Context Navigation

#456 closed defect (fixed)

Invalid read in get_vlc2

Reported by:	Carl Eugen Hoyos	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	crash SIGSEGV vc1
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

Found using fenrir's text file.

(gdb) r -i audio-switch-z14-2.m2ts

Starting program: ffmpeg_g -i audio-switch-z14-2.m2ts
[Thread debugging using libthread_db enabled]                                      
ffmpeg version N-32449-g8fd1da5, Copyright (c) 2000-2011 the FFmpeg developers     
  built on Sep 10 2011 23:48:36 with gcc 4.5.3                                     
  configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32' --disable-optimizations  
  libavutil    51. 16. 0 / 51. 16. 0                                               
  libavcodec   53. 13. 0 / 53. 13. 0                                               
  libavformat  53. 12. 0 / 53. 12. 0                                               
  libavdevice  53.  3. 0 / 53.  3. 0                                               
  libavfilter   2. 39. 0 /  2. 39. 0                                               
  libswscale    2.  1. 0 /  2.  1. 0                                               

...

Program received signal SIGSEGV, Segmentation fault.
0x0853a034 in get_vlc2 (s=0xffffc884, table=0x0, bits=7, max_depth=1) at libavcodec/get_bits.h:514
514         GET_VLC(code, re, s, table, bits, max_depth);
(gdb) bt
#0  0x0853a034 in get_vlc2 (s=0xffffc884, table=0x0, bits=7, max_depth=1) at libavcodec/get_bits.h:514
#1  0x0853cda8 in vc1_parse_frame_header_adv (v=0x8cb9f08, gb=0xffffc884) at libavcodec/vc1.c:854
#2  0x083fcc93 in vc1_extract_headers (s=0x8cb9da0, avctx=0x8ca1de0, buf=0x8d0f340 "", buf_size=52777)
    at libavcodec/vc1_parser.c:69
#3  0x083fced6 in vc1_parse (s=0x8cb9da0, avctx=0x8ca1de0, poutbuf=0xffffcbf4, poutbuf_size=0xffffcbf8,
    buf=0x8d0f340 "", buf_size=52777) at libavcodec/vc1_parser.c:160
#4  0x08369ead in av_parser_parse2 (s=0x8cb9da0, avctx=0x8ca1de0, poutbuf=0xffffcbf4,
    poutbuf_size=0xffffcbf8, buf=0x8cfde60 "", buf_size=7058, pts=55092341, dts=55084835, pos=355460)
    at libavcodec/parser.c:149
#5  0x0814e1b0 in read_frame_internal (s=0x8c9caa0, pkt=0xffffcbe4) at libavformat/utils.c:1162
#6  0x08151c14 in avformat_find_stream_info (ic=0x8c9caa0, options=0x8ca4fe0) at libavformat/utils.c:2385
#7  0x080555ba in opt_input_file (o=0xffffcebc, opt=0xffffd285 "i",
    filename=0xffffd287 "audio-switch-z14-2.m2ts") at ffmpeg.c:3207
#8  0x08059a02 in parse_option (optctx=0xffffcebc, opt=0xffffd285 "i",
    arg=0xffffd287 "audio-switch-z14-2.m2ts", options=0x85b6aa0) at cmdutils.c:265
#9  0x08059b2c in parse_options (optctx=0xffffcebc, argc=3, argv=0xffffd014, options=0x85b6aa0,
    parse_arg_function=0x8056b5e <opt_output_file>) at cmdutils.c:298
#10 0x08058df9 in main (argc=3, argv=0xffffd014) at ffmpeg.c:4469
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x853a014 to 0x853a054:
0x0853a014 <get_vlc2+52>:       inc    %ebp
0x0853a015 <get_vlc2+53>:       adc    %cl,(%edi)
0x0853a017 <get_vlc2+55>:       mov    $0x244489c0,%esi
0x0853a01c <get_vlc2+60>:       add    $0x8b,%al
0x0853a01e <get_vlc2+62>:       inc    %ebp
0x0853a01f <get_vlc2+63>:       hlt
0x0853a020 <get_vlc2+64>:       mov    %eax,(%esp)
0x0853a023 <get_vlc2+67>:       call   0x8539d7b <NEG_USR32>
0x0853a028 <get_vlc2+72>:       mov    %eax,-0x14(%ebp)
0x0853a02b <get_vlc2+75>:       mov    -0x14(%ebp),%eax
0x0853a02e <get_vlc2+78>:       shl    $0x2,%eax
0x0853a031 <get_vlc2+81>:       add    0xc(%ebp),%eax
0x0853a034 <get_vlc2+84>:       movzwl (%eax),%eax
0x0853a037 <get_vlc2+87>:       cwtl
0x0853a038 <get_vlc2+88>:       mov    %eax,-0x4(%ebp)
0x0853a03b <get_vlc2+91>:       mov    -0x14(%ebp),%eax
0x0853a03e <get_vlc2+94>:       shl    $0x2,%eax
0x0853a041 <get_vlc2+97>:       add    0xc(%ebp),%eax
0x0853a044 <get_vlc2+100>:      movzwl 0x2(%eax),%eax
0x0853a048 <get_vlc2+104>:      cwtl
0x0853a049 <get_vlc2+105>:      mov    %eax,-0x10(%ebp)
0x0853a04c <get_vlc2+108>:      cmpl   $0x1,0x14(%ebp)
0x0853a050 <get_vlc2+112>:      jle    0x853a14c <get_vlc2+364>
End of assembler dump.
(gdb) info registers
eax            0x8      8
ecx            0xfffffff9       -7
edx            0xfffffff9       -7
ebx            0x21     33
esp            0xffffc7f0       0xffffc7f0
ebp            0xffffc818       0xffffc818
esi            0x0      0
edi            0x8ca1de0        147463648
eip            0x853a034        0x853a034 <get_vlc2+84>
eflags         0x210202 [ IF RF ID ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99

Attachments (1)

audio-switch-z14-2.m2ts (1.0 MB ) - added by Carl Eugen Hoyos 13 years ago.

Download all attachments as: .zip

Change History (3)

by Carl Eugen Hoyos, 13 years ago

Attachment:	audio-switch-z14-2.m2ts added

comment:1 by Carl Eugen Hoyos, 13 years ago

Keywords:	crash SIGSEGV vc1 added
Status:	new → open

comment:2 by Michael Niedermayer, 13 years ago

Resolution:	→ fixed
Status:	open → closed

Note: See TracTickets for help on using tickets.

Download in other formats: