Opened 3 weeks ago

Last modified 3 weeks ago

#6861 new defect

ABI broken by "add vector_dmac_scalar()"

Reported by: cehoyos Owned by:
Priority: important Component: avutil
Version: 3.4 Keywords: crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882598
Crash on decoding AC-3 when updating (only) libavutil since 4dc2dd80dc78f4abb19052682bfb68d64a7a96d6

$ ffmpeg -f lavfi -i sine=d=1 test.ac3
(gdb) r -i test.ac3 -f null -
Starting program: ffmpeg_g -i test.ac3 -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-85441-g9cd44e6 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 4.7 (SUSE Linux)
  configuration: --enable-shared
  libavutil      55. 60.100 / 55. 78.100
  libavcodec     57. 92.100 / 57. 92.100
  libavformat    57. 72.100 / 57. 72.100
  libavdevice    57.  7.100 / 57.  7.100
  libavfilter     6. 84.101 /  6. 84.101
  libswscale      4.  7.100 /  4.  7.100
  libswresample   2.  8.100 /  2.  8.100
[ac3 @ 0x63a3c0] Estimating duration from bitrate, this may be inaccurate
Input #0, ac3, from 'test.ac3':
  Duration: 00:00:01.01, start: 0.000000, bitrate: 96 kb/s
    Stream #0:0: Audio: ac3, 44100 Hz, mono, fltp, 96 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (ac3 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff55553b3 in ff_vector_dmul_scalar_avx () from libavutil/libavutil.so.55
(gdb) bt
#0  0x00007ffff55553b3 in ff_vector_dmul_scalar_avx () from libavutil/libavutil.so.55
#1  0x00007ffff5d70b75 in do_imdct (channels=1, s=0x64b1c0) at libavcodec/ac3dec.c:713
#2  decode_audio_block (s=s@entry=0x64b1c0, blk=6675712, blk@entry=0) at libavcodec/ac3dec.c:1449
#3  0x00007ffff5d722bb in ac3_decode_frame (avctx=<optimized out>, data=<optimized out>,
    got_frame_ptr=0x7fffffffd23c, avpkt=<optimized out>) at libavcodec/ac3dec.c:1610
#4  0x00007ffff5e1a14a in avcodec_decode_audio4 (avctx=avctx@entry=0x63c940, frame=0x66a000,
    got_frame_ptr=got_frame_ptr@entry=0x7fffffffd23c, avpkt=avpkt@entry=0x7fffffffd730)
    at libavcodec/decode.c:531
#5  0x00007ffff5e1aae8 in do_decode (avctx=avctx@entry=0x63c940, pkt=pkt@entry=0x7fffffffd730)
    at libavcodec/decode.c:229
#6  0x00007ffff5e1aef1 in avcodec_send_packet (avctx=avctx@entry=0x63c940, avpkt=<optimized out>,
    avpkt@entry=0x7fffffffd730) at libavcodec/decode.c:319
#7  0x0000000000425e2a in decode (pkt=0x7fffffffd730, got_frame=0x7fffffffd428, frame=0x66b300, avctx=0x63c940)
    at ffmpeg.c:2254
#8  decode_audio (ist=ist@entry=0x63daa0, pkt=0x7fffffffd730, got_output=got_output@entry=0x7fffffffd428,
    decode_failed=decode_failed@entry=0x7fffffffd42c) at ffmpeg.c:2311
#9  0x0000000000429230 in process_input_packet (no_eof=0, pkt=0x7fffffffd6d0, ist=0x63daa0) at ffmpeg.c:2629
#10 process_input (file_index=6544040) at ffmpeg.c:4390
#11 transcode_step () at ffmpeg.c:4501
#12 transcode () at ffmpeg.c:4555
#13 0x0000000000409e62 in main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4760
(gdb) disass $pc-19,$pc+32
Dump of assembler code from 0x7ffff55553a0 to 0x7ffff55553d3:
   0x00007ffff55553a0 <ff_vector_dmul_scalar_avx+0>:    vmovlhps %xmm0,%xmm0,%xmm0
   0x00007ffff55553a4 <ff_vector_dmul_scalar_avx+4>:    vinsertf128 $0x1,%xmm0,%ymm0,%ymm0
   0x00007ffff55553aa <ff_vector_dmul_scalar_avx+10>:   lea    -0x40(,%edx,8),%rdx
=> 0x00007ffff55553b3 <ff_vector_dmul_scalar_avx+19>:   vmulpd (%rsi,%rdx,1),%ymm0,%ymm1
   0x00007ffff55553b8 <ff_vector_dmul_scalar_avx+24>:   vmulpd 0x20(%rsi,%rdx,1),%ymm0,%ymm2
   0x00007ffff55553be <ff_vector_dmul_scalar_avx+30>:   vmovaps %ymm1,(%rdi,%rdx,1)
   0x00007ffff55553c3 <ff_vector_dmul_scalar_avx+35>:   vmovaps %ymm2,0x20(%rdi,%rdx,1)
   0x00007ffff55553c9 <ff_vector_dmul_scalar_avx+41>:   sub    $0x40,%rdx
   0x00007ffff55553cd <ff_vector_dmul_scalar_avx+45>:   jge    0x7ffff55553b3 <ff_vector_dmul_scalar_avx+19>
   0x00007ffff55553cf <ff_vector_dmul_scalar_avx+47>:   vzeroupper
   0x00007ffff55553d2 <ff_vector_dmul_scalar_avx+50>:   retq
End of assembler dump.
(gdb) info all-register
rax            0x66a2a0 6726304
rbx            0x65e300 6677248
rcx            0x65dd00 6675712
rdx            0x32f07c0        53413824
rsi            0x65c100 6668544
rdi            0x66b760 6731616
rbp            0x65e100 0x65e100
rsp            0x7fffffffce48   0x7fffffffce48
r8             0x80     128
r9             0x65c100 6668544
r10            0x66a980 6728064
r11            0x66afa0 6729632
r12            0x64b5c0 6600128
r13            0x0      0
r14            0x64b1c0 6599104
r15            0x1      1
rip            0x7ffff55553b3   0x7ffff55553b3 <ff_vector_dmul_scalar_avx+19>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            0.010737659167264571302894782083015013   (raw 0x3ff8afed01bd6030746e)
st7            0.99994234967602390229575448632459711    (raw 0x3ffefffc38c9be717754)
fctrl          0x37f    895
fstat          0x220    544
ftag           0xffff   65535
fiseg          0x7fff   32767
fioff          0xf50234a7       -184404825
foseg          0x7fff   32767
fooff          0xffffcba8       -13400
fop            0x0      0
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x90, 0x81, 0x38, 0x0, 0x0, 0x96, 0x35, 0x0, 0x90, 0x81, 0x38, 0x0, 0x0, 0x96, 0x35, 0x0,
    0x90, 0x81, 0x38, 0x0, 0x0, 0x96, 0x35, 0x0, 0x90, 0x81, 0x38, 0x0, 0x0, 0x96, 0x35}, v16_int16 = {0x9000,
    0x3881, 0x0, 0x3596, 0x9000, 0x3881, 0x0, 0x3596, 0x9000, 0x3881, 0x0, 0x3596, 0x9000, 0x3881, 0x0, 0x3596},
  v8_int32 = {0x38819000, 0x35960000, 0x38819000, 0x35960000, 0x38819000, 0x35960000, 0x38819000, 0x35960000},
  v4_int64 = {0x3596000038819000, 0x3596000038819000, 0x3596000038819000, 0x3596000038819000}, v2_int128 = {
    0x35960000388190003596000038819000, 0x35960000388190003596000038819000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xae, 0x44, 0xf5, 0x3b, 0x90, 0x33, 0xbe, 0x3c, 0xf6, 0x8a, 0x1d, 0x3d, 0xd4, 0x9c, 0x59, 0x3d,
    0x0 <repeats 16 times>}, v16_int16 = {0x44ae, 0x3bf5, 0x3390, 0x3cbe, 0x8af6, 0x3d1d, 0x9cd4, 0x3d59, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x3bf544ae, 0x3cbe3390, 0x3d1d8af6, 0x3d599cd4, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0x3cbe33903bf544ae, 0x3d599cd43d1d8af6, 0x0, 0x0}, v2_int128 = {
    0x3d599cd43d1d8af63cbe33903bf544ae, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xd4, 0xeb, 0xdb, 0x39, 0x3b, 0x7d, 0x81, 0x3c, 0xb6, 0x9d, 0xfe, 0x3c, 0x54, 0x10, 0x3c, 0x3d,
    0x0 <repeats 16 times>}, v16_int16 = {0xebd4, 0x39db, 0x7d3b, 0x3c81, 0x9db6, 0x3cfe, 0x1054, 0x3d3c, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x39dbebd4, 0x3c817d3b, 0x3cfe9db6, 0x3d3c1054, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0x3c817d3b39dbebd4, 0x3d3c10543cfe9db6, 0x0, 0x0}, v2_int128 = {
    0x3d3c10543cfe9db63c817d3b39dbebd4, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0xc0, 0xb9, 0x36, 0x0, 0x0, 0xcc, 0x36, 0x0, 0x48, 0x8, 0xb8, 0x0, 0xfc, 0x10, 0x38,
    0x0 <repeats 16 times>}, v16_int16 = {0xc000, 0x36b9, 0x0, 0x36cc, 0x4800, 0xb808, 0xfc00, 0x3810, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x36b9c000, 0x36cc0000, 0xb8084800, 0x3810fc00, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0x36cc000036b9c000, 0x3810fc00b8084800, 0x0, 0x0}, v2_int128 = {
    0x3810fc00b808480036cc000036b9c000, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xb6, 0x9d, 0xfe, 0x3c, 0xf6, 0x8a, 0x1d, 0x3d, 0x54, 0x10, 0x3c, 0x3d, 0xd4, 0x9c, 0x59, 0x3d,
    0x0 <repeats 16 times>}, v16_int16 = {0x9db6, 0x3cfe, 0x8af6, 0x3d1d, 0x1054, 0x3d3c, 0x9cd4, 0x3d59, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x3cfe9db6, 0x3d1d8af6, 0x3d3c1054, 0x3d599cd4, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0x3d1d8af63cfe9db6, 0x3d599cd43d3c1054, 0x0, 0x0}, v2_int128 = {
    0x3d599cd43d3c10543d1d8af63cfe9db6, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x64, 0x1c, 0x38, 0x0, 0x48, 0x8, 0xb8, 0x0, 0x18, 0x1, 0x38, 0x0, 0xfc, 0x10, 0x38,
    0x0 <repeats 16 times>}, v16_int16 = {0x6400, 0x381c, 0x4800, 0xb808, 0x1800, 0x3801, 0xfc00, 0x3810, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x381c6400, 0xb8084800, 0x38011800, 0x3810fc00, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0xb8084800381c6400, 0x3810fc0038011800, 0x0, 0x0}, v2_int128 = {
    0x3810fc0038011800b8084800381c6400, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xd4, 0xeb, 0xdb, 0x39, 0xae, 0x44, 0xf5, 0x3b, 0x3b, 0x7d, 0x81, 0x3c, 0x90, 0x33, 0xbe, 0x3c,
    0x0 <repeats 16 times>}, v16_int16 = {0xebd4, 0x39db, 0x44ae, 0x3bf5, 0x7d3b, 0x3c81, 0x3390, 0x3cbe, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x39dbebd4, 0x3bf544ae, 0x3c817d3b, 0x3cbe3390, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0x3bf544ae39dbebd4, 0x3cbe33903c817d3b, 0x0, 0x0}, v2_int128 = {
    0x3cbe33903c817d3b3bf544ae39dbebd4, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x90, 0x81, 0x38, 0x0, 0xc0, 0xb9, 0x36, 0x0, 0x0, 0x96, 0x35, 0x0, 0x0, 0xcc, 0x36,
    0x0 <repeats 16 times>}, v16_int16 = {0x9000, 0x3881, 0xc000, 0x36b9, 0x0, 0x3596, 0x0, 0x36cc, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x38819000, 0x36b9c000, 0x35960000, 0x36cc0000, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0x36b9c00038819000, 0x36cc000035960000, 0x0, 0x0}, v2_int128 = {
    0x36cc00003596000036b9c00038819000, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0,
    0x8000, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x8000000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000008000000000000000,
    0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0,
    0x8000, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x8000000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000008000000000000000,
    0x00000000000000000000000000000000}}
ymm10          {v8_float = {0xffffcfa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x16, 0x70, 0x41, 0xc6, 0x58, 0xac, 0x98, 0xb5, 0x0 <repeats 24 times>}, v16_int16 = {0x7016,
    0xc641, 0xac58, 0xb598, 0x0 <repeats 12 times>}, v8_int32 = {0xc6417016, 0xb598ac58, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0}, v4_int64 = {0xb598ac58c6417016, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000b598ac58c6417016,
    0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0, 0x0, 0x0, 0xb8, 0x76, 0x19, 0x1f, 0xb9, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0xb800,
    0x1976, 0xb91f, 0x0 <repeats 12 times>}, v8_int32 = {0xb8000000, 0xb91f1976, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v4_int64 = {0xb91f1976b8000000, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000b91f1976b8000000,
    0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
    0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
    0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xa0, 0x83, 0x47, 0x3, 0x1d, 0x3c, 0x8a, 0xb5, 0x0 <repeats 24 times>}, v16_int16 = {0x83a0,
    0x347, 0x3c1d, 0xb58a, 0x0 <repeats 12 times>}, v8_int32 = {0x34783a0, 0xb58a3c1d, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb58a3c1d034783a0, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000b58a3c1d034783a0,
    0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0},
  v32_int8 = {0xa0, 0x83, 0x47, 0x3, 0x1d, 0x3c, 0xaa, 0xb5, 0x0 <repeats 24 times>}, v16_int16 = {0x83a0,
    0x347, 0x3c1d, 0xb5aa, 0x0 <repeats 12 times>}, v8_int32 = {0x34783a0, 0xb5aa3c1d, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb5aa3c1d034783a0, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000b5aa3c1d034783a0,
    0x00000000000000000000000000000000}}

Also reproducible using a 3.3 binary as in the Debian report.

Change History (3)

comment:1 follow-up: Changed 3 weeks ago by heleppkes

Thats unfortunate, however a release has already been made with the changed ABI, so any changes now would only make it worse. And master had a major bump to resolve any ABI concerns.

Upgrading only one library is always discouraged, and luckily float_dsp.h is not an installed header, so simply upgrading all libraries will easily resolve this.

Last edited 3 weeks ago by heleppkes (previous) (diff)

comment:2 in reply to: ↑ 1 ; follow-up: Changed 3 weeks ago by jamrial

Replying to heleppkes:

Thats unfortunate, however a release has already been made with the changed ABI, so any changes now would only make it worse. And master had a major bump to resolve any ABI concerns.

It's not the first time this happened. See 3.1 and lavfi.
vector_dmac_scalar() is only available in release/3.4 fortunately, so it should be moved down to the end of the struct for 3.4.1 and the release news entry have a line about it, just like we did with 3.1.1.

The major bump doesn't really solve this for those trying to stay compatible with the 3.x ABI, which means every 3.4 user, the latest stable release.

comment:3 in reply to: ↑ 2 Changed 3 weeks ago by heleppkes

Replying to jamrial:

Replying to heleppkes:

Thats unfortunate, however a release has already been made with the changed ABI, so any changes now would only make it worse. And master had a major bump to resolve any ABI concerns.

It's not the first time this happened. See 3.1 and lavfi.
vector_dmac_scalar() is only available in release/3.4 fortunately, so it should be moved down to the end of the struct for 3.4.1 and the release news entry have a line about it, just like we did with 3.1.1

Personally I think making 3.4 and 3.4.1 ABI incompatible is worse then just keeping it as-is.
Its not a user-facing ABI break, its only inter-library. A strong recommendation to always upgrade all libraries should always be present on every release.

Last edited 3 weeks ago by heleppkes (previous) (diff)
Note: See TracTickets for help on using tickets.