Opened 3 years ago

Closed 3 years ago

#5528 closed defect (fixed)

ffmpeg crashes when transcoding from mp3 to wav.

Reported by: Yang.jiao Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: mp3 crash SIGSEGV regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description (last modified by cehoyos)

ffmpeg crashes when transcoding from mp3 to wav.

How to reproduce:

% ffmpeg -i fire.mp3 test.wav

Console output:

ffmpeg version N-79887-gca5ec2b Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
  configuration: --cc=gcc --cxx=g++ --disable-pthreads --disable-inline-asm --disable-yasm --disable-asm --disable-mmx --disable-mmxext --disable-sse --disable-sse2 --disable-sse3 --disable-ssse3 --disable-sse4 --disable-sse42 --disable-avx --disable-xop --disable-fma3 --disable-fma4 --disable-avx2 --disable-xlib --disable-zlib --disable-securetransport --disable-sdl --disable-lzma --disable-bzlib --disable-iconv --disable-runtime-cpudetect --disable-libxcb
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 40.100 / 57. 40.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging level) with argument '99'.
Reading option '-i' ... matched as input file with argument './tools/fuzzbox/fire.mp3'.
Reading option 'ttest.wav' ... matched as output file.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file ./tools/fuzzbox/fire.mp3.
Successfully parsed a group of options.
Opening an input file: ./tools/fuzzbox/fire.mp3.
[file @ 0x33a5990] Setting default whitelist 'file,crypto'
Probing aac score:1 size:2015
Probing mp3 score:51 size:2015
[mp3 @ 0x33a52b0] Format mp3 probed with size=2048 and score=51
[mp3 @ 0x33a52b0] id3v2 ver:2 flags:00 len:23
[mp3 @ 0x33a52b0] Skipping 0 bytes of junk at 33.
[mp3 @ 0x33a52b0] Before avformat_find_stream_info() pos: 33 bytes read:20513 seeks:0
[mp3 @ 0x33a6560] Warning: not compiled with thread support, using thread emulation
[mp3 @ 0x33a52b0] All info found
[mp3 @ 0x33a52b0] Estimating duration from bitrate, this may be inaccurate
[mp3 @ 0x33a52b0] 0: start_time: 0.000 duration: 72.253
[mp3 @ 0x33a52b0] stream: start_time: 0.000 duration: 5.120 bitrate=32 kb/s
[mp3 @ 0x33a52b0] After avformat_find_stream_info() pos: 6177 bytes read:20513 seeks:0 frames:50
Input #0, mp3, from './tools/fuzzbox/fire.mp3':
  Metadata:
    title           : 440Hz Sine Wave
  Duration: 00:00:05.12, start: 0.000000, bitrate: 32 kb/s
    Stream #0:0, 50, 1/14112000: Audio: mp3, 22050 Hz, mono, s16p, 32 kb/s
Successfully opened the file.
Parsing a group of options: output file ttest.wav.
Successfully parsed a group of options.
Opening an output file: ttest.wav.
[file @ 0x33a6f70] Setting default whitelist 'file,crypto'
Successfully opened the file.
[graph 0 input from stream 0:0 @ 0x33c6330] Setting 'time_base' to value '1/22050'
[graph 0 input from stream 0:0 @ 0x33c6330] Setting 'sample_rate' to value '22050'
[graph 0 input from stream 0:0 @ 0x33c6330] Setting 'sample_fmt' to value 's16p'
[graph 0 input from stream 0:0 @ 0x33c6330] Setting 'channel_layout' to value '0x4'
[graph 0 input from stream 0:0 @ 0x33c6330] tb:1/22050 samplefmt:s16p samplerate:22050 chlayout:0x4
[audio format for output stream 0:0 @ 0x33c6500] Setting 'sample_fmts' to value 's16'
[audio format for output stream 0:0 @ 0x33c6500] auto-inserting filter 'auto-inserted resampler 0' between the filter 'Parsed_anull_0' and the filter 'audio format for output stream 0:0'
[AVFilterGraph @ 0x33adac0] query_formats: 4 queried, 6 merged, 3 already done, 0 delayed
[auto-inserted resampler 0 @ 0x33c7280] [SWR @ 0x33c7400] Using s16p internally between filters
[auto-inserted resampler 0 @ 0x33c7280] ch:1 chl:mono fmt:s16p r:22050Hz -> ch:1 chl:mono fmt:s16 r:22050Hz
[mp3 @ 0x33a8140] Warning: not compiled with thread support, using thread emulation
[pcm_s16le @ 0x33bdda0] Warning: not compiled with thread support, using thread emulation
[wav @ 0x33ac7f0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, wav, to 'ttest.wav':
  Metadata:
    INAM            : 440Hz Sine Wave
    ISFT            : Lavf57.36.100
    Stream #0:0, 0, 1/22050: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 22050 Hz, mono, s16, 352 kb/s
    Metadata:
      encoder         : Lavc57.40.100 pcm_s16le
Stream mapping:
  Stream #0:0 -> #0:0 (mp3 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
cur_dts is invalid (this is harmless if it occurs once at the start per stream)
[mp3 @ 0x33a8140] invalid new backstep -1
[mp3 @ 0x33a8140] skip -1431655766 / discard -1431655766 samples due to side data
Segmentation fault (core dumped)

gdb output:

The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/hmsf/tools/ffmpeg.git/ffmpeg_g -i ~/tools/fuzzbox/fire.mp3  tttt.wav
ffmpeg version N-79887-gca5ec2b Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.2.1 (Ubuntu 5.2.1-22ubuntu2) 20151010
  configuration: --cc=gcc --cxx=g++ --disable-pthreads --disable-inline-asm --disable-yasm --disable-asm --disable-mmx --disable-mmxext --disable-sse --disable-sse2 --disable-sse3 --disable-ssse3 --disable-sse4 --disable-sse42 --disable-avx --disable-xop --disable-fma3 --disable-fma4 --disable-avx2 --disable-xlib --disable-zlib --disable-securetransport --disable-sdl --disable-lzma --disable-bzlib --disable-iconv --disable-runtime-cpudetect --disable-libxcb
  libavutil      55. 24.100 / 55. 24.100
  libavcodec     57. 40.100 / 57. 40.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 45.100 /  6. 45.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
[mp3 @ 0x21b55a0] Warning: not compiled with thread support, using thread emulation
[mp3 @ 0x21b4270] Estimating duration from bitrate, this may be inaccurate
Input #0, mp3, from '/home/hmsf/tools/fuzzbox/fire.mp3':
  Metadata:
    title           : 440Hz Sine Wave
  Duration: 00:00:05.12, start: 0.000000, bitrate: 32 kb/s
    Stream #0:0: Audio: mp3, 22050 Hz, mono, s16p, 32 kb/s
File 'tttt.wav' already exists. Overwrite ? [y/N] y
[mp3 @ 0x21b7110] Warning: not compiled with thread support, using thread emulation
[pcm_s16le @ 0x21ccd80] Warning: not compiled with thread support, using thread emulation
[wav @ 0x21bb7c0] Using AVStream.codec to pass codec parameters to muxers is deprecated, use AVStream.codecpar instead.
Output #0, wav, to 'tttt.wav':
  Metadata:
    INAM            : 440Hz Sine Wave
    ISFT            : Lavf57.36.100
    Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 22050 Hz, mono, s16, 352 kb/s
    Metadata:
      encoder         : Lavc57.40.100 pcm_s16le
Stream mapping:
  Stream #0:0 -> #0:0 (mp3 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
[mp3 @ 0x21b7110] invalid new backstep -1

Program received signal SIGSEGV, Segmentation fault.
__memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:244
244	../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:244
#1  0x00000000013dda81 in av_samples_copy (dst=0x21e41b0, src=0x21e41b0, dst_offset=0, 
    src_offset=1431655764, nb_samples=1431656342, nb_channels=1, sample_fmt=AV_SAMPLE_FMT_S16P)
    at libavutil/samplefmt.c:226
#2  0x0000000000d86ee3 in avcodec_decode_audio4 (avctx=0x21b7110, frame=0x21e41b0, 
    got_frame_ptr=0x7fffffffdd14, avpkt=0x7fffffffddb0) at libavcodec/utils.c:2356
#3  0x0000000000422cbb in decode_audio (ist=0x21bac20, pkt=0x7fffffffddb0, got_output=0x7fffffffdd14)
    at ffmpeg.c:1961
#4  0x0000000000424627 in process_input_packet (ist=0x21bac20, pkt=0x7fffffffe030, no_eof=0)
    at ffmpeg.c:2337
#5  0x000000000042b63a in process_input (file_index=0) at ffmpeg.c:4010
#6  0x000000000042b98b in transcode_step () at ffmpeg.c:4098
#7  0x000000000042bacd in transcode () at ffmpeg.c:4152
#8  0x000000000042c1c3 in main (argc=4, argv=0x7fffffffe538) at ffmpeg.c:4345
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff7854944 to 0x7ffff7854984:
   0x00007ffff7854944 <__memcpy_avx_unaligned+676>:	pushq  $0xffffffffc1480027
   0x00007ffff7854949 <__memcpy_avx_unaligned+681>:	loope  0x7ffff785494e <__memcpy_avx_unaligned+686>
   0x00007ffff785494b <__memcpy_avx_unaligned+683>:	cmp    %rcx,%rdx
   0x00007ffff785494e <__memcpy_avx_unaligned+686>:	jae    0x7ffff7854960 <__memcpy_avx_unaligned+704>
   0x00007ffff7854950 <__memcpy_avx_unaligned+688>:	mov    %rdx,%rcx
   0x00007ffff7854953 <__memcpy_avx_unaligned+691>:	mov    %rdx,%rcx
   0x00007ffff7854956 <__memcpy_avx_unaligned+694>:	rep movsb %ds:(%rsi),%es:(%rdi)
   0x00007ffff7854958 <__memcpy_avx_unaligned+696>:	retq   
   0x00007ffff7854959 <__memcpy_avx_unaligned+697>:	nopl   0x0(%rax)
   0x00007ffff7854960 <__memcpy_avx_unaligned+704>:	lea    (%rsi,%rdx,1),%rcx
=> 0x00007ffff7854964 <__memcpy_avx_unaligned+708>:	vmovdqu (%rsi),%ymm4
   0x00007ffff7854968 <__memcpy_avx_unaligned+712>:	vmovdqu -0x80(%rsi,%rdx,1),%xmm5
   0x00007ffff785496e <__memcpy_avx_unaligned+718>:	vmovdqu -0x70(%rcx),%xmm6
   0x00007ffff7854973 <__memcpy_avx_unaligned+723>:	vmovdqu -0x60(%rcx),%xmm7
   0x00007ffff7854978 <__memcpy_avx_unaligned+728>:	vmovdqu -0x50(%rcx),%xmm8
   0x00007ffff785497d <__memcpy_avx_unaligned+733>:	vmovdqu -0x40(%rcx),%xmm9
   0x00007ffff7854982 <__memcpy_avx_unaligned+738>:	vmovdqu -0x30(%rcx),%xmm10
End of assembler dump.
(gdb) info all-registers
rax            0x21e4590	35538320
rbx            0x0	0
rcx            0x21e4a10	35539472
rdx            0xffffffffaaaaaf2c	-1431654612
rsi            0x57739ae4	1467194084
rdi            0x21e4590	35538320
rbp            0x13ee940	0x13ee940 <__libc_csu_init>
rsp            0x7fffffffda48	0x7fffffffda48
r8             0x55555796	1431656342
r9             0x1	1
r10            0x21ca790	35432336
r11            0x246	582
r12            0x4039b0	4209072
r13            0x7fffffffe530	140737488348464
r14            0x0	0
r15            0x0	0
rip            0x7ffff7854964	0x7ffff7854964 <__memcpy_avx_unaligned+708>
eflags         0x10282	[ SF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
st0            0	(raw 0x00000000000000000000)
st1            0	(raw 0x00000000000000000000)
st2            0	(raw 0x00000000000000000000)
st3            0	(raw 0x00000000000000000000)
st4            0	(raw 0x00000000000000000000)
st5            0	(raw 0x00000000000000000000)
st6            0	(raw 0x00000000000000000000)
st7            0	(raw 0x00000000000000000000)
fctrl          0x37f	895
fstat          0x0	0
ftag           0xffff	65535
fiseg          0x0	0
fioff          0x0	0
foseg          0x0	0
fooff          0x0	0
fop            0x0	0
mxcsr          0x1fa0	[ PE IM DM ZM OM UM PM ]
bndcfgu        {raw = 0x0, config = {base = 0x0, reserved = 0x0, preserved = 0x0, 
    enabled = 0x0}}	{raw = 0x0, config = {base = 0, reserved = 0, preserved = 0, enabled = 0}}
bndstatus      {raw = 0x0, status = {bde = 0x0, error = 0x0}}	{raw = 0x0, status = {bde = 0, 
    error = 0}}
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xf8, 0xff, 0xff, 0xff, 0xfa, 
    0xff, 0xff, 0xff, 0xf6, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfff8, 0xffff, 0xfffa, 0xffff, 0xfff6, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffff8, 0xfffffffa, 0xfffffff6, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffff8fffffffe, 0xfffffff6fffffffa, 0x0, 0x0}, v2_int128 = {
    0xfffffff6fffffffafffffff8fffffffe, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfc, 0xff, 0xff, 0xff, 0xf6, 0xff, 0xff, 0xff, 0xfa, 
    0xff, 0xff, 0xff, 0xf8, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffc, 0xffff, 
    0xfff6, 0xffff, 0xfffa, 0xffff, 0xfff8, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffc, 0xfffffff6, 0xfffffffa, 0xfffffff8, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffff6fffffffc, 0xfffffff8fffffffa, 0x0, 0x0}, v2_int128 = {
    0xfffffff8fffffffafffffff6fffffffc, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffc, 0xffff, 0xfffe, 0xffff, 0xfffe, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffc, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffcfffffffe, 0xfffffffefffffffe, 0x0, 0x0}, v2_int128 = {
    0xfffffffefffffffefffffffcfffffffe, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0xfffe, 
    0xffff, 0xfffe, 0xffff, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 
    0xfffffffe, 0xfffffffe, 0xfffffffc, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xfffffffe00000000, 
    0xfffffffcfffffffe, 0x0, 0x0}, v2_int128 = {0xfffffffcfffffffefffffffe00000000, 
    0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffc, 0xffff, 0xfffe, 0xffff, 0xfffe, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffc, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffcfffffffe, 0xfffffffefffffffe, 0x0, 0x0}, v2_int128 = {
    0xfffffffefffffffefffffffcfffffffe, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xf8, 0xff, 0xff, 0xff, 0xfa, 
    0xff, 0xff, 0xff, 0xf6, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfff8, 0xffff, 0xfffa, 0xffff, 0xfff6, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffff8, 0xfffffffa, 0xfffffff6, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffff8fffffffe, 0xfffffff6fffffffa, 0x0, 0x0}, v2_int128 = {
    0xfffffff6fffffffafffffff8fffffffe, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfc, 0xff, 0xff, 0xff, 0xf6, 0xff, 0xff, 0xff, 0xfa, 
    0xff, 0xff, 0xff, 0xf8, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffc, 0xffff, 
    0xfff6, 0xffff, 0xfffa, 0xffff, 0xfff8, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffc, 0xfffffff6, 0xfffffffa, 0xfffffff8, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffff6fffffffc, 0xfffffff8fffffffa, 0x0, 0x0}, v2_int128 = {
    0xfffffff8fffffffafffffff6fffffffc, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffc, 0xffff, 0xfffe, 0xffff, 0xfffe, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffc, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffcfffffffe, 0xfffffffefffffffe, 0x0, 0x0}, v2_int128 = {
    0xfffffffefffffffefffffffcfffffffe, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0xfffe, 
    0xffff, 0xfffe, 0xffff, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 
    0xfffffffe, 0xfffffffe, 0xfffffffc, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xfffffffe00000000, 
    0xfffffffcfffffffe, 0x0, 0x0}, v2_int128 = {0xfffffffcfffffffefffffffe00000000, 
    0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0xfc, 
    0xff, 0xff, 0xff, 0xfa, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffa, 0xffff, 0xfffc, 0xffff, 0xfffa, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffa, 0xfffffffc, 0xfffffffa, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffafffffffe, 0xfffffffafffffffc, 0x0, 0x0}, v2_int128 = {
    0xfffffffafffffffcfffffffafffffffe, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xfe, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff, 0xfe, 
    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0xfffe, 0xffff, 
    0xfffc, 0xffff, 0xfffe, 0xffff, 0xfffe, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v8_int32 = {0xfffffffe, 0xfffffffc, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xfffffffcfffffffe, 0xfffffffefffffffe, 0x0, 0x0}, v2_int128 = {
    0xfffffffefffffffefffffffcfffffffe, 0x00000000000000000000000000000000}}
      	

Attachments (1)

fire.mp3 (20.0 KB) - added by Yang.jiao 3 years ago.
generated mp3 file which will trigger crash

Download all attachments as: .zip

Change History (3)

Changed 3 years ago by Yang.jiao

generated mp3 file which will trigger crash

comment:1 Changed 3 years ago by cehoyos

  • Component changed from undetermined to avcodec
  • Description modified (diff)
  • Keywords mp3 crash SIGSEGV regression added
  • Priority changed from normal to important
  • Reproduced by developer set
  • Status changed from new to open

comment:2 Changed 3 years ago by michael

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.