[FFmpeg-trac] #782(avcodec:new): mpegaudiodec segfault
FFmpeg
trac at avcodec.org
Fri Dec 16 23:02:11 CET 2011
#782: mpegaudiodec segfault
-------------------------------------+-----------------------------------
Reporter: bluepin | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: unspecified | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-----------------------------------
Comment (by bluepin):
This is a transient error. The usage scenario is : A custom decoding
application that uses programatically ffmpeg libraries to decode multiple
streams at once. The application has several concurrent decoding threads (
150+ ), decodes online streams-mostly mp3s. So far it broke three times
under the same error after 1 to 3 weeks of continuous running (2 core
dumps available).
I am unable to provide a sample that can reproduce the error. Unless I can
reconstruct something out of the core dumps I have - but I may need some
guidance on how to do that.
(gdb) bt
#0 0x08338083 in mp_decode_layer1 (s=0xa94707a0, samples=0x98b00040,
buf=<value optimized out>, buf_size=256) at
/opt/icecast/src/ffmpeg/libavcodec/get_bits.h:285
#1 mp_decode_frame (s=0xa94707a0, samples=0x98b00040, buf=<value
optimized out>, buf_size=256) at
/opt/icecast/src/ffmpeg/libavcodec/mpegaudiodec.c:1715
#2 0x08339bb7 in decode_frame (avctx=0x9a8e3c0, data=0x98b00040,
data_size=0xacb3f5c, avpkt=0xb48b7228) at
/opt/icecast/src/ffmpeg/libavcodec/mpegaudiodec.c:1816
#3 0x0841588e in avcodec_decode_audio3 (avctx=0x9a8e3c0,
samples=0x98b00040, frame_size_ptr=0xacb3f5c, avpkt=0x2) at
/opt/icecast/src/ffmpeg/libavcodec/utils.c:839
#4 0x08066c00 in ffmpegFetchDecodeResampleReencodeNext (ff=0xacb3f48,
source=0xb710fe80) at ../../icecast/src/ffmpegIntegration.c:359
#5 0x08059d46 in source_main (source=0xb710fe80, ff=0xacb3f48) at
../../icecast/src/source.c:736
#6 0x080559b4 in start_ffmpegrelay_stream (arg=0x98f4138) at
../../icecast/src/slave.c:390
#7 0x08072fb8 in _start_routine (arg=0xb1037238) at
../../../icecast/src/thread/thread.c:660
#8 0x008f1832 in start_thread () from /lib/libpthread.so.0
#9 0x0083146e in clone () from /lib/libc.so.6
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8338063 to 0x83380a3:
0x08338063 <mp_decode_frame+1539>: xchg %eax,%ebp
0x08338064 <mp_decode_frame+1540>: add %al,(%eax)
0x08338066 <mp_decode_frame+1542>: add %cl,0xa82484(%ebx)
0x0833806c <mp_decode_frame+1548>: add %al,(%eax)
0x0833806e <mp_decode_frame+1550>: movzbl %cl,%edi
0x08338071 <mp_decode_frame+1553>: lea 0x1(%edi),%ebp
0x08338074 <mp_decode_frame+1556>: mov 0x8(%eax),%esi
0x08338077 <mp_decode_frame+1559>: mov (%eax),%eax
0x08338079 <mp_decode_frame+1561>: mov %esi,%edx
0x0833807b <mp_decode_frame+1563>: mov %esi,%ecx
0x0833807d <mp_decode_frame+1565>: shr $0x3,%edx
0x08338080 <mp_decode_frame+1568>: and $0x7,%ecx
0x08338083 <mp_decode_frame+1571>: mov (%eax,%edx,1),%ebx
0x08338086 <mp_decode_frame+1574>: mov 0xa8(%esp),%eax
0x0833808d <mp_decode_frame+1581>: mov 0xf4(%esp),%edx
0x08338094 <mp_decode_frame+1588>: bswap %ebx
0x08338096 <mp_decode_frame+1590>: shl %cl,%ebx
0x08338098 <mp_decode_frame+1592>: mov %ebp,%ecx
0x0833809a <mp_decode_frame+1594>: add %esi,%ebp
0x0833809c <mp_decode_frame+1596>: neg %ecx
0x0833809e <mp_decode_frame+1598>: mov %ebp,0x8(%eax)
0x083380a1 <mp_decode_frame+1601>: movzbl (%edx),%eax
End of assembler dump.
(gdb) info all-registers
eax 0xa8ec0caf -1460925265
ecx 0x2 2
edx 0x34e 846
ebx 0x4 4
esp 0xb48b6e30 0xb48b6e30
ebp 0x10 0x10
esi 0x1a72 6770
edi 0xf 15
eip 0x8338083 0x8338083 <mp_decode_frame+1571>
eflags 0x10202 [ IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0xc040007b -1069547397
es 0xc040007b -1069547397
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 3.00966351892338605583318567049389 (raw
0x4000c09e53bc6f5fc4b6)
st2 1.7699210388248127544851300025079555e-20 (raw
0x3fbda72a109a074f7a9f)
st3 3.00966351892338605583318567049389 (raw
0x4000c09e53bc6f5fc4b6)
st4 3.00966351892338605583318567049389 (raw
0x4000c09e53bc6f5fc4b6)
st5 3767.7300861597768091293403358577052 (raw
0x400aeb7bae6ed3380eda)
st6 0 (raw 0x00000000000000000000)
st7 433.959197998046875 (raw 0x4007d8fac70000000000)
fctrl 0x37f 895
fstat 0x4020 16416
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x83aa99c 138062236
foseg 0x7b 123
fooff 0xb48b7110 -1265929968
fop 0x65f 1631
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0,
0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0xc09e53bc6f5fc4b6, v2_int32 = {0x6f5fc4b6,
0xc09e53bc}, v4_int16 = {0xc4b6, 0x6f5f, 0x53bc, 0xc09e}, v8_int8 = {0xb6,
0xc4, 0x5f, 0x6f, 0xbc, 0x53, 0x9e, 0xc0}}
mm2 {uint64 = 0xa72a109a074f7a9f, v2_int32 = {0x74f7a9f,
0xa72a109a}, v4_int16 = {0x7a9f, 0x74f, 0x109a, 0xa72a}, v8_int8 = {0x9f,
0x7a, 0x4f, 0x7, 0x9a, 0x10, 0x2a, 0xa7}}
mm3 {uint64 = 0xc09e53bc6f5fc4b6, v2_int32 = {0x6f5fc4b6,
0xc09e53bc}, v4_int16 = {0xc4b6, 0x6f5f, 0x53bc, 0xc09e}, v8_int8 = {0xb6,
0xc4, 0x5f, 0x6f, 0xbc, 0x53, 0x9e, 0xc0}}
mm4 {uint64 = 0xc09e53bc6f5fc4b6, v2_int32 = {0x6f5fc4b6,
0xc09e53bc}, v4_int16 = {0xc4b6, 0x6f5f, 0x53bc, 0xc09e}, v8_int8 = {0xb6,
0xc4, 0x5f, 0x6f, 0xbc, 0x53, 0x9e, 0xc0}}
mm5 {uint64 = 0xeb7bae6ed3380eda, v2_int32 = {0xd3380eda,
0xeb7bae6e}, v4_int16 = {0xeda, 0xd338, 0xae6e, 0xeb7b}, v8_int8 = {0xda,
0xe, 0x38, 0xd3, 0x6e, 0xae, 0x7b, 0xeb}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0xd8fac70000000000, v2_int32 = {0x0, 0xd8fac700},
v4_int16 = {0x0, 0x0, 0xc700, 0xd8fa}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0xc7, 0xfa, 0xd8}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/782#comment:2>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list