[libav-bugs] [Bug 946] New: SIGSEGV due to NULL pointer dereference

bugzilla at libav.org bugzilla at libav.org
Tue Jun 7 10:06:38 CEST 2016


https://bugzilla.libav.org/show_bug.cgi?id=946

            Bug ID: 946
           Summary: SIGSEGV due to NULL pointer dereference
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: utilities
          Assignee: bugzilla at libav.org
          Reporter: le.businessman at gmail.com

Specifically out_video_filter->inputs is NULL:
(gdb) print is->out_video_filter->inputs
$1 = (AVFilterLink **) 0x0

Backtrace:
0x000000000044fa98 in alloc_picture (opaque=0xfbaca0 <player_state>)
    at avplay.c:1237
1237        vp->width   = is->out_video_filter->inputs[0]->w;
(gdb) bt
#0  0x000000000044fa98 in alloc_picture (opaque=0xfbaca0 <player_state>)
    at avplay.c:1237
#1  event_loop () at avplay.c:2830
#2  main (argc=<optimized out>, argv=<optimized out>) at avplay.c:3056

Dump of assembler code from 0x44fa78 to 0x44fab8:
   0x000000000044fa78 <main+2200>:    pushq  -0x18(%rbp,%rax,1)
   0x000000000044fa7c <main+2204>:    (bad)  
   0x000000000044fa7d <main+2205>:    push   %rax
   0x000000000044fa7e <main+2206>:    sti    
   0x000000000044fa7f <main+2207>:    decl   -0x75(%rcx)
   0x000000000044fa82 <main+2210>:    test   %ah,(%rax,%rax,4)
   0x000000000044fa85 <main+2213>:    or     $0x4,%al
   0x000000000044fa87 <main+2215>:    add    %cl,-0x75(%rax)
   0x000000000044fa8a <main+2218>:    or     $0xb6b1a1,%eax
   0x000000000044fa8f <main+2223>:    mov    $0x32315659,%edx
   0x000000000044fa94 <main+2228>:    mov    0x20(%rax),%rax
=> 0x000000000044fa98 <main+2232>:    mov    (%rax),%rax
   0x000000000044fa9b <main+2235>:    mov    0x24(%rax),%edi
   0x000000000044fa9e <main+2238>:    mov    0x28(%rax),%esi
   0x000000000044faa1 <main+2241>:    mov    0x44(%rax),%eax
   0x000000000044faa4 <main+2244>:    mov    %edi,0x20(%rbp)
   0x000000000044faa7 <main+2247>:    mov    %esi,0x24(%rbp)
   0x000000000044faaa <main+2250>:    mov    %eax,0x30(%rbp)
   0x000000000044faad <main+2253>:    callq  0x4046f0
<SDL_CreateYUVOverlay at plt>
   0x000000000044fab2 <main+2258>:    test   %rax,%rax
   0x000000000044fab5 <main+2261>:    mov    %rax,0x18(%rbp)
End of assembler dump.

(gdb) info all-registers
rax            0x0    0
rbx            0x7fffffffdf40    140737488346944
rcx            0x161af30    23179056
rdx            0x32315659    842094169
rsi            0x7fffffffe3b5    140737488348085
rdi            0x0    0
rbp            0xffb448    0xffb448 <player_state+264104>
rsp            0x7fffffffdee0    0x7fffffffdee0
r8             0x0    0
r9             0x1629b50    23239504
r10            0x7ffff67aa7b8    140737328621496
r11            0x206    518
r12            0xfbaca0    16493728
r13            0x25d629b18    10156677912
r14            0xfbaca0    16493728
r15            0x0    0
rip            0x44fa98    0x44fa98 <main+2232>
eflags         0x10246    [ PF ZF IF RF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
gs             0x0    0
st0            -nan(0xfffee580fffee580)    (raw 0xfffffffee580fffee580)
st1            -nan(0xfffbb072fffa1e2a)    (raw 0xfffffffbb072fffa1e2a)
st2            -nan(0x80008000800080)    (raw 0xffff0080008000800080)
st3            -nan(0xffff970afffcd0e2)    (raw 0xffffffff970afffcd0e2)
st4            -nan(0x80008000800080)    (raw 0xffff0080008000800080)
st5            -nan(0x80008000800080)    (raw 0xffff0080008000800080)
st6            -nan(0x80008000800080)    (raw 0xffff0080008000800080)
st7            -nan(0xffff697c0001c38c)    (raw 0xffffffff697c0001c38c)
fctrl          0x37f    895
fstat          0x0    0
ftag           0xffff    65535
fiseg          0x0    0
fioff          0x0    0
foseg          0x0    0
fooff          0x0    0
fop            0x0    0
mxcsr          0x1fa0    [ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
    0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xff00, 0xffff, 
    0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 
    0x0, 0xffffff00, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 
    0xffffffffffffff00, 0x0, 0x0}, v2_int128 = {
    0xffffffffffffff000000000000000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0xff, 0xff, 
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x1, 0x1, 0x1, 0x1, 
    0x0 <repeats 18 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 
    0xff, 0x101, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xffffffff, 0xffffffff, 0x10100ff, 0x101, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xffffffffffffffff, 0x101010100ff, 0x0, 0x0}, v2_int128 = {
    0x00000101010100ffffffffffffffffff, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x49, 0x53, 0x4f, 0x38, 0x38, 
    0x35, 0x39, 0x2d, 0x31, 0x0, 0x7a, 0xf6, 0xff, 0x7f, 
    0x0 <repeats 18 times>}, v16_int16 = {0x5349, 0x384f, 0x3538, 0x2d39, 
    0x31, 0xf67a, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0x384f5349, 0x2d393538, 0xf67a0031, 0x7fff, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x2d393538384f5349, 0x7ffff67a0031, 0x0, 0x0}, v2_int128 = {
    0x00007ffff67a00312d393538384f5349, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
---Type <return> to continue, or q <return> to quit---
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0xff, 0x0, 
    0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 
    0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0x0, 0xff00, 0x0, 0xff00, 
    0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
    0xff00, 0xff00, 0xff00, 0xff000000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xff000000ff00, 0xff0000000000ff00, 0x0, 0x0}, v2_int128 = {
    0xff0000000000ff000000ff000000ff00, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 
    0x0, 0x0, 0x0, 0x0, 0xff, 0x0 <repeats 21 times>}, v16_int16 = {0x0, 0x0, 
    0xff00, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0x0, 0xff00, 0xff0000, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xff0000000000, 0xff0000, 0x0, 0x0}, v2_int128 = {
    0x0000000000ff00000000ff0000000000, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0xff, 0x0, 
    0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 
    0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0x0, 0xff00, 0x0, 0xff00, 
    0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
    0xff00, 0xff00, 0xff00, 0xff000000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xff000000ff00, 0xff0000000000ff00, 0x0, 0x0}, v2_int128 = {
    0xff0000000000ff000000ff000000ff00, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 
    0xc8, 0xbc, 0x3b, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0xc868, 
    0x3bbc, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3bbcc868, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3bbcc86800000000, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x00000000000000003bbcc86800000000, 
    0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, 
  v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0xff, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 
    0x0, 0xff00, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0xff000000, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff00000000000000, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x0000000000000000ff00000000000000, 
    0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 
    0x59, 0xbc, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x8000, 
    0xbc59, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0xbc598000, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xbc59800000000000, 0x0, 0x0, 0x0}, 
  v2_int128 = {0x0000000000000000bc59800000000000, 
    0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 
    0x24, 0x53, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 
    0x24f0, 0x3c53, 0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 
    0x3c5324f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3c5324f0e883858e, 
    0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c5324f0e883858e, 
    0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_double = {0x2d, 0x0, 0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 
    0xdf, 0x46, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 
    0xdfb5, 0x4046, 0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 
    0x4046dfb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4046dfb516f209c0, 
    0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004046dfb516f209c0, 
    0x00000000000000000000000000000000}}

Sample created with:
./x262 -o out.mpg ~/Pictures/subset1-y4m/Fruits_oranges\,_jardin_japonais_2.y4m
--profile main --preset medium --bitrate 3000 --vbv-maxrate 3000 --vbv-bufsize
1805 --mpeg2 -I 25

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20160607/68bbf056/attachment.html>


More information about the libav-bugs mailing list