[libav-bugs] [Bug 1141] New: Floating point exception in range_decode_culshift libavcodec/apedec.c

bugzilla at libav.org bugzilla at libav.org
Sun Dec 9 13:24:55 CET 2018


https://bugzilla.libav.org/show_bug.cgi?id=1141

            Bug ID: 1141
           Summary: Floating point exception in range_decode_culshift
                    libavcodec/apedec.c
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: libavcodec
          Assignee: bugzilla at libav.org
          Reporter: daniel810736 at gmail.com

Created attachment 725
  --> https://bugzilla.libav.org/attachment.cgi?id=725&action=edit
Triggered by ./avconv -y -i POC3

Triggered by ./avconv -y -i POC3

avconv version 12.3, Copyright (c) 2000-2018 the Libav developers
  built on May 11 2018 02:18:02 with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.9)
20160609
Ignoring attempt to set invalid timebase for st:0
Floating point exception (core dumped)

GDB debugging information is as follows:

(gdb) set args -y -i POC3
(gdb) r

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/afl/parse/eval/avconv/avconv -y -i
/home/afl/temp/avconv/POC'.
Program terminated with signal SIGFPE, Arithmetic exception.
#0  range_decode_culshift (shift=<optimized out>, ctx=<optimized out>) at
libavcodec/apedec.c:383
383        return ctx->rc.low / ctx->rc.help;
(gdb) bt
#0  range_decode_culshift (shift=<optimized out>, ctx=<optimized out>) at
libavcodec/apedec.c:383
#1  range_decode_bits (n=<optimized out>, ctx=<optimized out>) at
libavcodec/apedec.c:402
#2  ape_decode_value_3900 (rice=0x332ac80, ctx=0x332a2a0) at
libavcodec/apedec.c:545
#3  entropy_decode_mono_3900 (ctx=0x332a2a0, blockstodecode=<optimized out>) at
libavcodec/apedec.c:693
#4  0x0000000000aabbd4 in ape_unpack_mono (count=73728, ctx=0x332a2a0) at
libavcodec/apedec.c:1387
#5  ape_decode_frame (avctx=0x3329280, data=0x332a020, got_frame_ptr=<optimized
out>, avpkt=0x7ffe5b7645d0)
    at libavcodec/apedec.c:1535
#6  0x00000000015164ee in avcodec_decode_audio4 (avctx=avctx at entry=0x3329280,
frame=0x332a020, 
    got_frame_ptr=got_frame_ptr at entry=0x7ffe5b764534,
avpkt=avpkt at entry=0x7ffe5b7645d0) at libavcodec/utils.c:1653
#7  0x00000000015172c0 in do_decode (avctx=avctx at entry=0x3329280,
pkt=pkt at entry=0x7ffe5b7645d0) at libavcodec/utils.c:1732
#8  0x0000000001517e2b in avcodec_send_packet (avctx=avctx at entry=0x3329280,
avpkt=<optimized out>, 
    avpkt at entry=0x7ffe5b7645d0) at libavcodec/utils.c:1804
#9  0x00000000009be1dd in try_decode_frame (st=st at entry=0x3328bc0,
avpkt=avpkt at entry=0x7ffe5b7646c0, 
    options=<optimized out>, s=0x3328060) at libavformat/utils.c:1950
#10 0x00000000009d32bf in avformat_find_stream_info (ic=0x3328060,
options=0x3329a20) at libavformat/utils.c:2356
#11 0x000000000051f5fe in open_input_file (o=o at entry=0x7ffe5b764b30,
filename=<optimized out>) at avconv_opt.c:771
#12 0x0000000000526ec4 in open_files (l=0x331b058, l=0x331b058,
open_file=0x51ea90 <open_input_file>, 
    inout=0x1ecc15c "input") at avconv_opt.c:2380
#13 avconv_parse_options (argc=argc at entry=4, argv=argv at entry=0x7ffe5b765628) at
avconv_opt.c:2417
#14 0x00000000004f015c in main (argc=4, argv=0x7ffe5b765628) at avconv.c:2883


(gdb) l
378     */
379    static inline int range_decode_culshift(APEContext *ctx, int shift)
380    {
381        range_dec_normalize(ctx);
382        ctx->rc.help = ctx->rc.range >> shift;
383        return ctx->rc.low / ctx->rc.help;
384    }
385    
386    
387    /**


(gdb) info all-registers 
rax            0xad2800    11347968
rbx            0x332a2a0    53650080
rcx            0x1b    27
rdx            0x0    0
rsi            0xad2800    11347968
rdi            0x332b1c2    53653954
rbp            0x7ff29d675330    0x7ff29d675330
rsp            0x7ffe5b764420    0x7ffe5b764420
r8             0x0    0
r9             0x1b    27
r10            0x0    0
r11            0x3120cedf    824233695
r12            0x7ff29d6bd040    140679999901760
r13            0x1    1
r14            0xa    10
r15            0x332b1c2    53653954
rip            0xaa52ba    0xaa52ba <entropy_decode_mono_3900+2090>
eflags         0x10246    [ PF ZF IF RF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
gs             0x0    0
st0            0    (raw 0x00000000000000000000)
st1            0    (raw 0x00000000000000000000)
st2            0    (raw 0x00000000000000000000)
st3            0    (raw 0x00000000000000000000)
st4            0    (raw 0x00000000000000000000)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20181209/397a2e8f/attachment.html>


More information about the libav-bugs mailing list