[libav-bugs] [Bug 1104] New: Segmentation fault on h264_slice_init

bugzilla at libav.org bugzilla at libav.org
Thu Nov 30 12:14:46 CET 2017


https://bugzilla.libav.org/show_bug.cgi?id=1104

            Bug ID: 1104
           Summary: Segmentation fault on h264_slice_init
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: mgcho.minic at gmail.com

Created attachment 699
  --> https://bugzilla.libav.org/attachment.cgi?id=699&action=edit
POC of the crash

Triggered by "./avconv -i $POC -f null -"

Segmentation fault on h264_slice_init.


The GDB debugging information is as follows:

(gdb) r -v 9 -loglevel 99 -i $POC -f null -
Starting program:./avconv -v 9 -loglevel 99 -i $POC -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
avconv version v13_dev0-1400-gb72ac6d, Copyright (c) 2000-2017 the Libav
developers
  built on Nov 14 2017 01:13:43 with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.5)
20160609
  configuration: 
  libavutil     56.  6. 0 / 56.  6. 0
  libavcodec    58.  5. 0 / 58.  5. 0
  libavformat   58.  1. 0 / 58.  1. 0
  libavdevice   57.  0. 2 / 57.  0. 2
  libavfilter    7.  0. 0 /  7.  0. 0
  libavresample  4.  0. 0 /  4.  0. 0
  libswscale     5.  0. 0 /  5.  0. 0
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set libav* logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set libav* logging
level) with argument '99'.
Reading option '-i' ... matched as input file with argument
'./avconv_aac_1_afl_d/triage-12.2/h264_slice.c:1759:13/id:000415,sig:06,src:007940+008286,op:splice,rep:128'.
Reading option '-f' ... matched as option 'f' (force format) with argument
'null'.
Reading option '-' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set libav* logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file
./avconv_aac_1_afl_d/triage-12.2/h264_slice.c:1759:13/id:000415,sig:06,src:007940+008286,op:splice,rep:128.
Successfully parsed a group of options.
Opening an input file:
./avconv_aac_1_afl_d/triage-12.2/h264_slice.c:1759:13/id:000415,sig:06,src:007940+008286,op:splice,rep:128.
score: 0, dvhs_score: 0, fec_score: 0 
nsv_probe(), buf_size 2048
[h264 @ 0x91c5040] Probed with size=2048 and score=51
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] illegal aspect ratio
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[AVBSFContext @ 0x91ca7a0] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] no frame!
[AVBSFContext @ 0x91ca7a0] nal_unit_type: 7, nal_ref_idc: 2
[AVBSFContext @ 0x91ca7a0] nal_unit_type: 1, nal_ref_idc: 0
[AVBSFContext @ 0x91ca7a0] nal_unit_type: 21, nal_ref_idc: 0
[AVBSFContext @ 0x91ca7a0] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 21, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] illegal aspect ratio
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 21 (982 bits)
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] no frame!
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:0/0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 2
[h264 @ 0x91c5e80] Reinit context to 192x2912, pix_fmt: 0
[h264 @ 0x91c5e80] Frame num gap 18 16
[h264 @ 0x91c5e80] no picture
[h264 @ 0x91c5e80] Reference 4 >= 2
[h264 @ 0x91c5e80] error while decoding MB 4 22, bytestream 80
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
    Last message repeated 1 times
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] no frame!
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:0/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] no frame!
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:0 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:0/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 4, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 1 times
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 14 (1679 bits)
[h264 @ 0x91c5e80] data partitioning is not implemented. Update your Libav
version to the newest one from Git. If the problem still occurs, it means that
your file has a feature which has not been implemented.
[h264 @ 0x91c5e80] If you want to help, upload a sample of this file to
ftp://upload.libav.org/incoming/ and contact the libav-devel mailing list.
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 25, nal_ref_idc: 1
[h264 @ 0x91c5e80] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91c5e80] Invalid NAL unit 0, skipping.
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 1 times
[h264 @ 0x91c5e80] nal_unit_type: 21, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] Unknown NAL code: 0 (31 bits)
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 25 (1051 bits)
[h264 @ 0x91c5e80] Unknown NAL code: 0 (399 bits)
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 21 (982 bits)
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] no frame!
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] Invalid NAL unit 1, skipping.
[h264 @ 0x91c5e80] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 25, nal_ref_idc: 1
[h264 @ 0x91c5e80] Reinit context to 16x16, pix_fmt: 0
[h264 @ 0x91c5e80] no picture
[h264 @ 0x91c5e80] first_mb_in_slice overflow
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 0 (70 bits)
[h264 @ 0x91c5e80] Unknown NAL code: 25 (792 bits)
[h264 @ 0x91c5e80] Invalid crop parameters
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
    Last message repeated 1 times
[h264 @ 0x91c5e80] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 3 times
[h264 @ 0x91c5e80] Invalid crop parameters
[h264 @ 0x91c5e80] Reinit context to 192x704, pix_fmt: 0
[h264 @ 0x91c5e80] Frame num gap 58 56
[h264 @ 0x91c5e80] no picture
[h264 @ 0x91c5e80] top block unavailable for requested intra4x4 mode -1
[h264 @ 0x91c5e80] error while decoding MB 8 1, bytestream 282
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91c5e80] Invalid NAL unit 7, skipping.
[h264 @ 0x91c5e80] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 1 times
[h264 @ 0x91c5e80] nal_unit_type: 5, nal_ref_idc: 3
[h264 @ 0x91c5e80] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91c5e80] Unknown NAL code: 14 (1823 bits)
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 14 (1942 bits)
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] non-existing PPS 2 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] A non-intra slice in an IDR NAL unit.
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 0 (31 bits)
[h264 @ 0x91c5e80] no frame!
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 25, nal_ref_idc: 1
[h264 @ 0x91c5e80] Invalid NAL unit 1, skipping.
[h264 @ 0x91c5e80] non-existing PPS 0 referenced
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 25 (5031 bits)
[h264 @ 0x91c5e80] no frame!
[h264 @ 0x91c5e80] Invalid crop parameters
IN delayed:1 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0 st:0
pc:0x91c6260
OUTdelayed:1/15 pts:-9223372036854775808, dts:-9223372036854775808 cur_dts:0
[h264 @ 0x91c5e80] nal_unit_type: 7, nal_ref_idc: 2
    Last message repeated 2 times
[h264 @ 0x91c5e80] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91c5e80] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c5e80] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91c5e80] Invalid crop parameters
[h264 @ 0x91c5e80] Unknown NAL code: 14 (1823 bits)
[h264 @ 0x91c5e80] Reinit context to 16x16, pix_fmt: 0
[h264 @ 0x91c5e80] no picture
[h264 @ 0x91c5e80] Missing reference picture
[h264 @ 0x91c5e80] decode_slice_header error
[h264 @ 0x91c5e80] Unknown NAL code: 14 (606 bits)
[h264 @ 0x91c5040] Estimating duration from bitrate, this may be inaccurate
[h264 @ 0x91c5040] 0: start_time: -9223372036854.775 duration:
-9223372036854.775
[h264 @ 0x91c5040] stream: start_time: -9223372036854.775 duration:
-9223372036854.775 bitrate=0 kb/s
Input #0, h264, from
'./avconv_aac_1_afl_d/triage-12.2/h264_slice.c:1759:13/id:000415,sig:06,src:007940+008286,op:splice,rep:128':
  Duration: N/A, bitrate: N/A
    Stream #0:0, 12, 1/25: Video: h264
      yuv420p, left, 16x6 (0x0), 0/1
      25 fps, 25 tbn
Successfully opened the file.
Parsing a group of options: output file -.
Applying option f (force format) with argument null.
Successfully parsed a group of options.
Opening an output file: -.
Successfully opened the file.
[h264 @ 0x91e8ec0] detected 2 logical cores
[h264 @ 0x91cc200] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91cc200] illegal aspect ratio
[New Thread 0xb7d75b40 (LWP 1849)]
[New Thread 0xb7574b40 (LWP 1850)]
[New Thread 0xb6d73b40 (LWP 1851)]
Stream mapping:
  Stream #0:0 -> #0:0 (h264 (native) -> wrapped_avframe (native))
Press ctrl-c to stop encoding
[h264 @ 0x91cc200] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91cc200] non-existing PPS 2 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] no frame!
[h264 @ 0x91c8320] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91c8320] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c8320] nal_unit_type: 21, nal_ref_idc: 0
[h264 @ 0x91c8320] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c8320] illegal aspect ratio
[h264 @ 0x91c8320] non-existing PPS 2 referenced
[h264 @ 0x91c8320] decode_slice_header error
[h264 @ 0x91c8320] Unknown NAL code: 21 (982 bits)
[h264 @ 0x91c8320] non-existing PPS 2 referenced
[h264 @ 0x91c8320] decode_slice_header error
[h264 @ 0x91c8320] no frame!
Error while decoding stream #0:0
[h264 @ 0x91b8b40] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91b8b40] nal_unit_type: 1, nal_ref_idc: 2
[h264 @ 0x91b8b40] sps_id 0 out of range
[h264 @ 0x91b8b40] non-existing PPS 0 referenced
[h264 @ 0x91b8b40] decode_slice_header error
[h264 @ 0x91b8b40] no frame!
Error while decoding stream #0:0
[h264 @ 0x91cc200] nal_unit_type: 7, nal_ref_idc: 2
    Last message repeated 1 times
[h264 @ 0x91cc200] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91cc200] non-existing PPS 0 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] no frame!
[h264 @ 0x91c8320] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c8320] non-existing PPS 0 referenced
[h264 @ 0x91c8320] decode_slice_header error
[h264 @ 0x91c8320] no frame!
Error while decoding stream #0:0
    Last message repeated 1 times
[h264 @ 0x91b8b40] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91b8b40] nal_unit_type: 14, nal_ref_idc: 0
[h264 @ 0x91b8b40] nal_unit_type: 4, nal_ref_idc: 0
[h264 @ 0x91b8b40] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 1 times
[h264 @ 0x91b8b40] non-existing PPS 0 referenced
[h264 @ 0x91b8b40] decode_slice_header error
[h264 @ 0x91b8b40] Unknown NAL code: 14 (1679 bits)
[h264 @ 0x91b8b40] data partitioning is not implemented. Update your Libav
version to the newest one from Git. If the problem still occurs, it means that
your file has a feature which has not been implemented.
[h264 @ 0x91b8b40] If you want to help, upload a sample of this file to
ftp://upload.libav.org/incoming/ and contact the libav-devel mailing list.
Error while decoding stream #0:0
[h264 @ 0x91cc200] nal_unit_type: 7, nal_ref_idc: 2
[h264 @ 0x91cc200] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91cc200] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91cc200] nal_unit_type: 25, nal_ref_idc: 1
[h264 @ 0x91cc200] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91cc200] Invalid NAL unit 0, skipping.
[h264 @ 0x91cc200] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 1 times
[h264 @ 0x91cc200] nal_unit_type: 21, nal_ref_idc: 0
[h264 @ 0x91cc200] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91cc200] Unknown NAL code: 0 (31 bits)
[h264 @ 0x91cc200] non-existing PPS 0 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] Unknown NAL code: 25 (1051 bits)
[h264 @ 0x91cc200] Unknown NAL code: 0 (399 bits)
[h264 @ 0x91cc200] non-existing PPS 2 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] non-existing PPS 2 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] Unknown NAL code: 21 (982 bits)
[h264 @ 0x91cc200] non-existing PPS 2 referenced
[h264 @ 0x91cc200] decode_slice_header error
[h264 @ 0x91cc200] no frame!
[h264 @ 0x91c8320] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91c8320] nal_unit_type: 1, nal_ref_idc: 0
[h264 @ 0x91c8320] Invalid NAL unit 21, skipping.
[h264 @ 0x91c8320] nal_unit_type: 0, nal_ref_idc: 0
[h264 @ 0x91c8320] nal_unit_type: 25, nal_ref_idc: 1
[h264 @ 0x91c8320] Reinit context to 192x2912, pix_fmt: 0
[h264 @ 0x91c8320] Frame num gap 22 20
[h264 @ 0x91c8320] left block unavailable for requested intra4x4 mode -1
[h264 @ 0x91c8320] error while decoding MB 7 2, bytestream 1456
[h264 @ 0x91c8320] Unknown NAL code: 0 (70 bits)
[h264 @ 0x91c8320] Unknown NAL code: 25 (792 bits)
Error while decoding stream #0:0
    Last message repeated 1 times
[h264 @ 0x91b8b40] nal_unit_type: 7, nal_ref_idc: 2
    Last message repeated 1 times
[h264 @ 0x91b8b40] nal_unit_type: 8, nal_ref_idc: 2
[h264 @ 0x91b8b40] nal_unit_type: 1, nal_ref_idc: 0
    Last message repeated 3 times
[h264 @ 0x91b8b40] Invalid crop parameters
Error while decoding stream #0:0
    Last message repeated 3 times
No more output streams to write to, finishing.
Video encoding failed


Thread 4 "avconv" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6d73b40 (LWP 1851)]
0x0868e8c2 in h264_slice_init (nal=0xb6300560, nal=0xb6300560, sl=0x91fef40,
h=0x91f4a60)
    at libavcodec/h264_slice.c:1777
1777        if (h->ps.pps->weighted_bipred_idc == 2 &&

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x868e8a2 to 0x868e8e2:
   0x0868e8a2 <ff_h264_queue_decode_slice+1570>:    test  
%ch,-0x7cfffff4(%ebp)
   0x0868e8a8 <ff_h264_queue_decode_slice+1576>:    in     (%dx),%al
   0x0868e8a9 <ff_h264_queue_decode_slice+1577>:    or     %dl,0x57(%ebp)
   0x0868e8ac <ff_h264_queue_decode_slice+1580>:    call   0x8687d90
<ff_h264_build_ref_list>
   0x0868e8b1 <ff_h264_queue_decode_slice+1585>:    add    $0x10,%esp
   0x0868e8b4 <ff_h264_queue_decode_slice+1588>:    test   %eax,%eax
   0x0868e8b6 <ff_h264_queue_decode_slice+1590>:    js     0x868e749
<ff_h264_queue_decode_slice+1225>
   0x0868e8bc <ff_h264_queue_decode_slice+1596>:    mov    0x5ea0(%edi),%eax
=> 0x0868e8c2 <ff_h264_queue_decode_slice+1602>:    cmpl   $0x2,0x20(%eax)
   0x0868e8c6 <ff_h264_queue_decode_slice+1606>:    je     0x868fa50
<ff_h264_queue_decode_slice+6096>
   0x0868e8cc <ff_h264_queue_decode_slice+1612>:    cmpl   $0x3,0x2f0(%ebp)
   0x0868e8d3 <ff_h264_queue_decode_slice+1619>:    je     0x868fa30
<ff_h264_queue_decode_slice+6064>
   0x0868e8d9 <ff_h264_queue_decode_slice+1625>:    sub    $0x8,%esp
   0x0868e8dc <ff_h264_queue_decode_slice+1628>:    push   %ebp
   0x0868e8dd <ff_h264_queue_decode_slice+1629>:    push   %edi
   0x0868e8de <ff_h264_queue_decode_slice+1630>:    call   0x8668bc0
<ff_h264_direct_ref_list_init>
End of assembler dump.


(gdb) bt
#0  0x0868e8c2 in h264_slice_init (nal=0xb6300560, nal=0xb6300560,
sl=0x91fef40, h=0x91f4a60)
    at libavcodec/h264_slice.c:1777
#1  ff_h264_queue_decode_slice (h=0x91f4a60, nal=0xb6300560) at
libavcodec/h264_slice.c:1931
#2  0x082a644e in decode_nal_units (buf_size=3268, buf=<optimized out>,
h=0x91f4a60)
    at libavcodec/h264dec.c:578
#3  h264_decode_frame (avctx=0x91b8b40, data=0x91b8e80, got_frame=0x91c7880,
avpkt=0x91c7838)
    at libavcodec/h264dec.c:727
#4  0x084098b9 in frame_worker_thread (arg=0x91c7768) at
libavcodec/pthread_frame.c:180
#5  0xb7f33295 in start_thread (arg=0xb6d73b40) at pthread_create.c:333
#6  0xb7e5e05e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114


(gdb) info all-registers
eax            0x0    0
ecx            0x0    0
edx            0x1    1
ebx            0x0    0
esp            0xb6d6aad0    0xb6d6aad0
ebp            0x91fef40    0x91fef40
esi            0x26    38
edi            0x91f4a60    153045600
eip            0x868e8c2    0x868e8c2 <ff_h264_queue_decode_slice+1602>
eflags         0x10246    [ PF ZF IF RF ]
cs             0x73    115
ss             0x7b    123
ds             0x7b    123
es             0x7b    123
fs             0x0    0
gs             0x33    51
st0            -nan(0x6c6c71757e878e95)    (raw 0xffff6c6c71757e878e95)
st1            -nan(0x6c6c6c6c71757e87)    (raw 0xffff6c6c6c6c71757e87)
st2            0    (raw 0x00000000000000000000)
st3            1    (raw 0x3fff8000000000000000)
st4            1    (raw 0x3fff8000000000000000)
st5            0    (raw 0x00000000000000000000)
st6            0    (raw 0x00000000000000000000)
st7            0    (raw 0x00000000000000000000)
fctrl          0x37f    895
fstat          0x4020    16416
ftag           0xffff    65535
fiseg          0x0    0
fioff          0x87ff8e0    142604512
foseg          0x0    0
---Type <return> to continue, or q <return> to quit---
fooff          0x0    0
fop            0x0    0
mxcsr          0x1f80    [ IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x10 <repeats 16 times>, 0x0 <repeats 16 times>},
v16_int16 = {0x1010, 
    0x1010, 0x1010, 0x1010, 0x1010, 0x1010, 0x1010, 0x1010, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 
    0x0}, v8_int32 = {0x10101010, 0x10101010, 0x10101010, 0x10101010, 0x0, 0x0,
0x0, 0x0}, 
  v4_int64 = {0x1010101010101010, 0x1010101010101010, 0x0, 0x0}, v2_int128 = {
    0x10101010101010101010101010101010, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
---Type <return> to continue, or q <return> to quit---
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double
= {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16
times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
mm0            {uint64 = 0x6c6c71757e878e95, v2_int32 = {0x7e878e95,
0x6c6c7175}, v4_int16 = {
    0x8e95, 0x7e87, 0x7175, 0x6c6c}, v8_int8 = {0x95, 0x8e, 0x87, 0x7e, 0x75,
0x71, 0x6c, 0x6c}}
mm1            {uint64 = 0x6c6c6c6c71757e87, v2_int32 = {0x71757e87,
0x6c6c6c6c}, v4_int16 = {
    0x7e87, 0x7175, 0x6c6c, 0x6c6c}, v8_int8 = {0x87, 0x7e, 0x75, 0x71, 0x6c,
0x6c, 0x6c, 0x6c}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 
    0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}


Credits:

Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20171130/d8764d0e/attachment-0001.html>


More information about the libav-bugs mailing list