Opened 16 years ago

Closed 14 years ago

#1212 closed defect (worksforme)

libavcodec crashes on "zzuf-ed" h264-es file

Reported by: mennucc1@… Owned by: nsabbi@…
Priority: normal Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: diego@…
Blocked By: Blocking:
Reproduced by developer: no Analyzed by developer: no

Description

hi

MPlayer crashes on the above file (that was prepared
as explained in http://libcaca.zoy.org/wiki/zzuf/bugs );

I tested it both with 1.0rc2 and with SVN

here is a GDB backtrace

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5cf6940 (LWP 15520)]
0xb7b90ddd in pred_direct_motion (h=0xb5a97020, mb_type=0xbfc62bd4)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:959

959 /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c: No such file or directory.

in /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c

(gdb) bt
#0 0xb7b90ddd in pred_direct_motion (h=0xb5a97020, mb_type=0xbfc62bd4)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:959

#1 0xb7b99feb in decode_mb_skip (h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:4471

#2 0xb7ba49f0 in decode_mb_cavlc (h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:4519

#3 0xb7bb432a in decode_slice (avctx=0x9d19270, h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:6819

#4 0xb7bb581a in decode_nal_units (h=0xb5a97020, buf=0xb5aba008 "",

buf_size=2399)
at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:7405

#5 0xb7bb6510 in decode_frame (avctx=0x9d19270, data=0x9d18bb0,

data_size=0xbfc63034, buf=0xb5aba008 "", buf_size=2399)
at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:7719

#6 0xb79f49ce in avcodec_decode_video (avctx=0x9d19270, picture=0x9d18bb0,

got_picture_ptr=0xbfc63034, buf=0xb5aba008 "", buf_size=2399)
at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/utils.c:945

#7 0x081728b5 in decode (sh=0x9d10b28, data=0xb5aba008, len=2399, flags=0)

at vd_ffmpeg.c:783

#8 0x08138d82 in decode_video (sh_video=0x9d10b28, start=0xb5aba008 "",

in_size=2399, drop_frame=0, pts=0) at dec_video.c:366

#9 0x0809dd28 in main (argc=2, argv=0xbfc652a4) at mplayer.c:2046

a.

Change History (4)

comment:1 by diego@…, 16 years ago

Cc: diego@… added
Component: vddemuxer
Owner: changed from r_togni@… to nsabbi@…
rep_platform: PC (x86)All
Version: 1.0rc2HEAD

This is a demuxer problem, when trying with -demuxer lavf, there is no crash. I can confirm this on both my PPC and x86 box.

comment:2 by mennucc1@…, 15 years ago

hi, a new debian bug report was opened for this crash, and there is a patch for it, see
http://bugs.debian.org/509616

a.

comment:3 by diego@…, 15 years ago

(In reply to comment #2)

a new debian bug report was opened for this crash, and there is a patch for
it, see
http://bugs.debian.org/509616

The patch is for a completely different issue, a crash of lol-ffplay.ogm in FFmpeg...

comment:4 by reimar, 14 years ago

Resolution: worksforme
Status: newclosed

I can't reproduce the issue with latest SVN on an Atom CPU, even valgrind does not report any issues.
And I don't think it is a demuxer issues, different demuxers producing different results for broken input is valid and normal, and the crash was/is in the H.264 decoder (i.e. libavcodec).

Note: See TracTickets for help on using tickets.