Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#459 closed defect (fixed)

mplayer segfaults when -chapter is set before dvd://

Reported by: billl@… Owned by: alex@…
Priority: normal Component: core
Version: HEAD Severity: normal
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

All is said in the summary:

$ mplayer -chapter 4-4 dvd://2
segfaults.

AFAICT, the problem lies in the function copy_func_p in m_option.c. strdup
(s->name) fails because s->name is null. As I do not exactly understand how this
function is called and what it does, I cannot provide a patch.

Olivier


$ uname -a
Linux andouillette 2.6.15-archck4 #1 Tue Feb 14 22:45:25 CET 2006 i686 Intel(R)
Pentium(R) III Mobile CPU 933MHz GenuineIntel? GNU/Linux

$ ls -l /lib/libc[.-]*
-rwxr-xr-x 1 root root 1214968 déc 4 18:57 /lib/libc-2.3.5.so
lrwxrwxrwx 1 root root 13 déc 4 18:57 /lib/libc.so.6 -> libc-2.3.5.so

$ gcc -v
Lecture des spécification à partir de /usr/lib/gcc/i686-pc-linux-gnu/3.4.4/specs
Configuré avec: /var/tmp/portage/gcc-3.4.4-r1/work/gcc-3.4.4/configure
--prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.4
--includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.4/include
--datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4
--mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4/man
--infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4/info
--with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.4/include/g++-v3
--host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec
--enable-nls --without-included-gettext --with-system-zlib --disable-checking
--disable-werror --disable-libunwind-exceptions --disable-multilib
--disable-libmudflap --disable-libgcj --enable-languages=c,c++ --enable-shared
--enable-threads=posix --enable-cxa_atexit --enable-clocale=gnu
Modèle de thread: posix
version gcc 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)

$ ld -v
GNU ld version 2.16.1

$ as --version
Assembleur GNU 2.16.1

$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel?
cpu family : 6
model : 11
model name : Intel(R) Pentium(R) III Mobile CPU 933MHz
stepping : 1
cpu MHz : 930.441
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 mmx fxsr sse
bogomips : 1861.46

gdb mplayer
GNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library
"/lib/libthread_db.so.1".

(gdb) run -v -chapter 4-4 dvd://2
Starting program: /home/billl/devel/mplayer/mplayer -v -chapter 4-4 dvd://2
MPlayer 1.0pre8-3.3.6 (C) 2000-2006 MPlayer Team
CPU: Intel Celeron 2/Pentium III Tualatin (Family: 6, Stepping: 1)
MMX2 supported but disabled
CPUflags: MMX: 1 MMX2: 0 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 0
Compiled for x86 CPU with extensions: MMX SSE
Program received signal SIGSEGV, Segmentation fault.
0xb77c8ef3 in strlen () from /lib/libc.so.6
(gdb) bt
#0 0xb77c8ef3 in strlen () from /lib/libc.so.6
#1 0xb77c8c35 in strdup () from /lib/libc.so.6
#2 0x080aa7f9 in copy_func_pf ()
#3 0x0000000c in ?? ()
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xb77c8ed3 to 0xb77c8f13:
0xb77c8ed3 <strlen+19>: inc %eax
0xb77c8ed4 <strlen+20>: xor $0x3,%ecx
0xb77c8ed7 <strlen+23>: je 0xb77c8ef3 <strlen+51>
0xb77c8ed9 <strlen+25>: cmp %ch,(%eax)
0xb77c8edb <strlen+27>: je 0xb77c8f6a <strlen+170>
0xb77c8ee1 <strlen+33>: add $0x1,%eax
0xb77c8ee4 <strlen+36>: sub $0x1,%ecx
0xb77c8ee7 <strlen+39>: je 0xb77c8ef3 <strlen+51>
0xb77c8ee9 <strlen+41>: cmp %ch,(%eax)
0xb77c8eeb <strlen+43>: je 0xb77c8f6a <strlen+170>
0xb77c8eed <strlen+45>: sub $0xf,%eax
0xb77c8ef0 <strlen+48>: add $0x10,%eax
0xb77c8ef3 <strlen+51>: mov (%eax),%ecx
0xb77c8ef5 <strlen+53>: mov $0xfefefeff,%edx
0xb77c8efa <strlen+58>: add %ecx,%edx
0xb77c8efc <strlen+60>: jae 0xb77c8f57 <strlen+151>
0xb77c8efe <strlen+62>: xor %ecx,%edx
0xb77c8f00 <strlen+64>: or $0xfefefeff,%edx
0xb77c8f06 <strlen+70>: inc %edx
0xb77c8f07 <strlen+71>: jne 0xb77c8f57 <strlen+151>
0xb77c8f09 <strlen+73>: mov 0x4(%eax),%ecx
0xb77c8f0c <strlen+76>: mov $0xfefefeff,%edx
0xb77c8f11 <strlen+81>: add %ecx,%edx
End of assembler dump.
(gdb) info all-registers
eax 0x0 0
ecx 0x0 0
edx 0x0 0
ebx 0xb7876ff4 -1215860748
esp 0xbfa4008c 0xbfa4008c
ebp 0xbfa400a8 0xbfa400a8
esi 0xb7878858 -1215854504
edi 0x0 0
eip 0xb77c8ef3 0xb77c8ef3 <strlen+51>
eflags 0x10246 66118
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 3 (raw 0x4000c000000000000000)
st7 3 (raw 0x4000c000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x80a9bcb 134912971
foseg 0x7b 123
fooff 0x86f3a08 141507080
fop 0x11b 283
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =

0x00000000000000000000000000000000}
mxcsr 0x1f80 8064
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0xc0}}

mm7 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0xc0}}

Change History (1)

comment:1 Changed 14 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

Should be fixed in CVS (at least it is for me, if not please reopen)

Note: See TracTickets for help on using tickets.