Opened 4 years ago

Closed 4 years ago

#1827 closed defect (fixed)

Segfault with multi-channel DCA/DTS file when downsampling.

Reported by: Cigaes Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: dca regression crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Using http://samples.ffmpeg.org/A-codecs/DTS/lotr_5.1_768.dts:

./ffmpeg_g -request_channels 2 -i ~/tmp/samples/lotr_5.1_768.dts
ffmpeg version N-45639-g9b762e2 Copyright (c) 2000-2012 the FFmpeg developers
  built on Oct 17 2012 16:20:10 with gcc 4.7 (Debian 4.7.1-7)
  configuration: --enable-shared --disable-static --enable-gpl --enable-libx264 --enable-libass --enable-libfreetype --assert-level=1 --enable-avresample
  libavutil      51. 76.100 / 51. 76.100
  libavcodec     54. 66.100 / 54. 66.100
  libavformat    54. 33.100 / 54. 33.100
  libavdevice    54.  3.100 / 54.  3.100
  libavfilter     3. 19.103 /  3. 19.103
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 16.100 /  0. 16.100
  libpostproc    52.  1.100 / 52.  1.100
dca_filter_channels: 0 -> 2 -> 0x835b00
dca_filter_channels: 1 -> 0 -> 0x834aa0
dca_filter_channels: 2 -> 1 -> 0x8352a0
dca_filter_channels: 3 -> 4 -> 0x836b00
dca_filter_channels: 4 -> 5 -> 0x837300
dca_filter_channels: 5 -> -1 -> (nil)

The problem happens since dcadec was moved to planar formats. The dca_filter_channels lines are debug I added, and they show the problem: the channel_order_tab array, a pointer to dca_channel_reorder_lfe[9] actually, only takes the code 5 channels into account, while the file actually has 7 channels.

Change History (3)

comment:1 Changed 4 years ago by cehoyos

  • Keywords regression crash SIGSEGV added; segfault removed
  • Priority changed from normal to important

comment:2 Changed 4 years ago by cehoyos

  • Reproduced by developer set
  • Status changed from new to open

Regression since e88ca80 / 64c312a

(gdb) r -request_channels 2 -i lotr_5.1_768.dts
Starting program: ffmpeg_g -request_channels 2 -i lotr_5.1_768.dts
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-45640-ga4fe661 Copyright (c) 2000-2012 the FFmpeg developers
  built on Oct 17 2012 21:52:17 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      51. 76.100 / 51. 76.100
  libavcodec     54. 66.100 / 54. 66.100
  libavformat    54. 33.100 / 54. 33.100
  libavdevice    54.  3.100 / 54.  3.100
  libavfilter     3. 19.103 /  3. 19.103
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 16.100 /  0. 16.100
  libpostproc    52.  1.100 / 52.  1.100

Program received signal SIGSEGV, Segmentation fault.
synth_filter_float (imdct=<optimized out>, synth_buf_ptr=<optimized out>,
    synth_buf_offset=0x7ffff7f88cd4, synth_buf2=0x7ffff7f88bc0,
    window=0xc33060 <fir_32bands_nonperfect>, out=0x0, in=0x7ffff7f88ce0,
    scale=<optimized out>) at libavcodec/synth_filter.c:51
51              out[i     ] = a*scale;
(gdb) bt
#0  synth_filter_float (imdct=<optimized out>, synth_buf_ptr=<optimized out>,
    synth_buf_offset=0x7ffff7f88cd4, synth_buf2=0x7ffff7f88bc0,
    window=0xc33060 <fir_32bands_nonperfect>, out=0x0, in=0x7ffff7f88ce0,
    scale=<optimized out>) at libavcodec/synth_filter.c:51
#1  0x00000000005e61b3 in qmf_32_subbands (samples_out=0x0, samples_in=<optimized out>,
    chans=5, s=0x7ffff7f7f040, scale=<optimized out>) at libavcodec/dcadec.c:1132
#2  dca_filter_channels (block_index=0, s=0x7ffff7f7f040) at libavcodec/dcadec.c:1445
#3  dca_decode_frame (avctx=<optimized out>, data=0x15ad360, got_frame_ptr=0x7fffffffbfbc,
    avpkt=<optimized out>) at libavcodec/dcadec.c:2377
#4  0x0000000000991de1 in avcodec_decode_audio4 (avctx=0x15ac740, frame=0x15ad360,
    got_frame_ptr=got_frame_ptr@entry=0x7fffffffbfbc, avpkt=avpkt@entry=0x7fffffffbff0)
    at libavcodec/utils.c:1695
#5  0x000000000058b394 in try_decode_frame (st=st@entry=0x15a69a0, avpkt=<optimized out>,
    options=0x15acbe0) at libavformat/utils.c:2368
#6  0x0000000000591de6 in avformat_find_stream_info (ic=0x15a6380, options=0x15acbe0)
    at libavformat/utils.c:2744
#7  0x00000000004565f9 in opt_input_file (optctx=<optimized out>, opt=<optimized out>,
    filename=<optimized out>) at ffmpeg_opt.c:790
#8  0x0000000000463b90 in parse_option (optctx=optctx@entry=0x7fffffffca80,
    opt=0x7fffffffe2ba "i", arg=0x7fffffffe2bc "lotr_5.1_768.dts",
    options=options@entry=0xbbcde0 <options>) at cmdutils.c:320
#9  0x0000000000463f68 in parse_options (optctx=optctx@entry=0x7fffffffca80,
    argc=argc@entry=5, argv=argv@entry=0x7fffffffde18, options=0xbbcde0 <options>,
    parse_arg_function=0x457300 <opt_output_file>) at cmdutils.c:353
#10 0x0000000000450230 in main (argc=5, argv=0x7fffffffde18) at ffmpeg.c:3138
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x972824 to 0x972864:
   0x0000000000972824 <synth_filter_float+468>: mulss  %xmm0,%xmm2
   0x0000000000972828 <synth_filter_float+472>: sub    $0x4,%r9
   0x000000000097282c <synth_filter_float+476>: add    $0x4,%r11
   0x0000000000972830 <synth_filter_float+480>: mulss  %xmm0,%xmm1
   0x0000000000972834 <synth_filter_float+484>: add    $0x2,%rsi
   0x0000000000972838 <synth_filter_float+488>: add    $0x2,%rdi
   0x000000000097283c <synth_filter_float+492>: sub    $0x1,%rcx
   0x0000000000972840 <synth_filter_float+496>: sub    $0x1,%r10
=> 0x0000000000972844 <synth_filter_float+500>: movss  %xmm2,0x0(%rbp,%r8,4)
   0x000000000097284b <synth_filter_float+507>: movss  %xmm1,0x40(%rbp,%r8,4)
   0x0000000000972852 <synth_filter_float+514>: movss  %xmm4,(%rbx,%r8,4)
   0x0000000000972858 <synth_filter_float+520>: movss  %xmm3,0x40(%rbx,%r8,4)
   0x000000000097285f <synth_filter_float+527>: add    $0x1,%r8
   0x0000000000972863 <synth_filter_float+531>: cmp    $0x10,%r8
End of assembler dump.
(gdb) info all-registers
rax            0xc338a0 12794016
rbx            0x7ffff7f88bc0   140737353649088
rcx            0x1e     30
rdx            0x7ffff7f8817c   140737353646460
rsi            0xfffffffffffffff3       -13
rdi            0x3      3
rbp            0x0      0x0
rsp            0x7fffffffbd60   0x7fffffffbd60
r8             0x0      0
r9             0x7ffff7f87978   140737353644408
r10            0xe      14
r11            0xc330a4 12791972
r12            0x200    512
r13            0x200    512
r14            0x200    512
r15            0xc338a0 12794016
rip            0x972844 0x972844 <synth_filter_float+500>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            0.085797312344439878996175952163838474   (raw 0x3ffbafb68054d520bf70)
st7            0.99631261218277801359642295575547166    (raw 0x3ffeff0e57e5ead848e3)
fctrl          0x37f    895
fstat          0x20     32
ftag           0xffff   65535
fiseg          0x7fff   32767
fioff          0xf6f1c4e7       -151927577
foseg          0x7fff   32767
fooff          0xffffbf28       -16600
fop            0x0      0
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x37, 0x0 <repeats 28 times>}, v16_int16 = {0x0,
    0x3700, 0x0 <repeats 14 times>}, v8_int32 = {0x37000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0x37000000, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000037000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x9a, 0x22, 0x9b, 0x2f, 0x0 <repeats 28 times>}, v16_int16 = {
    0x229a, 0x2f9b, 0x0 <repeats 14 times>}, v8_int32 = {0x2f9b229a, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int64 = {0x2f9b229a, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000000000002f9b229a, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x5b, 0xe8, 0xc0, 0x2f, 0x0 <repeats 28 times>}, v16_int16 = {
    0xe85b, 0x2fc0, 0x0 <repeats 14 times>}, v8_int32 = {0x2fc0e85b, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int64 = {0x2fc0e85b, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000000000002fc0e85b, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x15, 0xb6, 0xd4, 0xbd, 0x0 <repeats 28 times>}, v16_int16 = {
    0xb615, 0xbdd4, 0x0 <repeats 14 times>}, v8_int32 = {0xbdd4b615, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int64 = {0xbdd4b615, 0x0, 0x0, 0x0}, v2_int128 = {
    0x000000000000000000000000bdd4b615, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0xe9, 0xfd, 0xd5, 0xba, 0x0 <repeats 28 times>}, v16_int16 = {
    0xfde9, 0xbad5, 0x0 <repeats 14 times>}, v8_int32 = {0xbad5fde9, 0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x0}, v4_int64 = {0xbad5fde9, 0x0, 0x0, 0x0}, v2_int128 = {
    0x000000000000000000000000bad5fde9, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
  v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
  v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x113, 0x18c, 0x1f3, 0x1a1, 0x0, 0x0, 0x0, 0x0}, v4_double = {
    0x2c805e8713252200, 0x4260390fe777ec00, 0x0, 0x0}, v32_int8 = {0x91, 0x92, 0x89, 0x43,
    0x2f, 0x40, 0xc6, 0x43, 0xfb, 0xdd, 0xf9, 0x43, 0xe, 0x98, 0xd0, 0x43,
    0x0 <repeats 16 times>}, v16_int16 = {0x9291, 0x4389, 0x402f, 0x43c6, 0xddfb, 0x43f9,
    0x980e, 0x43d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x43899291,
    0x43c6402f, 0x43f9ddfb, 0x43d0980e, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x43c6402f43899291,
    0x43d0980e43f9ddfb, 0x0, 0x0}, v2_int128 = {0x43d0980e43f9ddfb43c6402f43899291,
    0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x22, 0x23, 0x72, 0x84, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
    0x22, 0x0 <repeats 20 times>}, v16_int16 = {0x2322, 0x8472, 0x2222, 0x2222, 0x2222,
    0x2222, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x84722322,
    0x22222222, 0x22222222, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2222222284722322,
    0x22222222, 0x0, 0x0}, v2_int128 = {0x00000000222222222222222284722322,
    0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x22, 0x22, 0x22, 0x22, 0x22, 0x23, 0x72, 0x84, 0x22, 0x22, 0x22,
    0x22, 0x22, 0x22, 0x22, 0x22, 0x0 <repeats 16 times>}, v16_int16 = {0x2222, 0x2222,
    0x2322, 0x8472, 0x2222, 0x2222, 0x2222, 0x2222, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int32 = {0x22222222, 0x84722322, 0x22222222, 0x22222222, 0x0, 0x0, 0x0, 0x0},
  v4_int64 = {0x8472232222222222, 0x2222222222222222, 0x0, 0x0}, v2_int128 = {
    0x22222222222222228472232222222222, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0xffffcfa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {
    0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x16, 0x70, 0x41, 0xc6, 0x58, 0xac, 0x98, 0xb5,
    0x0 <repeats 24 times>}, v16_int16 = {0x7016, 0xc641, 0xac58, 0xb598,
    0x0 <repeats 12 times>}, v8_int32 = {0xc6417016, 0xb598ac58, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb598ac58c6417016, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000b598ac58c6417016, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xb8, 0x76, 0x19, 0x1f, 0xb9,
    0x0 <repeats 24 times>}, v16_int16 = {0x0, 0xb800, 0x1976, 0xb91f,
    0x0 <repeats 12 times>}, v8_int32 = {0xb8000000, 0xb91f1976, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb91f1976b8000000, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000b91f1976b8000000, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
  v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
  v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0},
  v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0xa0, 0x83, 0x47, 0x3, 0x1d, 0x3c, 0x8a, 0xb5,
    0x0 <repeats 24 times>}, v16_int16 = {0x83a0, 0x347, 0x3c1d, 0xb58a,
    0x0 <repeats 12 times>}, v8_int32 = {0x34783a0, 0xb58a3c1d, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb58a3c1d034783a0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000b58a3c1d034783a0, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0,
    0x0, 0x0}, v32_int8 = {0xa0, 0x83, 0x47, 0x3, 0x1d, 0x3c, 0xaa, 0xb5,
    0x0 <repeats 24 times>}, v16_int16 = {0x83a0, 0x347, 0x3c1d, 0xb5aa,
    0x0 <repeats 12 times>}, v8_int32 = {0x34783a0, 0xb5aa3c1d, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x0}, v4_int64 = {0xb5aa3c1d034783a0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x0000000000000000b5aa3c1d034783a0, 0x00000000000000000000000000000000}}

comment:3 Changed 4 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed

Fixes by Nick Brereton and Michael Niedermayer.

Version 0, edited 4 years ago by cehoyos (next)
Note: See TracTickets for help on using tickets.