Opened 5 years ago

Closed 5 years ago

#270 closed defect (fixed)

Crash decoding qdm2 on ia32

Reported by: cehoyos Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: ia32 regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

The sample from ticket #263 crashes ia32 ffmpeg since 984ece7503597d30e6f3bdeb67e337ea1616f880

(gdb) r -i qdm2-channels.mov -f null -
ffmpeg version git-N-30606-g40da61e, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jun  7 2011 12:41:25 with gcc 4.5.3
  configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32'
  libavutil    51.  6. 1 / 51.  6. 1
  libavcodec   53.  6. 1 / 53.  6. 1
  libavformat  53.  2. 0 / 53.  2. 0
  libavdevice  53.  1. 1 / 53.  1. 1
  libavfilter   2. 14. 0 /  2. 14. 0
  libswscale    0. 14. 1 /  0. 14. 1
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] Unimplemented container channel layout.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] max_analyze_duration 5000000 reached at 5120000

Seems stream 1 codec frame rate differs from container frame rate: 15000.00 (15000/1) -> 14.99 (15000/1001)
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'qdm2-channels.mov':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    creation_time   : 2006-11-03 19:12:00
    composer        : This movie was made with Adobe GoLive.
    composer-eng    : This movie was made with Adobe GoLive.
  Duration: 00:00:30.03, start: 0.000000, bitrate: 311 kb/s
    Stream #0.0(eng): Audio: qdm2, 32000 Hz, 1 channels, s16, 24 kb/s
    Metadata:
      creation_time   : 2006-11-03 19:12:00
    Stream #0.1(eng): Video: svq1, yuv410p, 320x240, 285 kb/s, 14.99 fps, 14.99 tbr, 15k tbn, 15k tbc
    Metadata:
      creation_time   : 2006-11-03 19:12:00
    Stream #0.2(eng): Data: [0][0][0][0] / 0x0000, 0 kb/s
    Metadata:
      creation_time   : 2006-11-03 19:12:00
[buffer @ 0x8c5a3a0] w:320 h:240 pixfmt:yuv410p tb:1/1000000 sar:0/1 sws_param:
Output #0, null, to 'pipe:':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    creation_time   : 2006-11-03 19:12:00
    composer        : This movie was made with Adobe GoLive.
    composer-eng    : This movie was made with Adobe GoLive.
    encoder         : Lavf53.2.0
    Stream #0.0(eng): Video: rawvideo, yuv410p, 320x240, q=2-31, 200 kb/s, 90k tbn, 14.99 tbc
    Metadata:
      creation_time   : 2006-11-03 19:12:00
    Stream #0.1(eng): Audio: pcm_s16le, 32000 Hz, 1 channels, s16, 512 kb/s
    Metadata:
      creation_time   : 2006-11-03 19:12:00
Stream mapping:
  Stream #0.1 -> #0.0
  Stream #0.0 -> #0.1
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0, unused=0xffffba5c, out=0xffff965c, incr=1) at libavcodec/x86/mpegaudiodec_mmx.c:120
120             __asm__ volatile(
(gdb) bt
#0  0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0, unused=0xffffba5c, out=0xffff965c, incr=1) at libavcodec/x86/mpegaudiodec_mmx.c:120
#1  0x0831153c in ff_mpa_synth_filter_float (s=0x8c85608, synth_buf_ptr=0x8c85620, synth_buf_offset=0x8c87620, window=0x8bee2e0, dither_state=0xffffba5c, samples=0xffff965c, incr=1, sb_samples=0x8c87640)
    at libavcodec/mpegaudiodsp_template.c:173
#2  0x0836d035 in qdm2_synthesis_filter (q=0x8c79de0, index=147346976) at libavcodec/qdm2.c:1616
#3  0x08370f06 in qdm2_decode (out=0xf7bc9020,
    in=0x8cae8c0 "\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-", q=0x8c79de0) at libavcodec/qdm2.c:1927
#4  qdm2_decode_frame (out=0xf7bc9020,
    in=0x8cae8c0 "\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-", q=0x8c79de0) at libavcodec/qdm2.c:1966
#5  0x083ed490 in avcodec_decode_audio3 (avctx=0x8c62880, samples=0xf7bc9020, frame_size_ptr=0xffffc038, avpkt=0xffffbf50) at libavcodec/utils.c:796
#6  0x080502d0 in output_packet (ist=0x8c73930, ist_index=0, ost_table=0x8c73b40, nb_ostreams=2, pkt=0xffffcdbc) at ffmpeg.c:1580
#7  0x08053726 in transcode (nb_output_files=1, input_files=0x8c5a808, nb_input_files=1, stream_maps=0x0, nb_stream_maps=0, output_files=0x8701500) at ffmpeg.c:2739
#8  0x08058f75 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4551
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x849c7f4 to 0x849c834:
0x0849c7f4 <apply_window_mp3+1188>:     add    %al,(%eax)
0x0849c7f6 <apply_window_mp3+1190>:     add    %al,(%eax)
0x0849c7f8 <apply_window_mp3+1192>:     fstp   %st(0)
0x0849c7fa <apply_window_mp3+1194>:     mov    0x1a4(%esp),%edx
0x0849c801 <apply_window_mp3+1201>:     mov    0x24(%esp),%eax
0x0849c805 <apply_window_mp3+1205>:     mov    0x20(%esp),%ecx
0x0849c809 <apply_window_mp3+1209>:     movups 0x34(%esi),%xmm0
0x0849c80d <apply_window_mp3+1213>:     shufps $0x1b,%xmm0,%xmm0
0x0849c811 <apply_window_mp3+1217>:     subps  (%eax),%xmm0
0x0849c814 <apply_window_mp3+1220>:     movaps %xmm0,(%edx)
0x0849c817 <apply_window_mp3+1223>:     movups 0x4(%ecx),%xmm0
0x0849c81b <apply_window_mp3+1227>:     shufps $0x1b,%xmm0,%xmm0
0x0849c81f <apply_window_mp3+1231>:     addps  0x30(%edi),%xmm0
0x0849c823 <apply_window_mp3+1235>:     movaps %xmm0,0x70(%edx)
0x0849c827 <apply_window_mp3+1239>:     movups 0x24(%esi),%xmm0
0x0849c82b <apply_window_mp3+1243>:     shufps $0x1b,%xmm0,%xmm0
0x0849c82f <apply_window_mp3+1247>:     subps  0x10(%eax),%xmm0
0x0849c833 <apply_window_mp3+1251>:     movaps %xmm0,0x10(%edx)
End of assembler dump.
(gdb) info all-registers
eax            0xffff9560       -27296
ecx            0xffff94c0       -27456
edx            0xffff965c       -27044
ebx            0x8c85620        147346976
esp            0xffff9438       0xffff9438
ebp            0x8bee2e0        0x8bee2e0
esi            0xffff9470       -27536
edi            0xffff9510       -27376
eip            0x849c814        0x849c814 <apply_window_mp3+1220>
eflags         0x210246 [ PF ZF IF RF ID ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99
st0            -0       (raw 0x80000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            -0       (raw 0x80000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            0        (raw 0x00000000000000000000)
st7            0        (raw 0x00000000000000000000)
fctrl          0x37f    895
fstat          0x20     32
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x849c7f8        139053048
foseg          0x0      0
fooff          0x0      0
fop            0x5d8    1496
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x17, 0xa9, 0x30, 0x6d, 0x2c, 0x2c, 0xac, 0xbb, 0x1, 0xab}, v8_int16 = {0x0, 0x0, 0x4b00, 0xa917, 0x6d30, 0x2c2c,
    0xbbac, 0xab01}, v4_int32 = {0x0, 0xa9174b00, 0x2c2c6d30, 0xab01bbac}, v2_int64 = {0xa9174b0000000000, 0xab01bbac2c2c6d30}, uint128 = 0xab01bbac2c2c6d30a9174b0000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xc0, 0x10, 0x64, 0xbf, 0x0 <repeats 12 times>}, v8_int16 = {0x10c0, 0xbf64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf6410c0, 0x0, 0x0, 0x0},
  v2_int64 = {0xbf6410c0, 0x0}, uint128 = 0x000000000000000000000000bf6410c0}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
  uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xac, 0xbb, 0x81, 0x3e, 0x0 <repeats 12 times>}, v8_int16 = {0xbbac, 0x3e81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x3e81bbac, 0x0, 0x0, 0x0},
  v2_int64 = {0x3e81bbac, 0x0}, uint128 = 0x0000000000000000000000003e81bbac}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x43, 0x99, 0xe9, 0xbe, 0x0 <repeats 12 times>}, v8_int16 = {0x9943, 0xbee9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbee99943, 0x0, 0x0, 0x0},
  v2_int64 = {0xbee99943, 0x0}, uint128 = 0x000000000000000000000000bee99943}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xee, 0xbb, 0x15, 0xbf, 0x0 <repeats 12 times>}, v8_int16 = {0xbbee, 0xbf15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf15bbee, 0x0, 0x0, 0x0},
  v2_int64 = {0xbf15bbee, 0x0}, uint128 = 0x000000000000000000000000bf15bbee}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

Change History (1)

comment:1 Changed 5 years ago by michael

  • Resolution set to fixed
  • Status changed from new to closed

should be fixed with my next git push

Note: See TracTickets for help on using tickets.