vlc crashes with SIGSEGV when playing .asf files

Bug #1048794 reported by Rafael Belmonte on 2012-09-10
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libav
New
Undecided
Unassigned
libav (Debian)
New
Undecided
Unassigned
libav (Ubuntu)
Medium
Unassigned
vlc (Ubuntu)
Medium
Unassigned

Bug Description

VLC crashes always when I try to play a .asf video file.

#0 0x00007ffff6947c1b in put_bits (value=33147, n=16, s=<optimized out>)
    at /build/buildd/libav-0.8.6/libavcodec/put_bits.h:157
        bit_buf = 33147
        bit_left = 28
#1 avpriv_copy_bits (pb=0x7fffe0043ef8,
    src=0x7fffe00d4643 "+v\\\360H\266\346\353\352\327\256\330\a!\023\257\352Z2\257_(h\346\374\300\070\210\071\243\312\336 \263fIڮzmN\303\031;\236vn\033\304\321\371L\356\344\225[\030\253\v\321\001\357R\220gO\260\002\200\316\v@Z}\324\026@\351\344\361\344\060\331~1\333jo㧯\214\034\216P\321\063z\231S", <incomplete sequence \314>, length=63939) at /build/buildd/libav-0.8.6/libavcodec/bitstream.c:68
        words = 3996
        bits = 3
#2 0x00007ffff6d38757 in save_bits (s=0x7fffe003a760, gb=0x7fffe0048988, len=63939,
    append=<optimized out>) at /build/buildd/libav-0.8.6/libavcodec/wmaprodec.c:1478
#3 0x00007ffff6d3b62d in decode_packet (avctx=<optimized out>, data=0x7fffd80008c0,
    got_frame_ptr=0x7fffdfffee1c, avpkt=<optimized out>)
    at /build/buildd/libav-0.8.6/libavcodec/wmaprodec.c:1553
        s = 0x7fffe003a760
        gb = 0x7fffe0048988
        packet_sequence_number = 6

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: vlc-nox 2.0.3-2
ProcVersionSignature: Ubuntu 3.5.0-14.15-generic 3.5.3
Uname: Linux 3.5.0-14-generic i686
ApportVersion: 2.5.1-0ubuntu7
Architecture: i386
Date: Mon Sep 10 17:49:32 2012
ExecutablePath: /usr/bin/vlc
InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Alpha i386 (20120731.1)
ProcCmdline: /usr/bin/vlc testvideo.asf
ProcEnviron:
 LANGUAGE=es_ES:en
 PATH=(custom, no user)
 LANG=es_ES.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0xaf8b9746: mov %ecx,0x0(%ebp)
 PC (0xaf8b9746) ok
 source "%ecx" ok
 destination "0x0(%ebp)" (0x9514bf0d) not located in a known VMA region (needed writable region)!
 Stack memory exhausted (SP below stack segment)
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: vlc
StacktraceTop:
 ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? ()
 ?? ()
Title: vlc crashed with SIGSEGV
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Rafael Belmonte (eaglescreen) wrote :
description: updated

StacktraceTop:
 avpriv_copy_bits () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 ?? () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 avcodec_decode_audio3 () from /tmp/tmpQ9WPTF/usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53
 DecodeAudio (p_dec=0xb1401928, pp_block=0xaf67024c) at audio.c:340

Changed in vlc (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Benjamin Drung (bdrung) on 2012-10-20
description: updated
information type: Private → Public
Rémi Denis-Courmont (rdenis) wrote :

The crash occurs within libavcodec and is probably a bug in libav (Ubuntu), rather than VLC. However, we would need a copy of the sample file to confirm.

Changed in vlc (Ubuntu):
status: New → Incomplete
Rafael Belmonte (eaglescreen) wrote :

Here you have a file for testing purposes.

Changed in vlc (Ubuntu):
status: Incomplete → New
Rémi Denis-Courmont (rdenis) wrote :

==21144== Thread 6:
==21144== Invalid write of size 4
==21144== at 0x5C402D8: avpriv_copy_bits (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B4DCD: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B7DE6: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x602CF82: avcodec_decode_audio3 (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x9D2A99B: DecodeAudio (audio.c:336)
==21144== by 0x7FFFFFFF: ???
==21144== Address 0xa55090a1 is not stack'd, malloc'd or (recently) free'd
==21144==
==21144==
==21144== Process terminating with default action of signal 11 (SIGSEGV)
==21144== Access not within mapped region at address 0xA55090A1
==21144== at 0x5C402D8: avpriv_copy_bits (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B4DCD: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x60B7DE6: ??? (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x602CF82: avcodec_decode_audio3 (in /usr/lib/i386-linux-gnu/i686/cmov/libavcodec.so.53.35.0)
==21144== by 0x9D2A99B: DecodeAudio (audio.c:336)
==21144== by 0x7FFFFFFF: ???
==21144== If you believe this happened as a result of a stack
==21144== overflow in your program's main thread (unlikely but
==21144== possible), you can try to increase the size of the
==21144== main thread stack using the --main-stacksize= flag.
==21144== The main thread stack size used in this run was 8388608.
==21144==
==21144== HEAP SUMMARY:
==21144== in use at exit: 14,488,238 bytes in 15,708 blocks
==21144== total heap usage: 68,660 allocs, 52,952 frees, 54,112,950 bytes allocated
==21144==
==21144== LEAK SUMMARY:
==21144== definitely lost: 52,828 bytes in 23 blocks
==21144== indirectly lost: 0 bytes in 0 blocks
==21144== possibly lost: 12,672,270 bytes in 1,081 blocks
==21144== still reachable: 1,763,140 bytes in 14,604 blocks
==21144== suppressed: 0 bytes in 0 blocks
==21144== Rerun with --leak-check=full to see details of leaked memory
==21144==
==21144== For counts of detected and suppressed errors, rerun with: -v
==21144== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 847 from 12)

Rémi Denis-Courmont (rdenis) wrote :

'avplay -vn' crashes exactly the same way -> not VLC bug.

Changed in vlc (Ubuntu):
status: New → Invalid
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libav (Ubuntu):
status: New → Confirmed
Bryce Harrington (bryce) on 2013-04-08
description: updated
Bryce Harrington (bryce) wrote :

Crash also occurs in current git tip of libav. Doesn't crash current ffmpeg git though.

Changed in libav (Ubuntu):
importance: Undecided → High
status: Confirmed → Triaged
Reinhard Tartler (siretart) wrote :

Based on last comment, this needs forwarding upstream.

Changed in libav (Ubuntu):
importance: High → Medium
Diego Biurrun (diego-biurrun) wrote :

This bug does not occur in any release version of libav.

Changed in libav (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers