Context Navigation

#2707 closed defect (fixed)

Crash in mxg demuxer on sparc

Reported by:	Carl Eugen Hoyos	Owned by:
Priority:	normal	Component:	avformat
Version:	git-master	Keywords:	crash mxg sparc
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	no

Description

Sparc Niagara, 32bit compilation

(gdb) r -i fate-suite/mxpeg/m1.mxg
Starting program: ffmpeg_g -i fate-suite/mxpeg/m1.mxg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc-linux-gnu/libthread_db.so.1".
ffmpeg version N-54176-gf48366c Copyright (c) 2000-2013 the FFmpeg developers
  built on Jun 24 2013 14:29:37 with gcc 4.6 (Debian 4.6.3-14)
  configuration:
  libavutil      52. 37.101 / 52. 37.101
  libavcodec     55. 17.100 / 55. 17.100
  libavformat    55.  9.100 / 55.  9.100
  libavdevice    55.  2.100 / 55.  2.100
  libavfilter     3. 77.101 /  3. 77.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102

Program received signal SIGBUS, Bus error.
0x00160e0c in mxg_find_startmarker (p=0x1001f42 "\377", <incomplete sequence \340>,
    end=0x1002340 "1\r\n\372", <incomplete sequence \350>) at libavformat/mxg.c:77
77              uint32_t x = *(uint32_t*)p;
(gdb) bt
#0  0x00160e0c in mxg_find_startmarker (p=0x1001f42 "\377", <incomplete sequence \340>,
    end=0x1002340 "1\r\n\372", <incomplete sequence \350>) at libavformat/mxg.c:77
#1  0x001611c8 in mxg_read_packet (s=0xffde60, pkt=0xffffccb0) at libavformat/mxg.c:150
#2  0x001b63e8 in ff_read_packet (s=0xffde60, pkt=0xffffccb0) at libavformat/utils.c:642
#3  0x001b8e4c in read_frame_internal (s=0xffde60, pkt=0xffffd040)
    at libavformat/utils.c:1294
#4  0x001bbf08 in avformat_find_stream_info (ic=0xffde60, options=0xffe3d0)
    at libavformat/utils.c:2757
#5  0x00072c64 in open_input_file (o=0xffffd340, filename=<optimized out>)
    at ffmpeg_opt.c:814
#6  0x000700ec in open_files (l=0xff202c, inout=0x881d78 "input",
    open_file=0x728a0 <open_input_file>) at ffmpeg_opt.c:2483
#7  0x00076c4c in ffmpeg_parse_options (argc=<optimized out>, argv=0xffffd814)
    at ffmpeg_opt.c:2520
#8  0x0006dc10 in main (argc=3, argv=0xffffd814) at ffmpeg.c:3368
(gdb) disass $pc-28,$pc+32
Dump of assembler code from 0x160df0 to 0x160e2c:
   0x00160df0 <mxg_read_header+408>:    nop
   0x00160df4 <mxg_find_startmarker+0>: save  %sp, -104, %sp
   0x00160df8 <mxg_find_startmarker+4>: st  %i0, [ %fp + 0x44 ]
   0x00160dfc <mxg_find_startmarker+8>: st  %i1, [ %fp + 0x48 ]
   0x00160e00 <mxg_find_startmarker+12>:        b  %xcc, 0x160efc <mxg_find_startmarker+264>
   0x00160e04 <mxg_find_startmarker+16>:        nop
   0x00160e08 <mxg_find_startmarker+20>:        ld  [ %fp + 0x44 ], %g1
=> 0x00160e0c <mxg_find_startmarker+24>:        ld  [ %g1 ], %g1
   0x00160e10 <mxg_find_startmarker+28>:        st  %g1, [ %fp + -4 ]
   0x00160e14 <mxg_find_startmarker+32>:        ld  [ %fp + -4 ], %g2
   0x00160e18 <mxg_find_startmarker+36>:        sethi  %hi(0x1010000), %g1
   0x00160e1c <mxg_find_startmarker+40>:        or  %g1, 0x101, %g1     ! 0x1010101
   0x00160e20 <mxg_find_startmarker+44>:        add  %g2, %g1, %g1
   0x00160e24 <mxg_find_startmarker+48>:        xnor  %g0, %g1, %g2
   0x00160e28 <mxg_find_startmarker+52>:        ld  [ %fp + -4 ], %g1
(gdb) info register
g0             0x0      0
g1             0x1001f42        16785218
g2             0x100233d        16786237
g3             0x323d3130       842871088
g4             0x403    1027
g5             0x1001f40        16785216
g6             0xffffffff       -1
g7             0xf7ff6eb0       -134254928
o0             0xffde60 16768608
o1             0xffffccb0       -13136
o2             0x8801d8 8913368
o3             0x4c4b40 5000000
o4             0x0      0
o5             0xffde60 16768608
sp             0xffffcac0       0xffffcac0
o7             0x1b63e0 1795040
l0             0x88ee18 8973848
l1             0x88edf0 8973808
l2             0xffde60 16768608
l3             0x8431f0 8663536
l4             0xf4240  1000000
l5             0x57415200       1463898624
l6             0x1000   4096
l7             0x1      1
i0             0x1001f42        16785218
i1             0x1002340        16786240
i2             0x40000  262144
i3             0xffe480 16770176
i4             0x80000000       -2147483648
i5             0x1006460        16802912
fp             0xffffcb28       0xffffcb28
i7             0x1611c0 1446336
y              0x0      0
psr            0xff000084       [ #2 S #24 #25 #26 #27 #28 #29 #30 #31 ]
wim            *value not available*
tbr            *value not available*
pc             0x160e0c 0x160e0c <mxg_find_startmarker+24>
npc            0x160e10 0x160e10 <mxg_find_startmarker+28>
fsr            0x0      [ ]
csr            *value not available*

Change History (2)

comment:1 by Carl Eugen Hoyos, 11 years ago

Patch sent:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/165161

Last edited 11 years ago by Carl Eugen Hoyos (previous) (diff)

comment:2 by Carl Eugen Hoyos, 11 years ago

Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.

Download in other formats: