Ubuntu
libav package

vlc crashes with SIGSEGV when playing .asf files

Bug #1048794 reported by Rafael Belmonte
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libav
New
Undecided
Unassigned
libav (Debian)
New
Undecided
Unassigned
libav (Ubuntu)
Fix Released
Medium
Unassigned
vlc (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

VLC crashes always when I try to play a .asf video file.

#0 0x00007ffff6947c1b in put_bits (value=33147, n=16, s=<optimized out>)
    at /build/buildd/libav-0.8.6/libavcodec/put_bits.h:157
        bit_buf = 33147
        bit_left = 28
#1 avpriv_copy_bits (pb=0x7fffe0043ef8,
    src=0x7fffe00d4643 "+v\\\360H\266\346\353\352\327\256\330\a!\023\257\352Z2\257_(h\346\374\300\070\210\071\243\312\336 \263fIڮzmN\303\031;\236vn\033\304\321\371L\356\344\225[\030\253\v\321\001\357R\220gO\260\002\200\316\v@Z}\324\026@\351\344\361\344\060\331~1\333jo㧯\214\034\216P\321\063z\231S", <incomplete sequence \314>, length=63939) at /build/buildd/libav-0.8.6/libavcodec/bitstream.c:68
        words = 3996
        bits = 3
#2 0x00007ffff6d38757 in save_bits (s=0x7fffe003a760, gb=0x7fffe0048988, len=63939,
    append=<optimized out>) at /build/buildd/libav-0.8.6/libavcodec/wmaprodec.c:1478
#3 0x00007ffff6d3b62d in decode_packet (avctx=<optimized out>, data=0x7fffd80008c0,
    got_frame_ptr=0x7fffdfffee1c, avpkt=<optimized out>)
    at /build/buildd/libav-0.8.6/libavcodec/wmaprodec.c:1553
        s = 0x7fffe003a760
        gb = 0x7fffe0048988
        packet_sequence_number = 6

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: vlc-nox 2.0.3-2
ProcVersionSignature: Ubuntu 3.5.0-14.15-generic 3.5.3
Uname: Linux 3.5.0-14-generic i686
ApportVersion: 2.5.1-0ubuntu7
Architecture: i386
Date: Mon Sep 10 17:49:32 2012
ExecutablePath: /usr/bin/vlc
InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Alpha i386 (20120731.1)
ProcCmdline: /usr/bin/vlc testvideo.asf
ProcEnviron:
 LANGUAGE=es_ES:en
 PATH=(custom, no user)
 LANG=es_ES.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0xaf8b9746: mov %ecx,0x0(%ebp)
 PC (0xaf8b9746) ok
 source "%ecx" ok
 destination "0x0(%ebp)" (0x9514bf0d) not located in a known VMA region (needed writable region)!
 Stack memory exhausted (SP below stack segment)
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: vlc
StacktraceTop:
 ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? ()
 ?? ()
Title: vlc crashed with SIGSEGV
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

See original description
Revision history for this message
Rafael Belmonte (eaglescreen) wrote :
Rafael Belmonte (eaglescreen)
description: updated
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 avpriv_copy_bits () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 avcodec_decode_audio3 () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 DecodeAudio (p_dec=0xb1401928, pp_block=0xaf67024c) at audio.c:340

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in vlc (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Benjamin Drung (bdrung)
description: updated
information type: Private → Public
Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

The crash occurs within libavcodec and is probably a bug in libav (Ubuntu), rather than VLC. However, we would need a copy of the sample file to confirm.

Changed in vlc (Ubuntu):
status: New → Incomplete
Revision history for this message
Rafael Belmonte (eaglescreen) wrote :

Here you have a file for testing purposes.

Changed in vlc (Ubuntu):
status: Incomplete → New
Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

==21144== Thread 6:
==21144== Invalid write of size 4
==21144== at 0x5C402D8: avpriv_copy_bits (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B4DCD: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B7DE6: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x602CF82: avcodec_decode_audio3 (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x9D2A99B: DecodeAudio (audio.c:336)
==21144== by 0x7FFFFFFF: ???
==21144== Address 0xa55090a1 is not stack'd, malloc'd or (recently) free'd
==21144==
==21144==
==21144== Process terminating with default action of signal 11 (SIGSEGV)
==21144== Access not within mapped region at address 0xA55090A1
==21144== at 0x5C402D8: avpriv_copy_bits (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B4DCD: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B7DE6: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x602CF82: avcodec_decode_audio3 (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x9D2A99B: DecodeAudio (audio.c:336)
==21144== by 0x7FFFFFFF: ???
==21144== If you believe this happened as a result of a stack
==21144== overflow in your program's main thread (unlikely but
==21144== possible), you can try to increase the size of the
==21144== main thread stack using the --main-stacksize= flag.
==21144== The main thread stack size used in this run was 8388608.
==21144==
==21144== HEAP SUMMARY:
==21144== in use at exit: 14,488,238 bytes in 15,708 blocks
==21144== total heap usage: 68,660 allocs, 52,952 frees, 54,112,950 bytes allocated
==21144==
==21144== LEAK SUMMARY:
==21144== definitely lost: 52,828 bytes in 23 blocks
==21144== indirectly lost: 0 bytes in 0 blocks
==21144== possibly lost: 12,672,270 bytes in 1,081 blocks
==21144== still reachable: 1,763,140 bytes in 14,604 blocks
==21144== suppressed: 0 bytes in 0 blocks
==21144== Rerun with --leak-check=full to see details of leaked memory
==21144==
==21144== For counts of detected and suppressed errors, rerun with: -v
==21144== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 847 from 12)

Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

'avplay -vn' crashes exactly the same way -> not VLC bug.

Changed in vlc (Ubuntu):
status: New → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libav (Ubuntu):
status: New → Confirmed
Bryce Harrington (bryce)
description: updated
Revision history for this message
Bryce Harrington (bryce) wrote :

Crash also occurs in current git tip of libav. Doesn't crash current ffmpeg git though.

Changed in libav (Ubuntu):
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Reinhard Tartler (siretart) wrote :

Based on last comment, this needs forwarding upstream.

Changed in libav (Ubuntu):
importance: High → Medium
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

This bug does not occur in any release version of libav.

Changed in libav (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.