Opened 12 years ago

Closed 11 years ago

#1135 closed defect (duplicate)

ffmpeg/ffplay crashes with lowres=1 or lowres=3 with 1080i mpeg2 video on arm-neon

Reported by: Yi Wang Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: arm lowres crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This was found on iOS (ipad1+ and iPhone4+) device.

It did not crash for the following cases:

  • compiled for armv6, or
  • compiled for i386, or
  • with 720p/480p mpeg2video, or
  • with 1080i mpeg2video but lowres=2

./ffmpeg -vlowres 2 -i video_6.ts -benchmark -f null null.ts

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x01fcd000
0x00148460 in ff_put_h264_chroma_mc4_neon ()
(gdb) bt
#0 0x00148460 in ff_put_h264_chroma_mc4_neon ()
#1 0x004069cc in MPV_motion_lowres ()
#2 0x0041204c in MPV_decode_mb ()
#3 0x003d864c in mpeg_decode_slice ()
#4 0x003d93cc in decode_chunks ()
#5 0x003dbb3c in mpeg_decode_frame ()
#6 0x004c3e0c in avcodec_decode_video2 ()
#7 0x00008488 in output_packet ()
#8 0x0000cf34 in transcode ()
#9 0x0000d7a0 in main ()

  • ffplay will crash at the exact same function
  • found on master, 0.10.2, 0.9.1

Change History (19)

comment:1 by Carl Eugen Hoyos, 12 years ago

Keywords: arm added

Please add complete, uncut console output and the information listed on http://ffmpeg.org/bugreports.html (disassembly and register).

comment:2 by Yi Wang, 12 years ago

(gdb) disass
Dump of assembler code for function ff_put_h264_chroma_mc4_neon:
0x00148308 <ff_put_h264_chroma_mc4_neon+0>: push {r4, r5, r6, r7, lr}
0x0014830c <ff_put_h264_chroma_mc4_neon+4>: ldrd r4, [sp, #20]
0x00148310 <ff_put_h264_chroma_mc4_neon+8>: pld [r1]
0x00148314 <ff_put_h264_chroma_mc4_neon+12>: pld [r1, r2]
0x00148318 <ff_put_h264_chroma_mc4_neon+16>: muls r7, r4, r5
0x0014831c <ff_put_h264_chroma_mc4_neon+20>: rsb r6, r7, r5, lsl #3
0x00148320 <ff_put_h264_chroma_mc4_neon+24>: rsb r12, r7, r4, lsl #3
0x00148324 <ff_put_h264_chroma_mc4_neon+28>: sub r4, r7, r4, lsl #3
0x00148328 <ff_put_h264_chroma_mc4_neon+32>: sub r4, r4, r5, lsl #3
0x0014832c <ff_put_h264_chroma_mc4_neon+36>: add r4, r4, #64 ; 0x40
0x00148330 <ff_put_h264_chroma_mc4_neon+40>: beq 0x1483bc <ff_put_h264_chroma_mc4_neon+180>
0x00148334 <ff_put_h264_chroma_mc4_neon+44>: add r5, r1, r2
0x00148338 <ff_put_h264_chroma_mc4_neon+48>: vdup.8 d0, r4
0x0014833c <ff_put_h264_chroma_mc4_neon+52>: lsl r4, r2, #1
0x00148340 <ff_put_h264_chroma_mc4_neon+56>: vdup.8 d1, r12
0x00148344 <ff_put_h264_chroma_mc4_neon+60>: vld1.8 {d4}, [r1], r4
0x00148348 <ff_put_h264_chroma_mc4_neon+64>: vdup.8 d2, r6
0x0014834c <ff_put_h264_chroma_mc4_neon+68>: vld1.8 {d6}, [r5], r4
0x00148350 <ff_put_h264_chroma_mc4_neon+72>: vdup.8 d3, r7
0x00148354 <ff_put_h264_chroma_mc4_neon+76>: vext.8 d5, d4, d5, #1
0x00148358 <ff_put_h264_chroma_mc4_neon+80>: vext.8 d7, d6, d7, #1
0x0014835c <ff_put_h264_chroma_mc4_neon+84>: vtrn.32 d4, d5
0x00148360 <ff_put_h264_chroma_mc4_neon+88>: vtrn.32 d6, d7
0x00148364 <ff_put_h264_chroma_mc4_neon+92>: vtrn.32 d0, d1
0x00148368 <ff_put_h264_chroma_mc4_neon+96>: vtrn.32 d2, d3
0x0014836c <ff_put_h264_chroma_mc4_neon+100>: pld [r5]
0x00148370 <ff_put_h264_chroma_mc4_neon+104>: vmull.u8 q8, d4, d0
0x00148374 <ff_put_h264_chroma_mc4_neon+108>: vmlal.u8 q8, d6, d2
0x00148378 <ff_put_h264_chroma_mc4_neon+112>: vld1.8 {d4}, [r1], r4
0x0014837c <ff_put_h264_chroma_mc4_neon+116>: vext.8 d5, d4, d5, #1
0x00148380 <ff_put_h264_chroma_mc4_neon+120>: vtrn.32 d4, d5
0x00148384 <ff_put_h264_chroma_mc4_neon+124>: vmull.u8 q9, d6, d0
0x00148388 <ff_put_h264_chroma_mc4_neon+128>: vmlal.u8 q9, d4, d2
0x0014838c <ff_put_h264_chroma_mc4_neon+132>: vld1.8 {d6}, [r5], r4
0x00148390 <ff_put_h264_chroma_mc4_neon+136>: vadd.i16 d16, d16, d17
0x00148394 <ff_put_h264_chroma_mc4_neon+140>: vadd.i16 d17, d18, d19
0x00148398 <ff_put_h264_chroma_mc4_neon+144>: vrshrn.i16 d16, q8, #6
0x0014839c <ff_put_h264_chroma_mc4_neon+148>: subs r3, r3, #2 ; 0x2
0x001483a0 <ff_put_h264_chroma_mc4_neon+152>: pld [r1]
0x001483a4 <ff_put_h264_chroma_mc4_neon+156>: vext.8 d7, d6, d7, #1
0x001483a8 <ff_put_h264_chroma_mc4_neon+160>: vtrn.32 d6, d7
0x001483ac <ff_put_h264_chroma_mc4_neon+164>: vst1.32 {d16[0]}, [r0, :32], r2
0x001483b0 <ff_put_h264_chroma_mc4_neon+168>: vst1.32 {d16[1]}, [r0, :32], r2
---Type <return> to continue, or q <return> to quit---
0x001483b4 <ff_put_h264_chroma_mc4_neon+172>: bgt 0x14836c <ff_put_h264_chroma_mc4_neon+100>
0x001483b8 <ff_put_h264_chroma_mc4_neon+176>: pop {r4, r5, r6, r7, pc}
0x001483bc <ff_put_h264_chroma_mc4_neon+180>: tst r6, r6
0x001483c0 <ff_put_h264_chroma_mc4_neon+184>: add r12, r12, r6
0x001483c4 <ff_put_h264_chroma_mc4_neon+188>: vdup.8 d0, r4
0x001483c8 <ff_put_h264_chroma_mc4_neon+192>: vdup.8 d1, r12
0x001483cc <ff_put_h264_chroma_mc4_neon+196>: vtrn.32 d0, d1
0x001483d0 <ff_put_h264_chroma_mc4_neon+200>: beq 0x148420 <ff_put_h264_chroma_mc4_neon+280>
0x001483d4 <ff_put_h264_chroma_mc4_neon+204>: vext.8 d1, d0, d1, #4
0x001483d8 <ff_put_h264_chroma_mc4_neon+208>: add r5, r1, r2
0x001483dc <ff_put_h264_chroma_mc4_neon+212>: lsl r4, r2, #1
0x001483e0 <ff_put_h264_chroma_mc4_neon+216>: vld1.32 {d4[0]}, [r1], r4
0x001483e4 <ff_put_h264_chroma_mc4_neon+220>: vld1.32 {d4[1]}, [r5], r4
0x001483e8 <ff_put_h264_chroma_mc4_neon+224>: pld [r5]
0x001483ec <ff_put_h264_chroma_mc4_neon+228>: vmull.u8 q8, d4, d0
0x001483f0 <ff_put_h264_chroma_mc4_neon+232>: vld1.32 {d4[0]}, [r1], r4
0x001483f4 <ff_put_h264_chroma_mc4_neon+236>: vmull.u8 q9, d4, d1
0x001483f8 <ff_put_h264_chroma_mc4_neon+240>: vld1.32 {d4[1]}, [r5], r4
0x001483fc <ff_put_h264_chroma_mc4_neon+244>: vadd.i16 d16, d16, d17
0x00148400 <ff_put_h264_chroma_mc4_neon+248>: vadd.i16 d17, d18, d19
0x00148404 <ff_put_h264_chroma_mc4_neon+252>: vrshrn.i16 d16, q8, #6
0x00148408 <ff_put_h264_chroma_mc4_neon+256>: subs r3, r3, #2 ; 0x2
0x0014840c <ff_put_h264_chroma_mc4_neon+260>: pld [r1]
0x00148410 <ff_put_h264_chroma_mc4_neon+264>: vst1.32 {d16[0]}, [r0, :32], r2
0x00148414 <ff_put_h264_chroma_mc4_neon+268>: vst1.32 {d16[1]}, [r0, :32], r2
0x00148418 <ff_put_h264_chroma_mc4_neon+272>: bgt 0x1483e8 <ff_put_h264_chroma_mc4_neon+224>
0x0014841c <ff_put_h264_chroma_mc4_neon+276>: pop {r4, r5, r6, r7, pc}
0x00148420 <ff_put_h264_chroma_mc4_neon+280>: vld1.8 {d4}, [r1], r2
0x00148424 <ff_put_h264_chroma_mc4_neon+284>: vld1.8 {d6}, [r1], r2
0x00148428 <ff_put_h264_chroma_mc4_neon+288>: vext.8 d5, d4, d5, #1
0x0014842c <ff_put_h264_chroma_mc4_neon+292>: vext.8 d7, d6, d7, #1
0x00148430 <ff_put_h264_chroma_mc4_neon+296>: vtrn.32 d4, d5
0x00148434 <ff_put_h264_chroma_mc4_neon+300>: vtrn.32 d6, d7
0x00148438 <ff_put_h264_chroma_mc4_neon+304>: vmull.u8 q8, d4, d0
0x0014843c <ff_put_h264_chroma_mc4_neon+308>: vmull.u8 q9, d6, d0
0x00148440 <ff_put_h264_chroma_mc4_neon+312>: subs r3, r3, #2 ; 0x2
0x00148444 <ff_put_h264_chroma_mc4_neon+316>: vld1.8 {d4}, [r1], r2
0x00148448 <ff_put_h264_chroma_mc4_neon+320>: vext.8 d5, d4, d5, #1
0x0014844c <ff_put_h264_chroma_mc4_neon+324>: vtrn.32 d4, d5
0x00148450 <ff_put_h264_chroma_mc4_neon+328>: vadd.i16 d16, d16, d17
0x00148454 <ff_put_h264_chroma_mc4_neon+332>: vadd.i16 d17, d18, d19
0x00148458 <ff_put_h264_chroma_mc4_neon+336>: pld [r1]
---Type <return> to continue, or q <return> to quit---
0x0014845c <ff_put_h264_chroma_mc4_neon+340>: vrshrn.i16 d16, q8, #6
0x00148460 <ff_put_h264_chroma_mc4_neon+344>: vld1.8 {d6}, [r1], r2
0x00148464 <ff_put_h264_chroma_mc4_neon+348>: vext.8 d7, d6, d7, #1
0x00148468 <ff_put_h264_chroma_mc4_neon+352>: vtrn.32 d6, d7
0x0014846c <ff_put_h264_chroma_mc4_neon+356>: pld [r1]
0x00148470 <ff_put_h264_chroma_mc4_neon+360>: vst1.32 {d16[0]}, [r0, :32], r2
0x00148474 <ff_put_h264_chroma_mc4_neon+364>: vst1.32 {d16[1]}, [r0, :32], r2
0x00148478 <ff_put_h264_chroma_mc4_neon+368>: bgt 0x148438 <ff_put_h264_chroma_mc4_neon+304>
0x0014847c <ff_put_h264_chroma_mc4_neon+372>: pop {r4, r5, r6, r7, pc}
End of assembler dump.

(gdb) display/i $pc
3: x/i $pc 0x148460 <ff_put_h264_chroma_mc4_neon+344>: vld1.8 {d6}, [r1], r2

comment:3 by Yi Wang, 12 years ago

(gdb) info all-registers
r0 0x1e4ca5c 31771228
r1 0x1fccffc 33345532
r2 0x1e0 480
r3 0x0 0
r4 0x40 64
r5 0x0 0
r6 0x0 0
r7 0x0 0
r8 0x109cdf4 17419764
r9 0xfffffffc -4
r10 0x1 1
r11 0x45 69
r12 0x0 0
sp 0x2fdfc944 803195204
lr 0x4069cc 4221388
pc 0x148460 1344608
cpsr {0x68000010, n = 0x0, z = 0x1, c = 0x1, v = 0x0, q = 0x1, j = 0x0,

ge = 0x0, e = 0x0, a = 0x0, i = 0x0, f = 0x0, t = 0x0, mode = 0x10} {
0x68000010, n = 0, z = 1, c = 1, v = 0, q = 1, j = 0, ge = 0, e = 0, a = 0,
i = 0, f = 0, t = 0, mode = usr}

s0 3.00392151 (raw 0x40404040)
s1 0 (raw 0x00000000)
s2 3.00392151 (raw 0x40404040)
s3 0 (raw 0x00000000)
s4 -nan(0x7fffff) (raw 0xffffffff)
s5 -nan(0x7fffff) (raw 0xffffffff)
s6 -nan(0x7fffff) (raw 0xffffffff)
s7 -nan(0x7fffff) (raw 0xffffffff)
s8 -1.18010406e-38 (raw 0x80808080)
s9 -1.18010406e-38 (raw 0x80808080)
s10 -1.18010406e-38 (raw 0x80808080)
s11 -1.20842656e-35 (raw 0x85808080)
s12 0 (raw 0x00000000)
s13 -0.0358605608 (raw 0xbd12e286)
s14 -1.18010406e-38 (raw 0x80808080)
s15 -7.73392998e-34 (raw 0x88808080)
s16 0 (raw 0x00000000)
s17 1.875 (raw 0x3ff00000)
s18 -1000000 (raw 0xc9742400)
s19 0.876499951 (raw 0x3f60624d)
s20 1000000 (raw 0x49742400)
s21 0 (raw 0x00000000)
s22 10 (raw 0x41200000)
s23 1.89799988 (raw 0x3ff2f1a9)
s24 -10000000 (raw 0xcb189680)
---Type <return> to continue, or q <return> to quit---
s25 1.66359675 (raw 0x3fd4f0bd)
s26 0 (raw 0x00000000)
s27 0 (raw 0x00000000)
s28 0 (raw 0x00000000)
s29 0 (raw 0x00000000)
s30 0 (raw 0x00000000)
s31 0 (raw 0x00000000)
fpscr {0x83000010, n = 0x1, z = 0x0, c = 0x0, v = 0x0, dn = 0x1,

fz = 0x1, rmode = 0x0, stride = 0x0, len = 0x0, ide = 0x0, ixe = 0x0, ufe = 0x0,
ofe = 0x0, dze = 0x0, ioe = 0x0, idc = 0x0, ixc = 0x1, ufc = 0x0, ofc = 0x0,
dzc = 0x0, ioc = 0x0} {0x83000010, n = 1, z = 0, c = 0, v = 0, dn = 1, fz = 1,
rmode = 0, stride = 0, len = 0, ide = 0, ixe = 0, ufe = 0, ofe = 0, dze = 0,
ioe = 0, idc = 0, ixc = 1, ufc = 0, ofc = 0, dzc = 0, ioc = 0}

d16 -2.9374465883742874e-306 (raw 0x8080808086878888)
d17 1.503321981455955e-154 (raw 0x2000200020002000)
d18 1.503321981455955e-154 (raw 0x2000200020002000)
d19 0 (raw 0x0000000000000000)
d20 -nan(0xae09efffc73d1) (raw 0xfffae09efffc73d1)
d21 -nan(0xb2428fffab3b9) (raw 0xfffb2428fffab3b9)
d22 0 (raw 0x000afffa000afffc)
d23 0 (raw 0x000bfffb000bfffa)
d24 0.0002387831042031575 (raw 0x3f2f4c3b3f2cf6bc)
d25 0.00030347501087251197 (raw 0x3f33e3773f319b3c)
d26 0 (raw 0x0000000000000000)
d27 0 (raw 0x0000000000000000)
d28 0.00032072974063986 (raw 0x3f3504f3bf3504f3)
d29 -0.00032072962422453817 (raw 0xbf3504f33f3504f3)
d30 -1.6773132613864671e-14 (raw 0xbd12e286bd12e286)
d31 0.00032072962422453817 (raw 0x3f3504f33f3504f3)
d0 0 (raw 0x0000000040404040)
d1 0 (raw 0x0000000040404040)
d2 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d3 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d4 -2.9374465244229968e-306 (raw 0x8080808080808080)
d5 -3.5511549471122153e-282 (raw 0x8580808080808080)
d6 -1.6773122604382684e-14 (raw 0xbd12e28600000000)
d7 -9.9956125603434164e-268 (raw 0x8880808080808080)
d8 1 (raw 0x3ff0000000000000)
d9 0.0019999999309487926 (raw 0x3f60624dc9742400)
d10 0 (raw 0x0000000049742400)
d11 1.1839993041940033 (raw 0x3ff2f1a941200000)
d12 0.32719368775938307 (raw 0x3fd4f0bdcb189680)
d13 0 (raw 0x0000000000000000)
d14 0 (raw 0x0000000000000000)
d15 0 (raw 0x0000000000000000)
---Type <return> to continue, or q <return> to quit---
q0 {uint128 = 0x00000000404040400000000040404040, v4_float = {

3.00392151, 0, 3.00392151, 0}, v4_int32 = {1077952576, 0, 1077952576, 0},

v8_int16 = {16448, 16448, 0, 0, 16448, 16448, 0, 0}, v16_int8 = {64, 64, 64, 64,

0, 0, 0, 0, 64, 64, 64, 64, 0, 0, 0,
0}} (raw 0x00000000404040400000000040404040)

q1 {uint128 = 0xffffffffffffffffffffffffffffffff, v4_float = {

-nan(0x7fffff), -nan(0x7fffff), -nan(0x7fffff), -nan(0x7fffff)}, v4_int32 = {
-1, -1, -1, -1}, v8_int16 = {-1, -1, -1, -1, -1, -1, -1, -1}, v16_int8 = {
-1 <repeats 16 times>}} (raw 0xffffffffffffffffffffffffffffffff)

q2 {uint128 = 0x85808080808080808080808080808080, v4_float = {

-1.18010406e-38, -1.18010406e-38, -1.18010406e-38, -1.20842656e-35},

v4_int32 = {-2139062144, -2139062144, -2139062144, -2055176064}, v8_int16 = {

-32640, -32640, -32640, -32640, -32640, -32640, -32640, -31360}, v16_int8 = {
-128 <repeats 15 times>, -123}} (raw 0x85808080808080808080808080808080)

q3 {uint128 = 0x8880808080808080bd12e28600000000, v4_float = {0,

-0.0358605608, -1.18010406e-38, -7.73392998e-34}, v4_int32 = {0, -1122835834,
-2139062144, -2004844416}, v8_int16 = {0, 0, -7546, -17134, -32640, -32640,
-32640, -30592}, v16_int8 = {0, 0, 0, 0, -122, -30, 18, -67, -128, -128, -128,
-128, -128, -128, -128, -120}} (raw 0x8880808080808080bd12e28600000000)

q4 {uint128 = 0x3f60624dc97424003ff0000000000000, v4_float = {0,

1.875, -1000000, 0.876499951}, v4_int32 = {0, 1072693248, -915135488,
1063281229}, v8_int16 = {0, 0, 0, 16368, 9216, -13964, 25165, 16224},

v16_int8 = {0, 0, 0, 0, 0, 0, -16, 63, 0, 36, 116, -55, 77, 98, 96,

63}} (raw 0x3f60624dc97424003ff0000000000000)

q5 {uint128 = 0x3ff2f1a9412000000000000049742400, v4_float = {1000000,

0, 10, 1.89799988}, v4_int32 = {1232348160, 0, 1092616192, 1072886185},

v8_int16 = {9216, 18804, 0, 0, 0, 16672, -3671, 16370}, v16_int8 = {0, 36, 116,

73, 0, 0, 0, 0, 0, 0, 32, 65, -87, -15, -14,
63}} (raw 0x3ff2f1a9412000000000000049742400)

q6 {uint128 = 4599565817398990464, v4_float = {-10000000, 1.66359675,

0, 0}, v4_int32 = {-887581056, 1070919869, 0, 0}, v8_int16 = {-27008, -13544,
-3907, 16340, 0, 0, 0, 0}, v16_int8 = {-128, -106, 24, -53, -67, -16, -44, 63,
0, 0, 0, 0, 0, 0, 0, 0}} (raw 0x00000000000000003fd4f0bdcb189680)

q7 {uint128 = 0, v4_float = {0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0},

v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v16_int8 = {

0 <repeats 16 times>}} (raw 0x00000000000000000000000000000000)

q8 {uint128 = 0x20002000200020008080808086878888, v4_float = {

-5.09819706e-35, -1.18010406e-38, 1.08526096e-19, 1.08526096e-19}, v4_int32 = {
-2037938040, -2139062144, 536879104, 536879104}, v8_int16 = {-30584, -31097,
-32640, -32640, 8192, 8192, 8192, 8192}, v16_int8 = {-120, -120, -121, -122,
-128, -128, -128, -128, 0, 32, 0, 32, 0, 32, 0,
32}} (raw 0x20002000200020008080808086878888)

q9 {uint128 = 2305878194122661888, v4_float = {1.08526096e-19,

1.08526096e-19, 0, 0}, v4_int32 = {536879104, 536879104, 0, 0}, v8_int16 = {
8192, 8192, 8192, 8192, 0, 0, 0, 0}, v16_int8 = {0, 32, 0, 32, 0, 32, 0, 32,

---Type <return> to continue, or q <return> to quit---

0, 0, 0, 0, 0, 0, 0, 0}} (raw 0x00000000000000002000200020002000)

q10 {uint128 = 0xfffb2428fffab3b9fffae09efffc73d1, v4_float = {

-nan(0x7c73d1), -nan(0x7ae09e), -nan(0x7ab3b9), -nan(0x7b2428)}, v4_int32 = {
-232495, -335714, -347207, -318424}, v8_int16 = {29649, -4, -8034, -6, -19527,
-6, 9256, -5}, v16_int8 = {-47, 115, -4, -1, -98, -32, -6, -1, -71, -77, -6,
-1, 40, 36, -5, -1}} (raw 0xfffb2428fffab3b9fffae09efffc73d1)

q11 {uint128 = 0x000bfffb000bfffa000afffa000afffc, v4_float = {0, 0, 0,

0}, v4_int32 = {720892, 720890, 786426, 786427}, v8_int16 = {-4, 10, -6, 10,
-6, 11, -5, 11}, v16_int8 = {-4, -1, 10, 0, -6, -1, 10, 0, -6, -1, 11, 0, -5,
-1, 11, 0}} (raw 0x000bfffb000bfffa000afffa000afffc)

q12 {uint128 = 0x3f33e3773f319b3c3f2f4c3b3f2cf6bc, v4_float = {

0.675639868, 0.684756935, 0.693774939, 0.702689588}, v4_int32 = {1059911356,
1060064315, 1060215612, 1060365175}, v8_int16 = {-2372, 16172, 19515, 16175,
-25796, 16177, -7305, 16179}, v16_int8 = {-68, -10, 44, 63, 59, 76, 47, 63,
60, -101, 49, 63, 119, -29, 51,
63}} (raw 0x3f33e3773f319b3c3f2f4c3b3f2cf6bc)

q13 {uint128 = 0, v4_float = {0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0},

v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v16_int8 = {

0 <repeats 16 times>}} (raw 0x00000000000000000000000000000000)

q14 {uint128 = 0xbf3504f33f3504f33f3504f3bf3504f3, v4_float = {

-0.707106769, 0.707106769, 0.707106769, -0.707106769}, v4_int32 = {
-1087044365, 1060439283, 1060439283, -1087044365}, v8_int16 = {1267, -16587,
1267, 16181, 1267, 16181, 1267, -16587}, v16_int8 = {-13, 4, 53, -65, -13, 4,
53, 63, -13, 4, 53, 63, -13, 4, 53,
-65}} (raw 0xbf3504f33f3504f33f3504f3bf3504f3)

q15 {uint128 = 0x3f3504f33f3504f3bd12e286bd12e286, v4_float = {

-0.0358605608, -0.0358605608, 0.707106769, 0.707106769}, v4_int32 = {
-1122835834, -1122835834, 1060439283, 1060439283}, v8_int16 = {-7546, -17134,
-7546, -17134, 1267, 16181, 1267, 16181}, v16_int8 = {-122, -30, 18, -67,
-122, -30, 18, -67, -13, 4, 53, 63, -13, 4, 53,
63}} (raw 0x3f3504f33f3504f3bd12e286bd12e286)

comment:4 by Carl Eugen Hoyos, 12 years ago

To make this a valid ticket, please add (command line and) complete, uncut console output.

comment:5 by Yi Wang, 12 years ago

uncut console output:

root# ./ffmpeg -vlowres 1 -i video_6.ts -benchmark -f null null.ts
ffmpeg version 0.10.2 Copyright (c) 2000-2012 the FFmpeg developers

built on Mar 25 2012 20:24:21 with llvm_gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2377.00)
configuration: --prefix=/Users/yiwang/src/oss/ffmpeg-ios-build/dist-armv7 --enable-cross-compile --target-os=darwin --arch=armv7 --cross-prefix=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/ --sysroot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk --extra-ldflags=-L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk/usr/lib/system --enable-neon --disable-bzlib --disable-doc --disable-ffplay --disable-ffserver --disable-ffprobe --as='gas-preprocessor.pl /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc' --extra-ldflags='-arch armv7' --extra-cflags='-arch armv7 -mfpu=neon -O0 -g' --extra-cxxflags='-arch armv7' --cpu=cortex-a8 --enable-pic
libavutil 51. 35.100 / 51. 35.100
libavcodec 53. 61.100 / 53. 61.100
libavformat 53. 32.100 / 53. 32.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 61.100 / 2. 61.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 6.100 / 0. 6.100

[mpeg2video @ 0x1350a00] mpeg_decode_postinit() failure

Last message repeated 24 times

[mpegts @ 0x134ca00] PES packet size mismatch
Input #0, mpegts, from 'video_6.ts':

Duration: 00:01:02.65, start: 87684.495911, bitrate: 18104 kb/s
Program 3

Stream #0:0[0x31]: Video: mpeg2video (Main) ([2][0][0][0] / 0x0002), yuv420p, 960x540 [SAR 1:1 DAR 16:9], 17164 kb/s, 45.29 fps, 29.97 tbr, 90k tbn, 59.94 tbc
Stream #0:1[0x34](eng): Audio: ac3 (AC-3 / 0x332D4341), 48000 Hz, 5.1(side), s16, 384 kb/s

[buffer @ 0xd1cd30] w:960 h:540 pixfmt:yuv420p tb:1/1000000 sar:1/1 sws_param:
Output #0, null, to 'null.ts':

Metadata:

encoder : Lavf53.32.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 960x540 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 90k tbn, 29.97 tbc
Stream #0:1(eng): Audio: pcm_s16le, 48000 Hz, 5.1(side), s16, 4608 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (mpeg2video -> rawvideo)
Stream #0:1 -> #0:1 (ac3 -> pcm_s16le)

Press [q] to stop, ? for help
Segmentation fault: 11

comment:6 by Carl Eugen Hoyos, 12 years ago

Is the crash also reproducible with current git head?

comment:7 by Yi Wang, 12 years ago

It was produced with git-head last weekend(mar 25,2012).

comment:8 by Yi Wang, 12 years ago

anything else I could provide to help fixing the issue?

comment:9 by Carl Eugen Hoyos, 12 years ago

Are you able to test clang?

comment:10 by Yi Wang, 12 years ago

I forgot to mention that the problem is also reproducible with the gcc that comes with older release of Xcode (non-llvm):

./gcc -arch armv7 -v
Using built-in specs.
Target: arm-apple-darwin10
Configured with: /var/tmp/gcc/gcc-5666.3~88/src/configure --disable-checking --enable-werror --prefix=/usr --mandir=/usr/share/man --enable-languages=c,objc,c++,obj-c++ --program-transform-name=/[cg][.-]*$/s/$/-4.2/ --with-slibdir=/usr/lib --build=i686-apple-darwin10 --enable-werror-always --program-prefix=arm-apple-darwin10- --host=i686-apple-darwin10 --target=arm-apple-darwin10 --with-gxx-include-dir=/usr/include/c++/4.2.1 --with-build-sysroot=/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.Internal.sdk
Thread model: posix
gcc version 4.2.1 (Apple Inc. build 5666) (dot 3)

Does this mean it's not caused by clang?

I can certainly help testing with clang. Just tell me what need to be done.

comment:11 by Yi Wang, 12 years ago

Actually lowres=3 crashes with a different reason: unaligned memory address.
dest_cb ends up with address such as: 0xf9f201

comment:12 by Carl Eugen Hoyos, 12 years ago

Is this still reproducible?

in reply to:  12 comment:13 by Yi Wang, 12 years ago

Replying to cehoyos:

Is this still reproducible?

Is there any change in related code? If so, I will compile the latest and see.

comment:14 by Carl Eugen Hoyos, 12 years ago

Is this still reproducible?

comment:15 by Yi Wang, 12 years ago

I tried a build with latest master as of May 21, 2012

This time it does not crash but it failed with an error saying 'The maximum value for lowres supported by the decoder is 0'. I think this is not correct because lowres should work for mpeg2video. Full console output:

./ffmpeg_master_may_21 -vlowres 1 -i v/video_6.ts -benchmark -f null null.file
ffmpeg version git-2012-01-20-97e3fe4 Copyright (c) 2000-2012 the FFmpeg developers

built on May 21 2012 21:54:27 with llvm_gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2377.00)
configuration: --prefix=/Users/yiwang/src/oss/ffmpeg-ios-build-master/dist-armv7 --enable-cross-compile --target-os=darwin --arch=armv7 --cross-prefix=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/ --sysroot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk --extra-ldflags=-L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk/usr/lib/system --disable-bzlib --disable-doc --disable-ffplay --disable-ffserver --disable-ffprobe --enable-neon --as='gas-preprocessor.pl /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc' --extra-ldflags='-arch armv7' --extra-cflags='- configuration: --prefix=/Users/yiwang/src/oss/ffmpeg-ios-build-master/dist-ffmpeg version git-2012-01-20-97e3fe4 Copyright (c) 2000-2012 the FFmpeg developers
built on May 21 2012 21:54:27 with llvm_gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2377.00)
configuration: --prefix=/Users/yiwang/src/oss/ffmpeg-ios-build-master/dist-armv7 --enable-cross-compile --target-os=darwin --arch=armv7 --cross-prefix=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/ --sysroot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk --extra-ldflags=-L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.1.sdk/usr/lib/system --disable-bzlib --disable-doc --disable-ffplay --disable-ffserver --disable-ffprobe --enable-neon --as='gas-preprocessor.pl /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc' --extra-ldflags='-arch armv7' --extra-cflags='-arch armv7 -mfpu=neon -g' --extra-cxxflags='-arch armv7' --cpu=cortex-a8 --enable-pic
libavutil 51. 53.100 / 51. 53.100
libavcodec 54. 21.101 / 54. 21.101
libavformat 54. 6.100 / 54. 6.100
libavdevice 53. 4.100 / 53. 4.100
libavfilter 2. 75.100 / 2. 75.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100

[mpeg2video @ 0x114f800] The maximum value for lowres supported by the decoder is 0

Last message repeated 1 times

[mpegts @ 0x114b800] PES packet size mismatch
Input #0, mpegts, from 'v/video_6.ts':

Duration: 00:01:02.65, start: 87684.495911, bitrate: 18104 kb/s
Program 3

Stream #0:0[0x31]: Video: mpeg2video ([2][0][0][0] / 0x0002), 960x540, 17164 kb/s, 45.29 fps, 29.97 tbr, 90k tbn, 59.94 tbc
Stream #0:1[0x34](eng): Audio: ac3 (AC-3 / 0x332D4341), 48000 Hz, 5.1(side), s16, 384 kb/s

[buffer @ 0xd68660] Invalid pixel format '-1'
Error opening filters!

comment:16 by Carl Eugen Hoyos, 12 years ago

Keywords: lowres added

lowres has been reactivated for mpeg2video, could you test again (sorry, I have no access to a neon environment)?

comment:17 by Yi Wang, 12 years ago

crashed exactly as before

-vlowres 1 segmentation fault
-vlowres 2 OK & Happy
-vlowres 3 bus error (due to unaligned access, not related to this defect)

comment:18 by Carl Eugen Hoyos, 11 years ago

Keywords: crash added

comment:19 by Michael Niedermayer, 11 years ago

Resolution: duplicate
Status: newclosed

Very likely a duplicate of Ticket #1227
dont hesitate to reopen if its still reproduceable, please provide a input video with which it can be reproduced in that case

Note: See TracTickets for help on using tickets.