s
Stream #0:7: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 8 kb/s
Stream #0:8: Audio: cook (cook / 0x6B6F6F63), 44100 Hz, stereo, fltp, 44 kb/
s
Stream #0:9: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
[rv40 @ 0260f040] First slice header is incorrect
La 0.73 A-V: 0.000 fd= 0 aq= st message repeate 0KB vq= 742KB d 50 t
0.88 A-V: 0.000 fd= 0 aq= 0KB Last message repe vq= 532KB sq= ate
0.94 A-V: 0.00 Last message repe0 fd= 0 aq= 0ated 79 timess
[rv40 @ 0260f040] KB vq= 0KB sq= Changing dimensions to 160x132
[rv40 @ 0260f040] Need DQUANT
Last message repeated 1 times
[rv40 @ 0260f040] New frame but still 79 MB left.
[rv40 @ 0260f040] concealing 79 DC, 79 AC, 79 MV errors in I frame
0.97 A-V: [rv40 @ 0260f040] First slice header is incorrect
Last messag 1.00 A-V: 0.000 fd= 0 aqe repeated 1 times= 0KB vq= 0
Last message repeated 11 times 0KB vq= 0KB sq= 0B f=0/0
[rm @ 02607b60] DATA tag in middle of chunk, file may be broken.
[rv40 @ 0260f040] First slice header is incorrect
Last message repeated 28 times 0KB vq= 0KB sq= 0B f=0/0 es
Frame changed from size:0x0 to size:160x132
Seek to 19% ( 0:00:43) of total duration ( 0:03:43) 0B f=0/0
[rm @ 02607b60] DATA tag in middle of chunk, file may be broken.
2.62 A-V:-55 310.98 Las1 fd= t mess 0 aqage re= 0peatedKB vq= 2 tim
peated 2 times 0B t messf=0/0 age re
[rv40 @ 0260f040] First slice header is incorrect
message rep Last meseated 5 timsage repeatesKd 4 tiB sq= mes
[rm @ 02607b60] DATA tag in middle of chunk, file may be broken.
[rv40 @ 0260f040] First slice header is incorrect
Last message repeated 69 times rB f=0/epeate0 d 25 t 0KB vimes
[rv40 @ 0260f040] New frame but still 88 MB left.
[rv40 @ 0260f040] concealing 88 DC, 88 AC, 88 MV errors in I frame
3.94 A-V:-55310.981 fd= 0 aq= 0KB vq= 496KB sq= 0B f=0/0
(gdb) r problem.rm
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe problem.rm
[New Thread 248.0x6c0]
[New Thread 248.0x6d0]
[New Thread 248.0x464]
[New Thread 248.0x4a4]
[New Thread 248.0x6b4]
[New Thread 248.0x134]
[New Thread 248.0x798]
[New Thread 248.0x1b0]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 248.0x798]
0x0067ba93 in ff_MPV_frame_end (s=0x4d97048) at libavcodec/mpegvideo.c:1592
1592 s->last_lambda_for [s->pict_type] = s->current_picture_ptr->f.qualit
y;
(gdb) bt
#0 0x0067ba93 in ff_MPV_frame_end (s=0x4d97048)
at libavcodec/mpegvideo.c:1592
#1 0x009ca897 in ff_rv34_decode_frame (avctx=0x4d77760, data=0x515b008,
got_picture_ptr=0xfabfefc, avpkt=0xfabfbf0) at libavcodec/rv34.c:1656
#2 0x00561a5e in avcodec_decode_video2 (avctx=0x4d77760, picture=0x515b008,
got_picture_ptr=0xfabfefc, avpkt=0xfabfe90) at libavcodec/utils.c:1621
#3 0x00402245 in get_video_frame (serial=<optimized out>,
pkt=<optimized out>, pts=<optimized out>, frame=<optimized out>,
is=<optimized out>) at ffplay.c:1663
#4 video_thread (arg=0x4bb0020) at ffplay.c:1837
#5 0x681097ee in SDL_RunThread (data=0x4de2620)
at ./src/thread/SDL_thread.c:204
#6 0x681327d3 in RunThread (data=0x51f3e08)
at ./src/thread/win32/SDL_systhread.c:74
#7 RunThreadViaBeginThreadEx (data=0x51f3e08)
at ./src/thread/win32/SDL_systhread.c:95
#8 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#9 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#10 0x00000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x67ba73 to 0x67bab3:
0x0067ba73 <ff_MPV_frame_end+39>: add %eax,(%eax)
0x0067ba75 <ff_MPV_frame_end+41>: add %ch,%al
0x0067ba77 <ff_MPV_frame_end+43>: sub %ebx,0x7401a800(%esi,%eax,2)
0x0067ba7e <ff_MPV_frame_end+50>: add (%edi),%cl
0x0067ba80 <ff_MPV_frame_end+52>: ja 0x67ba0d <ff_MPV_frame_start+2741
>
0x0067ba82 <ff_MPV_frame_end+54>: andl $0xffffff83,-0x76ffffec(%eax)
0x0067ba89 <ff_MPV_frame_end+61>: test $0x14,%al
0x0067ba8b <ff_MPV_frame_end+63>: add %al,(%eax)
0x0067ba8d <ff_MPV_frame_end+65>: mov 0x1400(%ebx),%edx
=> 0x0067ba93 <ff_MPV_frame_end+71>: mov 0xa8(%edx),%ecx
0x0067ba99 <ff_MPV_frame_end+77>: mov %ecx,0x14c0(%ebx,%eax,4)
0x0067baa0 <ff_MPV_frame_end+84>: cmp $0x3,%eax
0x0067baa3 <ff_MPV_frame_end+87>: je 0x67baab <ff_MPV_frame_end+95>
0x0067baa5 <ff_MPV_frame_end+89>: mov %eax,0x14ac(%ebx)
0x0067baab <ff_MPV_frame_end+95>: mov 0x38(%ebx),%esi
0x0067baae <ff_MPV_frame_end+98>: test %esi,%esi
0x0067bab0 <ff_MPV_frame_end+100>: je 0x67bb38 <ff_MPV_frame_end+236>
End of assembler dump.
(gdb) info all-registers
eax 0x1 1
ecx 0x0 0
edx 0x0 0
ebx 0x4d97048 81358920
esp 0xfabfa80 0xfabfa80
ebp 0x108 0x108
esi 0x0 0
edi 0x4d9d805 81385477
eip 0x67ba93 0x67ba93 <ff_MPV_frame_end+71>
eflags 0x10202 [ IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 -nan(0x001010101) (raw 0xffff0000000001010101)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 1000000 (raw 0x4012f424000000000000)
st7 1357222889.84375 (raw 0x401da1cb27d3b0000000)
fctrl 0xffff027f -64897
fstat 0xffff0020 -65504
ftag 0xffffffff -1
fiseg 0x0 0
fioff 0x0 0
foseg 0xffff0000 -65536
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8d,
0x4, 0x68, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x68, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48d0000, 0x40000068, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000068}, uint128 = 0x7c9101db40000068048d00007c919c0c}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc0, 0x27, 0x13, 0x68, 0x88, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x27c0,
0x6813, 0x88, 0x0, 0x0, 0x0, 0x9ffa, 0x7c91}, v4_int32 = {0x681327c0,
0x88, 0x0, 0x7c919ffa}, v2_int64 = {0x88681327c0, 0x7c919ffa00000000},
uint128 = 0x7c919ffa0000000000000088681327c0}
xmm2 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8d,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48d0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048d00007c919c0c}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xb8, 0x7f, 0x13, 0x5, 0x8, 0x0, 0x0,
0x0, 0x98, 0x7c, 0x13, 0x5, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x7fb8,
0x513, 0x8, 0x0, 0x7c98, 0x513, 0x9ffa, 0x7c91}, v4_int32 = {0x5137fb8,
0x8, 0x5137c98, 0x7c919ffa}, v2_int64 = {0x805137fb8,
0x7c919ffa05137c98}, uint128 = 0x7c919ffa05137c980000000805137fb8}
xmm4 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8d,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48d0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048d00007c919c0c}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xb8, 0x7f, 0x13, 0x5, 0x10, 0x0, 0x0, 0x0, 0x98, 0x7c, 0x13,
0x5, 0x4c, 0x7, 0x0, 0x0}, v8_int16 = {0x7fb8, 0x513, 0x10, 0x0, 0x7c98,
0x513, 0x74c, 0x0}, v4_int32 = {0x5137fb8, 0x10, 0x5137c98, 0x74c},
v2_int64 = {0x1005137fb8, 0x74c05137c98},
uint128 = 0x0000074c05137c980000001005137fb8}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x50, 0xfd, 0x6, 0x5, 0x91, 0x25, 0x13,
0x68, 0xa4, 0xfa, 0x6, 0x5}, v8_int16 = {0x0, 0x0, 0xfd50, 0x506, 0x2591,
0x6813, 0xfaa4, 0x506}, v4_int32 = {0x0, 0x506fd50, 0x68132591,
0x506faa4}, v2_int64 = {0x506fd5000000000, 0x506faa468132591},
uint128 = 0x0506faa4681325910506fd5000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xa8, 0x2f, 0x0, 0x0, 0xa4, 0xff, 0x6,
0x5, 0x94, 0x5c, 0xc2, 0x77, 0x70, 0x20, 0xc0, 0x77}, v8_int16 = {0x2fa8,
0x0, 0xffa4, 0x506, 0x5c94, 0x77c2, 0x2070, 0x77c0}, v4_int32 = {0x2fa8,
0x506ffa4, 0x77c25c94, 0x77c02070}, v2_int64 = {0x506ffa400002fa8,
0x77c0207077c25c94}, uint128 = 0x77c0207077c25c940506ffa400002fa8}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x1010101, v2_int32 = {0x1010101, 0x0}, v4_int16 = {
0x101, 0x101, 0x0, 0x0}, v8_int8 = {0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0,
0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000},
v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x24, 0xf4}}
mm7 {uint64 = 0xa1cb27d3b0000000, v2_int32 = {0xb0000000,
0xa1cb27d3}, v4_int16 = {0x0, 0xb000, 0x27d3, 0xa1cb}, v8_int8 = {0x0,
0x0, 0x0, 0xb0, 0xd3, 0x27, 0xcb, 0xa1}}
(gdb)
follow-up: 9 comment:8 by , 12 years ago
Is the crash thread-related? Does it crash with -threads 1 (or --disable-pthreads --disable-w32threads)?
comment:9 by , 12 years ago
Replying to cehoyos:
Is the crash thread-related?
probably yes, I get different bt with -threads 2
(gdb) r -threads 2 problem.rm
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe -threads 2
problem.rm
[New Thread 212.0x7b4]
[New Thread 212.0x7c]
[New Thread 212.0x510]
[New Thread 212.0x490]
[New Thread 212.0x180]
[New Thread 212.0x6a8]
[New Thread 212.0x770]
[New Thread 212.0x5e8]
[New Thread 212.0x350]
[New Thread 212.0x594]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 212.0x510]
0x0050f132 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
pseq=0x506fb80, len=11651, pkt=0x506fc78, vst=0x4d782f0, pb=0x4d78b78,
s=<optimized out>, rm=<optimized out>) at libavformat/rmdec.c:714
714 AV_WL32(vst->pkt.data - 7 + 8*vst->cur_slice, 1);
(gdb) bt
#0 0x0050f132 in rm_assemble_video_frame (timestamp=<synthetic pointer>,
pseq=0x506fb80, len=11651, pkt=0x506fc78, vst=0x4d782f0, pb=0x4d78b78,
s=<optimized out>, rm=<optimized out>) at libavformat/rmdec.c:714
#1 ff_rm_parse_packet (s=0x4d70600, pb=0x4d78b78, st=0x4d77d28,
ast=0x4d782f0, len=44092, pkt=0x506fc78, seq=0x506fb80, flags=55,
timestamp=4212203523) at libavformat/rmdec.c:765
#2 0x0050f6bc in rm_read_packet (s=0x4d70600, pkt=0x506fc78)
at libavformat/rmdec.c:911
#3 0x0046cde5 in ff_read_packet (s=0x4d70600, pkt=0x506fc78)
at libavformat/utils.c:745
#4 0x0046f69e in read_frame_internal (s=0x4d70600, pkt=0x506fe98)
at libavformat/utils.c:1379
#5 0x004702e3 in av_read_frame (s=0x4d70600, pkt=0x506fe98)
at libavformat/utils.c:1480
#6 0x004079d7 in read_thread (arg=0x4bb0020) at ffplay.c:2755
#7 0x681097ee in SDL_RunThread (data=0x4d703a0)
at ./src/thread/SDL_thread.c:204
#8 0x681327d3 in RunThread (data=0x4d704a0)
at ./src/thread/win32/SDL_systhread.c:74
#9 RunThreadViaBeginThreadEx (data=0x4d704a0)
at ./src/thread/win32/SDL_systhread.c:95
#10 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#11 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#12 0x00000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x50f112 to 0x50f152:
0x0050f112 <ff_rm_parse_packet+982>: mov %eax,0x60(%ebx)
0x0050f115 <ff_rm_parse_packet+985>: mov %edx,0x64(%ebx)
0x0050f118 <ff_rm_parse_packet+988>: cmpl $0x2,0x1c(%esp)
0x0050f11d <ff_rm_parse_packet+993>: je 0x50f420 <ff_rm_parse_packet+1764
>
0x0050f123 <ff_rm_parse_packet+999>: mov 0x54(%ebx),%eax
0x0050f126 <ff_rm_parse_packet+1002>: inc %eax
0x0050f127 <ff_rm_parse_packet+1003>: mov %eax,0x54(%ebx)
0x0050f12a <ff_rm_parse_packet+1006>: cmp 0x58(%ebx),%eax
0x0050f12d <ff_rm_parse_packet+1009>: jg 0x50f15f <ff_rm_parse_pac
ket+1059>
0x0050f12f <ff_rm_parse_packet+1011>: mov 0x10(%ebx),%edx
=> 0x0050f132 <ff_rm_parse_packet+1014>: movl $0x1,-0x7(%edx,%eax,8)
0x0050f13a <ff_rm_parse_packet+1022>: mov 0x54(%ebx),%edx
0x0050f13d <ff_rm_parse_packet+1025>: mov 0x10(%ebx),%ecx
0x0050f140 <ff_rm_parse_packet+1028>: mov 0x58(%ebx),%eax
0x0050f143 <ff_rm_parse_packet+1031>: neg %eax
0x0050f145 <ff_rm_parse_packet+1033>: shl $0x3,%eax
0x0050f148 <ff_rm_parse_packet+1036>: add 0x4c(%ebx),%eax
0x0050f14b <ff_rm_parse_packet+1039>: dec %eax
0x0050f14c <ff_rm_parse_packet+1040>: mov %eax,-0x3(%ecx,%edx,8)
0x0050f150 <ff_rm_parse_packet+1044>: mov 0x4c(%ebx),%eax
End of assembler dump.
(gdb) info all-registers
eax 0x3 3
ecx 0x1b 27
edx 0x0 0
ebx 0x4d782f0 81232624
esp 0x506fad8 0x506fad8
ebp 0x506fc78 0x506fc78
esi 0x4d78b78 81234808
edi 0x2d83 11651
eip 0x50f132 0x50f132 <ff_rm_parse_packet+1014>
eflags 0x10293 [ CF AF SF IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 <invalid float value> (raw 0x00600000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 2 (raw 0x40008000000000000000)
st4 2 (raw 0x40008000000000000000)
st5 1000000 (raw 0x4012f424000000000000)
st6 1357223895.203125 (raw 0x401da1cb2fae68000000)
st7 -1357223776.4751251 (raw 0xc01da1cb2ec0f3439800)
fctrl 0xffff027f -64897
fstat 0xffff0120 -65248
ftag 0xffffffff -1
fiseg 0x1b 27
fioff 0x102fb81d 271562781
foseg 0xffff0023 -65501
fooff 0x12f780 1243008
fop 0x11c 284
xmm0 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8d,
0x4, 0x68, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x68, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48d0000, 0x40000068, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000068}, uint128 = 0x7c9101db40000068048d00007c919c0c}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc0, 0x27, 0x13, 0x68, 0x88, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x27c0,
0x6813, 0x88, 0x0, 0x0, 0x0, 0x1db, 0x7c91}, v4_int32 = {0x681327c0,
0x88, 0x0, 0x7c9101db}, v2_int64 = {0x88681327c0, 0x7c9101db00000000},
uint128 = 0x7c9101db0000000000000088681327c0}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x4, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x4, 0x0, 0x68, 0x4d7, 0x1db, 0x7c91}, v4_int32 = {0x4d70388, 0x4,
0x4d70068, 0x7c9101db}, v2_int64 = {0x404d70388, 0x7c9101db04d70068},
uint128 = 0x7c9101db04d700680000000404d70388}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x8, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x8, 0x0, 0x68, 0x4d7, 0x9ffa, 0x7c91}, v4_int32 = {0x4d70388,
0x8, 0x4d70068, 0x7c919ffa}, v2_int64 = {0x804d70388,
0x7c919ffa04d70068}, uint128 = 0x7c919ffa04d700680000000804d70388}
xmm4 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8d,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48d, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48d0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48d00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048d00007c919c0c}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x88, 0x3, 0xd7, 0x4, 0x10, 0x0, 0x0,
0x0, 0x68, 0x0, 0xd7, 0x4, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x388,
0x4d7, 0x10, 0x0, 0x68, 0x4d7, 0x1db, 0x7c91}, v4_int32 = {0x4d70388,
0x10, 0x4d70068, 0x7c9101db}, v2_int64 = {0x1004d70388,
0x7c9101db04d70068}, uint128 = 0x7c9101db04d700680000001004d70388}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x24, 0xff, 0x22, 0x0, 0x14, 0x0, 0x0, 0x0, 0x20, 0x0, 0xbb,
0x4, 0xd4, 0xfa, 0x1, 0x1}, v8_int16 = {0xff24, 0x22, 0x14, 0x0, 0x20,
0x4bb, 0xfad4, 0x101}, v4_int32 = {0x22ff24, 0x14, 0x4bb0020, 0x101fad4},
v2_int64 = {0x140022ff24, 0x101fad404bb0020},
uint128 = 0x0101fad404bb0020000000140022ff24}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x34, 0xfb, 0x22, 0x0, 0x28, 0x0, 0x0, 0x0, 0xa0, 0xb0, 0x24,
0x0, 0x0, 0x0, 0x24, 0x0}, v8_int16 = {0xfb34, 0x22, 0x28, 0x0, 0xb0a0,
0x24, 0x0, 0x24}, v4_int32 = {0x22fb34, 0x28, 0x24b0a0, 0x240000},
v2_int64 = {0x280022fb34, 0x2400000024b0a0},
uint128 = 0x002400000024b0a0000000280022fb34}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm5 {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000},
v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x24, 0xf4}}
mm6 {uint64 = 0xa1cb2fae68000000, v2_int32 = {0x68000000,
0xa1cb2fae}, v4_int16 = {0x0, 0x6800, 0x2fae, 0xa1cb}, v8_int8 = {0x0,
0x0, 0x0, 0x68, 0xae, 0x2f, 0xcb, 0xa1}}
mm7 {uint64 = 0xa1cb2ec0f3439800, v2_int32 = {0xf3439800,
0xa1cb2ec0}, v4_int16 = {0x9800, 0xf343, 0x2ec0, 0xa1cb}, v8_int8 = {0x0,
0x98, 0x43, 0xf3, 0xc0, 0x2e, 0xcb, 0xa1}}
(gdb)
Does it crash with -threads 1
it crashes with -threads 1 or 2 (or others), but the displayed output by ffplay changes
(or --disable-pthreads --disable-w32threads)?
I will try this later.
comment:10 by , 12 years ago
(or --disable-pthreads --disable-w32threads)?
still crashes
(gdb) r -threads 2 problem.rm
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: d:\mingw\msys\1.0\ffmpeg-head-7d66bc7\ffplay_g.exe -threads 2
problem.rm
[New Thread 1048.0x60c]
[New Thread 1048.0x5a4]
[New Thread 1048.0x698]
[New Thread 1048.0x7ec]
[New Thread 1048.0x594]
[New Thread 1048.0x72c]
[New Thread 1048.0x188]
[New Thread 1048.0x7e8]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1048.0x188]
0x006797f3 in ff_MPV_frame_end (s=0x4d7de18) at libavcodec/mpegvideo.c:1592
1592 s->last_lambda_for [s->pict_type] = s->current_picture_ptr->f.qualit
y;
(gdb) bt
#0 0x006797f3 in ff_MPV_frame_end (s=0x4d7de18)
at libavcodec/mpegvideo.c:1592
#1 0x009c8047 in ff_rv34_decode_frame (avctx=0x4d57810, data=0x4dc26f8,
got_picture_ptr=0xc69fefc, avpkt=0xc69fbf0) at libavcodec/rv34.c:1656
#2 0x005617a4 in avcodec_decode_video2 (avctx=0x4d57810, picture=0x4dc26f8,
got_picture_ptr=0xc69fefc, avpkt=0xc69fe90) at libavcodec/utils.c:1621
#3 0x00402245 in get_video_frame (serial=<optimized out>,
pkt=<optimized out>, pts=<optimized out>, frame=<optimized out>,
is=<optimized out>) at ffplay.c:1663
#4 video_thread (arg=0x4b90020) at ffplay.c:1837
#5 0x681097ee in SDL_RunThread (data=0x52108a8)
at ./src/thread/SDL_thread.c:204
#6 0x681327d3 in RunThread (data=0x5295fe8)
at ./src/thread/win32/SDL_systhread.c:74
#7 RunThreadViaBeginThreadEx (data=0x5295fe8)
at ./src/thread/win32/SDL_systhread.c:95
#8 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#9 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#10 0x00000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6797d3 to 0x679813:
0x006797d3 <ff_MPV_frame_end+39>: add %eax,(%eax)
0x006797d5 <ff_MPV_frame_end+41>: add %ch,%al
0x006797d7 <ff_MPV_frame_end+43>: dec %ecx
0x006797d8 <ff_MPV_frame_end+44>: addl $0xffffffa8,0x0(%esi)
0x006797dc <ff_MPV_frame_end+48>: add %esi,0xf(%edx,%eax,1)
0x006797e0 <ff_MPV_frame_end+52>: ja 0x67976d <ff_MPV_frame_start+2705
>
0x006797e2 <ff_MPV_frame_end+54>: andl $0xffffff83,-0x76ffffec(%eax)
0x006797e9 <ff_MPV_frame_end+61>: test $0x14,%al
0x006797eb <ff_MPV_frame_end+63>: add %al,(%eax)
0x006797ed <ff_MPV_frame_end+65>: mov 0x1400(%ebx),%edx
=> 0x006797f3 <ff_MPV_frame_end+71>: mov 0xa8(%edx),%ecx
0x006797f9 <ff_MPV_frame_end+77>: mov %ecx,0x14c0(%ebx,%eax,4)
0x00679800 <ff_MPV_frame_end+84>: cmp $0x3,%eax
0x00679803 <ff_MPV_frame_end+87>: je 0x67980b <ff_MPV_frame_end+95>
0x00679805 <ff_MPV_frame_end+89>: mov %eax,0x14ac(%ebx)
0x0067980b <ff_MPV_frame_end+95>: mov 0x38(%ebx),%esi
0x0067980e <ff_MPV_frame_end+98>: test %esi,%esi
0x00679810 <ff_MPV_frame_end+100>: je 0x679898 <ff_MPV_frame_end+236>
End of assembler dump.
(gdb) info all-registers
eax 0x1 1
ecx 0x0 0
edx 0x0 0
ebx 0x4d7de18 81255960
esp 0xc69fa90 0xc69fa90
ebp 0x108 0x108
esi 0x0 0
edi 0xaa0 2720
eip 0x6797f3 0x6797f3 <ff_MPV_frame_end+71>
eflags 0x10202 [ IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 -nan(0x001010101) (raw 0xffff0000000001010101)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 1000000 (raw 0x4012f424000000000000)
st7 1357229218.46875 (raw 0x401da1cb5944f0000000)
fctrl 0xffff027f -64897
fstat 0xffff0020 -65504
ftag 0xffffffff -1
fiseg 0x0 0
fioff 0x0 0
foseg 0xffff0000 -65536
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8b,
0x4, 0x68, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48b, 0x68, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48b0000, 0x40000068, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
0x7c9101db40000068}, uint128 = 0x7c9101db40000068048b00007c919c0c}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc0, 0x27, 0x13, 0x68, 0x88, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x27c0,
0x6813, 0x88, 0x0, 0x0, 0x0, 0x9ffa, 0x7c91}, v4_int32 = {0x681327c0,
0x88, 0x0, 0x7c919ffa}, v2_int64 = {0x88681327c0, 0x7c919ffa00000000},
uint128 = 0x7c919ffa0000000000000088681327c0}
xmm2 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8b,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48b, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48b0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048b00007c919c0c}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x20, 0x17, 0x23, 0x5, 0x8, 0x0, 0x0,
0x0, 0x0, 0x14, 0x23, 0x5, 0xfa, 0x9f, 0x91, 0x7c}, v8_int16 = {0x1720,
0x523, 0x8, 0x0, 0x1400, 0x523, 0x9ffa, 0x7c91}, v4_int32 = {0x5231720,
0x8, 0x5231400, 0x7c919ffa}, v2_int64 = {0x805231720,
0x7c919ffa05231400}, uint128 = 0x7c919ffa052314000000000805231720}
xmm4 {v4_float = {0x0, 0x0, 0x2, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xc, 0x9c, 0x91, 0x7c, 0x0, 0x0, 0x8b,
0x4, 0x60, 0x0, 0x0, 0x40, 0xdb, 0x1, 0x91, 0x7c}, v8_int16 = {0x9c0c,
0x7c91, 0x0, 0x48b, 0x60, 0x4000, 0x1db, 0x7c91}, v4_int32 = {0x7c919c0c,
0x48b0000, 0x40000060, 0x7c9101db}, v2_int64 = {0x48b00007c919c0c,
0x7c9101db40000060}, uint128 = 0x7c9101db40000060048b00007c919c0c}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x20, 0x17, 0x23, 0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x14, 0x23,
0x5, 0x4c, 0x7, 0x0, 0x0}, v8_int16 = {0x1720, 0x523, 0x10, 0x0, 0x1400,
0x523, 0x74c, 0x0}, v4_int32 = {0x5231720, 0x10, 0x5231400, 0x74c},
v2_int64 = {0x1005231720, 0x74c05231400},
uint128 = 0x0000074c052314000000001005231720}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x50, 0xfd, 0x4, 0x5, 0x91, 0x25, 0x13,
0x68, 0xa4, 0xfa, 0x4, 0x5}, v8_int16 = {0x0, 0x0, 0xfd50, 0x504, 0x2591,
0x6813, 0xfaa4, 0x504}, v4_int32 = {0x0, 0x504fd50, 0x68132591,
0x504faa4}, v2_int64 = {0x504fd5000000000, 0x504faa468132591},
uint128 = 0x0504faa4681325910504fd5000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x6b, 0x54, 0xad, 0x0, 0xa4, 0xff, 0x4,
0x5, 0x94, 0x5c, 0xc2, 0x77, 0x70, 0x20, 0xc0, 0x77}, v8_int16 = {0x546b,
0xad, 0xffa4, 0x504, 0x5c94, 0x77c2, 0x2070, 0x77c0}, v4_int32 = {
0xad546b, 0x504ffa4, 0x77c25c94, 0x77c02070}, v2_int64 = {
0x504ffa400ad546b, 0x77c0207077c25c94},
uint128 = 0x77c0207077c25c940504ffa400ad546b}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x1010101, v2_int32 = {0x1010101, 0x0}, v4_int16 = {
0x101, 0x101, 0x0, 0x0}, v8_int8 = {0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0,
0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000},
v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x24, 0xf4}}
mm7 {uint64 = 0xa1cb5944f0000000, v2_int32 = {0xf0000000,
0xa1cb5944}, v4_int16 = {0x0, 0xf000, 0x5944, 0xa1cb}, v8_int8 = {0x0,
0x0, 0x0, 0xf0, 0x44, 0x59, 0xcb, 0xa1}}
(gdb)
comment:11 by , 12 years ago
if "s->last_lambda_for [s->pict_type]" crashes then we could assume pict_type has a value far outside the arrays diemnsions. Next would be to find out what sets it to such invalid value (if thats the case). I cant reproduce the bug here so someone else will have to do that ...
follow-up: 13 comment:12 by , 11 years ago
Is this still reproduceable ?
If yes, can someone who can reproduce this find out if s->pict_type has a unreasonable value and if so why
comment:13 by , 11 years ago
It still crashes here with zaranoe's build (32bit static):
C:\>ffplay -cpuflags 0 -threads 1 problem.rm ffplay version N-54094-gca2818b Copyright (c) 2003-2013 the FFmpeg developers built on Jun 18 2013 03:39:30 with gcc 4.7.3 (GCC) configuration: --enable-gpl --enable-version3 --disable-w32threads --enable-av isynth --enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls --enab le-iconv --enable-libass --enable-libbluray --enable-libcaca --enable-libfreetyp e --enable-libgsm --enable-libilbc --enable-libmodplug --enable-libmp3lame --ena ble-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-l ibopus --enable-librtmp --enable-libschroedinger --enable-libsoxr --enable-libsp eex --enable-libtheora --enable-libtwolame --enable-libvo-aacenc --enable-libvo- amrwbenc --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxavs -- enable-libxvid --enable-zlib libavutil 52. 37.101 / 52. 37.101 libavcodec 55. 16.100 / 55. 16.100 libavformat 55. 9.100 / 55. 9.100 libavdevice 55. 2.100 / 55. 2.100 libavfilter 3. 77.101 / 3. 77.101 libswscale 2. 3.100 / 2. 3.100 libswresample 0. 17.102 / 0. 17.102 libpostproc 52. 3.100 / 52. 3.100
Maybe somebody with Windows can try to reproduce.
comment:14 by , 11 years ago
s->pict_type is reported as 1
s->last_pict_type = s->pict_type;
+ av_log(s->avctx, AV_LOG_ERROR, "s->pict_type: %d\n", s->pict_type);
s->last_lambda_for [s->pict_type] = s->current_picture_ptr->f.quality;
if (s->pict_type!= AV_PICTURE_TYPE_B) {
s->last_non_b_pict_type = s->pict_type;
}
comment:15 by , 11 years ago
now I get this:
$ gdb ffplay_g
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from D:\MinGW\msys\1.0\ffmpeg-HEAD-f468325\ffplay_g.exe...done.
(gdb) r -threads 1 "c:\problem.rm"
Starting program: D:\MinGW\msys\1.0\ffmpeg-HEAD-f468325\ffplay_g.exe -threads 1
"c:\problem.rm"
[New Thread 3768.0x3cc]
ffplay version 1.1.git-f468325 Copyright (c) 2003-2013 the FFmpeg developers
built on May 31 2013 00:22:46 with gcc 4.6.2 (GCC)
configuration: --disable-ffprobe --disable-ffplay --disable-w32threads --disab
le-yasm --enable-gpl
libavutil 52. 34.100 / 52. 34.100
libavcodec 55. 12.102 / 55. 12.102
libavformat 55. 8.102 / 55. 8.102
libavdevice 55. 2.100 / 55. 2.100
libavfilter 3. 73.100 / 3. 73.100
libswscale 2. 3.100 / 2. 3.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 3.100 / 52. 3.100
[New Thread 3768.0xeb0]
[New Thread 3768.0xbb0]
nan A-V: 0.000 fd= 0 aq= 0KB vq= 0KB [rm @ 04b2e2e0] sq=Unsupported
stream type 000003a4
[rm @ 04b2e2e0] Unsupported stream type 00000292
Truncating packet of size 542777353 to 8156342
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 544743433 to 8155851
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 551297033 to 8154967
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 559161353 to 8154001
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 180658117 to 8153992
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 306454537 to 8152489
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 10837271 to 7986163
nan [rm @ 04b2e2e0] A-VImpossibly sized packet
: 0.00Truncating packet of size 625704930 to 7986154
0 fd=[rm @ 04b2e2e0] Impossibly sized packet
0 aq= [rv40 @ 051202c0] First slice header is incorrect
0KB vq= 0KB sq= [rm @ 04b2e2e0] 0B DATA tag in middle of chunk, file may b
e broken.
f=0/0 Truncating packet of size 540811279 to 7873098
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 542777353 to 7872710
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 544743433 to 7872215
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 551297033 to 7871324
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 94939210 to 7871313
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 560472073 to 7870033
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 307765257 to 7868418
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 331358217 to 7865947
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 1027364853 to 7865918
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 102244352 to 7861916
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 645142355 to 7861905
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 11 with DTS 5215, packet 1
2 with DTS 46153821
Truncating packet of size 299559901 to 7829922
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 263408317 to 7829894
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 850460673 to 7465267
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 14 with DTS 46154213, pack
et 15 with DTS 115445671
Truncating packet of size 505477178 to 7405066
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 660563639 to 7405057
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 130913296 to 7405039
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 65077249 to 7405010
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 531578589 to 7371264
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 705353719 to 6740177
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 1072720433 to 6736985
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 22 with DTS 2228226, packe
t 23 with DTS 8453465
Truncating packet of size 196056287 to 6732674
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 150866944 to 6716925
n[rm @ 04b2e2e0] an Impossibly sized packet
A-V: 0.00Truncating packet of size 363463002 to 6713724
0 fd=[rm @ 04b2e2e0] Impossibly sized packet
0 aq= Truncating packet of size 494668193 to 6713715
0KB[rm @ 04b2e2e0] vqImpossibly sized packet
= 0KB sq= 0B Truncating packet of size 9727528 to 6666777
f=0/0[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 25380323 to 6663193
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 370472506 to 6656399
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 296345678 to 6619570
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 859839963 to 6612372
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 16580599 to 6578925
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 40 with DTS 99566, packet
41 with DTS 1068624502
Truncating packet of size 744936202 to 6552947
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 104722268 to 6552938
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 149487930 to 6521064
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 938589167 to 6497722
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 259244911 to 6497705
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 306772457 to 6491792
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 868290364 to 6471489
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 706132538 to 6428013
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 691220536 to 6428004
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 1073345919 to 6427976
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 54 with DTS 164687, packet
55 with DTS 209101495
nan A-V: 0.000 fd= 0 Truncating packet of size 727857816 to 6198457
aq= [rm @ 04b2e2e0] Impossibly sized packet
0KB vq= Truncating packet of size 7022193 to 6188069
0KB [rm @ 04b2e2e0] sq=Impossibly sized packet
0B f=0/0 Truncating packet of size 805911518 to 6126218
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 239057205 to 6042191
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 609512617 to 6015325
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 92416127 to 6015314
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DTS discontinuity in stream 3: packet 74 with DTS 5113, packet 7
5 with DTS 460162130
[rm @ 04b2e2e0] max_analyze_duration 5000000 reached at 5000000 microseconds
[rm @ 04b2e2e0] Could not find codec parameters for stream 4 (Video: rv40 (RV40
/ 0x30345652), yuv420p, 360x288, 26 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 04b2e2e0] Could not find codec parameters for stream 5 (Video: rv40 (RV40
/ 0x30345652), yuv420p, 360x288, 180 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 04b2e2e0] Could not find codec parameters for stream 9 (Video: rv40 (RV40
/ 0x30345652), yuv420p, 360x288, 10 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, rm, from 'c:\problem.rm':
Metadata:
Audiences : 16k Substream for 28k Dial-up;28k Dial-up;56k Dial-up;256k
DSL or Cable;
audioMode : music
Creation Date : 4/30/2005 11:23:03
Generated By : RealProducer(R) Plus 10.0 for Windows, Build 10.0.0.545
Modification Date: 4/30/2005 11:29:42
videoMode : normal
ASMRuleBook : #($Bandwidth < 20000),Stream7Bandwidth = 10000, Stream8Ban
dwidth = 6000;#($Bandwidth >= 20000) && ($Bandwidth < 34000),Stream7B
title :
author :
copyright : (C) 2004
comment :
Duration: 00:03:43.49, start: 0.000000, bitrate: 292 kb/s
Stream #0:0: Data: none, 180 kb/s
Stream #0:1: Data: none, 44 kb/s
Stream #0:2: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:3: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 12 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:4: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 26 kb/s, 15
fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:5: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 180 kb/s, 25
fps, 25 tbr, 1k tbn, 1k tbc
Stream #0:6: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 6 kb/s
Stream #0:7: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 8 kb/s
Stream #0:8: Audio: cook (cook / 0x6B6F6F63), 44100 Hz, stereo, fltp, 44 kb/
s
Stream #0:9: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15
fps nan, 15 tbr A-V: , 1k tbn 0.000 , 1k tbcfd= 0
[New Thread 3768.0xaa8]sq= 0B f=0/0
[New Thread 3768.0xf0c]
[New Thread 3768.0x6a4]
[New Thread 3768.0xd9c]
[New Thread 3768.0xf5c]
[New Thread 3768.0x8f4]
[New Thread 3768.0x940]
[New Thread 3768.0xd10]
[New Thread 3768.0xa40]
[New Thread 3768.0x388]
[New Thread 3768.0xa2c]
[New Thread 3768.0x2c4]
[New Thread 3768.0x790]
[rv40 @ 051209a0] First slice header is incorrect
[rv40 @ 051209a0] Truncating packet of size 150023953 to 5993075
First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 557673483 to 5993058
nan[rv40 @ 051209a0] A-First slice header is incorrect
V[rm @ 04b2e2e0] : Impossibly sized packet
[rv40 @ 051209a0] naFirst slice header is incorrect
n fTruncating packet of size 681770088 to 5993040
d= [rv40 @ 051209a0] [rm @ 04b2e2e0] 0First slice header is incorrect
aImpossibly sized packet
q= [rv40 @ 051209a0] 0First slice header is incorrect
KTruncating packet of size 648337364 to 5993029
B vq[rv40 @ 051209a0] =[rm @ 04b2e2e0] First slice header is incorrect
7Impossibly sized packet
44KB[rv40 @ 051209a0] sqFirst slice header is incorrect
= 0Truncating packet of size 94870644 to 5944990
B[rv40 @ 051209a0] f=First slice header is incorrect
0[rm @ 04b2e2e0] /0 Impossibly sized packet
First slice header is incorrect
Truncating packet of size 8454720 to 5913209
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 569970748 to 5913200
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 655966239 to 5796369
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 953130642 to 5796360
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 722832069 to 5796341
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 722832069 to 5796332
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 721549577 to 5796323
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 570810820 to 5796290
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 218157040 to 5796279
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 959843944 to 5600781
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 50724880 to 5450610
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
n[rv40 @ 051209a0] an First slice header is incorrect
A-VTruncating packet of size 186045048 to 5450599
: [rv40 @ 051209a0] [rm @ 04b2e2e0] nFirst slice header is incorrect
anImpossibly sized packet
fd=[rv40 @ 051209a0] First slice header is incorrect
0 aq= [rv40 @ 051209a0] Truncating packet of size 98942853 to 5317657
First slice header is incorrect
0KB [rm @ 04b2e2e0] vq=Impossibly sized packet
[rv40 @ 051209a0] 983First slice header is incorrect
KB sq=Truncating packet of size 16925423 to 5202833
[rv40 @ 051209a0] First slice header is incorrect
0[rm @ 04b2e2e0] B fImpossibly sized packet
=[rv40 @ 051209a0] 0/0First slice header is incorrect
L a s t Lmaessts amgees sraegpee arteepde a2t5e dt i2m6e st
Truncating packet of size 986975534 to 2096975
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 986978414 to 2094102
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 986980877 to 2090199
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 594364415 to 2090173
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 888938108 to 2090164
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 986983112 to 2086307
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 353630974 to 2086288
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 986984364 to 2083512
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
as t m eLsassatg e m e rnsaens pAa-eVg:a e t enradne fpd3=e a t0t iaeqm
=d e 0sK4B
v qt=i m e6Truncating packet of size 601229529 to 1665222
KB [rm @ 04b2e2e0] sq[rv40 @ 051209a0] =Impossibly sized packet
First slice header is incorrect
0B fTruncating packet of size 260834932 to 1665211
=0/[rv40 @ 051209a0] 0 [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 761688937 to 1665200
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 90042886 to 1648025
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
L a sLta smte smseasgsea gree preeapteaetde d2 3t itmiemse
[rm @ 04b2e2e0] DATA tag in middle of chunk, file may be broken.
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 719855970 to 1261245
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 1021872328 to 1261086
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 405794066 to 1257979
[rv40 @ 051209a0] Changing dimensions to 160x132
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] Need DQUANT
Truncating packet of size 216381304 to 1257970
[rv40 @ 051209a0] Need DQUANT
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] New frame but still 79 MB left.
Truncating packet of size 544725261 to 1254714
[rv40 @ 051209a0] concealing 79 DC, 79 AC, 79 MV errors in I frame
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] s->pict_type: 1
Truncating packet of size 1072759760 to 1251449
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 948281728 to 1246876
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] naFirst slice header is incorrect
n ATruncating packet of size 54217072 to 1241001
-V: [rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
nImpossibly sized packet
an f[rv40 @ 051209a0] d= First slice header is incorrect
0Truncating packet of size 1061031090 to 1227277
aq=[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
0KB [rv40 @ 051209a0] vq=First slice header is incorrect
Truncating packet of size 579884702 to 1227268
66[rv40 @ 051209a0] K[rm @ 04b2e2e0] B First slice header is incorrect
sImpossibly sized packet
q= [rv40 @ 051209a0] 0First slice header is incorrect
BTruncating packet of size 190408916 to 1227259
f=0[rv40 @ 051209a0] /[rm @ 04b2e2e0] 0 First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 432575684 to 1227250
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 147744994 to 1227226
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 530369746 to 1184539
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 298724870 to 1164677
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 607846556 to 1129338
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 900914551 to 960848
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
[New Thread 3768.0x808] 0 aq= 0KB vq= 0KB sq= 0B f=0/0
[New Thread 3768.0xf44]
[New Thread 3768.0x900]
[New Thread 3768.0x95c]
[New Thread 3768.0xc58]
[New Thread 3768.0xfe8]
[New Thread 3768.0x6ec]
[New Thread 3768.0xe44]
[New Thread 3768.0xca4]
Seek to 57% ( 0:02:06) of total duration ( 0:03:43) B f=0/0
Last message repeated 17 times
[rm @ 04b2e2e0] DATA tag in middle of chunk, file may be broken.
Last message repeated 1 times
Truncating packet of size 10837271 to 7986163
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 625704930 to 7986154
[rm @ 04b2e2e0] Impossibly sized packet
[rm @ 04b2e2e0] DATA tag in middle of chunk, file may be broken.
Truncating packet of size 540811279 to 7873098
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 542777353 to 7872710
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] Truncating packet of size 544743433 to 7872215
First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 551297033 to 7871324
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 94939210 to 7871313
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 560472073 to 7870033
[rm @ 04b2e2e0] Impossibly sized packet
nan[rv40 @ 051209a0] ATruncating packet of size 307765257 to 7868418
-First slice header is incorrect
V: [rm @ 04b2e2e0] Impossibly sized packet
nan fd[rv40 @ 051209a0] = First slice header is incorrect
Truncating packet of size 331358217 to 7865947
0 aq=[rm @ 04b2e2e0] Impossibly sized packet
0KB vqTruncating packet of size 1027364853 to 7865918
= [rm @ 04b2e2e0] 0KBImpossibly sized packet
sq= 0BTruncating packet of size 102244352 to 7861916
f=0/[rm @ 04b2e2e0] 0 Impossibly sized packet
Truncating packet of size 645142355 to 7861905
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 299559901 to 7829922
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 263408317 to 7829894
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 850460673 to 7465267
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 505477178 to 7405066
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 660563639 to 7405057
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 130913296 to 7405039
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 65077249 to 7405010
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 531578589 to 7371264
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
m e s s aLgaes tr empeesastaegde 2r etpiemaetse
d 3 tTruncating packet of size 705353719 to 6740177
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 1072720433 to 6736985
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 196056287 to 6732674
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 150866944 to 6716925
[rv40 @ 051209a0] na[rm @ 04b2e2e0] nFirst slice header is incorrect
AImpossibly sized packet
-V: [rv40 @ 051209a0] naFirst slice header is incorrect
nTruncating packet of size 363463002 to 6713724
fd=[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
0Impossibly sized packet
aq=[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 494668193 to 6713715
0KB v[rm @ 04b2e2e0] q= Impossibly sized packet
0KB sq[rv40 @ 051209a0] = First slice header is incorrect
0Truncating packet of size 9727528 to 6666777
B f[rv40 @ 051209a0] =0[rm @ 04b2e2e0] /First slice header is incorrect
0Impossibly sized packet
[rv40 @ 051209a0] Truncating packet of size 25380323 to 6663193
First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 370472506 to 6656399
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
[rv40 @ 051209a0] Truncating packet of size 296345678 to 6619570
First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 859839963 to 6612372
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 16580599 to 6578925
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 744936202 to 6552947
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 104722268 to 6552938
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 149487930 to 6521064
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 938589167 to 6497722
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 259244911 to 6497705
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 306772457 to 6491792
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 868290364 to 6471489
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 706132538 to 6428013
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 691220536 to 6428004
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 1073345919 to 6427976
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 727857816 to 6198457
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 7022193 to 6188069
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 805911518 to 6126218
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 239057205 to 6042191
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
nan[rv40 @ 051209a0] A-First slice header is incorrect
V: Truncating packet of size 609512617 to 6015325
[rv40 @ 051209a0] nanFirst slice header is incorrect
[rm @ 04b2e2e0] fd=Impossibly sized packet
0[rv40 @ 051209a0] aqFirst slice header is incorrect
= Truncating packet of size 92416127 to 6015314
0K[rv40 @ 051209a0] B[rm @ 04b2e2e0] vFirst slice header is incorrect
qImpossibly sized packet
= 1[rv40 @ 051209a0] 56KFirst slice header is incorrect
B sTruncating packet of size 150023953 to 5993075
q= [rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
0BImpossibly sized packet
f=0[rv40 @ 051209a0] /0 First slice header is incorrect
Truncating packet of size 557673483 to 5993058
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 681770088 to 5993040
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 648337364 to 5993029
[rv40 @ 051209a0] [rm @ 04b2e2e0] First slice header is incorrect
Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 94870644 to 5944990
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 8454720 to 5913209
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 569970748 to 5913200
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 655966239 to 5796369
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 953130642 to 5796360
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 722832069 to 5796341
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 722832069 to 5796332
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 721549577 to 5796323
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 570810820 to 5796290
[rm @ 04b2e2e0] Impossibly sized packet
Truncating packet of size 218157040 to 5796279
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Truncating packet of size 959843944 to 5600781
[rv40 @ 051209a0] First slice header is incorrect
[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
naTruncating packet of size 50724880 to 5450610
n[rv40 @ 051209a0] A-First slice header is incorrect
V[rm @ 04b2e2e0] : Impossibly sized packet
[rv40 @ 051209a0] naFirst slice header is incorrect
n fTruncating packet of size 186045048 to 5450599
d= [rv40 @ 051209a0] 0First slice header is incorrect
[rm @ 04b2e2e0] aq=Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
0KB vqTruncating packet of size 98942853 to 5317657
=[rv40 @ 051209a0] First slice header is incorrect
5[rm @ 04b2e2e0] 7KBImpossibly sized packet
[rv40 @ 051209a0] sq=First slice header is incorrect
0BTruncating packet of size 16925423 to 5202833
f[rv40 @ 051209a0] =0/First slice header is incorrect
0[rm @ 04b2e2e0] Impossibly sized packet
[rv40 @ 051209a0] First slice header is incorrect
Last message repeated 4 times
[rv40 @ 051209a0] New frame but still 88 MB left.
[rv40 @ 051209a0] concealing 88 DC, 88 AC, 88 MV errors in ? frame
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 3768.0x790]
0x0091ed50 in ff_er_frame_end (s=0x5143d64)
at libavcodec/error_resilience.c:1190
1190 dc += dest_y[x + (n & 1) * 8 +
(gdb) bt
#0 0x0091ed50 in ff_er_frame_end (s=0x5143d64)
at libavcodec/error_resilience.c:1190
#1 0x009b988f in ff_rv34_decode_frame (avctx=0x51209a0, data=0x51cf0c0,
got_picture_ptr=0x705ff08, avpkt=0x705fc08) at libavcodec/rv34.c:1671
#2 0x00586af2 in avcodec_decode_video2 (avctx=0x51209a0, picture=0x51cf0c0,
got_picture_ptr=0x705ff08, avpkt=0x705fe98) at libavcodec/utils.c:1951
#3 0x00403ac7 in get_video_frame (serial=0x705ff00, pkt=0x705fe98,
frame=0x51cf0c0, is=0x4e00040) at ffplay.c:1670
#4 video_thread (arg=0x4e00040) at ffplay.c:1904
#5 0x681097d2 in SDL_RunThread (data=0x5123610)
at ./src/thread/SDL_thread.c:204
#6 0x681327cf in RunThread (data=0x53dda00)
at ./src/thread/win32/SDL_systhread.c:74
#7 RunThreadViaBeginThreadEx (data=0x53dda00)
at ./src/thread/win32/SDL_systhread.c:95
#8 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll
#9 0x7c80b729 in KERNEL32!GetModuleFileNameA ()
from C:\WINDOWS\system32\kernel32.dll
#10 0x00000000 in ?? ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x91ed30 to 0x91ed70:
0x0091ed30 <ff_er_frame_end+3260>: and $0x4c,%al
0x0091ed32 <ff_er_frame_end+3262>: and $0x1,%edx
0x0091ed35 <ff_er_frame_end+3265>: mov %edx,0x50(%esp)
0x0091ed39 <ff_er_frame_end+3269>: shl $0x3,%edx
0x0091ed3c <ff_er_frame_end+3272>: mov 0x4c(%esp),%ecx
0x0091ed40 <ff_er_frame_end+3276>: sar %ecx
0x0091ed42 <ff_er_frame_end+3278>: mov %ecx,0x60(%esp)
0x0091ed46 <ff_er_frame_end+3282>: shl $0x3,%ecx
0x0091ed49 <ff_er_frame_end+3285>: mov %esi,%ebx
0x0091ed4b <ff_er_frame_end+3287>: imul %ecx,%ebx
0x0091ed4e <ff_er_frame_end+3290>: add %edx,%ebx
=> 0x0091ed50 <ff_er_frame_end+3292>: movzbl (%eax,%ebx,1),%ebp
0x0091ed54 <ff_er_frame_end+3296>: movzbl 0x1(%eax,%ebx,1),%edi
0x0091ed59 <ff_er_frame_end+3301>: add %edi,%ebp
0x0091ed5b <ff_er_frame_end+3303>: movzbl 0x2(%eax,%ebx,1),%edi
0x0091ed60 <ff_er_frame_end+3308>: add %edi,%ebp
0x0091ed62 <ff_er_frame_end+3310>: movzbl 0x3(%eax,%ebx,1),%edi
0x0091ed67 <ff_er_frame_end+3315>: add %edi,%ebp
0x0091ed69 <ff_er_frame_end+3317>: movzbl 0x4(%eax,%ebx,1),%edi
0x0091ed6e <ff_er_frame_end+3322>: add %edi,%ebp
End of assembler dump.
(gdb)
comment:16 by , 11 years ago
When compiling without threads, I see the following invalid read with valgrind that corresponds to the crash on Windows from comment:15, I cannot reproduce this crash and the invalid read if threads are enabled:
==11602== Invalid read of size 1 ==11602== at 0xAA6B84: ff_er_frame_end (error_resilience.c:1190) ==11602== by 0x911551: ff_rv34_decode_frame (rv34.c:1671) ==11602== by 0x9852A0: avcodec_decode_video2 (utils.c:1940) ==11602== by 0x461A88: video_thread (ffplay.c:1685) ==11602== by 0x5CCDE95: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4) ==11602== by 0x5D10CD8: ??? (in /usr/lib64/libSDL-1.2.so.0.11.4) ==11602== by 0x5F5EE0D: start_thread (in /lib64/libpthread-2.15.so) ==11602== by 0x6B7B2CC: clone (in /lib64/libc-2.15.so) ==11602== Address 0x1 is not stack'd, malloc'd or (recently) free'd ==11602==
comment:17 by , 11 years ago
| Reproduced by developer: | set |
|---|---|
| Status: | new → open |
Needs -vst 3 now
(gdb) r problem.rm -vst 3
Starting program: ffplay_g problem.rm -vst 3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffplay version N-55127-g11ace70 Copyright (c) 2003-2013 the FFmpeg developers
built on Aug 1 2013 11:54:27 with gcc 4.7 (SUSE Linux)
configuration: --disable-pthreads
libavutil 52. 40.100 / 52. 40.100
libavcodec 55. 19.100 / 55. 19.100
libavformat 55. 12.102 / 55. 12.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.100 / 3. 82.100
libswscale 2. 4.100 / 2. 4.100
libswresample 0. 17.103 / 0. 17.103
[New Thread 0x7ffff528a700 (LWP 26487)]
[New Thread 0x7ffff4167700 (LWP 26488)]
[New Thread 0x7ffff3865700 (LWP 26489)]
[rm @ 0x7fffec000920] Unsupported stream type 000003a4 0B f=0/0
[rm @ 0x7fffec000920] Unsupported stream type 00000292
[rv40 @ 0x7fffec002d20] Warning: not compiled with thread support, using thread emulation
[rv40 @ 0x7fffec003680] Warning: not compiled with thread support, using thread emulation
[rv40 @ 0x7fffec003fe0] Warning: not compiled with thread support, using thread emulation
[rv40 @ 0x7fffec004940] Warning: not compiled with thread support, using thread emulation
[cook @ 0x7fffec0052a0] Warning: not compiled with thread support, using thread emulation
[cook @ 0x7fffec0062e0] Warning: not compiled with thread support, using thread emulation
[cook @ 0x7fffec007560] Warning: not compiled with thread support, using thread emulation
[rv40 @ 0x7fffec007e00] Warning: not compiled with thread support, using thread emulation
Truncating packet of size 542777353 to 8156342
[rm @ 0x7fffec000920] Impossibly sized packet
[rm @ 0x7fffec000920] Could not find codec parameters for stream 2 (Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 0x7fffec000920] Could not find codec parameters for stream 3 (Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 12 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 0x7fffec000920] Could not find codec parameters for stream 4 (Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 26 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 0x7fffec000920] Could not find codec parameters for stream 5 (Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 180 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
[rm @ 0x7fffec000920] Could not find codec parameters for stream 9 (Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s): no frame in rv30/40 and no sar
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Input #0, rm, from 'problem.rm':
Metadata:
Audiences : 16k Substream for 28k Dial-up;28k Dial-up;56k Dial-up;256k DSL or Cable;
audioMode : music
Creation Date : 4/30/2005 11:23:03
Generated By : RealProducer(R) Plus 10.0 for Windows, Build 10.0.0.545
Modification Date: 4/30/2005 11:29:42
videoMode : normal
ASMRuleBook : #($Bandwidth < 20000),Stream7Bandwidth = 10000, Stream8Bandwidth = 6000;#($Bandwidth >= 20000) && ($Bandwidth < 34000),Stream7B
title :
author :
copyright : (C) 2004
comment :
Duration: 00:03:43.49, start: 0.000000, bitrate: 292 kb/s
Stream #0:0: Data: none, 180 kb/s
Stream #0:1: Data: none, 44 kb/s
Stream #0:2: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:3: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 12 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:4: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 26 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc
Stream #0:5: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 180 kb/s, 25 fps, 25 tbr, 1k tbn, 1k tbc
Stream #0:6: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 6 kb/s
Stream #0:7: Audio: cook (cook / 0x6B6F6F63), 8000 Hz, mono, fltp, 8 kb/s
Stream #0:8: Audio: cook (cook / 0x6B6F6F63), 44100 Hz, stereo, fltp, 44 kb/s
Stream #0:9: Video: rv40 (RV40 / 0x30345652), yuv420p, 360x288, 10 kb/s, 15 fps, 15 tbr, 1k tbn, 1k tbc
[cook @ 0x7fffec007560] Warning: not compiled with thread support, using thread emulation
[New Thread 0x7ffff3064700 (LWP 26490)]
[rv40 @ 0x7fffec003680] Warning: not compiled with thread support, using thread emulation
[New Thread 0x7ffff2863700 (LWP 26491)]
...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff2863700 (LWP 26468)]
0x0000000000aacd94 in ff_er_frame_end (s=s@entry=0x7fffec048300)
at libavcodec/error_resilience.c:1190
1190 dc += dest_y[x + (n & 1) * 8 +
(gdb) bt
#0 0x0000000000aacd94 in ff_er_frame_end (s=s@entry=0x7fffec048300) at libavcodec/error_resilience.c:1190
#1 0x0000000000916ee2 in ff_rv34_decode_frame (avctx=0x7fffec003680, data=0x7fffe80008c0, got_picture_ptr=0x7ffff2862c04, avpkt=0x7ffff2862ac0) at libavcodec/rv34.c:1671
#2 0x000000000098adbc in avcodec_decode_video2 (avctx=0x7fffec003680, picture=picture@entry=0x7fffe80008c0, got_picture_ptr=got_picture_ptr@entry=0x7ffff2862c04, avpkt=avpkt@entry=0x7ffff2862c50) at libavcodec/utils.c:1975
#3 0x00000000004621d6 in get_video_frame (serial=0x7ffff2862c00, pkt=0x7ffff2862c50, frame=0x7fffe80008c0, is=0x7ffff3866040) at ffplay.c:1671
#4 video_thread (arg=0x7ffff3866040) at ffplay.c:1905
#5 0x00007ffff6cc6e96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#6 0x00007ffff6d09cd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#7 0x00007ffff6aa0e0e in start_thread () from /lib64/libpthread.so.0
#8 0x00007ffff5eb42cd in clone () from /lib64/libc.so.6
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xaacd74 to 0xaacdb4:
0x0000000000aacd74 <ff_er_frame_end+3924>: lea 0x1(%rdx),%ebx
0x0000000000aacd77 <ff_er_frame_end+3927>: lea 0x2(%rdx),%r10d
0x0000000000aacd7b <ff_er_frame_end+3931>: lea 0x3(%rdx),%r9d
0x0000000000aacd7f <ff_er_frame_end+3935>: lea 0x4(%rdx),%r8d
0x0000000000aacd83 <ff_er_frame_end+3939>: lea 0x5(%rdx),%edi
0x0000000000aacd86 <ff_er_frame_end+3942>: lea 0x6(%rdx),%esi
0x0000000000aacd89 <ff_er_frame_end+3945>: lea 0x7(%rdx),%ecx
0x0000000000aacd8c <ff_er_frame_end+3948>: lea 0x0(%rbp,%r11,1),%r14d
0x0000000000aacd91 <ff_er_frame_end+3953>: movslq %r14d,%r14
=> 0x0000000000aacd94 <ff_er_frame_end+3956>: movzbl (%rax,%r14,1),%r15d
0x0000000000aacd99 <ff_er_frame_end+3961>: lea 0x0(%rbp,%rdx,1),%r14d
0x0000000000aacd9e <ff_er_frame_end+3966>: movslq %r14d,%r14
0x0000000000aacda1 <ff_er_frame_end+3969>: movzbl (%rax,%r14,1),%r14d
0x0000000000aacda6 <ff_er_frame_end+3974>: add %r14d,%r15d
0x0000000000aacda9 <ff_er_frame_end+3977>: lea 0x0(%rbp,%r10,1),%r14d
0x0000000000aacdae <ff_er_frame_end+3982>: movslq %r14d,%r14
0x0000000000aacdb1 <ff_er_frame_end+3985>: movzbl (%rax,%r14,1),%r14d
End of assembler dump.
(gdb) info register
rax 0x0 0
rbx 0x0 0
rcx 0x7 7
rdx 0x0 0
rsi 0x6 6
rdi 0x5 5
rbp 0x0 0x0
rsp 0x7ffff2862770 0x7ffff2862770
r8 0x4 4
r9 0x3 3
r10 0x2 2
r11 0x1 1
r12 0x0 0
r13 0x0 0
r14 0x1 1
r15 0x1 1
rip 0xaacd94 0xaacd94 <ff_er_frame_end+3956>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) print linesize[0]
$1 = 0
(gdb) print y
$3 = 0
(gdb) print x
$4 = 1
(gdb) print dest_y
$5 = (uint8_t *) 0x0
comment:18 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
cant reproduce