libtheora segfault (address out of bounds)
(libtheora-1.0alpha5, ffmpeg2theora-0.16 and ffmpeg of March 12th)
Hi,
after a few seconds of encoding/streaming (I actually did get these few seconds of video+audio just fine on mplayer as the listener behind Icecast), the source client's encoder dumps core because of libtheora. This happens not only with the .mpeg file as shown below, but several others that I've tried as well. It's a showstopper -- encoding on OpenBSD (i386) is reproducably broken.
The backtraces below were made with [http://www.archive.org/download/SayChees2001/SayChees2001.mpeg]
Ezstream output:
$ ezstream -c ezstream.conf
Connecting to http://phoenix.jolly:8000/videotest.ogg...SUCCESS.
Streaming /home/maxx/stream/SayChees2001.mpeg
Opening file (/home/maxx/stream/SayChees2001.mpeg)
Songinfo is (SayChees2001)
Unknown format THEORA, passing right on through!
Input #0, mpeg, from '/home/maxx/stream/SayChees2001.mpeg':
Duration: 00:01:39.6, start: 0.938511, bitrate: 2440 kb/s
Stream #0.0[0x1e0], 29.97 fps(r): Video: mpeg2video, yuv420p, 352x480, 2000 kb/s
Stream #0.1[0x1c0]: Audio: mp2, 48000 Hz, stereo, 384 kb/s
Pixel Aspect Ratio: 1.82/1 Frame Aspect Ratio: 1.33/1
Resize: 352x480
0:00:04.84 audio: 3kbps video: 91kbps Segmentation fault (core dumped)
Closing via pclose
Backtrace, generated by ffmpeg2theora via ezstream:
#0 PixelLineSearch (ppi=0x8a8ac5e0, ChangedLocalsPtr=0x8634bfff <Address 0x8634bfff out of bounds>, RowNumber=264, ColNumber=-1, direction=2 '\002', line_length=0xcfbece7c)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1482
1482 if ( ((*ChangedLocalsPtr) <= 1) ||
#1 0x07c86037 in PixelLineSearch (ppi=0x8a8ac5e0, ChangedLocalsPtr=0x8634c000 "\002", RowNumber=264, ColNumber=0, direction=2 '\002', line_length=0xcfbeceb8)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1554
1554 PixelLineSearch( ppi, ChangedLocalsPtr - 1, RowNumber, ColNumber - 1,
#2 0x07c86185 in LineSearchScorePixel (ppi=0x8a8ac5e0, ChangedLocalsPtr=0x8634c000 "\002", RowNumber=264, ColNumber=0)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1657
1657 PixelLineSearch( ppi, ChangedLocalsPtr, RowNumber,
#3 0x07c862ff in LineSearchScoreRow (ppi=0x8a8ac5e0, ChangedLocalsPtr=0x8634c000 "\002", YUVDiffsPtr=0x8656e000, PixelNoiseScorePtr=0x8a892b00 "\001", FragScorePtr=0x8123b6b0,
DispFragPtr=0x84d885ac "ÿ\004ÿþþ", RowNumber=264) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1714
1714 Score = (ogg_int32_t)
#4 0x07c86b5d in AnalysePlane (ppi=0x8a8ac5e0,
PlanePtr0=0x7e35f000 "\030L\200\211\206\201\200\204\211\215\223\226\231\231\227\226\221\217\214\212\210\206\205\202\207\200xoea_adintz~\201\201~vqkgefju}\201\177xrlkegkotx|\200\207\211\213\211\210\204\201~}{xvux|\201~\202\203\202\202\200\177}\201\177\203\207\210\210\213\221\235\235\232\224\214\210\211\214\223\223\220\212\203\200\200\202\204\204\204\203\201}{yvvussty|\205\211\217\222zTFF;52..149;;=;>>=8778:==?BDDFFHHIIKE?80**,0579:;;<::8;BGHGEFGECBDF"...,
PlanePtr1=0x7e446000 "\034P\205\214\210\206\205\206\215\221\227\235 \237\234\237\230\225\220\216\215\215\214\212\205\201|tmfddglsy\177\203\203\202~ztnjhknw}\204\205}vqoknrux|\201\205\215\216\221\222\216\213\207\205\203\201\177~~\200\203\205\210\211\212\210\207\205\205\205\205\206\207\212\216\221\225\235¤¥ \231\224\220\220\225\226\227\225\221\213\207\207\210\212\213\213\211\206\203\201\201~}{yxy~\201\204\214\222\222tF?;4/+($%(*0353330-,+,-06789;<<??>>@<5-(%%&,./2235643225:>?>=;9:::9"..., FragArrayOffset=0, PWidth=352,
PHeight=480, PStride=2251603714) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:2244
2244 LineSearchScoreRow( ppi, ChLocalsPtr2, YUVDiffsPtr2,
#5 0x07c87040 in YUVAnalyseFrame (ppi=0x8a8ac5e0, KFIndicator=0x8634bf02) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:2332
2332 AnalysePlane( ppi, ppi->YPlanePtr0, ppi->YPlanePtr1, 0,
#6 0x07c8b9a4 in CompressFrame (cpi=0x8a8ac000) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/encoder_toplevel.c:651
651 cpi->MotionScore = YUVAnalyseFrame(&cpi->pp, &KFIndicator );
#7 0x07c8c337 in theora_encode_YUVin (t=0x3c0045e8, yuv=0xcfbed1d0)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/encoder_toplevel.c:976
976 CompressFrame( cpi );
#8 0x1c00412b in oggmux_add_video (info=0x3c004520, yuv=0xcfbed1d0, e_o_s=0)
at /usr/ports/mystuff/multimedia/ffmpeg2theora/w-ffmpeg2theora-0.16/ffmpeg2theora-0.16/theorautils.c:186
186 theora_encode_YUVin (&info->td, yuv);
#9 0x1c002866 in ff2theora_output (this=0x89315100) at /usr/ports/mystuff/multimedia/ffmpeg2theora/w-ffmpeg2theora-0.16/ffmpeg2theora-0.16/ffmpeg2theora.c:615
615 oggmux_add_video(&info, &yuv ,e_o_s);
#10 0x1c003bb5 in main (argc=8, argv=0xcfbed77c) at /usr/ports/mystuff/multimedia/ffmpeg2theora/w-ffmpeg2theora-0.16/ffmpeg2theora-0.16/ffmpeg2theora.c:1224
1224 ff2theora_output (convert);
Reproduction with encoder_example:
#0 PixelLineSearch (ppi=0x840685e0, ChangedLocalsPtr=0x86759fff <Address 0x86759fff out of bounds>, RowNumber=72, ColNumber=-1, direction=0 '\0', line_length=0xcfbf26cc)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1482
1482 if ( ((*ChangedLocalsPtr) <= 1) ||
(gdb) bt
#0 PixelLineSearch (ppi=0x840685e0, ChangedLocalsPtr=0x86759fff <Address 0x86759fff out of bounds>, RowNumber=72, ColNumber=-1, direction=0 '\0', line_length=0xcfbf26cc)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1482
#1 0x023c20db in PixelLineSearch (ppi=0x840685e0, ChangedLocalsPtr=0x8675a160 "\002", RowNumber=73, ColNumber=0, direction=0 '\0', line_length=0xcfbf2708)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1527
#2 0x023c2132 in LineSearchScorePixel (ppi=0x840685e0, ChangedLocalsPtr=0x8675a160 "\002", RowNumber=73, ColNumber=0)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1638
#3 0x023c22ff in LineSearchScoreRow (ppi=0x840685e0, ChangedLocalsPtr=0x8675a160 "\002", YUVDiffsPtr=0x8a36b2c0, PixelNoiseScorePtr=0x7e6eac60 "\001", FragScorePtr=0x7f4ef630,
DispFragPtr=0x8004b18c "ÿÿþÿþÿÿÿÿ\004ÿÿÿ\004\004\004\004ÿÿþÿÿþÿÿÿ\004\004ÿ\004ÿÿÿÿÿþþÿÿ\004ÿþ\004\004\004\004þþÿÿÿ\004\004\004ÿÿ\004\004\005\004ÿÿÿÿÿ\004\004ÿÿþÿ\004\004\004\004ÿÿÿ\004þÿÿÿÿÿÿÿ\004ÿÿÿÿÿÿÿÿ\005", 'ÿ' <repeats 19 times>, "\005", 'ÿ' <repeats 15 times>, RowNumber=73)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:1714
#4 0x023c2b5d in AnalysePlane (ppi=0x840685e0,
PlanePtr0=0x7e650000 "\016?rxrmlpquz\177\200\200\177}zxutssroxri_XROQRV[bhmppmfa[VTTXemqnhb\\ZSVY]afilprtsqnkehfdbacgoemnmlkigihlpqru{\206\205\202{soqt}|ysliilpppolifdbba_^`dgjr{~_5(,$\"!! \"#$&%$$%'&\"$$$$%$$&&''))****'%$\037\034\035 \033\036\037 !! \037!'++)(*+*('*,"...,
PlanePtr1=0x7d27f000 "\027I{\200zxwx\177\202\207\214\220\216\215\220\212\207\203\201\201\201\200~|xsle^\\\\^ciouyyxuqke`_bfnu||tlfeadgjmquy\177\201\202\203\200}zxvtrqqsvx{}~}{xwwwxy|\200\202\207\216\224\226\221\212\205\202\201\206\210\211\210\203~zz|~\177\177}zwutrrpnmnrux\177\204\204_%\033\030\031\026\026\026\023\022\022\022\024\026\027\025\025\026\025\022\024\023\023\023\024\027\027\027\026\030\030\030\032\032\031\032\035\033\030\024\022\022\023\023\022\024\024\026\026\026\030\031\025\025\024\024\025\031\034\034\033\032\031\030\030\031\031\030"..., FragArrayOffset=0, PWidth=352, PHeight=480, PStride=0)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:2244
#5 0x023c3040 in YUVAnalyseFrame (ppi=0x840685e0, KFIndicator=0x0) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/scan.c:2332
#6 0x023c79a4 in CompressFrame (cpi=0x84068000) at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/encoder_toplevel.c:651
#7 0x023c8337 in theora_encode_YUVin (t=0xcfbf2cb8, yuv=0xcfbf29b0)
at /usr/ports/mystuff/multimedia/libtheora/w-libtheora-1.0alpha5/libtheora-1.0alpha5/lib/encoder_toplevel.c:976
#8 0x1c001be4 in fetch_and_process_video (video=0x231299d8, videopage=0xcfbf2a98, to=0xcfbf2e78, td=0xcfbf2cb8, videoflag=0) at encoder_example.c:488
#9 0x1c002a4f in main (argc=-809555304, argv=0x0) at encoder_example.c:775
Please let me know if further information is required, or whether someone needs an account for testing on OpenBSD/i386. I'm also prepared to test patches.
Hth,
Moritz (_mx on Freenode)