Opened 11 years ago

Closed 10 years ago

#1212 closed defect (worksforme)

libavcodec crashes on "zzuf-ed" h264-es file

Reported by: mennucc1@… Owned by: nsabbi@…
Priority: normal Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: diego@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:



MPlayer crashes on the above file (that was prepared
as explained in );

I tested it both with 1.0rc2 and with SVN

here is a GDB backtrace

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5cf6940 (LWP 15520)]
0xb7b90ddd in pred_direct_motion (h=0xb5a97020, mb_type=0xbfc62bd4)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:959

959 /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c: No such file or directory.

in /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c

(gdb) bt
#0 0xb7b90ddd in pred_direct_motion (h=0xb5a97020, mb_type=0xbfc62bd4)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:959

#1 0xb7b99feb in decode_mb_skip (h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:4471

#2 0xb7ba49f0 in decode_mb_cavlc (h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:4519

#3 0xb7bb432a in decode_slice (avctx=0x9d19270, h=0xb5a97020)

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:6819

#4 0xb7bb581a in decode_nal_units (h=0xb5a97020, buf=0xb5aba008 "",

at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:7405

#5 0xb7bb6510 in decode_frame (avctx=0x9d19270, data=0x9d18bb0,

data_size=0xbfc63034, buf=0xb5aba008 "", buf_size=2399)
at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/h264.c:7719

#6 0xb79f49ce in avcodec_decode_video (avctx=0x9d19270, picture=0x9d18bb0,

got_picture_ptr=0xbfc63034, buf=0xb5aba008 "", buf_size=2399)
at /build/siretart/ffmpeg-debian-0.svn20080206/libavcodec/utils.c:945

#7 0x081728b5 in decode (sh=0x9d10b28, data=0xb5aba008, len=2399, flags=0)

at vd_ffmpeg.c:783

#8 0x08138d82 in decode_video (sh_video=0x9d10b28, start=0xb5aba008 "",

in_size=2399, drop_frame=0, pts=0) at dec_video.c:366

#9 0x0809dd28 in main (argc=2, argv=0xbfc652a4) at mplayer.c:2046


Change History (4)

comment:1 Changed 11 years ago by diego@…

  • Cc diego@… added
  • Component changed from vd to demuxer
  • Owner changed from r_togni@… to nsabbi@…
  • rep_platform changed from PC (x86) to All
  • Version changed from 1.0rc2 to HEAD

This is a demuxer problem, when trying with -demuxer lavf, there is no crash. I can confirm this on both my PPC and x86 box.

comment:2 Changed 11 years ago by mennucc1@…

hi, a new debian bug report was opened for this crash, and there is a patch for it, see


comment:3 Changed 11 years ago by diego@…

(In reply to comment #2)

a new debian bug report was opened for this crash, and there is a patch for
it, see

The patch is for a completely different issue, a crash of lol-ffplay.ogm in FFmpeg...

comment:4 Changed 10 years ago by reimar

  • Resolution set to worksforme
  • Status changed from new to closed

I can't reproduce the issue with latest SVN on an Atom CPU, even valgrind does not report any issues.
And I don't think it is a demuxer issues, different demuxers producing different results for broken input is valid and normal, and the crash was/is in the H.264 decoder (i.e. libavcodec).

Note: See TracTickets for help on using tickets.