Playing this file with 'totem ezsm01.m2ts', sometimes playback starts,
sometimes not - 2 out of 10 times I've had it display only the first
frame and no-more.
Using valgrind after installing all relevant debug libraries, we see a
violation in ffmpeg:
$ valgrind totem ezsm01.m2ts
[snip]
==10979== Syscall param write(buf) points to uninitialised byte(s)
==10979== at 0x920FE90: __write_nocancel (in
/usr/lib/debug/libpthread-2.8.90.so)
==10979== by 0x69A9EFE: _IceTransSocketWrite (Xtranssock.c:2171)
==10979== by 0x69AD787: _IceWrite (misc.c:369)
==10979== by 0x69AD863: IceFlush (misc.c:82)
==10979== by 0x652ADEB: client_set_string (gnome-client.c:264)
==10979== by 0x652CBD2: gnome_real_client_connect (gnome-client.c:2442)
==10979== by 0xCBC928C: g_closure_invoke (gclosure.c:767)
==10979== by 0xCBDF91D: signal_emit_unlocked_R (gsignal.c:3174)
==10979== by 0xCBE1718: g_signal_emit_valist (gsignal.c:2977)
==10979== by 0xCBE1C82: g_signal_emit (gsignal.c:3034)
==10979== by 0x652C93E: gnome_client_connect (gnome-client.c:1627)
==10979== by 0x652DCAE: gnome_client_post_args_parse (gnome-client.c:1210)
==10979== Address 0x13d58dec is 12 bytes inside a block of size 1,024 alloc'd
==10979== at 0x4C24384: calloc (vg_replace_malloc.c:397)
==10979== by 0x69A6373: IceOpenConnection (connect.c:211)
==10979== by 0x6799CB0: SmcOpenConnection (sm_client.c:135)
==10979== by 0x652C8BC: gnome_client_connect (gnome-client.c:1595)
==10979== by 0x652DCAE: gnome_client_post_args_parse (gnome-client.c:1210)
==10979== by 0x772BBCD: gnome_program_postinit (in
/usr/lib/libgnome-2.so.0.2303.0)
==10979== by 0x772BF9A: (within /usr/lib/libgnome-2.so.0.2303.0)
==10979== by 0x772C21C: gnome_program_initv (in
/usr/lib/libgnome-2.so.0.2303.0)
==10979== by 0x772C313: gnome_program_init (in
/usr/lib/libgnome-2.so.0.2303.0)
==10979== by 0x42388D: main (totem.c:3374)
==10979==
==10979== Thread 4:
==10979== Invalid read of size 1
==10979== at 0x1A65B8CD: filter_mb (h264.c:6503) <--- potential
==10979== by 0x1A663571: filter_mb_fast (h264.c:6383)
==10979== by 0x1A671D87: hl_decode_mb_complex (h264.c:2704)
==10979== by 0x1A678C6A: decode_slice (h264.c:2735)
==10979== by 0x1A679E88: decode_nal_units (h264.c:7405)
==10979== by 0x1A67AD7B: decode_frame (h264.c:7719)
==10979== by 0x1A4CA47A: avcodec_decode_video (utils.c:945)
==10979== by 0x19F6B51A: (within /usr/lib/gstreamer-0.10/libgstffmpeg.so)
==10979== by 0x19F6D536: (within /usr/lib/gstreamer-0.10/libgstffmpeg.so)
==10979== by 0x52B9A15: gst_pad_chain_unchecked (gstpad.c:3576)
==10979== by 0x52BAAB2: gst_pad_push (gstpad.c:3744)
==10979== by 0x16C2B6F1: gst_queue_loop (gstqueue.c:1028)
==10979== Address 0x1569468e is not stack'd, malloc'd or (recently) free'd
==10979==
==10979== ERROR SUMMARY: 21 errors from 2 contexts (suppressed: 101 from 1)
==10979== malloc/free: in use at exit: 51,788,982 bytes in 75,754 blocks.
==10979== malloc/free: 339,512 allocs, 263,758 frees, 130,293,703 bytes
allocated.
==10979== For counts of detected errors, rerun with: -v
==10979== searching for pointers to 75,754 not-freed blocks.
==10979== checked 96,658,856 bytes.
==10979==
==10979== LEAK SUMMARY:
==10979== definitely lost: 138,368 bytes in 2,782 blocks.
==10979== possibly lost: 654,554 bytes in 491 blocks.
==10979== still reachable: 50,996,060 bytes in 72,481 blocks.
==10979== suppressed: 0 bytes in 0 blocks.
==10979== Rerun with --leak-check=full to see details of leaked memory.
ffmpeg version is '3:0.svn20080206-11ubuntu1'
For the ffmpeg developers, the line is marked with a '!' in the 1st
column:
static void filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y,
uint8_t *img_cb, uint8_t *img_cr, unsigned int linesize, unsigned int
uvlinesize) {
MpegEncContext * const s = &h->s;
const int mb_xy= mb_x + mb_y*s->mb_stride;
const int mb_type = s->current_picture.mb_type[mb_xy];
const int mvy_limit = IS_INTERLACED(mb_type) ? 2 : 4;
int first_vertical_edge_done = 0;
int dir;
/* FIXME: A given frame may occupy more than one position in
* the reference list. So ref2frm should be populated with
* frame numbers, not indices. */
static const int ref2frm[34] = {-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31};
//for sufficiently low qp, filtering wouldn't do anything
//this is a conservative estimate: could also check beta_offset and more
accurate chroma_qp
if(!FRAME_MBAFF){
int qp_thresh = 15 - h->slice_alpha_c0_offset - FFMAX(0,
FFMAX(h->pps.chroma_qp_index_offset[0], h->pps.chroma_qp_index_offset[1]));
int qp = s->current_picture.qscale_table[mb_xy];
! if(qp <= qp_thresh
! && (mb_x == 0 || ((qp + s->current_picture.qscale_table[mb_xy-1] +
1)>>1) <= qp_thresh)
! && (mb_y == 0 || ((qp +
s->current_picture.qscale_table[h->top_mb_xy] + 1)>>1) <= qp_thresh)){
return;
}
}
--
totem-gstreamer crashed with SIGSEGV in MPV_decode_mb()
https://bugs.launchpad.net/bugs/255076
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
