[FFmpeg-trac] #5500(avcodec:closed): ff_h264_decode_nal crash on iOS 32/64 bit

FFmpeg trac at avcodec.org
Mon May 2 15:22:51 CEST 2016


#5500: ff_h264_decode_nal crash on iOS 32/64 bit
-------------------------------------+-------------------------------------
             Reporter:  glip         |                    Owner:
                 Type:  defect       |                   Status:  closed
             Priority:  important    |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  h264 crash   |  needs_more_info
             Blocking:               |               Blocked By:
Analyzed by developer:  0            |  Reproduced by developer:  0
-------------------------------------+-------------------------------------

Comment (by glip):

 I'm using lldb. This is crash of 32 bit version:

 Crash:
 * thread #17: tid = 0x7146, 0x00414092 app`ff_h264_decode_nal + 66, name =
 'QThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x26e05000)
     frame #0: 0x00414092 spp`ff_h264_decode_nal + 66
 app`ff_h264_decode_nal:
 ->  0x414092 <+66>: movl   (%esi,%ebp), %ecx
     0x414095 <+69>: movl   %ecx, %edx
     0x414097 <+71>: notl   %edx
     0x414099 <+73>: leal   -0x1000101(%ecx), %edi

 (lldb) bt
 * thread #17: tid = 0x7146, 0x00414092 app`ff_h264_decode_nal + 66, name =
 'QThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x26e05000)
   * frame #0: 0x00414092 app`ff_h264_decode_nal + 66
     frame #1: 0x00415657 app`___lldb_unnamed_function8705$$app + 1623
     frame #2: 0x00417cd1 app`___lldb_unnamed_function8709$$app + 897
     frame #3: 0x00878cb2 app`avcodec_decode_video2 + 322
     frame #4: 0x0087a70a app`___lldb_unnamed_function11569$$app + 106
     frame #5: 0x0087a68d app`avcodec_send_packet + 173
     frame #6: 0x00050898 app`VideoDecoder::work() + 4376
     frame #7: 0x000445b7 app`___lldb_unnamed_function985$$app + 103
     frame #8: 0x0004451d app`___lldb_unnamed_function983$$app + 77
     frame #9: 0x00044450 app`QtPrivate::QSlotObject<void
 (VideoDecoder::*)(), QtPrivate::List<>, void>::impl(int,
 QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 176
     frame #10: 0x07372917 QtCore`QMetaCallEvent::placeMetaCall(QObject*) +
 55
     frame #11: 0x07374089 QtCore`QObject::event(QEvent*) + 121
     frame #12: 0x062a2b04
 QtWidgets`QApplicationPrivate::notify_helper(QObject*, QEvent*) + 228
     frame #13: 0x062a405a QtWidgets`QApplication::notify(QObject*,
 QEvent*) + 522
     frame #14: 0x07345a70
 QtCore`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 176
     frame #15: 0x073467e4
 QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int,
 QThreadData*) + 852
     frame #16: 0x073a0a8c
 QtCore`QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
 + 60
     frame #17: 0x07341adf
 QtCore`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 447
     frame #18: 0x07183a5c QtCore`QThread::exec() + 108
     frame #19: 0x071876bb QtCore`___lldb_unnamed_function261$$QtCore + 379
     frame #20: 0x96253780 libsystem_pthread.dylib`_pthread_body + 138
     frame #21: 0x962536f6 libsystem_pthread.dylib`_pthread_start + 155
     frame #22: 0x96250f7a libsystem_pthread.dylib`thread_start + 34
 (lldb) disass -s $pc-32 -e $pc+32
 app`ff_h264_decode_nal:
     0x414072 <+34>: andl   $0x1f, %eax
     0x414075 <+37>: movl   %eax, 0x32670(%ecx)
     0x41407b <+43>: leal   0x1(%ebx), %esi
     0x41407e <+46>: decl   %edi
     0x41407f <+47>: xorl   %ebp, %ebp
     0x414081 <+49>: cmpl   $0x2, %edi
     0x414084 <+52>: jl     0x41411e                  ; <+206>
     0x41408a <+58>: nopw   (%eax,%eax)
     0x414090 <+64>: movl   %edi, %eax
 ->  0x414092 <+66>: movl   (%esi,%ebp), %ecx
     0x414095 <+69>: movl   %ecx, %edx
     0x414097 <+71>: notl   %edx
     0x414099 <+73>: leal   -0x1000101(%ecx), %edi
     0x41409f <+79>: andl   %edx, %edi
     0x4140a1 <+81>: testl  $0x80008080, %edi         ; imm = 0x80008080
     0x4140a7 <+87>: je     0x414100                  ; <+176>
     0x4140a9 <+89>: cmpb   $0x1, %cl
     0x4140ac <+92>: sbbl   %ecx, %ecx
     0x4140ae <+94>: testl  %ebp, %ebp
 (lldb) register read --all
 General Purpose Registers:
        eax = 0x00055fe2  app`___lldb_unnamed_function1152$$app + 18
        ebx = 0x26daf01c
        ecx = 0x00055fe1  app`___lldb_unnamed_function1152$$app + 17
        edx = 0xdba4a9d6
        edi = 0x00055fe2  app`___lldb_unnamed_function1152$$app + 18
        esi = 0x26daf01d
        ebp = 0x00055fe0  app`___lldb_unnamed_function1152$$app + 16
        esp = 0xb07ae360
         ss = 0x00000023
     eflags = 0x00010297  app`VideoServer::stopStreaming(unsigned int) + 7
        eip = 0x00414092  app`ff_h264_decode_nal + 66
         cs = 0x0000001b
         ds = 0x00000023
         es = 0x00000023
         fs = 0x00000023
         gs = 0x0000000f
         ax = 0x5fe2
         bx = 0xf01c
         cx = 0x5fe1
         dx = 0xa9d6
         di = 0x5fe2
         si = 0xf01d
         bp = 0x5fe0
         sp = 0xe360
         ah = 0x5f
         bh = 0xf0
         ch = 0x5f
         dh = 0xa9
         al = 0xe2
         bl = 0x1c
         cl = 0xe1
         dl = 0xd6
        dil = 0xe2
        sil = 0x1d
        bpl = 0xe0
        spl = 0x60

 Floating Point Registers:
      fctrl = 0x037f
      fstat = 0x0000
       ftag = 0x00
        fop = 0x0000
      fioff = 0x9d78b56a  libsystem_m.dylib`llrint + 26
      fiseg = 0x0000
      fooff = 0xb07ae3f0
      foseg = 0x0000
      mxcsr = 0x00001fa0  app`_mh_execute_header + 4000
   mxcsrmask = 0x0000ffff  app`VideoServer::reopen() + 655
      stmm0 = {0x80 0x80 0x80 0x80 0x7f 0x7f 0x7f 0x7f 0xff 0xff}
      stmm1 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
      stmm2 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
      stmm3 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
      stmm4 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
      stmm5 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
      stmm6 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
      stmm7 = {0x01 0x01 0x00 0x00 0x01 0x01 0x00 0x00 0xff 0xff}
       ymm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm1 = {0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x00 0xff 0xff 0xff
 0x00 0xff 0x00 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm2 = {0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x80 0x80 0x80 0x80
 0x80 0x80 0x80 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm3 = {0x80 0x7f 0x7e 0x7e 0x7e 0x7e 0x7e 0x7e 0x80 0x80 0x80 0x80
 0x7f 0x7f 0x7f 0x7f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm4 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm5 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm6 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       ymm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00 0x00}
       xmm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}
       xmm1 = {0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x00 0xff 0xff 0xff
 0x00 0xff 0x00 0xff}
       xmm2 = {0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x80 0x80 0x80 0x80
 0x80 0x80 0x80 0x80}
       xmm3 = {0x80 0x7f 0x7e 0x7e 0x7e 0x7e 0x7e 0x7e 0x80 0x80 0x80 0x80
 0x7f 0x7f 0x7f 0x7f}
       xmm4 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80}
       xmm5 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80}
       xmm6 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
 0x01 0x00 0x00 0x80}
       xmm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
 0x00 0x00 0x00 0x00}

 Exception State Registers:
     trapno = 0x0000000e
        err = 0x00000004
   faultvaddr = 0x26e05000

 (lldb)

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5500#comment:7>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list