clsid
-
2009-11-04
- status: open --> closed
Menu
▾
▴
#49 broken huffyuv encoder
Vdub crush when trying to encode any avi file with FFDShow 3071 (and before) to HUFFYUV (Colospace YV12, Media, Adaptive checked or unchecked).
Windows 2003, Athlon XP 3200+.
An out-of-bounds memory access (access violation) occurred in module 'ffdshow'...
...reading address 00000054...
...while compressing frame 0 from 03c30020 to 038a0020 using codec "ffdshow Video Codec" (w32videocodecpack.cpp:694)...
...while running thread "Processing" (thread.cpp:163).
VirtualDub crash report -- build 30091 (release)
--------------------------------------
Disassembly:
011752a0: 08508b or [eax-75h], dl
011752a3: 10ff adc bh, bh
011752a5: 52 push edx
011752a6: 10eb adc bl, ch
011752a8: 0233 add dh, [ebx]
011752aa: c08b55d085d275 ror byte ptr [ebx-2d7a2fab], 75h
011752b1: 0b8b55e48bba or ecx, [ebx-45741bab]
011752b7: 1405 adc al, 05h
011752b9: 0000 add [eax], al
011752bb: eb02 jmp 011752bf
011752bd: 33ff xor edi, edi
011752bf: 8b55e4 mov edx, [ebp-1ch]
011752c2: 57 push edi
011752c3: 50 push eax
011752c4: 8b4a3c mov ecx, [edx+3ch]
011752c7: 8b45d4 mov eax, [ebp-2ch]
011752ca: 50 push eax
011752cb: ffb20c010000 push dword ptr [edx+10c]
011752d1: ff514c call dword ptr [ecx+4ch]
011752d4: 83c410 add esp, 10h
011752d7: 8b530c mov edx, [ebx+0ch]
011752da: 894204 mov [edx+04h], eax
011752dd: 85c0 test eax, eax
011752df: 0f8c45030000 jl 0117562a
011752e5: 750b jnz 011752f2
011752e7: 8b45d0 mov eax, [ebp-30h]
011752ea: 85c0 test eax, eax
011752ec: 0f85d4020000 jnz 011755c6
011752f2: 8b45e4 mov eax, [ebp-1ch]
011752f5: 8b5010 mov edx, [eax+10h]
011752f8: 8b8a38040000 mov ecx, [edx+438]
011752fe: f6c101 test cl, 01h
01175301: 741f jz 01175322
01175303: 8b901c050000 mov edx, [eax+51c]
01175309: 85d2 test edx, edx
0117530b: 7415 jz 01175322
0117530d: 52 push edx
0117530e: 8b880c010000 mov ecx, [eax+10c]
01175314: ffb118010000 push dword ptr [ecx+118]
0117531a: e8dd533700 call 014ea6fc
0117531f: 83c408 add esp, 08h
01175322: 8b45e4 mov eax, [ebp-1ch]
01175325: 8b900c010000 mov edx, [eax+10c]
0117532b: 8b8a90010000 mov ecx, [edx+190]
01175331: 8b7154 mov esi, [ecx+54h] <-- FAULT
01175334: 894dd4 mov [ebp-2ch], ecx
01175337: 85f6 test esi, esi
01175339: 8975cc mov [ebp-34h], esi
0117533c: 0f84ba020000 jz 011755fc
01175342: 8b907c070000 mov edx, [eax+77c]
01175348: 8955c8 mov [ebp-38h], edx
0117534b: 85d2 test edx, edx
0117534d: 0f86a2020000 jbe 011755f5
01175353: 8bd0 mov edx, eax
01175355: 8b8a78070000 mov ecx, [edx+778]
0117535b: 33f6 xor esi, esi
0117535d: 8975e0 mov [ebp-20h], esi
01175360: 85c9 test ecx, ecx
01175362: 762c jbe 01175390
01175364: 8b45e0 mov eax, [ebp-20h]
01175367: 8b7dd4 mov edi, [ebp-2ch]
0117536a: 33d2 xor edx, edx
0117536c: 0faf4758 imul eax, [edi+58h]
01175370: 0345cc add eax, [ebp-34h]
01175373: 0fbe3c10 movsx edi, byte ptr [eax+edx]
01175377: 03f7 add esi, edi
01175379: 83c201 add edx, 01h
0117537c: 3bd1 cmp edx, ecx
0117537e: 72f3 jc 01175373
01175380: 8b45e0 mov eax, [ebp-20h]
01175383: 8b55c8 mov edx, [ebp-38h]
01175386: 83c001 add eax, 01h
01175389: 8945e0 mov [ebp-20h], eax
0117538c: 3bc2 cmp eax, edx
0117538e: 72d0 jc 01175360
01175390: 85f6 test esi, esi
01175392: 7611 jbe 011753a5
01175394: 8b45e4 mov eax, [ebp-1ch]
01175397: 8b8880070000 mov ecx, [eax+780]
0117539d: 8bc1 mov eax, ecx
0117539f: d1 db 0d1h
Built on Aegis on Sun Jan 04 12:35:50 2009 using compiler version 1400
Windows 5.2 (Windows XP x86 build 3790) [Service Pack 2]
EAX = 017b3240
EBX = 07f5fb00
ECX = 00000000
EDX = 02df6b00
EBP = 07f5faf8
ESI = 00000000
EDI = 0032dcd0
ESP = 07f5faa0
EIP = 01175331
EFLAGS = 00010246
FPUCW = ffff027f
FPUTW = ffffffff
Crash reason: Access Violation
Crash context:
An out-of-bounds memory access (access violation) occurred in module 'ffdshow'...
...reading address 00000054...
...while compressing frame 0 from 03c30020 to 038a0020 using codec "ffdshow Video Codec" (w32videocodecpack.cpp:694)...
...while running thread "Processing" (thread.cpp:163).
Pointer dumps:
EAX 017b3240: 0167b3e4 015b83d8 017ca154 017ca16c 017e2c20 00f3faf0 00050005 0108011c
EBX 07f5fb00: 017ca1c8 012b259c 017ca1c8 017ca5d8 00000000 018664e8 017c9110 01867468
EDX 02df6b00: 6fe24fc0 000c3500 007a1200 00000000 00000000 00000005 02e06a80 0000004c
EDI 0032dcd0: 02ee0040 02f49c40 02f64c40 02f7fc40 000002f0 00000180 00000180 000002f0
ESP 07f5faa0: 0155a580 00000240 07f5f9b8 07f5fb38 0151abb8 017ca158 0167b3e4 038a0020
07f5fac0: 00010000 017ca2ac 00000000 038a0020 017f7db0 00000001 017ca2f8 017b3240
07f5fae0: 00000002 07f5fb00 07f5faa0 07f5fb38 015168ee 00000000 07f5fb44 012b259c
07f5fb00: 017ca1c8 012b259c 017ca1c8 017ca5d8 00000000 018664e8 017c9110 01867468
EBP 07f5faf8: 07f5fb44 012b259c 017ca1c8 012b259c 017ca1c8 017ca5d8 00000000 018664e8
07f5fb18: 017c9110 01867468 0186746c 017ca1c8 017ca158 016b5260 0012fc00 07f5fb10
07f5fb38: 07f5fc90 01527f98 ffffffff 07f5fbc4 012b730f 017ca158 00d9ab70 03c30020
07f5fb58: 0012fc00 00000000 00000000 00000000 00000000 07f5fb88 75fdb7dc 07f5fbc4
Thread call stack:
01175331: ffdshow!DllGetClassObject [010e0000+6d40c+27f25]
012b259c: ffdshow!ffacm2creator [010e0000+1c6290+c30c]
012b259c: ffdshow!ffacm2creator [010e0000+1c6290+c30c]
012b730f: ffdshow!ffacm2creator [010e0000+1c6290+1107f]
01a540a5: ff_vfw!DriverProc [01a50000+3f58+14d]
75fc1894: MSVFW32!ICSendMessage [75fc0000+1869+2b]
75fc4cc7: MSVFW32!ICCompress [75fc0000+4c64+63]
00566d5b: VDVideoCompressorVCM::PackFrameInternal()
00567775: VDVideoCompressorVCM::CompressFrame()
77e61d43: kernel32!WaitForSingleObjectEx [77e40000+21c96+ad]
00467e32: VDThreadedVideoCompressor::ProcessFrame()
00468277: VDThreadedVideoCompressor::ExchangeBuffer()
00469a86: VDDubProcessThread::WriteVideoFrame()
0046bf3c: VDStreamInterleaver::PushStreams()
0046bf44: VDStreamInterleaver::PushStreams()
76aa4f8c: WINMM!timeGetTime [76aa0000+4f60+2c]
00469ea8: VDDubProcessThread::ThreadRun()
77e4bef7: kernel32!RaiseException [77e40000+bebb+3c]
77e4bef7: kernel32!RaiseException [77e40000+bebb+3c]
7c827009: ntdll!NtDuplicateObject [7c800000+26ffd+c]
77e644f9: kernel32!DuplicateHandle [77e40000+24494+65]
77e6450a: kernel32!DuplicateHandle [77e40000+24494+76]
77e6450a: kernel32!DuplicateHandle [77e40000+24494+76]
0045d820: VDThreadInitHandler()
004fa0e0: VDThread::StaticThreadStart()
00585d48: _callthreadstartex()
00585ded: _threadstartex@4()
77e6482f: kernel32!GetModuleHandleA [77e40000+24750+df]
-- End of report