Opened 9 years ago

Closed 9 years ago

#2275 closed defect (worksforme)

SIGSEGV playing a wav file

Reported by: ggrieco Owned by: beastd
Priority: normal Component: undetermined
Version: HEAD Severity: blocker
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: no Analyzed by developer: no

Description

Summary of the bug:

SIGSEGV playing a wav file. Tested in mplayer svn 2015-12-18

How to reproduce:

mplayer -vo null -ao null (testcase attached)

backtrace:

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
MPlayer SVN-r37563-snapshot-4.8 (C) 2000-2015 MPlayer Team

Playing SIGSEGV.PC.55555572483b.STACK.23c6bd043.CODE.2.ADDR.0x7ffff7e40000.INSTR.mov____%si,-0x4(%r8).fuzz.
libavformat version 57.20.100 (internal)
Audio only file format detected.
Load subtitles in ./
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
libavcodec version 57.18.100 (internal)
ADecoder init failed :(
Opening audio decoder: [imaadpcm] IMA ADPCM audio decoder
AUDIO: 921834401 Hz, 1060 ch, s16le, 401.7 kbit/0.06% (ratio: 50216->78810440)
Selected audio codec: [dk4adpcm] afm: imaadpcm (Duck DK4 ADPCM (rogue format number))
==========================================================================
AO: [null] 921834401Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...

Program received signal SIGSEGV, Segmentation fault.
0x00005555560c7fb0 in swr_convert ()
#0  0x00005555560c7fb0 in swr_convert ()
#1  0x00005555557e579b in play ()
#2  0x000055555570fee9 in af_play ()
#3  0x0000555555725f8f in mp_decode_audio ()
#4  0x00005555556a155b in main ()

valgrind report:

MPlayer SVN-r37563-snapshot-4.8 (C) 2000-2015 MPlayer Team

Playing SIGSEGV.PC.55555572483b.STACK.23c6bd043.CODE.2.ADDR.0x7ffff7e40000.INSTR.mov____%si,-0x4(%r8).fuzz.
libavformat version 57.20.100 (internal)
Audio only file format detected.
Load subtitles in ./
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
libavcodec version 57.18.100 (internal)
Could not open codec.
ADecoder init failed :(
ADecoder init failed :(
Opening audio decoder: [imaadpcm] IMA ADPCM audio decoder
AUDIO: 921834401 Hz, 1060 ch, s16le, 401.7 kbit/0.06% (ratio: 50216->78810440)
Selected audio codec: [dk4adpcm] afm: imaadpcm (Duck DK4 ADPCM (rogue format number))
==========================================================================
Invalid number of channels 1060, assuming 2.
AO: [null] 921834401Hz 2ch s16le (2 bytes per sample)
Invalid number of channels 1060, assuming 2.
Video: no video
Starting playback...
==7177== Invalid write of size 2
==7177==    at 0x2D883B: dk4_ima_adpcm_decode_block (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8902: decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2DA0C0: mp_decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x25555A: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==  Address 0xcf73b30 is 0 bytes after a block of size 139,264 alloc'd
==7177==    at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0xC9A1EF: av_mallocz (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9172: init_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D96CD: init_audio.constprop.0 (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9C0F: init_best_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x264B0A: reinit_audio_chain (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x254B36: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177== 
==7177== Invalid write of size 2
==7177==    at 0x2D8847: dk4_ima_adpcm_decode_block (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8902: decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2DA0C0: mp_decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x25555A: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==  Address 0xcf73b32 is 2 bytes after a block of size 139,264 alloc'd
==7177==    at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0xC9A1EF: av_mallocz (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9172: init_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D96CD: init_audio.constprop.0 (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9C0F: init_best_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x264B0A: reinit_audio_chain (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x254B36: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177== 
==7177== Invalid read of size 2
==7177==    at 0x2D8437: decode_nibbles (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8868: dk4_ima_adpcm_decode_block (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8902: decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2DA0C0: mp_decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x25555A: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==  Address 0xcf73b30 is 0 bytes after a block of size 139,264 alloc'd
==7177==    at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0xC9A1EF: av_mallocz (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9172: init_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D96CD: init_audio.constprop.0 (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9C0F: init_best_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x264B0A: reinit_audio_chain (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x254B36: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177== 
==7177== Invalid write of size 2
==7177==    at 0x2D84CB: decode_nibbles (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8868: dk4_ima_adpcm_decode_block (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D8902: decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2DA0C0: mp_decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x25555A: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==  Address 0xcf73b30 is 0 bytes after a block of size 139,264 alloc'd
==7177==    at 0x4C2D110: memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0x4C2D227: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7177==    by 0xC9A1EF: av_mallocz (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9172: init_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D96CD: init_audio.constprop.0 (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9C0F: init_best_audio_codec (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x264B0A: reinit_audio_chain (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x254B36: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177== 
Invalid number of channels 1060, assuming 2.
==7177== Jump to the invalid address stated on the next line
==7177==    at 0xE49BDB545BA334C2: ???
==7177==    by 0x2C3EE8: af_play (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x2D9F8E: mp_decode_audio (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==    by 0x25555A: main (in /home/vagrant/repos/mplayer-export-2015-12-18/mplayer)
==7177==  Address 0xe49bdb545ba334c2 is not stack'd, malloc'd or (recently) free'd
==7177== 

Attachments (1)

Change History (2)

comment:1 by rxt, 9 years ago

Resolution: worksforme
Status: newclosed
Version: unspecifiedHEAD

Already fixed with between r37572 (29/12/2015) and r37594 (08/01/2016) after being reported to the devel mailing list.

Note: See TracTickets for help on using tickets.