Opened 11 years ago

Closed 11 years ago

#2156 closed defect (fixed)

EXC_BAD_ACCESS in get_cabac_inline_x86

Reported by: cbsrobot Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: h264 crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

I get a crash with this file on osx - compiled with llvm. Another user "drv" did not get a crash on linux - compiled with gcc.

I will upload the file to upload.ffmpeg.org/incoming .

$ ffmpeg_g -i OUT4.mp4
ffmpeg version N-49016-g040c461 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jan 19 2013 02:30:16 with llvm-gcc 4.2.1 (LLVM build 2336.11.00)
  configuration: --enable-gpl --enable-version3 --enable-nonfree --enable-postproc --enable-libaacplus --enable-libass --enable-libcelt --enable-libfaac --enable-libfdk-aac --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-openssl --enable-libopus --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvo-aacenc --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --prefix=/usr/local
  libavutil      52. 15.100 / 52. 15.100
  libavcodec     54. 89.100 / 54. 89.100
  libavformat    54. 61.101 / 54. 61.101
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 32.101 /  3. 32.101
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000045
0x00000001002b92ff in get_cabac_inline_x86 [inlined] () at /devel/ffmpeg/libavcodec/x86/cabac.h:169
169	    __asm__ volatile(
(gdb) bt
#0  0x00000001002b92ff in get_cabac_inline_x86 [inlined] () at /devel/ffmpeg/libavcodec/x86/cabac.h:169
#1  0x00000001002b92ff in get_cabac_cbf_ctx [inlined] () at /devel/ffmpeg/libavcodec/h264_cabac.c:111
#2  0x00000001002b92ff in decode_cabac_residual_nondc [inlined] () at /devel/ffmpeg/libavcodec/h264_cabac.c:1798
#3  0x00000001002b92ff in ff_h264_decode_mb_cabac (h=0x27bff83) at h264_cabac.c:2348

Attachments (1)

ticket2156.txt (1.0 MB ) - added by cbsrobot 11 years ago.
full gdb output

Download all attachments as: .zip

Change History (6)

by cbsrobot, 11 years ago

Attachment: ticket2156.txt added

full gdb output

comment:1 by cbsrobot, 11 years ago

the file is located at upload.ffmpeg.org/incoming/ticket2156.mp4

comment:2 by Carl Eugen Hoyos, 11 years ago

Keywords: crash added
Priority: normalimportant

You could make the backtrace a little more readable if you used:

(gdb) bt
(gdb) disass $pc-32 $pc+32
(gdb) info register

(gdb developers decided to change the disass syntax and mmx registers are unused iiuc.)

comment:3 by cbsrobot, 11 years ago

here you go:

(gdb) r -i ticket2156.mp4
Starting program: /devel/ffmpeg/ffmpeg_g -i ticket2156.mp4
Reading symbols for shared libraries ++++++++++++++++++++++++++++++............................................................................................................................................ done
ffmpeg version N-49016-g040c461 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jan 19 2013 02:30:16 with llvm-gcc 4.2.1 (LLVM build 2336.11.00)
  configuration: --enable-gpl --enable-version3 --enable-nonfree --enable-postproc --enable-libaacplus --enable-libass --enable-libcelt --enable-libfaac --enable-libfdk-aac --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-openssl --enable-libopus --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvo-aacenc --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --prefix=/usr/local
  libavutil      52. 15.100 / 52. 15.100
  libavcodec     54. 89.100 / 54. 89.100
  libavformat    54. 61.101 / 54. 61.101
  libavdevice    54.  3.102 / 54.  3.102
  libavfilter     3. 32.101 /  3. 32.101
  libswscale      2.  1.103 /  2.  1.103
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000045
0x00000001002b92ff in get_cabac_inline_x86 [inlined] () at /devel/ffmpeg/libavcodec/x86/cabac.h:169
169	    __asm__ volatile(
(gdb) bt
#0  0x00000001002b92ff in get_cabac_inline_x86 [inlined] () at /devel/ffmpeg/libavcodec/x86/cabac.h:169
#1  0x00000001002b92ff in get_cabac_cbf_ctx [inlined] () at /devel/ffmpeg/libavcodec/h264_cabac.c:111
#2  0x00000001002b92ff in decode_cabac_residual_nondc [inlined] () at /devel/ffmpeg/libavcodec/h264_cabac.c:1798
#3  0x00000001002b92ff in ff_h264_decode_mb_cabac (h=0x27bff83) at h264_cabac.c:2348
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x1002b92df to 0x1002b931f:
0x00000001002b92df <get_cabac_inline_x86+67>:	cmova  %ecx,%eax
0x00000001002b92e2 <get_cabac_inline_x86+70>:	sbb    %rcx,%rcx
0x00000001002b92e5 <get_cabac_inline_x86+73>:	and    %ecx,%eax
0x00000001002b92e7 <get_cabac_inline_x86+75>:	xor    %rcx,%r11
0x00000001002b92ea <get_cabac_inline_x86+78>:	sub    %eax,%edi
0x00000001002b92ec <get_cabac_inline_x86+80>:	movzbl (%rsi,%r8,1),%ecx
0x00000001002b92f1 <get_cabac_inline_x86+85>:	shl    %cl,%r8d
0x00000001002b92f4 <get_cabac_inline_x86+88>:	movzbl 0x480(%rsi,%r11,1),%eax
0x00000001002b92fd <get_cabac_inline_x86+97>:	shl    %cl,%edi
0x00000001002b92ff <get_cabac_inline_x86+99>:	mov    %al,(%rax)
0x00000001002b9301 <get_cabac_inline_x86+101>:	test   %di,%di
0x00000001002b9304 <get_cabac_inline_x86+104>:	jne    0x1002b9332 <get_cabac_inline_x86+150>
0x00000001002b9306 <get_cabac_inline_x86+106>:	mov    0x18(%r10),%rcx
0x00000001002b930a <get_cabac_inline_x86+110>:	addq   $0x2,0x18(%r10)
0x00000001002b930f <get_cabac_inline_x86+115>:	movzwl (%rcx),%eax
0x00000001002b9312 <get_cabac_inline_x86+118>:	addr32 lea -0x1(%edi),%ecx
0x00000001002b9316 <get_cabac_inline_x86+122>:	xor    %edi,%ecx
0x00000001002b9318 <get_cabac_inline_x86+124>:	shr    $0xf,%ecx
0x00000001002b931b <get_cabac_inline_x86+127>:	bswap  %eax
0x00000001002b931d <get_cabac_inline_x86+129>:	shr    $0xf,%eax
End of assembler dump.
(gdb) info register
rax            0x45	69
rbx            0x101d68000	4325801984
rcx            0x0	0
rdx            0x0	0
rsi            0x100a88d00	4306013440
rdi            0x27bff83	41680771
rbp            0x0	0x0
rsp            0x7fff5fbfe700	0x7fff5fbfe700
r8             0x155	341
r9             0x174	372
r10            0x101dbad20	4326141216
r11            0x43	67
r12            0x101dbad20	4326141216
r13            0x1	1
r14            0x3	3
r15            0x49	73
rip            0x1002b92ff	0x1002b92ff <get_cabac_inline_x86+99>
eflags         0x10202	66050
cs             0x2b	43
ss             0x0	0
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb)

comment:4 by Carl Eugen Hoyos, 11 years ago

Status: newopen

comment:5 by Michael Niedermayer, 11 years ago

Resolution: fixed
Status: openclosed

Should be fixed

Feel free to make the check for the buggy compilers narrower

Note: See TracTickets for help on using tickets.