Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#4431 closed defect (fixed)

Nondeterministic h264 422 slice threads crash

Reported by: Kieran Kunhya Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: h264 crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

http://paste.ubuntu.com/10739615/

http://obe.tv/Downloads/ffmpeg/fuzz6.264

Attachments (1)

fuzz6.264 (1.0 MB ) - added by Carl Eugen Hoyos 9 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 by Kieran Kunhya, 9 years ago

Proper backtrace:

(gdb) bt
#0  ff_avg_pixels8_mmxext.loop () at libavcodec/x86/fpel.asm:102
#1  0x00000000005f4590 in avg_h264_qpel8_mc00_mmxext (dst=0x2972840 "", src=0x16860 <error: Cannot access memory at address 0x16860>, stride=384)
    at libavcodec/x86/h264_qpel.c:402
#2  0x00000000004d432b in mc_dir_part (chroma_idc=2, pixel_shift=0, chroma_op=0x664c60 <ff_avg_h264_chroma_mc4_ssse3>, qpix_op=0x29197f0, src_y_offset=120,
    src_x_offset=48, dest_cr=0x2982770 "", dest_cb=0x2996110 "", dest_y=0x2972840 "", list=1, delta=3072, height=16, square=0, n=0, pic=0x7f47fda40b30,
    sl=0x7f47fda3a2c0, h=0x2919400) at libavcodec/h264_mb.c:249
#3  mc_part_std (chroma_idc=2, pixel_shift=0, list1=16384, list0=4096, chroma_avg=0x664c60 <ff_avg_h264_chroma_mc4_ssse3>, qpix_avg=0x29197f0,
    chroma_put=0x664760 <ff_put_h264_chroma_mc4_ssse3>, qpix_put=0x29195f0, y_offset=120, x_offset=48, dest_cr=0x2982770 "", dest_cb=0x2996110 "",
    dest_y=0x2972840 "", delta=3072, height=16, square=0, n=0, sl=0x7f47fda3a2c0, h=0x2919400) at libavcodec/h264_mb.c:363
#4  mc_part_422_simple_8 (h=0x2919400, sl=0x7f47fda3a2c0, n=0, square=0, height=16, delta=3072, dest_y=0x2972840 "", dest_cb=0x2996110 "", dest_cr=0x2982770 "",
    x_offset=0, y_offset=0, qpix_put=0x29195f0, chroma_put=0x664760 <ff_put_h264_chroma_mc4_ssse3>, qpix_avg=0x29197f0,
    chroma_avg=0x664c60 <ff_avg_h264_chroma_mc4_ssse3>, weight_op=0x2919428, weight_avg=0x2919448, list0=4096, list1=16384) at libavcodec/h264_mc_template.c:60
#5  0x00000000004d51b6 in hl_motion_422_simple_8 (h=0x2919400, sl=0x7f47fda3a2c0, dest_y=0x2972840 "", dest_cb=0x2996110 "", dest_cr=0x2982770 "", qpix_put=0x2919570,
    chroma_put=0x2919530, qpix_avg=0x2919770, chroma_avg=0x2919550, weight_op=0x2919420, weight_avg=0x2919440) at libavcodec/h264_mc_template.c:100
#6  0x00000000004db60c in hl_decode_mb_simple_8 (h=0x2919400, sl=0x7f47fda3a2c0) at libavcodec/h264_mb_template.c:176
#7  0x000000000051869a in ff_h264_hl_decode_mb (h=0x2919400, sl=0x7f47fda3a2c0) at libavcodec/h264_mb.c:835
#8  0x000000000053afa2 in decode_slice (avctx=0x2902520, arg=0x7f47fda3a2c0) at libavcodec/h264_slice.c:2357
#9  0x000000000065d4ed in worker (v=0x2902520) at libavcodec/pthread_slice.c:99
#10 0x00007f4806f84e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#11 0x00007f4806cb18bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#12 0x0000000000000000 in ?? ()

by Carl Eugen Hoyos, 9 years ago

Attachment: fuzz6.264 added

comment:2 by Kieran Kunhya, 9 years ago

Fixed in 43b434210

comment:3 by Michael Niedermayer, 9 years ago

Reproduced by developer: set
Resolution: fixed
Status: newclosed

comment:4 by Carl Eugen Hoyos, 9 years ago

Keywords: h264 crash SIGSEGV added
Priority: normalimportant
Version: unspecifiedgit-master
Note: See TracTickets for help on using tickets.