[libav-bugs] [Bug 1114] Libav - avcodec-58.dll - Heap overflow - Motion JPEG Video

bugzilla at libav.org bugzilla at libav.org
Thu Feb 1 03:46:25 CET 2018


https://bugzilla.libav.org/show_bug.cgi?id=1114

--- Comment #2 from Sean McGovern <gseanmcg at gmail.com> ---
Backtrace:

Thread 5 "avplay" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffec908700 (LWP 7925)]
0x00000000007a0d06 in qdm2_fft_tone_synthesizer (sub_packet=<optimized out>,
q=0x16acba0) at /src/libav/libavcodec/qdm2.c:1624
1624                    if (q->fft_coefs[j].sub_packet != sub_packet)
(gdb) bt
#0  0x00000000007a0d06 in qdm2_fft_tone_synthesizer (sub_packet=<optimized
out>, q=0x16acba0) at /src/libav/libavcodec/qdm2.c:1624
#1  qdm2_decode (out=<optimized out>, in=<optimized out>, q=0x16acba0) at
/src/libav/libavcodec/qdm2.c:1934
#2  qdm2_decode_frame (avctx=<optimized out>, data=<optimized out>,
got_frame_ptr=<optimized out>, avpkt=<optimized out>)
    at /src/libav/libavcodec/qdm2.c:1992
#3  0x00000000005b53cb in decode_simple_internal (frame=0x16799e0,
avctx=0x1679e40) at /src/libav/libavcodec/decode.c:336
#4  decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized out>)
at /src/libav/libavcodec/decode.c:387
#5  decode_receive_frame_internal (avctx=avctx at entry=0x1679e40,
frame=0x16799e0) at /src/libav/libavcodec/decode.c:405
#6  0x00000000005b5798 in avcodec_send_packet (avctx=avctx at entry=0x1679e40,
avpkt=avpkt at entry=0xffedd8 <player_state+1272>)
    at /src/libav/libavcodec/decode.c:470
#7  0x00000000005b5838 in compat_decode (avctx=avctx at entry=0x1679e40,
frame=0x7fffd40008c0, 
    got_frame=got_frame at entry=0x7fffec907d00, pkt=pkt at entry=0xffedd8
<player_state+1272>) at /src/libav/libavcodec/decode.c:559
#8  0x00000000005b5ee5 in avcodec_decode_audio4 (avctx=avctx at entry=0x1679e40,
frame=<optimized out>, 
    got_frame_ptr=got_frame_ptr at entry=0x7fffec907d00,
avpkt=avpkt at entry=0xffedd8 <player_state+1272>)
    at /src/libav/libavcodec/decode.c:628
#9  0x000000000044f7d0 in audio_decode_frame (pts_ptr=<synthetic pointer>,
is=0xffe8e0 <player_state>)
    at /src/libav/avtools/avplay.c:1819
#10 sdl_audio_callback (opaque=0xffe8e0 <player_state>, stream=<optimized out>,
len=<optimized out>)
    at /src/libav/avtools/avplay.c:1963
#11 0x00007ffff6f059e9 in ?? () from /usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#12 0x00007ffff6f0f0b8 in ?? () from /usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#13 0x00007ffff6f4ef59 in ?? () from /usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0
#14 0x00007ffff6ce56ba in start_thread (arg=0x7fffec908700) at
pthread_create.c:333
#15 0x00007ffff6a1b41d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20180201/7e05a192/attachment.html>


More information about the libav-bugs mailing list