Playing this broken file (broken with zzuf) with current ffplay (revision 8404)
causes ffplay to segfault:

[h264 @ 0x847a2dc]reference picture missing during reorder
[h264 @ 0x847a2dc]reference picture missing during reorder
[h264 @ 0x847a2dc]illegal reordering_of_pic_nums_idc
[h264 @ 0x847a2dc]decode_slice_header error
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
[h264 @ 0x847a2dc]non existing PPS referenced
[h264 @ 0x847a2dc]decode_slice_header error
[h264 @ 0x847a2dc]left block unavailable for requested intra mode at 0 1
[h264 @ 0x847a2dc]error while decoding MB 0 1
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
[h264 @ 0x847a2dc]illegal memory management control operation 86
[h264 @ 0x847a2dc]top block unavailable for requested intra mode at 8 0
[h264 @ 0x847a2dc]error while decoding MB 8 0
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
[h264 @ 0x847a2dc]slice type too large (3) at 19 14
[h264 @ 0x847a2dc]decode_slice_header error
[h264 @ 0x847a2dc]no frame!
[h264 @ 0x847a2dc]mb_type 39 in B slice too large at 5 5
[h264 @ 0x847a2dc]error while decoding MB 5 5
[h264 @ 0x847a2dc]concealing 244 DC, 244 AC, 244 MV errors
[h264 @ 0x847a2dc]illegal memory management control operation 90
[h264 @ 0x847a2dc]out of range intra chroma pred mode at 8 0
[h264 @ 0x847a2dc]error while decoding MB 8 0
[h264 @ 0x847a2dc]illegal short term buffer state detected
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
[h264 @ 0x847a2dc]illegal memory management control operation 84
[h264 @ 0x847a2dc]cbp too large (249) at 2 3
[h264 @ 0x847a2dc]error while decoding MB 2 3
[h264 @ 0x847a2dc]concealing 287 DC, 287 AC, 287 MV errors
[h264 @ 0x847a2dc]illegal memory management control operation 84
[h264 @ 0x847a2dc]left block unavailable for requested intra mode at 0 0
[h264 @ 0x847a2dc]error while decoding MB 0 0
[h264 @ 0x847a2dc]cbp too large (123) at 16 0
[h264 @ 0x847a2dc]error while decoding MB 16 0
[h264 @ 0x847a2dc]Unknown NAL code: 17
[h264 @ 0x847a2dc]illegal short term buffer state detected
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
[h264 @ 0x847a2dc]warning: first frame is no keyframe
[h264 @ 0x847a2dc]warning: first frame is no keyframe
[h264 @ 0x847a2dc]warning: first frame is no keyframe
[h264 @ 0x847a2dc]warning: first frame is no keyframe
[h264 @ 0x847a2dc]reference picture missing during reorder
[h264 @ 0x847a2dc]reference count overflow
[h264 @ 0x847a2dc]decode_slice_header error
[h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231365232 (LWP 15228)]
0x08266fcf in avg_pixels16_mmx2 (block=0x8691380
"\rPi\204}~\177\200\200\200\200\201\201\201\201\201", pixels=0x0, line_size=352,
h=16)
    at i386/dsputil_mmx_avg.h:655
655         __asm __volatile(
(gdb) 

(gdb) bt
#0  0x08266fcf in avg_pixels16_mmx2 (block=0x8691380
"\rPi\204}~\177\200\200\200\200\201\201\201\201\201", pixels=0x0, line_size=352,
h=16)
    at i386/dsputil_mmx_avg.h:655
#1  0x080d959a in MPV_motion (s=0x85e1110, dest_y=<value optimized out>,
dest_cb=<value optimized out>, dest_cr=<value optimized out>, dir=32, 
    ref_picture=0x85e1390, pix_op=<value optimized out>, qpix_op=0x85e1fbc) at
mpegvideo.c:3054
#2  0x080dcaf9 in MPV_decode_mb (s=0x85e1110, block=0x869d3b0) at
mpegvideo.c:4016
#3  0x081e971a in ff_er_frame_end (s=0x85e1110) at error_resilience.c:40
#4  0x082fd41e in decode_frame (avctx=0x85ba300, data=0x85c9df0,
data_size=0xb69ad384, buf=0x867fca0 "", buf_size=26100) at h264.c:8387
#5  0x080bfd82 in avcodec_decode_video (avctx=0x85ba300, picture=0x85c9df0,
got_picture_ptr=0xb69ad384, buf=0x867fca0 "", buf_size=26100) at utils.c:897
#6  0x0805b4af in video_thread (arg=0xb71ea020) at ffplay.c:1357
#7  0xb7d85ceb in ?? () from /usr/lib/libSDL-1.2.so.0
#8  0xb71ea020 in ?? ()
#9  0x0805b3f0 in ?? () at ffplay.c:1449
#10 0x085ba640 in ?? ()
#11 0xb7ddb820 in ?? () from /usr/lib/libSDL-1.2.so.0
#12 0x00000000 in ?? ()
(gdb)

(gdb)   disass $pc-32 $pc+32
Dump of assembler code from 0x8266faf to 0x8266fef:
0x08266faf <avg_pixels16_mmx2+15>:      mov    %esi,0x10(%esp)
0x08266fb3 <avg_pixels16_mmx2+19>:      mov    0x24(%esp),%esi
0x08266fb7 <avg_pixels16_mmx2+23>:      mov    %edi,0x14(%esp)
0x08266fbb <avg_pixels16_mmx2+27>:      mov    0x20(%esp),%edi
0x08266fbf <avg_pixels16_mmx2+31>:      mov    %ebp,0x18(%esp)
0x08266fc3 <avg_pixels16_mmx2+35>:      mov    %edx,%ebx
0x08266fc5 <avg_pixels16_mmx2+37>:      lea    (%ecx,%ecx,1),%eax
0x08266fc8 <avg_pixels16_mmx2+40>:      movq   (%edi),%mm0
0x08266fcb <avg_pixels16_mmx2+43>:      movq   (%edi,%ecx,1),%mm1
0x08266fcf <avg_pixels16_mmx2+47>:      pavgb  (%esi),%mm0
0x08266fd2 <avg_pixels16_mmx2+50>:      pavgb  (%esi,%ecx,1),%mm1
0x08266fd6 <avg_pixels16_mmx2+54>:      movq   %mm0,(%edi)
0x08266fd9 <avg_pixels16_mmx2+57>:      movq   %mm1,(%edi,%ecx,1)
0x08266fdd <avg_pixels16_mmx2+61>:      add    %eax,%esi
0x08266fdf <avg_pixels16_mmx2+63>:      add    %eax,%edi
0x08266fe1 <avg_pixels16_mmx2+65>:      movq   (%edi),%mm0
0x08266fe4 <avg_pixels16_mmx2+68>:      movq   (%edi,%ecx,1),%mm1
0x08266fe8 <avg_pixels16_mmx2+72>:      pavgb  (%esi),%mm0
0x08266feb <avg_pixels16_mmx2+75>:      pavgb  (%esi,%ecx,1),%mm1
End of assembler dump.
(gdb)   info all-registers
eax            0x2c0    704
ecx            0x160    352
edx            0x10     16
ebx            0x10     16
esp            0xb69aca90       0xb69aca90
ebp            0x0      0x0
esi            0x0      0
edi            0x8691380        141104000
eip            0x8266fcf        0x8266fcf <avg_pixels16_mmx2+47>
eflags         0x210286 [ PF SF IF RF ID ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            -nan(0x807f7e7d8469500d) (raw 0xffff807f7e7d8469500d)
st1            -nan(0xe2e1e1e0ead38e1b) (raw 0xffffe2e1e1e0ead38e1b)
st2            -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st3            -nan(0x80008000800080)   (raw 0xffff0080008000800080)
st4            -nan(0xb6b6b6b6b6b6b6b6) (raw 0xffffb6b6b6b6b6b6b6b6)
st5            -nan(0xa4a4a4a4a4a3a3a4) (raw 0xffffa4a4a4a4a4a3a3a4)
st6            25       (raw 0x4003c800000000000000)
st7            <invalid float value>    (raw 0xffff0000000000000000)
fctrl          0x37f    895
fstat          0x20     32
ftag           0x8aaa   35498
fiseg          0x73     115
fioff          0x805b485        134591621
foseg          0x7b     123
fooff          0xb69ad308       -1231367416
fop            0xec     236
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x807f7e7d8469500d, v2_int32 = {0x8469500d,
0x807f7e7d}, v4_int16 = {0x500d, 0x8469, 0x7e7d, 0x807f}, v8_int8 = {0xd, 0x50,
0x69, 
    0x84, 0x7d, 0x7e, 0x7f, 0x80}}
---Type <return> to continue, or q <return> to quit---
mm1            {uint64 = 0xe2e1e1e0ead38e1b, v2_int32 = {0xead38e1b,
0xe2e1e1e0}, v4_int16 = {0x8e1b, 0xead3, 0xe1e0, 0xe2e1}, v8_int8 = {0x1b, 0x8e,
0xd3, 
    0xea, 0xe0, 0xe1, 0xe1, 0xe2}}
mm2            {uint64 = 0x8080808080808080, v2_int32 = {0x80808080,
0x80808080}, v4_int16 = {0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80,
0x80, 
    0x80, 0x80, 0x80, 0x80, 0x80}}
mm3            {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080},
v4_int16 = {0x80, 0x80, 0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 
    0x0, 0x80, 0x0}}
mm4            {uint64 = 0xb6b6b6b6b6b6b6b6, v2_int32 = {0xb6b6b6b6,
0xb6b6b6b6}, v4_int16 = {0xb6b6, 0xb6b6, 0xb6b6, 0xb6b6}, v8_int8 = {0xb6, 0xb6,
0xb6, 
    0xb6, 0xb6, 0xb6, 0xb6, 0xb6}}
mm5            {uint64 = 0xa4a4a4a4a4a3a3a4, v2_int32 = {0xa4a3a3a4,
0xa4a4a4a4}, v4_int16 = {0xa3a4, 0xa4a3, 0xa4a4, 0xa4a4}, v8_int8 = {0xa4, 0xa3,
0xa3, 
    0xa4, 0xa4, 0xa4, 0xa4, 0xa4}}
mm6            {uint64 = 0xc800000000000000, v2_int32 = {0x0, 0xc8000000},
v4_int16 = {0x0, 0x0, 0x0, 0xc800}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0xc8}}
mm7            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
(gdb)