MPlayer segfaults when playing Ogg file containing Theora video and Vorbis audio

[jeremy-mplayer@…]

Having build MPlayer from CVS with theora support, I can play ogg-encapsulated
videos encoded with Theora okay, but if there is Vorbis-encoded sound MPlayer
crashes (SIGSEGV) at demux_ogg.c:532. I think it may be reading audio or video
header as data, because I also get the error "Cannot find codec for audio format
0x73627276." Please see operating system/environment information and gdb
backtrace below (I have printed the expression I believe causes the SIGSEGV: the
sh member of the demux_stream_t *ds argument to that function; and have also
provided a link to a test file that shows the problem).

Operating system: OpenBSD 3.5
Kernel: OpenBSD host.name 3.5 GENERIC#118 i386
Libc version:

/usr/lib/libc.a
/usr/lib/libc.so.30.3
/usr/lib/libc.so.31.0

Toolchain versions:

gcc version 2.95.3 20010125 (prerelease, propolice)
GNU ld version 2.14 20030612
GNU assembler 2.14 20030612

CPU Info:

cpu0: Intel(R) Pentium(R) M processor 1400MHz ("GenuineIntel" 686-class) 1.40 GHz
cpu0:

FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2

cpu0: Enhanced SpeedStep 1400 MHz (1484 mV): speeds: 1400, 1200, 1000, 800,

600 MHz

GNU gdb 6.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd3.5"...
(gdb) run -v ~/Ap17_strolling.ogg
Starting program: /home/jeremy/mplayer/main/mplayer -v ~/Ap17_strolling.ogg
MPlayer dev-CVS-050429-15:27-2.95.3 (C) 2000-2005 MPlayer Team
CPU: Intel Pentium M Banias (Family: 6, Stepping: 5)
Detected cache-line size is 64 bytes
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2


67 audio & 175 video codecs
CommandLine: '-v' '/home/jeremy/Ap17_strolling.ogg'
init_freetype
get_path('font/font.desc') -> '/home/jeremy/.mplayer/font/font.desc'
font: can't open file: /home/jeremy/.mplayer/font/font.desc
font: can't open file: /opt/mplayer-20050428/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/jeremy/.mplayer/input.conf'
Can't open input config file /home/jeremy/.mplayer/input.conf: No such file or
directory
Can't open input config file /opt/mplayer-20050428/etc/mplayer/input.conf: No
such file or directory
Falling back on default (hardcoded) input config
get_path('Ap17_strolling.ogg.conf') ->
'/home/jeremy/.mplayer/Ap17_strolling.ogg.conf'
Playing /home/jeremy/Ap17_strolling.ogg.
[file] File size is 2244243 bytes
STREAM: [file] /home/jeremy/Ap17_strolling.ogg
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for Nullsoft Streaming Video
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename /home/jeremy/Ap17_strolling.ogg ext: .ogg
Trying demuxer 18 based on filename extension
==> Found video stream: 0
[Ogg] stream 0: video (Theora v3.2.0), -vid 0
======= VIDEO Format ======

biSize 40
biWidth 320
biHeight 240
biPlanes 3
biBitCount 24
biCompression 1868916852='theo'
biSizeImage 230400

===========================
==> Found audio stream: 1
[Ogg] stream 1: audio (Vorbis), -aid 0
Ogg stream length (granulepos): 56527
Ogg demuxer : found 1 audio stream, 1 video stream and 0 text stream
Ogg file format detected.
VIDEO: [theo] 320x240 24bpp 30.000 fps 0.0 kbps ( 0.0 kbyte/s)
[V] filefmt:18 fourcc:0x6F656874 size:320x240 fps:30.00 ftime:=0.0333
get_path('sub/') -> '/home/jeremy/.mplayer/sub/'
get_path('default.sub') -> '/home/jeremy/.mplayer/default.sub'
==========================================================================
Cannot find codec for audio format 0x73627276.
Read DOCS/HTML/en/codecs.html!
==========================================================================
X11 opening display: :0.0
vo: X11 color mask: FFFF (R:F800 G:7E0 B:1F)
vo: X11 running at 1400x1050 with depth 16 and 16 bpp (":0.0" => local display)
[x11] Detected wm supports NetWM.
[x11] Detected wm supports FULLSCREEN state.
[x11] Detected wm supports ABOVE state.
[x11] Detected wm supports BELOW state.
[x11] Current fstype setting honours FULLSCREEN ABOVE BELOW X atoms
[xv common] Drawing colorkey manually.
[xv common] Using colorkey from Xv (0x00001e).
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Could not open codec.
VDecoder init failed :(
Opening video decoder: [theora] Theora/VP3

Program received signal SIGSEGV, Segmentation fault.
0x1c0ad42b in demux_ogg_add_packet (ds=0x3c1a2b80, os=0x3c19e990, id=1,

pack=0xcfbf19cc) at demux_ogg.c:532

532 if(!os->flac && ((*pack->packet & PACKET_TYPE_HEADER) &&
(gdb) print ds->sh
$1 = (void *) 0x0
(gdb) bt
#0 0x1c0ad42b in demux_ogg_add_packet (ds=0x3c1a2b80, os=0x3c19e990, id=1,

pack=0xcfbf19cc) at demux_ogg.c:532

#1 0x1c0af3a4 in demux_ogg_fill_buffer (d=0x3c1e1000) at demux_ogg.c:1182
#2 0x1c091f39 in demux_fill_buffer (demux=0x3c1e1000, ds=0x3c1a2c00)

at demuxer.c:389

#3 0x1c09217a in ds_fill_buffer (ds=0x3c1a2c00) at demuxer.c:464
#4 0x1c09240e in ds_get_packet (ds=0x3c1a2c00, start=0xcfbf1abc)

at demuxer.c:538

#5 0x1c04ed4f in init (sh=0x3c1a0300) at vd_theora.c:80
#6 0x1c04b584 in init_video (sh_video=0x3c1a0300, codecname=0x0, vfm=0x0,

status=1) at dec_video.c:237

#7 0x1c04b717 in init_best_video_codec (sh_video=0x3c1a0300,

video_codec_list=0xcfbf1b58, video_fm_list=0x0) at dec_video.c:283

#8 0x1c0095af in main (argc=3, argv=0xcfbf2e7c) at mplayer.c:2041
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x1c0ad40b to 0x1c0ad44b:
0x1c0ad40b <demux_ogg_add_packet+219>: push %ebx
0x1c0ad40c <demux_ogg_add_packet+220>: xor %al,0x184be(%ebx)
0x1c0ad412 <demux_ogg_add_packet+226>: add %al,(%eax)
0x1c0ad414 <demux_ogg_add_packet+228>: jne 0x1c0ad461 <demux_ogg_add_packet+305>
0x1c0ad416 <demux_ogg_add_packet+230>: mov 0x14(%ebp),%ebx
0x1c0ad419 <demux_ogg_add_packet+233>: mov (%ebx),%eax
0x1c0ad41b <demux_ogg_add_packet+235>: testb $0x1,(%eax)
0x1c0ad41e <demux_ogg_add_packet+238>: je 0x1c0ad461 <demux_ogg_add_packet+305>
0x1c0ad420 <demux_ogg_add_packet+240>: cmp %ecx,0x8(%ebp)
0x1c0ad423 <demux_ogg_add_packet+243>: jne 0x1c0ad440 <demux_ogg_add_packet+272>
0x1c0ad425 <demux_ogg_add_packet+245>: mov 0x8(%ebp),%esi
0x1c0ad428 <demux_ogg_add_packet+248>: mov 0x5c(%esi),%eax
0x1c0ad42b <demux_ogg_add_packet+251>: cmpl $0x73627276,0x8(%eax)
0x1c0ad432 <demux_ogg_add_packet+258>: jne 0x1c0ad440 <demux_ogg_add_packet+272>
0x1c0ad434 <demux_ogg_add_packet+260>: mov 0xc(%ebp),%eax
0x1c0ad437 <demux_ogg_add_packet+263>: cmpl $0x2,0x178(%eax)
0x1c0ad43e <demux_ogg_add_packet+270>: jle 0x1c0ad461 <demux_ogg_add_packet+305>
0x1c0ad440 <demux_ogg_add_packet+272>: mov 0xffffffb4(%ebp),%ebx
0x1c0ad443 <demux_ogg_add_packet+275>: mov 0x30(%ebx),%edx
0x1c0ad446 <demux_ogg_add_packet+278>: cmp %edx,0x8(%ebp)
0x1c0ad449 <demux_ogg_add_packet+281>: jne 0x1c0ad45a <demux_ogg_add_packet+298>
End of assembler dump.
(gdb) info all-registers
eax 0x0 0
ecx 0x3c1a2b80 1008348032
edx 0x3c1a2c00 1008348160
ebx 0xcfbf19cc -809559604
esp 0xcfbf1914 0xcfbf1914
ebp 0xcfbf197c 0xcfbf197c
esi 0x3c1a2b80 1008348032
edi 0x3c030bbf 1006832575
eip 0x1c0ad42b 0x1c0ad42b
eflags 0x210246 2163270
cs 0x1f 31
ss 0x27 39
ds 0x27 39
es 0x27 39
fs 0x27 39
gs 0x27 39
st0 0.5 (raw 0x3ffe8000000000000000)
st1 0.5 (raw 0x3ffe8000000000000000)
st2 -3951.4868718429997898056171834468842 (raw 0xc00af6f7ca3a21307000)
st3 1810.3332952249998015759047120809555 (raw 0x4009e24aaa5abf693000)
st4 0.19999999999999995559107901499373838 (raw 0x3ffcccccccccccccc000)
st5 61.100000000000001421085471520200372 (raw 0x4004f466666666666800)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x127f 4735
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x1f 31
fioff 0x1c0920cb 470360267
foseg 0x27 39
fooff 0x3c1a3e04 1008352772
fop 0x5d8 1496
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},

v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},

uint128 = 0x00000000000000000000000000000000}

mxcsr 0x0 0
mm0 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},

v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x80}}

mm1 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},

v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x80}}

mm2 {uint64 = 0xf6f7ca3a21307000, v2_int32 = {0x21307000,

0xf6f7ca3a}, v4_int16 = {0x7000, 0x2130, 0xca3a, 0xf6f7}, v8_int8 = {0x0,
0x70, 0x30, 0x21, 0x3a, 0xca, 0xf7, 0xf6}}

mm3 {uint64 = 0xe24aaa5abf693000, v2_int32 = {0xbf693000,

0xe24aaa5a}, v4_int16 = {0x3000, 0xbf69, 0xaa5a, 0xe24a}, v8_int8 = {0x0,
0x30, 0x69, 0xbf, 0x5a, 0xaa, 0x4a, 0xe2}}

mm4 {uint64 = 0xccccccccccccc000, v2_int32 = {0xccccc000,

0xcccccccc}, v4_int16 = {0xc000, 0xcccc, 0xcccc, 0xcccc}, v8_int8 = {0x0,
0xc0, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc}}

mm5 {uint64 = 0xf466666666666800, v2_int32 = {0x66666800,

0xf4666666}, v4_int16 = {0x6800, 0x6666, 0x6666, 0xf466}, v8_int8 = {0x0,
0x68, 0x66, 0x66, 0x66, 0x66, 0x66, 0xf4}}

mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,

0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,

0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

(gdb) quit

[jeremy-mplayer@…]

I changed the priority of this bug after reading the list of bug reports--sorry
if I've guessed wrong. It seems like a crash preventing you from playing a
certain kind of file would be classified as "critical," but I may be mistaken.

[reimar]

(In reply to comment #0)

67 audio & 175 video codecs

delete any codecs.conf on your system!!! This one is probably years old.
With latest CVS this is 86 audio & 197 video codecs.