Opened 13 years ago
Closed 13 years ago
#837 closed defect (fixed)
crash with pam file generated by ffmpeg
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | unspecified | Keywords: | pam pnm gray |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
https://ffmpeg.org/trac/ffmpeg/attachment/ticket/833/gray.png
ffmpeg -i gray.png out.pam
ffmpeg -i out.pam out.bmp
(gdb) r -i out.pam out.bmp
Starting program: F:\MinGW\msys\1.0\ffmpeg-HEAD-834f80d/ffmpeg_g.exe -i out.pam
out.bmp
[New Thread 3540.0x2d8]
ffmpeg version 0.9.0.git-834f80d, Copyright (c) 2000-2011 the FFmpeg developers
built on Dec 22 2011 14:07:40 with gcc 4.5.2
configuration: --disable-ffplay --disable-ffserver --disable-asm --disable-yas
m --disable-shared --enable-static
libavutil 51. 32.100 / 51. 32.100
libavcodec 53. 47.100 / 53. 47.100
libavformat 53. 28.100 / 53. 28.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 53. 0 / 2. 53. 0
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 5.100 / 0. 0.100
Program received signal SIGFPE, Arithmetic exception.
0x006f0147 in pnm_decode_frame (avctx=0x3d5ef98, data=0x22f828,
data_size=0x22faf8, avpkt=0x22f948) at libavcodec/pnmdec.c:128
128 unsigned int j, f = (255 * 128 + s->maxval / 2) / s->max
val;
(gdb) bt
#0 0x006f0147 in pnm_decode_frame (avctx=0x3d5ef98, data=0x22f828,
data_size=0x22faf8, avpkt=0x22f948) at libavcodec/pnmdec.c:128
#1 0x005091f2 in avcodec_decode_video2 (avctx=0x3d5ef98, picture=0x22f828,
got_picture_ptr=0x22faf8, avpkt=0x22f948) at libavcodec/utils.c:953
#2 0x0043d9e1 in try_decode_frame (ic=0x3d58b60, options=0x3d60ff0)
at libavformat/utils.c:2258
#3 avformat_find_stream_info (ic=0x3d58b60, options=0x3d60ff0)
at libavformat/utils.c:2558
#4 0x0040c2d2 in opt_input_file (o=0x22fd98, opt=0x3d60d38 "i",
filename=<value optimized out>) at ffmpeg.c:3485
#5 0x00410ea2 in parse_option (optctx=0x22fd98, opt=<value optimized out>,
arg=0x3d60d3a "out.pam", options=0xa3b460) at cmdutils.c:293
#6 0x00411250 in parse_options (optctx=0x22fd98, argc=4,
argv=<value optimized out>, options=0xa3b460,
parse_arg_function=0x40dbbc <opt_output_file>) at cmdutils.c:326
#7 0x0040f41a in main (argc=4, argv=<value optimized out>) at ffmpeg.c:4865
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x6f0127 to 0x6f0167:
0x006f0127 <pnm_decode_frame+1095>: sub 0x4(%ebx),%eax
0x006f012a <pnm_decode_frame+1098>: add $0x4c,%esp
0x006f012d <pnm_decode_frame+1101>: pop %ebx
0x006f012e <pnm_decode_frame+1102>: pop %esi
0x006f012f <pnm_decode_frame+1103>: pop %edi
0x006f0130 <pnm_decode_frame+1104>: pop %ebp
0x006f0131 <pnm_decode_frame+1105>: ret
0x006f0132 <pnm_decode_frame+1106>: mov 0x130(%ebx),%ecx
0x006f0138 <pnm_decode_frame+1112>: mov %ecx,%eax
0x006f013a <pnm_decode_frame+1114>: shr $0x1f,%eax
0x006f013d <pnm_decode_frame+1117>: add %ecx,%eax
0x006f013f <pnm_decode_frame+1119>: sar %eax
0x006f0141 <pnm_decode_frame+1121>: add $0x7f80,%eax
0x006f0146 <pnm_decode_frame+1126>: cltd
=> 0x006f0147 <pnm_decode_frame+1127>: idiv %ecx
0x006f0149 <pnm_decode_frame+1129>: mov 0x18(%esp),%edx
0x006f014d <pnm_decode_frame+1133>: test %edx,%edx
0x006f014f <pnm_decode_frame+1135>: je 0x6f0174 <pnm_decode_frame+1172>
0x006f0151 <pnm_decode_frame+1137>: xor %edx,%edx
0x006f0153 <pnm_decode_frame+1139>: mov 0x18(%esp),%edi
0x006f0157 <pnm_decode_frame+1143>: jmp 0x6f015e <pnm_decode_frame+1150>
0x006f0159 <pnm_decode_frame+1145>: lea 0x0(%esi),%esi
0x006f015c <pnm_decode_frame+1148>: mov (%ebx),%esi
0x006f015e <pnm_decode_frame+1150>: movzbl (%esi,%edx,1),%ecx
0x006f0162 <pnm_decode_frame+1154>: imul %eax,%ecx
0x006f0165 <pnm_decode_frame+1157>: add $0x40,%ecx
End of assembler dump.
(gdb) info all-registers
eax 0x7f80 32640
ecx 0x0 0
edx 0x0 0
ebx 0x3d61290 64361104
esp 0x22f690 0x22f690
ebp 0x4480020 0x4480020
esi 0x43b0067 70975591
edi 0x3d5ef98 64352152
eip 0x6f0147 0x6f0147 <pnm_decode_frame+1127>
eflags 0x10202 [ IF RF ]
cs 0x1b 27
ss 0x23 35
ds 0x23 35
es 0x23 35
fs 0x3b 59
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 -1 (raw 0xbfff8000000000000000)
st4 -1 (raw 0xbfff8000000000000000)
st5 9.9999999999999995e-021 (raw 0x3fbcbce5086492111aeb)
st6 1.4411518807585587e+017 (raw 0x40388000000000000000)
st7 3.6028797018963968e+018 (raw 0x403cc800000000000002)
fctrl 0xffff037f -64641
fstat 0xffff0420 -64480
ftag 0xffffffff -1
fiseg 0x0 0
fioff 0x0 0
foseg 0xffff0000 -65536
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm5 {uint64 = 0xbce5086492111aeb, v2_int32 = {0x92111aeb,
0xbce50864}, v4_int16 = {0x1aeb, 0x9211, 0x864, 0xbce5}, v8_int8 = {0xeb,
0x1a, 0x11, 0x92, 0x64, 0x8, 0xe5, 0xbc}}
mm6 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x80}}
mm7 {uint64 = 0xc800000000000002, v2_int32 = {0x2, 0xc8000000},
v4_int16 = {0x2, 0x0, 0x0, 0xc800}, v8_int8 = {0x2, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xc8}}
Change History (6)
comment:1 by , 13 years ago
| Component: | undetermined → avcodec |
|---|---|
| Keywords: | pam pnm gray added |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
comment:2 by , 13 years ago
follow-up: 4 comment:3 by , 13 years ago
I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253
Please feel free to comment on or improve / fix the patch!
follow-up: 5 comment:4 by , 13 years ago
Replying to cehoyos:
I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253
Please feel free to comment on or improve / fix the patch!
Competition is fierce for the low-hanging fruit, it seems :-)
That is indeed the fix.
comment:5 by , 13 years ago
Replying to WhiteViking:
Replying to cehoyos:
I had already sent a patch:
http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/138253
Please feel free to comment on or improve / fix the patch!
Competition is fierce for the low-hanging fruit, it seems :-)
Please do not let this discourage you!
Since it takes me time to
- download the sample
- look if the issue is valid at all
- test with current FFmpeg
- test with earlier versions
- reconsider if I still believe the issue to be valid
- ...
I usually try to fix problems that look simple enough;-(
Note:
See TracTickets
for help on using tickets.
I can reproduce the crash and am volunteering to try and fix it.
The intermediate file out.pam seems fine, by the way.