[FFmpeg-trac] #270(avcodec:new): Crash decoding qdm2 on ia32
FFmpeg
trac at avcodec.org
Tue Jun 7 12:44:27 CEST 2011
#270: Crash decoding qdm2 on ia32
-------------------------+-----------------------------
Reporter: cehoyos | Owner:
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git-master | Keywords: ia32 regression
Blocked By: | Blocking:
Reproduced: 1 | Analyzed: 0
-------------------------+-----------------------------
The sample from ticket #263 crashes ia32 ffmpeg since
984ece7503597d30e6f3bdeb67e337ea1616f880
{{{
(gdb) r -i qdm2-channels.mov -f null -
ffmpeg version git-N-30606-g40da61e, Copyright (c) 2000-2011 the FFmpeg
developers
built on Jun 7 2011 12:41:25 with gcc 4.5.3
configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
libavutil 51. 6. 1 / 51. 6. 1
libavcodec 53. 6. 1 / 53. 6. 1
libavformat 53. 2. 0 / 53. 2. 0
libavdevice 53. 1. 1 / 53. 1. 1
libavfilter 2. 14. 0 / 2. 14. 0
libswscale 0. 14. 1 / 0. 14. 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] Unimplemented container channel
layout.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] If you want to help, upload a sample
of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the
ffmpeg-devel mailing list.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] max_analyze_duration 5000000 reached
at 5120000
Seems stream 1 codec frame rate differs from container frame rate:
15000.00 (15000/1) -> 14.99 (15000/1001)
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'qdm2-channels.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2006-11-03 19:12:00
composer : This movie was made with Adobe GoLive.
composer-eng : This movie was made with Adobe GoLive.
Duration: 00:00:30.03, start: 0.000000, bitrate: 311 kb/s
Stream #0.0(eng): Audio: qdm2, 32000 Hz, 1 channels, s16, 24 kb/s
Metadata:
creation_time : 2006-11-03 19:12:00
Stream #0.1(eng): Video: svq1, yuv410p, 320x240, 285 kb/s, 14.99 fps,
14.99 tbr, 15k tbn, 15k tbc
Metadata:
creation_time : 2006-11-03 19:12:00
Stream #0.2(eng): Data: [0][0][0][0] / 0x0000, 0 kb/s
Metadata:
creation_time : 2006-11-03 19:12:00
[buffer @ 0x8c5a3a0] w:320 h:240 pixfmt:yuv410p tb:1/1000000 sar:0/1
sws_param:
Output #0, null, to 'pipe:':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 2006-11-03 19:12:00
composer : This movie was made with Adobe GoLive.
composer-eng : This movie was made with Adobe GoLive.
encoder : Lavf53.2.0
Stream #0.0(eng): Video: rawvideo, yuv410p, 320x240, q=2-31, 200 kb/s,
90k tbn, 14.99 tbc
Metadata:
creation_time : 2006-11-03 19:12:00
Stream #0.1(eng): Audio: pcm_s16le, 32000 Hz, 1 channels, s16, 512
kb/s
Metadata:
creation_time : 2006-11-03 19:12:00
Stream mapping:
Stream #0.1 -> #0.0
Stream #0.0 -> #0.1
Press [q] to stop, [?] for help
Program received signal SIGSEGV, Segmentation fault.
0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0,
unused=0xffffba5c, out=0xffff965c, incr=1) at
libavcodec/x86/mpegaudiodec_mmx.c:120
120 __asm__ volatile(
(gdb) bt
#0 0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0,
unused=0xffffba5c, out=0xffff965c, incr=1) at
libavcodec/x86/mpegaudiodec_mmx.c:120
#1 0x0831153c in ff_mpa_synth_filter_float (s=0x8c85608,
synth_buf_ptr=0x8c85620, synth_buf_offset=0x8c87620, window=0x8bee2e0,
dither_state=0xffffba5c, samples=0xffff965c, incr=1, sb_samples=0x8c87640)
at libavcodec/mpegaudiodsp_template.c:173
#2 0x0836d035 in qdm2_synthesis_filter (q=0x8c79de0, index=147346976) at
libavcodec/qdm2.c:1616
#3 0x08370f06 in qdm2_decode (out=0xf7bc9020,
in=0x8cae8c0
"\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-",
q=0x8c79de0) at libavcodec/qdm2.c:1927
#4 qdm2_decode_frame (out=0xf7bc9020,
in=0x8cae8c0
"\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-",
q=0x8c79de0) at libavcodec/qdm2.c:1966
#5 0x083ed490 in avcodec_decode_audio3 (avctx=0x8c62880,
samples=0xf7bc9020, frame_size_ptr=0xffffc038, avpkt=0xffffbf50) at
libavcodec/utils.c:796
#6 0x080502d0 in output_packet (ist=0x8c73930, ist_index=0,
ost_table=0x8c73b40, nb_ostreams=2, pkt=0xffffcdbc) at ffmpeg.c:1580
#7 0x08053726 in transcode (nb_output_files=1, input_files=0x8c5a808,
nb_input_files=1, stream_maps=0x0, nb_stream_maps=0,
output_files=0x8701500) at ffmpeg.c:2739
#8 0x08058f75 in main (argc=<value optimized out>, argv=<value optimized
out>) at ffmpeg.c:4551
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x849c7f4 to 0x849c834:
0x0849c7f4 <apply_window_mp3+1188>: add %al,(%eax)
0x0849c7f6 <apply_window_mp3+1190>: add %al,(%eax)
0x0849c7f8 <apply_window_mp3+1192>: fstp %st(0)
0x0849c7fa <apply_window_mp3+1194>: mov 0x1a4(%esp),%edx
0x0849c801 <apply_window_mp3+1201>: mov 0x24(%esp),%eax
0x0849c805 <apply_window_mp3+1205>: mov 0x20(%esp),%ecx
0x0849c809 <apply_window_mp3+1209>: movups 0x34(%esi),%xmm0
0x0849c80d <apply_window_mp3+1213>: shufps $0x1b,%xmm0,%xmm0
0x0849c811 <apply_window_mp3+1217>: subps (%eax),%xmm0
0x0849c814 <apply_window_mp3+1220>: movaps %xmm0,(%edx)
0x0849c817 <apply_window_mp3+1223>: movups 0x4(%ecx),%xmm0
0x0849c81b <apply_window_mp3+1227>: shufps $0x1b,%xmm0,%xmm0
0x0849c81f <apply_window_mp3+1231>: addps 0x30(%edi),%xmm0
0x0849c823 <apply_window_mp3+1235>: movaps %xmm0,0x70(%edx)
0x0849c827 <apply_window_mp3+1239>: movups 0x24(%esi),%xmm0
0x0849c82b <apply_window_mp3+1243>: shufps $0x1b,%xmm0,%xmm0
0x0849c82f <apply_window_mp3+1247>: subps 0x10(%eax),%xmm0
0x0849c833 <apply_window_mp3+1251>: movaps %xmm0,0x10(%edx)
End of assembler dump.
(gdb) info all-registers
eax 0xffff9560 -27296
ecx 0xffff94c0 -27456
edx 0xffff965c -27044
ebx 0x8c85620 147346976
esp 0xffff9438 0xffff9438
ebp 0x8bee2e0 0x8bee2e0
esi 0xffff9470 -27536
edi 0xffff9510 -27376
eip 0x849c814 0x849c814 <apply_window_mp3+1220>
eflags 0x210246 [ PF ZF IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
st0 -0 (raw 0x80000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 -0 (raw 0x80000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x849c7f8 139053048
foseg 0x0 0
fooff 0x0 0
fop 0x5d8 1496
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x17, 0xa9, 0x30, 0x6d, 0x2c,
0x2c, 0xac, 0xbb, 0x1, 0xab}, v8_int16 = {0x0, 0x0, 0x4b00, 0xa917,
0x6d30, 0x2c2c,
0xbbac, 0xab01}, v4_int32 = {0x0, 0xa9174b00, 0x2c2c6d30, 0xab01bbac},
v2_int64 = {0xa9174b0000000000, 0xab01bbac2c2c6d30}, uint128 =
0xab01bbac2c2c6d30a9174b0000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xc0, 0x10, 0x64, 0xbf, 0x0 <repeats 12 times>}, v8_int16 =
{0x10c0, 0xbf64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf6410c0,
0x0, 0x0, 0x0},
v2_int64 = {0xbf6410c0, 0x0}, uint128 =
0x000000000000000000000000bf6410c0}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xac, 0xbb, 0x81, 0x3e, 0x0 <repeats 12 times>}, v8_int16 =
{0xbbac, 0x3e81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x3e81bbac,
0x0, 0x0, 0x0},
v2_int64 = {0x3e81bbac, 0x0}, uint128 =
0x0000000000000000000000003e81bbac}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x43, 0x99, 0xe9, 0xbe, 0x0 <repeats 12 times>}, v8_int16 =
{0x9943, 0xbee9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbee99943,
0x0, 0x0, 0x0},
v2_int64 = {0xbee99943, 0x0}, uint128 =
0x000000000000000000000000bee99943}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xee, 0xbb, 0x15, 0xbf, 0x0 <repeats 12 times>}, v8_int16 =
{0xbbee, 0xbf15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf15bbee,
0x0, 0x0, 0x0},
v2_int64 = {0xbf15bbee, 0x0}, uint128 =
0x000000000000000000000000bf15bbee}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
}}}
--
Ticket URL: <https://avcodec.org/trac/ffmpeg/ticket/270>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list