Daniel Kang
2011-01-03 02:38:57 UTC
New submission from Daniel Kang <***@gmail.com>:
I believe the issue is related to issue2479. Once again, I am not sure if this
bug is unique to my box.
ffmpeg crashes for ape files with invalid headers (i.e. the header has a value
of totalframes greater than there are frames). ffmpeg crashes because the malloc
returns a pointer that has less memory than requested. I have attached a patch
that does a sanity check on the returned memory.
gdb run:
(gdb) r -i ../fuzzed.ape
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.ape
[Thread debugging using libthread_db enabled]
FFmpeg version git-a5b7c2e, Copyright (c) 2000-2011 the FFmpeg developers
built on Jan 2 2011 19:33:34 with gcc 4.4.5
configuration: --enable-gpl --samples=../fate/fate-suite/
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 0 / 0.16. 0
libavcodec 52.101. 0 / 52.101. 0
libavformat 52.92. 0 / 52.92. 0
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.72. 0 / 1.72. 0
libswscale 0.12. 0 / 0.12. 0
Program received signal SIGSEGV, Segmentation fault.
0x000000000044e5e8 in ape_read_header (s=0x11fa510, ap=<value optimized out>) at
libavformat/ape.c:270
270 ape->frames[i].pos = ape->seektable[i];
//ape->frames[i-1].pos + ape->blocksperframe;
(gdb) bt
#0 0x000000000044e5e8 in ape_read_header (s=0x11fa510, ap=<value optimized
out>) at libavformat/ape.c:270
#1 0x00000000004d0819 in av_open_input_stream (ic_ptr=0x7fffffffd558,
pb=0x12035b0, filename=0x7fffffffdb68 "../fuzzed.ape", fmt=0xc9a5a0,
ap=0x7fffffffd520)
at libavformat/utils.c:487
#2 0x00000000004d29d8 in av_open_input_file (ic_ptr=0x7fffffffd558,
filename=0x7fffffffdb68 "../fuzzed.ape", fmt=0xc9a5a0, buf_size=0,
ap=0x7fffffffd520)
at libavformat/utils.c:643
#3 0x00000000004301bd in opt_input_file (filename=0x7fffffffdb68
"../fuzzed.ape") at ffmpeg.c:3178
#4 0x000000000043a7cc in parse_options (argc=3, argv=0x7fffffffd7d8,
options=<value optimized out>, parse_arg_function=0x437290 <opt_output_file>) at
cmdutils.c:204
#5 0x00000000004363d2 in main (argc=3, argv=0x7fffffffd7d8) at ffmpeg.c:4340
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x44e5c8 to 0x44e608:
0x000000000044e5c8 <ape_read_header+728>: movl $0x0,0x10(%rdx)
0x000000000044e5cf <ape_read_header+735>: mov %eax,0x8(%rdx)
0x000000000044e5d2 <ape_read_header+738>: mov 0x58(%rbx),%ecx
0x000000000044e5d5 <ape_read_header+741>: cmp $0x1,%ecx
0x000000000044e5d8 <ape_read_header+744>: jbe 0x44e619
<ape_read_header+809>
0x000000000044e5da <ape_read_header+746>: mov 0x68(%rbx),%r8
0x000000000044e5de <ape_read_header+750>: xor %eax,%eax
0x000000000044e5e0 <ape_read_header+752>: mov $0x1,%esi
0x000000000044e5e5 <ape_read_header+757>: nopl (%rax)
0x000000000044e5e8 <ape_read_header+760>: mov 0x4(%r8,%rax,1),%ecx
0x000000000044e5ed <ape_read_header+765>: mov 0x50(%rbx),%edi
0x000000000044e5f0 <ape_read_header+768>: add $0x1,%esi
0x000000000044e5f3 <ape_read_header+771>: mov %edi,0x28(%rdx,%rax,8)
0x000000000044e5f7 <ape_read_header+775>: mov %rcx,0x20(%rdx,%rax,8)
0x000000000044e5fc <ape_read_header+780>: mov %ecx,%edi
0x000000000044e5fe <ape_read_header+782>: sub (%rdx),%ecx
0x000000000044e600 <ape_read_header+784>: sub (%rdx,%rax,8),%edi
0x000000000044e603 <ape_read_header+787>: and $0x3,%ecx
0x000000000044e606 <ape_read_header+790>: mov %edi,0xc(%rdx,%rax,8)
End of assembler dump.
(gdb) info all-registers
rax 0x159dc 88540
rbx 0x11fb5a0 18855328
rcx 0x400025 4194341
rdx 0x7fffee8c9010 140737195577360
rsi 0x5678 22136
rdi 0x0 0
rbp 0x11fa510 0x11fa510
rsp 0x7fffffffd3c0 0x7fffffffd3c0
r8 0x11fb620 18855456
r9 0x0 0
r10 0x22 34
r11 0x246 582
r12 0x12035b0 18888112
r13 0x25 37
r14 0x25 37
r15 0x11fb620 18855456
rip 0x44e5e8 0x44e5e8 <ape_read_header+760>
eflags 0x10287 [ CF PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0xff, 0x0 <repeats 14 times>}, v8_int16 = {0xff00, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0xff00, 0x0, 0x0, 0x0}, v2_int64 = {0xff00, 0x0},
uint128 = 0x0000000000000000000000000000ff00}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000, 0x0},
uint128 = 0x00000000000000000000ff0000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000, 0x0},
uint128 = 0x00000000000000000000ff0000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x95, 0x9c, 0xe7, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x0, 0xe000, 0x9c95, 0x3fe7, 0x0, 0x0, 0x0, 0x0}, v4_int32
= {0xe0000000, 0x3fe79c95, 0x0, 0x0}, v2_int64 = {0x3fe79c95e0000000, 0x0},
uint128 = 0x00000000000000003fe79c95e0000000}
xmm6 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0}, v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {0x3bbcc86800000000, 0x0},
uint128 = 0x00000000000000003bbcc86800000000}
xmm8 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double =
{0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6, 0x47,
0xc0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe6e0, 0x6735, 0x69e, 0xc047,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0, 0xc047069e, 0x0, 0x0}, v2_int64 = {
0xc047069e6735e6e0, 0x0}, uint128 = 0x0000000000000000c047069e6735e6e0}
xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0, 0x0, 0x0, 0x0}, v4_int32
= {0x84460000, 0x3ed65924, 0x0, 0x0}, v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000}
xmm11 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea, 0x8f, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v8_int16 = {0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x5065a26a, 0xbd8feaf2, 0x0, 0x0}, v2_int64 = {0xbd8feaf25065a26a,
0x0}, uint128 = 0x0000000000000000bd8feaf25065a26a}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x29, 0xf2, 0x88, 0x6c, 0xa6, 0x49, 0xde, 0x3e, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0xf229, 0x6c88, 0x49a6, 0x3ede, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6c88f229, 0x3ede49a6, 0x0, 0x0}, v2_int64 = {0x3ede49a66c88f229, 0x0},
uint128 = 0x00000000000000003ede49a66c88f229}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0}, v2_int64 = {0x3be64664175812b3, 0x0},
uint128 = 0x00000000000000003be64664175812b3}
xmm14 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0}, v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
----------
files: ape_malloc_check.diff
messages: 13176
priority: normal
status: open
substatus: open
title: ffmpeg crashes on ape files large framerates
type: bug
________________________________________________
FFmpeg issue tracker <***@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue2480>
________________________________________________
I believe the issue is related to issue2479. Once again, I am not sure if this
bug is unique to my box.
ffmpeg crashes for ape files with invalid headers (i.e. the header has a value
of totalframes greater than there are frames). ffmpeg crashes because the malloc
returns a pointer that has less memory than requested. I have attached a patch
that does a sanity check on the returned memory.
gdb run:
(gdb) r -i ../fuzzed.ape
Starting program: ffmpeg/ffmpeg_g -i ../fuzzed.ape
[Thread debugging using libthread_db enabled]
FFmpeg version git-a5b7c2e, Copyright (c) 2000-2011 the FFmpeg developers
built on Jan 2 2011 19:33:34 with gcc 4.4.5
configuration: --enable-gpl --samples=../fate/fate-suite/
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 0 / 0.16. 0
libavcodec 52.101. 0 / 52.101. 0
libavformat 52.92. 0 / 52.92. 0
libavdevice 52. 2. 2 / 52. 2. 2
libavfilter 1.72. 0 / 1.72. 0
libswscale 0.12. 0 / 0.12. 0
Program received signal SIGSEGV, Segmentation fault.
0x000000000044e5e8 in ape_read_header (s=0x11fa510, ap=<value optimized out>) at
libavformat/ape.c:270
270 ape->frames[i].pos = ape->seektable[i];
//ape->frames[i-1].pos + ape->blocksperframe;
(gdb) bt
#0 0x000000000044e5e8 in ape_read_header (s=0x11fa510, ap=<value optimized
out>) at libavformat/ape.c:270
#1 0x00000000004d0819 in av_open_input_stream (ic_ptr=0x7fffffffd558,
pb=0x12035b0, filename=0x7fffffffdb68 "../fuzzed.ape", fmt=0xc9a5a0,
ap=0x7fffffffd520)
at libavformat/utils.c:487
#2 0x00000000004d29d8 in av_open_input_file (ic_ptr=0x7fffffffd558,
filename=0x7fffffffdb68 "../fuzzed.ape", fmt=0xc9a5a0, buf_size=0,
ap=0x7fffffffd520)
at libavformat/utils.c:643
#3 0x00000000004301bd in opt_input_file (filename=0x7fffffffdb68
"../fuzzed.ape") at ffmpeg.c:3178
#4 0x000000000043a7cc in parse_options (argc=3, argv=0x7fffffffd7d8,
options=<value optimized out>, parse_arg_function=0x437290 <opt_output_file>) at
cmdutils.c:204
#5 0x00000000004363d2 in main (argc=3, argv=0x7fffffffd7d8) at ffmpeg.c:4340
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x44e5c8 to 0x44e608:
0x000000000044e5c8 <ape_read_header+728>: movl $0x0,0x10(%rdx)
0x000000000044e5cf <ape_read_header+735>: mov %eax,0x8(%rdx)
0x000000000044e5d2 <ape_read_header+738>: mov 0x58(%rbx),%ecx
0x000000000044e5d5 <ape_read_header+741>: cmp $0x1,%ecx
0x000000000044e5d8 <ape_read_header+744>: jbe 0x44e619
<ape_read_header+809>
0x000000000044e5da <ape_read_header+746>: mov 0x68(%rbx),%r8
0x000000000044e5de <ape_read_header+750>: xor %eax,%eax
0x000000000044e5e0 <ape_read_header+752>: mov $0x1,%esi
0x000000000044e5e5 <ape_read_header+757>: nopl (%rax)
0x000000000044e5e8 <ape_read_header+760>: mov 0x4(%r8,%rax,1),%ecx
0x000000000044e5ed <ape_read_header+765>: mov 0x50(%rbx),%edi
0x000000000044e5f0 <ape_read_header+768>: add $0x1,%esi
0x000000000044e5f3 <ape_read_header+771>: mov %edi,0x28(%rdx,%rax,8)
0x000000000044e5f7 <ape_read_header+775>: mov %rcx,0x20(%rdx,%rax,8)
0x000000000044e5fc <ape_read_header+780>: mov %ecx,%edi
0x000000000044e5fe <ape_read_header+782>: sub (%rdx),%ecx
0x000000000044e600 <ape_read_header+784>: sub (%rdx,%rax,8),%edi
0x000000000044e603 <ape_read_header+787>: and $0x3,%ecx
0x000000000044e606 <ape_read_header+790>: mov %edi,0xc(%rdx,%rax,8)
End of assembler dump.
(gdb) info all-registers
rax 0x159dc 88540
rbx 0x11fb5a0 18855328
rcx 0x400025 4194341
rdx 0x7fffee8c9010 140737195577360
rsi 0x5678 22136
rdi 0x0 0
rbp 0x11fa510 0x11fa510
rsp 0x7fffffffd3c0 0x7fffffffd3c0
r8 0x11fb620 18855456
r9 0x0 0
r10 0x22 34
r11 0x246 582
r12 0x12035b0 18888112
r13 0x25 37
r14 0x25 37
r15 0x11fb620 18855456
rip 0x44e5e8 0x44e5e8 <ape_read_header+760>
eflags 0x10287 [ CF PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0xff, 0x0 <repeats 14 times>}, v8_int16 = {0xff00, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0xff00, 0x0, 0x0, 0x0}, v2_int64 = {0xff00, 0x0},
uint128 = 0x0000000000000000000000000000ff00}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000, 0x0},
uint128 = 0x00000000000000000000ff0000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v8_int16 = {0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0xff00, 0x0, 0x0}, v2_int64 = {0xff0000000000, 0x0},
uint128 = 0x00000000000000000000ff0000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0xe0, 0x95, 0x9c, 0xe7, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x0, 0xe000, 0x9c95, 0x3fe7, 0x0, 0x0, 0x0, 0x0}, v4_int32
= {0xe0000000, 0x3fe79c95, 0x0, 0x0}, v2_int64 = {0x3fe79c95e0000000, 0x0},
uint128 = 0x00000000000000003fe79c95e0000000}
xmm6 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x6d, 0x7d, 0xbf, 0xbb, 0x27, 0xaf, 0xf5, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x7d6d, 0xbbbf, 0xaf27, 0x3ff5, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0xbbbf7d6d, 0x3ff5af27, 0x0, 0x0}, v2_int64 = {0x3ff5af27bbbf7d6d, 0x0},
uint128 = 0x00000000000000003ff5af27bbbf7d6d}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x68, 0xc8, 0xbc, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0xc868, 0x3bbc, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3bbcc868, 0x0, 0x0}, v2_int64 = {0x3bbcc86800000000, 0x0},
uint128 = 0x00000000000000003bbcc86800000000}
xmm8 {v4_float = {0x0, 0xfffffffd, 0x0, 0x0}, v2_double =
{0xffffffffffffffd2, 0x0}, v16_int8 = {0xe0, 0xe6, 0x35, 0x67, 0x9e, 0x6, 0x47,
0xc0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xe6e0, 0x6735, 0x69e, 0xc047,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x6735e6e0, 0xc047069e, 0x0, 0x0}, v2_int64 = {
0xc047069e6735e6e0, 0x0}, uint128 = 0x0000000000000000c047069e6735e6e0}
xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 =
{0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x46, 0x84, 0x24, 0x59, 0xd6, 0x3e, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0,
0x0}, v8_int16 = {0x0, 0x8446, 0x5924, 0x3ed6, 0x0, 0x0, 0x0, 0x0}, v4_int32
= {0x84460000, 0x3ed65924, 0x0, 0x0}, v2_int64 = {0x3ed6592484460000, 0x0},
uint128 = 0x00000000000000003ed6592484460000}
xmm11 {v4_float = {0x9689a800, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x6a, 0xa2, 0x65, 0x50, 0xf2, 0xea, 0x8f, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v8_int16 = {0xa26a, 0x5065, 0xeaf2, 0xbd8f, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x5065a26a, 0xbd8feaf2, 0x0, 0x0}, v2_int64 = {0xbd8feaf25065a26a,
0x0}, uint128 = 0x0000000000000000bd8feaf25065a26a}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x29, 0xf2, 0x88, 0x6c, 0xa6, 0x49, 0xde, 0x3e, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0xf229, 0x6c88, 0x49a6, 0x3ede, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x6c88f229, 0x3ede49a6, 0x0, 0x0}, v2_int64 = {0x3ede49a66c88f229, 0x0},
uint128 = 0x00000000000000003ede49a66c88f229}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xb3, 0x12, 0x58, 0x17, 0x64, 0x46, 0xe6, 0x3b, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x12b3, 0x1758, 0x4664, 0x3be6, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x175812b3, 0x3be64664, 0x0, 0x0}, v2_int64 = {0x3be64664175812b3, 0x0},
uint128 = 0x00000000000000003be64664175812b3}
xmm14 {v4_float = {0x0, 0x3, 0x0, 0x0}, v2_double = {0x2d, 0x0},
v16_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
0x0, 0x0}, v8_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0}, v2_int64 = {0x4046dfb516f209c0, 0x0},
uint128 = 0x00000000000000004046dfb516f209c0}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
----------
files: ape_malloc_check.diff
messages: 13176
priority: normal
status: open
substatus: open
title: ffmpeg crashes on ape files large framerates
type: bug
________________________________________________
FFmpeg issue tracker <***@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue2480>
________________________________________________