mplayer fails to decode an ape stream - if need be I can upload the file, though it's very large and it only fails around half-way

[kitanatahu@…]

Decoded 2472 -> 18432 901.1 (48:21.0) 7.6%

Program received signal SIGSEGV, Segmentation fault.
entropy_decode (ctx=0xea9a10, blockstodecode=2691, stereo=1) at apedec.c:259
259 ctx->rc.buffer = (ctx->rc.buffer << 8) | bytestream_get_byte(&ctx->ptr);
(gdb) bt
#0 entropy_decode (ctx=0xea9a10, blockstodecode=2691, stereo=1) at apedec.c:259
#1 0x000000000067a3df in ape_decode_frame (avctx=<value optimized out>, data=0x2e77ac88e810, data_size=0x7909ed8f1e54, buf=0x2e77aca3af42 "",

buf_size=71818) at apedec.c:819

#2 0x0000000000640568 in avcodec_decode_audio2 (avctx=0xea9640, samples=0xeb4c28, frame_size_ptr=0xf658ff00, buf=0x2 <Address 0x2 out of bounds>,

buf_size=2066513664) at utils.c:970

#3 0x00000000004eb300 in decode_audio (sh_audio=0xea9540, buf=0x2e77ac88e810 "", minlen=53248, maxlen=226816) at ad_ffmpeg.c:164
#4 0x00000000004b0074 in decode_audio (sh_audio=0xea9540, minlen=65536) at dec_audio.c:373
#5 0x000000000044a3da in main (argc=<value optimized out>, argv=<value optimized out>) at mplayer.c:1794
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x679854 to 0x679894:
0x0000000000679854 <entropy_decode+2564>: mov 0xb328(%rbx),%rcx
0x000000000067985b <entropy_decode+2571>: jmp 0x679863 <entropy_decode+2579>
0x000000000067985d <entropy_decode+2573>: nopl (%rax)
0x0000000000679860 <entropy_decode+2576>: mov %eax,%r9d
0x0000000000679863 <entropy_decode+2579>: inc %rcx
0x0000000000679866 <entropy_decode+2582>: shl $0x8,%edx
0x0000000000679869 <entropy_decode+2585>: shl $0x8,%r8d
0x000000000067986d <entropy_decode+2589>: mov %rcx,0xb328(%rbx)
0x0000000000679874 <entropy_decode+2596>: movzbl -0x1(%rcx),%eax
0x0000000000679878 <entropy_decode+2600>: or %eax,%edx
0x000000000067987a <entropy_decode+2602>: mov %edx,%eax
0x000000000067987c <entropy_decode+2604>: mov %edx,0xb214(%rbx)
0x0000000000679882 <entropy_decode+2610>: shr %eax
0x0000000000679884 <entropy_decode+2612>: and $0xff,%eax
0x0000000000679889 <entropy_decode+2617>: or %eax,%r8d
0x000000000067988c <entropy_decode+2620>: mov %r9d,%eax
0x000000000067988f <entropy_decode+2623>: shl $0x8,%eax
0x0000000000679892 <entropy_decode+2626>: mov %r8d,0xb208(%rbx)
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0xea9a10 15374864
rcx 0x2e77ac989001 51091531665409
rdx 0xf658ff00 4133027584
rsi 0xeb4c28 15420456
rdi 0xa83 2691
rbp 0x3 0x3
rsp 0x7909ed8f1d60 0x7909ed8f1d60
r8 0x7b2c7f00 2066513664
r9 0x0 0
r10 0x2 2
r11 0x47 71
r12 0xead9f0 15391216
r13 0xeb21f0 15409648
r14 0x1 1
r15 0xd000 53248
rip 0x679874 0x679874 <entropy_decode+2596>
eflags 0x10a17 [ CF PF AF IF OF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0xfffffe40, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0xc3, 0x0,

0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xc3e0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0xc3e00000, 0x0, 0x0}, v2_int64 = {
0xc3e0000000000000, 0x0}, uint128 = 0x0000000000000000c3e0000000000000}

xmm1 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x80, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x4060, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x40600000, 0x0, 0x0}, v2_int64 = {0x4060000000000000, 0x0},

---Type <return> to continue, or q <return> to quit---

uint128 = 0x00000000000000004060000000000000}

xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm3 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},

uint128 = 0x00000000000000003ff0000000000000}

xmm4 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {0xffffffffffffffd2, 0x0}, v16_int8 = {0x5b, 0xaa, 0xa2, 0x2a, 0x9e, 0x6, 0x47, 0xc0,

0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xaa5b, 0x2aa2, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x2aa2aa5b, 0xc047069e, 0x0, 0x0},

v2_int64 = {0xc047069e2aa2aa5b, 0x0}, uint128 = 0x0000000000000000c047069e2aa2aa5b}

xmm5 {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xf6, 0x8f, 0xee, 0x21, 0xa8, 0x74, 0xd3, 0xbf, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x8ff6, 0x21ee, 0x74a8, 0xbfd3, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x21ee8ff6, 0xbfd374a8, 0x0, 0x0}, v2_int64 = {
0xbfd374a821ee8ff6, 0x0}, uint128 = 0x0000000000000000bfd374a821ee8ff6}

xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0xbc598000, 0x0, 0x0}, v2_int64 = {0xbc59800000000000,
0x0}, uint128 = 0x0000000000000000bc59800000000000}

xmm7 {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x17, 0x11, 0xbe, 0x76, 0x67, 0x6b, 0xd3, 0xbf, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x1117, 0x76be, 0x6b67, 0xbfd3, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x76be1117, 0xbfd36b67, 0x0, 0x0}, v2_int64 = {
0xbfd36b6776be1117, 0x0}, uint128 = 0x0000000000000000bfd36b6776be1117}

xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x54, 0xec, 0x35, 0x16, 0xb3, 0xe9, 0x8f, 0xbd, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xec54, 0x1635, 0xe9b3, 0xbd8f, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1635ec54, 0xbd8fe9b3, 0x0, 0x0}, v2_int64 = {
0xbd8fe9b31635ec54, 0x0}, uint128 = 0x0000000000000000bd8fe9b31635ec54}

xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0}, v2_int64 = {
0x3ff5af27bbbf7d6d, 0x0}, uint128 = 0x00000000000000003ff5af27bbbf7d6d}

xmm10 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double = {0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6, 0x47, 0xc0,

0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe6e0, 0x6735, 0x69e, 0xc047, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0, 0xc047069e, 0x0, 0x0},

v2_int64 = {0xc047069e6735e6e0, 0x0}, uint128 = 0x0000000000000000c047069e6735e6e0}

xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x29, 0xf2, 0x88, 0x6c, 0xa6, 0x49, 0xde, 0x3e, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xf229, 0x6c88, 0x49a6, 0x3ede, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6c88f229, 0x3ede49a6, 0x0, 0x0}, v2_int64 = {
0x3ede49a66c88f229, 0x0}, uint128 = 0x00000000000000003ede49a66c88f229}

xmm12 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea, 0x8f, 0xbd, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x5065a26a, 0xbd8feaf2, 0x0, 0x0}, v2_int64 = {
0xbd8feaf25065a26a, 0x0}, uint128 = 0x0000000000000000bd8feaf25065a26a}

xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x84460000, 0x3ed65924, 0x0, 0x0}, v2_int64 = {
0x3ed6592484460000, 0x0}, uint128 = 0x00000000000000003ed6592484460000}

xmm15 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0,

0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},

uint128 = 0x00000000000000003ff0000000000000}

mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]

I think this could also be of some help
(gdb) frame 0
#0 entropy_decode (ctx=0xea9a10, blockstodecode=2691, stereo=1) at apedec.c:259
259 ctx->rc.buffer = (ctx->rc.buffer << 8) | bytestream_get_byte(&ctx->ptr);
(gdb) frame 1
#1 0x000000000067a3df in ape_decode_frame (avctx=<value optimized out>, data=0x2e77ac88e810, data_size=0x7909ed8f1e54, buf=0x2e77aca3af42 "",

buf_size=71818) at apedec.c:819

819 entropy_decode(ctx, count, 1);
(gdb) frame 2
#2 0x0000000000640568 in avcodec_decode_audio2 (avctx=0xea9640, samples=0xeb4c28, frame_size_ptr=0xf658ff00, buf=0x2 <Address 0x2 out of bounds>,

buf_size=2066513664) at utils.c:970

970 ret = avctx->codec->decode(avctx, samples, frame_size_ptr,

[kitanatahu@…]

g-zu@g-zu ~/mpsvn/mplayer $ uname -a
Linux g-zu 2.6.22-hardened-r8 #1 PREEMPT Thu Oct 25 02:44:49 EEST 2007 x86_64 AMD Athlon(tm) 64 Processor 3000+ AuthenticAMD GNU/Linux
g-zu@g-zu ~/mpsvn/mplayer $ ls -l /lib/libc[.-]*
-rwxr-xr-x 1 root root 1297552 2007-10-14 17:33 /lib/libc-2.6.1.so
lrwxrwxrwx 1 root root 13 2007-10-14 17:34 /lib/libc.so.6 -> libc-2.6.1.so
g-zu@g-zu ~/mpsvn/mplayer $ gcc -v
Using built-in specs.
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-4.1.1-r3/work/gcc-4.1.1/configure --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.1 --includedir=
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1
/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.1/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/include/g++-v4 --host=x86_64-
pc-linux-gnu --build=x86_64-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --e
nable-secureplt --disable-libunwind-exceptions --enable-multilib --disable-libmudflap --disable-libssp --disable-libgcj --enable-languages=c,c++ --enable-sha
red --enable-threads=posix --enable-cxa_atexit --enable-clocale=gnu
Thread model: posix
gcc version 4.1.1 (Gentoo 4.1.1-r3 p1.10)
g-zu@g-zu ~/mpsvn/mplayer $ ld -v
GNU ld (GNU Binutils) 2.18
g-zu@g-zu ~/mpsvn/mplayer $ as --version
GNU assembler (GNU Binutils) 2.18
Copyright 2007 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-pc-linux-gnu'.
g-zu@g-zu ~/mpsvn/mplayer $ cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 47
model name : AMD Athlon(tm) 64 Processor 3000+
stepping : 0
cpu MHz : 1800.000
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt lm 3dnowext 3d
now pni lahf_lm
bogomips : 3619.61
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc

[compn]

looks like libavcodec bug, try reporting it on
​http://roundup.mplayerhq.hu

and yes please upload a small sample that crashes :)
​ftp://upload.mplayerhq.hu/MPlayer/incoming