How to report a bunch of mplayer bugs

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sun Dec 27 21:29:02 UTC 2015 

On 23.12.2015 12:25, Gustavo Grieco wrote:
>> On 22.12.2015 16:15, Gustavo Grieco wrote:
>> This list is not very useful. Please provide at least backtraces (with the
>> necessary -dbg
>> packages installed).
> 
> I have the valgrind and gdb backtraces just here (attached).

Thanks.

>> Please test your samples with mplayer/ffmpeg from Debian unstable/testing or
>> Ubuntu xenial.
> 
> Compiling the last snapshot version from the mplayer repository is not the same? (i'm using mplayer-export-2015-12-18)
> I verified that there is no linked libraries matching "libav*" in the resulting mplayer binary.

I think these mplayer-export tarballs don't contain a copy of ffmpeg anymore, so
it will probably be disabled, unless you enable it manually.

Anyway, can you reproduce your crashes with this snapshot version of mplayer?


On 23.12.2015 12:25, Gustavo Grieco wrote:
> file SIGBUS.PC.5704be.STACK.5c9a551.CODE.128.ADDR.(nil).INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGBUS, Bus error.
> 0x00000000005704be in play (af=0xa65e20, data=0x7fffffffd3f0) at libaf/af_lavcresample.c:130

This looks like something corrupted the buffer, so that RESIZE_LOCAL_BUFFER crashes.
It happens in code using libavcodec, so please test this with a current version of that library.


> file SIGFPE.PC.432d0e.STACK.18b3c0fcd4.CODE.1.ADDR.0x432d0e.INSTR.idivl__0x560ca8(%rip)________#_0x0000000000560cae.fuzz
> Program received signal SIGFPE, Arithmetic exception.
> 0x0000000000432d0e in fill_audio_out_buffers () at mplayer.c:2160

> file SIGFPE.PC.4bf2c3.STACK.1bca543b66.CODE.1.ADDR.0x4bf2c3.INSTR.divl___0x80(%rsi).fuzz
> Program received signal SIGFPE, Arithmetic exception.
> 0x00000000004bf2c3 in init (sh_audio=0xa65ba0) at libmpcodecs/ad_msadpcm.c:93

These two are division by zero problems and the code looks unchanged in current mplayer trunk,
so they have to be fixed in upstream mplayer.


> file SIGFPE.PC.7ffff3ceed83.STACK.d7d8808dd.CODE.1.ADDR.0x7ffff3ceed83.INSTR.idiv___%r8d.fuzz
> Program received signal SIGFPE, Arithmetic exception.
> 0x00007ffff3ceed83 in av_resample () from /usr/lib/x86_64-linux-gnu/libavcodec.so.54

This crash happens in libavcodec, but the backtrace is not very useful, because you don't
have the debugging symbols installed. Please retest this with a current libavcodec.
Also the crashing function is now deprecated and will be removed in the future...


> file SIGSEGV.PC.4bd833.STACK.18b2dd10ac.CODE.1.ADDR.0xa.INSTR.movzwl_0xa(%rax),%ecx.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> decode_audio (sh_audio=0xa65ba0, buf=0xa6c900 "", minlen=<optimized out>, maxlen=131072) at libmpcodecs/ad_dk3adpcm.c:259

> file SIGSEGV.PC.4be46b.STACK.1aba63653d.CODE.1.ADDR.(nil).INSTR.movzbl_(%rcx,%rdx,1),%ecx.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000004be46b in ac3dts_fillbuff (sh_audio=0xa65bc0) at libmpcodecs/ad_hwac3.c:110

I'm not sure why these crash, but they might be related.


> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7ffffaaf0e08.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7ffffefcecd8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff48eff8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130
> 130	libaf/af_lavcresample.c: No such file or directory.

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff54e258.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130
> 130	libaf/af_lavcresample.c: No such file or directory.

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60c128.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130
> 130	libaf/af_lavcresample.c: No such file or directory.

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60d498.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130
> 130	libaf/af_lavcresample.c: No such file or directory.

> Playing SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60d4a8.INSTR.callq__0xfffffffffff3c6e2.fuzz.
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130
> 130	libaf/af_lavcresample.c: No such file or directory.

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60daa8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60db58.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130

> file SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff6429a8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005704be in play (af=0xaccb80, data=0x7fffffffd3e0) at libaf/af_lavcresample.c:130

These are all identical and look similar to the SIGBUS problem.


> file SIGSEGV.PC.5947b5.STACK.1b0df30f87.CODE.1.ADDR.(nil).INSTR.movzbl_(%rcx,%rdx,1),%ecx.fuzz
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000005947b5 in dts_sync (sh=sh at entry=0xa65bc0, flags=flags at entry=0x7fffffffd2ec) at libmpcodecs/ad_libdca.c:212

This looks similar to the other two SIGSEGV in libmpcodecs/ad_*.


> file SIGSEGV.PC.7fffefe7314e.STACK.18f3cc3594.CODE.1.ADDR.(nil).INSTR.movdqu_%xmm8,(%rdi,%rcx,1).fuzz
> Program received signal SIGSEGV, Segmentation fault.
> __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:118
> 118	../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
> #0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:118
> #1  0x00000000004c0468 in memcpy (__len=<optimized out>, __src=<optimized out>, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:51
> #2  filter_n_bytes (len=-721710240, sh=0xa65bc0) at libmpcodecs/dec_audio.c:417

I think len should not be negative here. This seems to affect current mplayer, as well.

Best regards,
Andreas

More information about the pkg-multimedia-maintainers mailing list