hi, while playing with zzuf, i created a file which causes ffmpeg to crash in h264 decoder (or at least that's what i think) here is the command line and the output: $ valgrind -v --tool=memcheck ./ffmpeg_g -y -i http://darkkben.free.fr/corrupted_h264.mp4 out_test.mp4 ==19037== Memcheck, a memory error detector. ==19037== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==19037== Using LibVEX rev 1606, a library for dynamic binary translation. ==19037== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. ==19037== Using valgrind-3.2.0, a dynamic binary instrumentation framework. ==19037== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==19037== --19037-- Command line --19037-- ./ffmpeg_g --19037-- -y --19037-- -i --19037-- http://darkkben.free.fr/corrupted_h264.mp4 --19037-- out_test.mp4 --19037-- Startup, with flags: --19037-- -v --19037-- --tool=memcheck --19037-- Contents of /proc/version: --19037-- Linux version 2.6.16-suspend2-r8 (root at it_sample) (gcc version 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)) #8 SMP PREEMPT Mon Oct 16 15:25:21 CEST 2006 --19037-- Arch and hwcaps: X86, x86-sse1-sse2 --19037-- Valgrind library directory: /usr/lib/valgrind --19037-- Reading syms from /lib/ld-2.3.6.so (0x4000000) --19037-- Reading syms from /home/bfouet/env/open_sources/ffmpeg/ffmpeg_g (0x8048000) --19037-- Reading syms from /usr/lib/valgrind/x86-linux/memcheck (0x38000000) --19037-- object doesn't have a symbol table --19037-- object doesn't have a dynamic symbol table --19037-- Reading suppressions file: /usr/lib/valgrind/default.supp --19037-- REDIR: 0x4010C80 (index) redirected to 0x38028A03 (???) --19037-- Reading syms from /usr/lib/valgrind/x86-linux/vgpreload_core.so (0x4017000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so (0x401A000) --19037-- object doesn't have a symbol table ==19037== WARNING: new redirection conflicts with existing -- ignoring it --19037-- new: 0x04010C80 (index ) R-> 0x0401D3E0 index --19037-- REDIR: 0x4010E20 (strlen) redirected to 0x401D680 (strlen) --19037-- Reading syms from /lib/tls/libm.so (0x4040000) --19037-- Reading syms from /lib/libz.so.1.2.3 (0x4063000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libmp3lame.so.0.0.0 (0x4074000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libogg.so.0.5.2 (0x4109000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libxvidcore.so.4.1 (0x410E000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/local/lib/libx264.so.54 (0x4224000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libfaac.so.0.0.0 (0x42AF000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libfaad.so.0.0.0 (0x42BF000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /lib/tls/libc.so (0x42FA000) --19037-- Reading syms from /lib/libdl-2.3.6.so (0x4415000) --19037-- Reading syms from /lib/tls/libpthread.so (0x441A000) --19037-- Reading syms from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libstdc++.so.6.0.3 (0x442C000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/libmp4v2.so.0.0.0 (0x44FC000) --19037-- object doesn't have a symbol table --19037-- Reading syms from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libgcc_s.so.1 (0x45A9000) --19037-- object doesn't have a symbol table --19037-- REDIR: 0x4363450 (memset) redirected to 0x401DED0 (memset) --19037-- REDIR: 0x4363970 (memcpy) redirected to 0x401DA20 (memcpy) --19037-- REDIR: 0x4362660 (rindex) redirected to 0x401D2C0 (rindex) --19037-- REDIR: 0x43622B0 (strlen) redirected to 0x401D660 (strlen) --19037-- REDIR: 0x435EA00 (memalign) redirected to 0x401CE30 (memalign) --19037-- REDIR: 0x435ED50 (realloc) redirected to 0x401CD20 (realloc) --19037-- REDIR: 0x4361D60 (strcmp) redirected to 0x401D930 (strcmp) FFmpeg version SVN-r7661, Copyright (c) 2000-2006 Fabrice Bellard, et al. configuration: --enable-gpl --enable-mp3lame --enable-a52 --enable-xvid --enable-libogg --enable-vorbis --enable-x264 --enable-faad --enable-faac --enable-amr_nb --enable-amr_wb --enable-pp --disable-strip --prefix=/usr --mandir=/usr/share/man --arch=amd64 libavutil version: 49.2.0 libavcodec version: 51.29.0 libavformat version: 51.8.0 built on Jan 23 2007 13:55:33, gcc: 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9) --19037-- REDIR: 0x4361DD0 (strcpy) redirected to 0x401D6C0 (strcpy) --19037-- REDIR: 0x4361BF0 (index) redirected to 0x401D3B0 (index) --19037-- REDIR: 0x435E790 (malloc) redirected to 0x401B4C0 (malloc) --19037-- REDIR: 0x43624A0 (strncmp) redirected to 0x401D8D0 (strncmp) --19037-- REDIR: 0x4362F50 (memchr) redirected to 0x401D9F0 (memchr) --19037-- REDIR: 0x43625B0 (strncpy) redirected to 0x401D790 (strncpy) --19037-- REDIR: 0x435CB40 (free) redirected to 0x401C2D0 (free) Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'http://darkkben.free.fr/corrupted_h264.mp4': Duration: 00:00:24.0, start: 0.000000, bitrate: 247 kb/s Stream #0.0(und): Video: h264, yuv420p, 320x240, 30.00 fps(r) Stream #0.1(und): Data: mp4s / 0x7334706D Stream #0.2(und): Data: mp4s / 0x7334706D Output #0, mp4, to 'out_test.mp4': Stream #0.0: Video: mpeg4, yuv420p, 320x240, q=2-31, 200 kb/s, 30.00 fps(c) Stream mapping: Stream #0.0 -> #0.0 [mpeg4 @ 0x83c8ca0]removing common factors from framerate Press [q] to stop encoding --19037-- REDIR: 0x43641D0 (rawmemchr) redirected to 0x401DF70 (rawmemchr) --19037-- REDIR: 0x43633E0 (memmove) redirected to 0x401DEF0 (memmove) [h264 @ 0x83c8ca0]corrupted macroblock 12 5 (total_coeff<0)its/s [h264 @ 0x83c8ca0]error while decoding MB 12 5 [h264 @ 0x83c8ca0]concealing 237 DC, 237 AC, 237 MV errors [h264 @ 0x83c8ca0]out of range intra chroma pred mode at 6 12s/s [h264 @ 0x83c8ca0]error while decoding MB 6 12 [h264 @ 0x83c8ca0]concealing 103 DC, 103 AC, 103 MV errors [h264 @ 0x83c8ca0]corrupted macroblock 17 7 (total_coeff<0)its/s [h264 @ 0x83c8ca0]error while decoding MB 17 7 [h264 @ 0x83c8ca0]concealing 192 DC, 192 AC, 192 MV errors [h264 @ 0x83c8ca0]concealing 8 DC, 8 AC, 8 MV errors298.4kbits/s ==19037== Conditional jump or move depends on uninitialised value(s) ==19037== at 0x821B385: get_se_golomb (golomb.h:137) ==19037== ==19037== Conditional jump or move depends on uninitialised value(s) ==19037== at 0x821B296: get_ue_golomb (golomb.h:54) [h264 @ 0x83c8ca0]cbp too large (107) at 16 6trate= 406.1kbits/s [h264 @ 0x83c8ca0]error while decoding MB 16 6 [h264 @ 0x83c8ca0]concealing 213 DC, 213 AC, 213 MV errors [h264 @ 0x83c8ca0]P sub_mb_type 31 out of range at 12 8.8kbits/s [h264 @ 0x83c8ca0]error while decoding MB 12 8 [h264 @ 0x83c8ca0]concealing 177 DC, 177 AC, 177 MV errors [h264 @ 0x83c8ca0]out of range intra chroma pred mode at 16 11/s [h264 @ 0x83c8ca0]error while decoding MB 16 11 [h264 @ 0x83c8ca0]concealing 113 DC, 113 AC, 113 MV errors [h264 @ 0x83c8ca0]cbp too large (51) at 11 6bitrate= 382.9kbits/s [h264 @ 0x83c8ca0]error while decoding MB 11 6 [h264 @ 0x83c8ca0]concealing 218 DC, 218 AC, 218 MV errors [h264 @ 0x83c8ca0]out of range intra chroma pred mode at 14 8s/s [h264 @ 0x83c8ca0]error while decoding MB 14 8 [h264 @ 0x83c8ca0]concealing 175 DC, 175 AC, 175 MV errors ==19037== 0 q=3.0 size= 201kB time=4.7 bitrate= 353.0kbits/s ==19037== Invalid read of size 2 ==19037== at 0x8228682: decode_residual (bitstream.h:888) ==19037== Address 0xE0 is not stack'd, malloc'd or (recently) free'd ==19037== ==19037== Process terminating with default action of signal 11 (SIGSEGV) ==19037== Access not within mapped region at address 0xE0 ==19037== at 0x8228682: decode_residual (bitstream.h:888) ==19037== by 0x38018F5F: (within /usr/lib/valgrind/x86-linux/memcheck) ==19037== ==19037== ERROR SUMMARY: 5 errors from 3 contexts (suppressed: 39 from 1) ==19037== ==19037== 1 errors in context 1 of 3: ==19037== Invalid read of size 2 ==19037== at 0x8228682: decode_residual (bitstream.h:888) ==19037== Address 0xE0 is not stack'd, malloc'd or (recently) free'd ==19037== ==19037== 2 errors in context 2 of 3: ==19037== Conditional jump or move depends on uninitialised value(s) ==19037== at 0x821B296: get_ue_golomb (golomb.h:54) ==19037== ==19037== 2 errors in context 3 of 3: ==19037== Conditional jump or move depends on uninitialised value(s) ==19037== at 0x821B385: get_se_golomb (golomb.h:137) --19037-- --19037-- supp: 39 Ubuntu-stripped-ld.so ==19037== ==19037== IN SUMMARY: 5 errors from 3 contexts (suppressed: 39 from 1) ==19037== ==19037== malloc/free: in use at exit: 2,978,168 bytes in 247 blocks. ==19037== malloc/free: 787 allocs, 540 frees, 3,860,918 bytes allocated. ==19037== ==19037== searching for pointers to 247 not-freed blocks. ==19037== checked 3,452,136 bytes. ==19037== ==19037== LEAK SUMMARY: ==19037== definitely lost: 0 bytes in 0 blocks. ==19037== possibly lost: 0 bytes in 0 blocks. ==19037== still reachable: 2,978,168 bytes in 247 blocks. ==19037== suppressed: 0 bytes in 0 blocks. ==19037== Reachable blocks (those to which a pointer was found) are not shown. ==19037== To see them, rerun with: --show-reachable=yes --19037-- memcheck: sanity checks: 1245 cheap, 50 expensive --19037-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use --19037-- memcheck: auxmaps: 0 searches, 0 comparisons --19037-- memcheck: SMs: n_issued = 78 (1248k, 1M) --19037-- memcheck: SMs: n_deissued = 3 (48k, 0M) --19037-- memcheck: SMs: max_noaccess = 65535 (1048560k, 1023M) --19037-- memcheck: SMs: max_undefined = 15 (240k, 0M) --19037-- memcheck: SMs: max_defined = 139 (2224k, 2M) --19037-- memcheck: SMs: max_non_DSM = 75 (1200k, 1M) --19037-- memcheck: max sec V bit nodes: 723 (36k, 0M) --19037-- memcheck: set_sec_vbits8 calls: 723 (new: 723, updates: 0) --19037-- memcheck: max shadow mem size: 1540k, 1M --19037-- translate: fast SP updates identified: 8,874 ( 88.0%) --19037-- translate: generic_known SP updates identified: 965 ( 9.5%) --19037-- translate: generic_unknown SP updates identified: 244 ( 2.4%) --19037-- tt/tc: 156,818 tt lookups requiring 203,304 probes --19037-- tt/tc: 156,818 fast-cache updates, 3 flushes --19037-- transtab: new 10,246 (317,920 -> 4,627,912; ratio 145:10) [0 scs] --19037-- transtab: dumped 0 (0 -> ??) --19037-- transtab: discarded 8 (194 -> ??) --19037-- scheduler: 124,538,911 jumps (bb entries). --19037-- scheduler: 1,245/150,110 major/minor sched events. --19037-- sanity: 1246 cheap, 50 expensive checks. --19037-- exectx: 30,011 lists, 55 contexts (avg 0 per list) --19037-- exectx: 1,371 searches, 1,316 full compares (959 per 1000) --19037-- exectx: 0 cmp2, 114 cmp4, 0 cmpAll Segmentation fault if you need anything else from me, please ask. and if this belongs to ffmpeg-user, i'll move it too, if you ask... Ben
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4