#754 closed defect (fixed)
ljpeg: crash with lowres
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avcodec |
| Version: | git-master | Keywords: | ljpeg lowres |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from F:\MinGW\msys\1.0\ffmpeg-HEAD-d3bc75c/ffmpeg_g.exe...done.
(gdb) r -vlowres 3 -i lossless.jpg out.bmp
Starting program: F:\MinGW\msys\1.0\ffmpeg-HEAD-d3bc75c/ffmpeg_g.exe -vlowres 3
-i lossless.jpg out.bmp
[New Thread 1524.0x1e4]
ffmpeg version 0.8.5.git-d3bc75c, Copyright (c) 2000-2011 the FFmpeg developers
built on Nov 6 2011 18:11:47 with gcc 4.5.2
configuration: --disable-ffplay --disable-ffserver --disable-asm --disable-yas
m --disable-shared --enable-static
libavutil 51. 23. 0 / 51. 23. 0
libavcodec 53. 28. 0 / 53. 28. 0
libavformat 53. 19. 0 / 53. 19. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 47. 0 / 2. 47. 0
libswscale 2. 1. 0 / 2. 1. 0
Program received signal SIGSEGV, Segmentation fault.
0x005e2e91 in ljpeg_decode_rgb_scan (s=0x40f0048, predictor=2,
point_transform=0) at libavcodec/mjpegdec.c:703
703 ptr[4*mb_x+0] = buffer[mb_x][2];
(gdb) bt
#0 0x005e2e91 in ljpeg_decode_rgb_scan (s=0x40f0048, predictor=2,
point_transform=0) at libavcodec/mjpegdec.c:703
#1 0x005e5d20 in ff_mjpeg_decode_sos (avctx=0x3b9ef68, data=0x22f850,
data_size=0x22fb04, avpkt=0x3ba1560) at libavcodec/mjpegdec.c:1064
#2 ff_mjpeg_decode_frame (avctx=0x3b9ef68, data=0x22f850,
data_size=0x22fb04, avpkt=0x3ba1560) at libavcodec/mjpegdec.c:1532
#3 0x004f9bde in avcodec_decode_video2 (avctx=0x3b9ef68, picture=0x22f850,
got_picture_ptr=0x22fb04, avpkt=0x3ba1560) at libavcodec/utils.c:819
#4 0x004393d6 in try_decode_frame (ic=0x3b98b40, options=0x3ba0ce0)
at libavformat/utils.c:2230
#5 avformat_find_stream_info (ic=0x3b98b40, options=0x3ba0ce0)
at libavformat/utils.c:2535
#6 0x0040c5f8 in opt_input_file (o=0x22fda8, opt=0x3ba0d8b "i",
filename=<value optimized out>) at ffmpeg.c:3317
#7 0x0041114a in parse_option (optctx=0x22fda8, opt=<value optimized out>,
arg=0x3ba0d8d "lossless.jpg", options=0xa0d2c0) at cmdutils.c:275
#8 0x004114f8 in parse_options (optctx=0x22fda8, argc=6,
argv=<value optimized out>, options=0xa0d2c0,
parse_arg_function=0x40e018 <opt_output_file>) at cmdutils.c:308
#9 0x0040f847 in main (argc=6, argv=<value optimized out>) at ffmpeg.c:4716
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5e2e71 to 0x5e2eb1:
0x005e2e71 <ljpeg_decode_rgb_scan+2333>: lea 0x0(%esi),%esi
0x005e2e74 <ljpeg_decode_rgb_scan+2336>: mov 0x318(%ebx),%edx
0x005e2e7a <ljpeg_decode_rgb_scan+2342>: test %edx,%edx
0x005e2e7c <ljpeg_decode_rgb_scan+2344>: jne 0x5e2ec4 <ljpeg_decode_rg
b_scan+2416>
0x005e2e7e <ljpeg_decode_rgb_scan+2346>: test %edi,%edi
0x005e2e80 <ljpeg_decode_rgb_scan+2348>: jle 0x5e2e3c <ljpeg_decode_rg
b_scan+2280>
0x005e2e82 <ljpeg_decode_rgb_scan+2350>: xor %eax,%eax
0x005e2e84 <ljpeg_decode_rgb_scan+2352>: mov 0x90(%esp),%edx
0x005e2e8b <ljpeg_decode_rgb_scan+2359>: nop
0x005e2e8c <ljpeg_decode_rgb_scan+2360>: mov 0x4(%esi,%eax,8),%cx
=> 0x005e2e91 <ljpeg_decode_rgb_scan+2365>: mov %cl,(%edx,%eax,4)
0x005e2e94 <ljpeg_decode_rgb_scan+2368>: mov 0x2(%esi,%eax,8),%cx
0x005e2e99 <ljpeg_decode_rgb_scan+2373>: mov %cl,0x1(%edx,%eax,4)
0x005e2e9d <ljpeg_decode_rgb_scan+2377>: mov (%esi,%eax,8),%cx
0x005e2ea1 <ljpeg_decode_rgb_scan+2381>: mov %cl,0x2(%edx,%eax,4)
0x005e2ea5 <ljpeg_decode_rgb_scan+2385>: inc %eax
0x005e2ea6 <ljpeg_decode_rgb_scan+2386>: mov 0x340(%ebx),%ecx
0x005e2eac <ljpeg_decode_rgb_scan+2392>: cmp %eax,%ecx
0x005e2eae <ljpeg_decode_rgb_scan+2394>: jg 0x5e2e8c <ljpeg_decode_rg
b_scan+2360>
0x005e2eb0 <ljpeg_decode_rgb_scan+2396>: jmp 0x5e2e3a <ljpeg_decode_rg
b_scan+2278>
End of assembler dump.
(gdb) info all-registers
eax 0x392 914
ecx 0xbb 187
edx 0x41141b8 68239800
ebx 0x40f0048 68091976
esp 0x22f570 0x22f570
ebp 0x37 0x37
esi 0x410b860 68204640
edi 0x400 1024
eip 0x5e2e91 0x5e2e91 <ljpeg_decode_rgb_scan+2365>
eflags 0x10212 [ AF IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 <invalid float value> (raw 0x0000ba286a24ba28695c)
st1 0 (raw 0x00000000000000000001)
st2 1.#INF (raw 0x69d4badb0d00804dc8c1)
st3 0 (raw 0x00000000000000000000)
st4 3 (raw 0x4000c000000000000000)
st5 3 (raw 0x4000c000000000000000)
st6 3 (raw 0x4000c000000000000000)
st7 3 (raw 0x4000c000000000000000)
fctrl 0xffff037f -64641
fstat 0xffff0120 -65248
ftag 0xffffffff -1
fiseg 0x0 0
fioff 0x0 0
foseg 0xffff0000 -65536
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xc1, 0xc8, 0x4d, 0x80, 0x8, 0x0, 0x0, 0x0,
0x82, 0x2, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0xc8c1, 0x804d, 0x8, 0x0,
0x282, 0x0}, v4_int32 = {0x0, 0x804dc8c1, 0x8, 0x282}, v2_int64 = {
0x804dc8c100000000, 0x28200000008},
uint128 = 0x0000028200000008804dc8c100000000}
xmm1 {v4_float = {0xffffffff, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0xd6, 0x99, 0x85, 0xbf, 0xa8, 0x24, 0x0, 0x80, 0x0,
0x0, 0x0, 0x0, 0x10, 0x6b, 0x28, 0xba}, v8_int16 = {0x99d6, 0xbf85,
0x24a8, 0x8000, 0x0, 0x0, 0x6b10, 0xba28}, v4_int32 = {0xbf8599d6,
0x800024a8, 0x0, 0xba286b10}, v2_int64 = {0x800024a8bf8599d6,
0xba286b1000000000}, uint128 = 0xba286b1000000000800024a8bf8599d6}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xd8, 0x93, 0xf2, 0xe2, 0x10, 0x0, 0x12, 0x0, 0x0, 0x6b, 0x28,
0xba, 0xac, 0x0, 0x0, 0x0}, v8_int16 = {0x93d8, 0xe2f2, 0x10, 0x12,
0x6b00, 0xba28, 0xac, 0x0}, v4_int32 = {0xe2f293d8, 0x120010, 0xba286b00,
0xac}, v2_int64 = {0x120010e2f293d8, 0xacba286b00},
uint128 = 0x000000acba286b0000120010e2f293d8}
xmm3 {v4_float = {0x0, 0x0, 0xffffffff, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xd0, 0x6b, 0x28, 0xba, 0x26, 0x4a,
0x85, 0xbf, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x6bd0, 0xba28,
0x4a26, 0xbf85, 0x0, 0x0}, v4_int32 = {0x0, 0xba286bd0, 0xbf854a26, 0x0},
v2_int64 = {0xba286bd000000000, 0xbf854a26},
uint128 = 0x00000000bf854a26ba286bd000000000}
xmm4 {v4_float = {0x0, 0x0, 0xffffffff, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x81, 0x9f, 0x0, 0x0, 0xd0, 0x6b, 0x28,
0xba, 0x61, 0x4a, 0x85, 0xbf, 0xd8, 0x93, 0xf2, 0xe2}, v8_int16 = {
0x9f81, 0x0, 0x6bd0, 0xba28, 0x4a61, 0xbf85, 0x93d8, 0xe2f2}, v4_int32 = {
0x9f81, 0xba286bd0, 0xbf854a61, 0xe2f293d8}, v2_int64 = {
0xba286bd000009f81, 0xe2f293d8bf854a61},
uint128 = 0xe2f293d8bf854a61ba286bd000009f81}
xmm5 {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x24, 0x6a, 0x28, 0xba, 0xd1, 0x4a,
0x85, 0xbf, 0x0, 0x0, 0x0, 0x1, 0xd0, 0x18, 0x75, 0xe1}, v8_int16 = {
0x6a24, 0xba28, 0x4ad1, 0xbf85, 0x0, 0x100, 0x18d0, 0xe175}, v4_int32 = {
0xba286a24, 0xbf854ad1, 0x1000000, 0xe17518d0}, v2_int64 = {
0xbf854ad1ba286a24, 0xe17518d001000000},
uint128 = 0xe17518d001000000bf854ad1ba286a24}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xd8, 0x93, 0xf2, 0xe2, 0x10, 0x0, 0x12, 0x0, 0x0, 0x6b, 0x28,
0xba, 0x14, 0x6a, 0x28, 0xba}, v8_int16 = {0x93d8, 0xe2f2, 0x10, 0x12,
0x6b00, 0xba28, 0x6a14, 0xba28}, v4_int32 = {0xe2f293d8, 0x120010,
0xba286b00, 0xba286a14}, v2_int64 = {0x120010e2f293d8,
0xba286a14ba286b00}, uint128 = 0xba286a14ba286b0000120010e2f293d8}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xe0, 0xfd, 0x7f,
0x40, 0x6a, 0x28, 0xba}, v8_int16 = {0x0, 0x0, 0x0, 0x2, 0xe000, 0x7ffd,
0x6a40, 0xba28}, v4_int32 = {0x0, 0x20000, 0x7ffde000, 0xba286a40},
v2_int64 = {0x2000000000000, 0xba286a407ffde000},
uint128 = 0xba286a407ffde0000002000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0xba286a24ba28695c, v2_int32 = {0xba28695c,
0xba286a24}, v4_int16 = {0x695c, 0xba28, 0x6a24, 0xba28}, v8_int8 = {
0x5c, 0x69, 0x28, 0xba, 0x24, 0x6a, 0x28, 0xba}}
mm1 {uint64 = 0x1, v2_int32 = {0x1, 0x0}, v4_int16 = {0x1, 0x0,
0x0, 0x0}, v8_int8 = {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0xbadb0d00804dc8c1, v2_int32 = {0x804dc8c1,
0xbadb0d00}, v4_int16 = {0xc8c1, 0x804d, 0xd00, 0xbadb}, v8_int8 = {0xc1,
0xc8, 0x4d, 0x80, 0x0, 0xd, 0xdb, 0xba}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xc0}}
mm5 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xc0}}
mm6 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xc0}}
mm7 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xc0}}
Attachments (2)
Change History (7)
by , 13 years ago
| Attachment: | lossless.jpg added |
|---|
comment:1 by , 13 years ago
by , 13 years ago
| Attachment: | lossless_2.jpg added |
|---|
comment:3 by , 13 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | ljpeg lowres added |
| Reproduced by developer: | set |
| Resolution: | → fixed |
| Status: | new → closed |
| Summary: | jpeg lossless: crash with lowres → ljpeg: crash with lowres |
| Version: | unspecified → git-master |
Note that there is another codec called jpeg-ls or jpeg lossless, see http://en.wikipedia.org/wiki/Jpeg-ls for an explanation.
The crash with lowres is fixed (ljpeg does not support lowres), I cannot reproduce an endless loop with the first file, but please open a new ticket if there still is a problem.
$ ffmpeg -i lossless.jpg
ffmpeg version N-35771-g7862bd3, Copyright (c) 2000-2011 the FFmpeg developers
built on Dec 14 2011 23:44:58 with gcc 4.5.3
configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
libavutil 51. 32. 0 / 51. 32. 0
libavcodec 53. 44. 0 / 53. 44. 0
libavformat 53. 25. 0 / 53. 25. 0
libavdevice 53. 4. 0 / 53. 4. 0
libavfilter 2. 53. 0 / 2. 53. 0
libswscale 2. 1. 0 / 2. 1. 0
[mjpeg @ 0x8dae0e0] mjpeg_decode_dc: bad vlc: 0:0 (0x8dae924)
Last message repeated 4718591 times
Input #0, image2, from 'lossless.jpg':
Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
Stream #0:0: Video: mjpeg, bgr24, 1024x768 [SAR 96:96 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
At least one output file must be specified
follow-up: 5 comment:4 by , 13 years ago
You're right, probing takes 2 and a half minute here, so it's not an infinite loop, but I think it should be fixed as well.
comment:5 by , 13 years ago
Replying to ami_stuff:
You're right, probing takes 2 and a half minute here, so it's not an infinite loop, but I think it should be fixed as well.
Yes, indeed, fixed locally, will be in git after tests
Note:
See TracTickets
for help on using tickets.
please change the title of this ticket to "infinite loop while probing (most likely broken) jpeg lossles file"
ffmpeg -i lossless.jpg