[FFmpeg-trac] #407(avcodec:new): Crash in ff_put_pixels16_neon (EXC_BAD_ACCESS)
FFmpeg
trac at avcodec.org
Sun Aug 21 15:24:13 CEST 2011
#407: Crash in ff_put_pixels16_neon (EXC_BAD_ACCESS)
------------------------------------+----------------------
Reporter: redeemarr | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: unspecified | Resolution:
Keywords: Crash, Error resilience | Blocked By:
Blocking: | Reproduced: 0
Analyzed: 0 |
------------------------------------+----------------------
Comment (by redeemarr):
No asm, no NEON, ARM CPU.
Similar crash:
{{{
#0 <unknown function> [inlined] () at :0
#1 <unknown function> [inlined] () at :0
#2 0x0018fca0 in ff_put_pixels16x16_8_c (dst=0x146de10 '\200' <repeats
200 times>..., src=0x7860a10 <Address 0x7860a10 out of bounds>, stride=96)
at dsputil_template.c:0
#3 0x00283128 in mc_dir_part (h=0x587d000, pic=0x58a394c, n=<value
temporarily unavailable, due to optimizations>, square=1, chroma_height=8,
delta=0, list=0, dest_y=0x146de10 '\200' <repeats 200 times>...,
dest_cb=0x149ab88 '\200' <repeats 200 times>..., dest_cr=0x149b388 '\200'
<repeats 200 times>..., src_x_offset=0, src_y_offset=0, qpix_op=0x587e410,
chroma_op=0x166770 <put_h264_chroma_mc8_8_c>, pixel_shift=0, chroma444=0)
at libavcodec/h264.c:473
#4 0x00283d18 in mc_part (h=0x587d000, n=0, square=1, chroma_height=8,
delta=0, dest_y=0x146de10 '\200' <repeats 200 times>..., dest_cb=0x149ab88
'\200' <repeats 200 times>..., dest_cr=0x149b388 '\200' <repeats 200
times>..., x_offset=0, y_offset=0, qpix_put=0x587e410, chroma_put=0x166770
<put_h264_chroma_mc8_8_c>, qpix_avg=0x587e510, chroma_avg=0x166e5c
<avg_h264_chroma_mc8_8_c>, weight_op=0x587f4d4, weight_avg=0x587f4fc,
list0=4096, list1=0, pixel_shift=0, chroma444=0) at libavcodec/h264.c:549
#5 0x002969dc in hl_decode_mb_simple_8 (h=0x587d000) at
libavcodec/h264.c:696
#6 0x002977f8 in ff_h264_hl_decode_mb (h=0x587d000) at
libavcodec/h264.c:2103
#7 0x0027aec4 in decode_mb (s=0x587d000, ref=0) at
libavcodec/error_resilience.c:59
#8 0x0027c0b0 in guess_mv (s=0x587d000) at
libavcodec/error_resilience.c:414
#9 0x0027da10 in ff_er_frame_end (s=0x587d000) at
libavcodec/error_resilience.c:1066
#10 0x00286900 in field_end (h=0x587d000, in_setup=<value temporarily
unavailable, due to optimizations>) at libavcodec/h264.c:2418
#11 0x0029a648 in decode_frame (avctx=0x1415a00, data=0x80c1b0,
data_size=0x77a6c44, avpkt=<value temporarily unavailable, due to
optimizations>) at libavcodec/h264.c:3904
#12 0x00326848 in avcodec_decode_video2 (avctx=0x1415a00,
picture=0x80c1b0, got_picture_ptr=0x77a6c44, avpkt=0x77a6c00) at
libavcodec/utils.c:769
}}}
{{{
0x0018fc80 <put_tpel_pixels_mc00_c+476>: cmp lr, r5
0x0018fc84 <put_tpel_pixels_mc00_c+480>: orr r3, r12, r3, lsl
#8
0x0018fc88 <put_tpel_pixels_mc00_c+484>: add r1, r1, r2
0x0018fc8c <put_tpel_pixels_mc00_c+488>: strh r3, [r0], r2
0x0018fc90 <put_tpel_pixels_mc00_c+492>: bne 0x18fc74
<put_tpel_pixels_mc00_c+464>
0x0018fc94 <put_tpel_pixels_mc00_c+496>: pop {r4, r5, r7, pc}
0x0018fc98 <ff_put_pixels16x16_8_c+0>: push {r4, r7, lr}
0x0018fc9c <ff_put_pixels16x16_8_c+4>: add r7, sp, #4 ; 0x4
0x0018fca0 <ff_put_pixels16x16_8_c+8>: ldrb r3, [r1, #1]
0x0018fca4 <ff_put_pixels16x16_8_c+12>: ldrb r12, [r1]
0x0018fca8 <ff_put_pixels16x16_8_c+16>: add r4, r0, r2
0x0018fcac <ff_put_pixels16x16_8_c+20>: add r9, r2, r4
0x0018fcb0 <ff_put_pixels16x16_8_c+24>: orr r12, r12, r3, lsl #8
0x0018fcb4 <ff_put_pixels16x16_8_c+28>: ldrb r3, [r1, #2]
0x0018fcb8 <ff_put_pixels16x16_8_c+32>: orr r12, r12, r3, lsl #16
0x0018fcbc <ff_put_pixels16x16_8_c+36>: ldrb r3, [r1, #3]
}}}
{{{
r0 0x146de10 21421584
r1 0x7860a10 126224912
r2 0x60 96
r3 0x18fc98 1637528
r4 0x587d000 92786688
r5 0x7860a10 126224912
r6 0x0 0
r7 0x77a664c 125462092
r8 0x0 0
r9 0x1 1
r10 0x0 0
r11 0x0 0
r12 0x2aa0 10912
sp 0x77a6648 125462088
lr 0x283128 2634024
pc 0x18fca0 1637536
cpsr {
0x80000010,
n = 0x1,
z = 0x0,
c = 0x0,
v = 0x0,
q = 0x0,
j = 0x0,
ge = 0x0,
e = 0x0,
a = 0x0,
i = 0x0,
f = 0x0,
t = 0x0,
mode = 0x10
} {
0x80000010,
n = 1,
z = 0,
c = 0,
v = 0,
q = 0,
j = 0,
ge = 0,
e = 0,
a = 0,
i = 0,
f = 0,
t = 0,
mode = usr
}
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/407#comment:5>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list