Opened 10 years ago

Closed 10 years ago

#3410 closed defect (fixed)

v4l2 crash

Reported by: Carl Eugen Hoyos Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: v4l2 crash regression SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

v4l2 input crashes here in libswscale if I force uyvy422, this is a regression since a05a44e2
The ffplay crash is not reproducible with valgrind, the crash with ffmpeg is only reproducible with valgrind.

$ valgrind ./ffmpeg_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0 -pix_fmt yuv420p -f null -
==3446== Memcheck, a memory error detector
==3446== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==3446== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==3446== Command: ./ffmpeg_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0 -pix_fmt yuv420p -f null -
==3446==
ffmpeg version N-60842-g72e6913 Copyright (c) 2000-2014 the FFmpeg developers
  built on Feb 23 2014 19:27:16 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      52. 65.100 / 52. 65.100
  libavcodec     55. 52.102 / 55. 52.102
  libavformat    55. 33.100 / 55. 33.100
  libavdevice    55. 10.100 / 55. 10.100
  libavfilter     4.  1.103 /  4.  1.103
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
Input #0, video4linux2,v4l2, from '/dev/video0':
  Duration: N/A, start: 1393181634.113993, bitrate: 176947 kb/s
    Stream #0:0: Video: rawvideo (UYVY / 0x59565955), uyvy422, 768x576, 176947 kb/s, 25 fps, 25 tbr, 1000k tbn, 1000k tbc
==3446== Invalid read of size 8
==3446==    at 0x6ADD59F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==3446==    by 0x6A918A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==3446==    by 0xD1684E: av_strtod (eval.c:98)
==3446==    by 0xD17094: parse_primary (eval.c:324)
==3446==    by 0xD17B20: parse_factor (eval.c:483)
==3446==    by 0xD17D1B: parse_term (eval.c:532)
==3446==    by 0xD16DDE: parse_expr (eval.c:556)
==3446==    by 0xD17F1C: av_expr_parse (eval.c:673)
==3446==    by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446==    by 0x4CA1F6: config_props (vf_scale.c:256)
==3446==    by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446==    by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446==  Address 0x75a61e0 is 0 bytes inside a block of size 3 alloc'd
==3446==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446==    by 0xD1F229: av_malloc (mem.c:94)
==3446==    by 0xD17E65: av_expr_parse (eval.c:650)
==3446==    by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446==    by 0x4CA1F6: config_props (vf_scale.c:256)
==3446==    by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446==    by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446==    by 0x4922EE: avfilter_graph_config (avfiltergraph.c:276)
==3446==    by 0x4788B2: configure_filtergraph (ffmpeg_filter.c:901)
==3446==    by 0x4832E6: transcode_init (ffmpeg.c:2488)
==3446==    by 0x4677C8: main (ffmpeg.c:3413)
==3446==
==3446== Invalid read of size 8
==3446==    at 0x6ADD5A7: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==3446==    by 0x6A918A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==3446==    by 0xD1684E: av_strtod (eval.c:98)
==3446==    by 0xD17094: parse_primary (eval.c:324)
==3446==    by 0xD17B20: parse_factor (eval.c:483)
==3446==    by 0xD17D1B: parse_term (eval.c:532)
==3446==    by 0xD16DDE: parse_expr (eval.c:556)
==3446==    by 0xD17F1C: av_expr_parse (eval.c:673)
==3446==    by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446==    by 0x4CA1F6: config_props (vf_scale.c:256)
==3446==    by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446==    by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446==  Address 0x75a61e8 is 5 bytes after a block of size 3 alloc'd
==3446==    at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446==    by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446==    by 0xD1F229: av_malloc (mem.c:94)
==3446==    by 0xD17E65: av_expr_parse (eval.c:650)
==3446==    by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446==    by 0x4CA1F6: config_props (vf_scale.c:256)
==3446==    by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446==    by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446==    by 0x4922EE: avfilter_graph_config (avfiltergraph.c:276)
==3446==    by 0x4788B2: configure_filtergraph (ffmpeg_filter.c:901)
==3446==    by 0x4832E6: transcode_init (ffmpeg.c:2488)
==3446==    by 0x4677C8: main (ffmpeg.c:3413)
==3446==
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.33.100
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 768x576, q=2-31, 200 kb/s, 90k tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x743c140] Encoder did not produce proper pts, making some up.
==3446== Invalid read of size 8
==3446==    at 0xD09308: uyvytoyuv420_mmxext (rgb2rgb_template.c:2147)
==3446==    by 0xCFED7D: uyvyToYuv420Wrapper (swscale_unscaled.c:287)
==3446==    by 0xCC3060: sws_scale (swscale.c:1101)
==3446==    by 0x4CAEB4: filter_frame (vf_scale.c:423)
==3446==    by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446==    by 0x48F360: default_filter_frame (avfilter.c:1161)
==3446==    by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446==    by 0x48FF58: ff_filter_frame (avfilter.c:1161)
==3446==    by 0x494011: request_frame (buffersrc.c:500)
==3446==    by 0x4942AA: av_buffersrc_add_frame_internal (buffersrc.c:181)
==3446==    by 0x49463C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==3446==    by 0x47D119: decode_video (ffmpeg.c:1835)
==3446==  Address 0x420aff9 is not stack'd, malloc'd or (recently) free'd
==3446==
==3446==
==3446== Process terminating with default action of signal 11 (SIGSEGV)
==3446==  Access not within mapped region at address 0x420B000
==3446==    at 0xD09308: uyvytoyuv420_mmxext (rgb2rgb_template.c:2147)
==3446==    by 0xCFED7D: uyvyToYuv420Wrapper (swscale_unscaled.c:287)
==3446==    by 0xCC3060: sws_scale (swscale.c:1101)
==3446==    by 0x4CAEB4: filter_frame (vf_scale.c:423)
==3446==    by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446==    by 0x48F360: default_filter_frame (avfilter.c:1161)
==3446==    by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446==    by 0x48FF58: ff_filter_frame (avfilter.c:1161)
==3446==    by 0x494011: request_frame (buffersrc.c:500)
==3446==    by 0x4942AA: av_buffersrc_add_frame_internal (buffersrc.c:181)
==3446==    by 0x49463C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==3446==    by 0x47D119: decode_video (ffmpeg.c:1835)
==3446==  If you believe this happened as a result of a stack
==3446==  overflow in your program's main thread (unlikely but
==3446==  possible), you can try to increase the size of the
==3446==  main thread stack using the --main-stacksize= flag.
==3446==  The main thread stack size used in this run was 8388608.
==3446==
==3446== HEAP SUMMARY:
==3446==     in use at exit: 718,853 bytes in 134 blocks
==3446==   total heap usage: 2,554 allocs, 2,420 frees, 2,775,626 bytes allocated
==3446==
==3446== LEAK SUMMARY:
==3446==    definitely lost: 0 bytes in 0 blocks
==3446==    indirectly lost: 0 bytes in 0 blocks
==3446==      possibly lost: 2,448 bytes in 9 blocks
==3446==    still reachable: 716,405 bytes in 125 blocks
==3446==         suppressed: 0 bytes in 0 blocks
==3446== Rerun with --leak-check=full to see details of leaked memory
==3446==
==3446== For counts of detected and suppressed errors, rerun with: -v
==3446== ERROR SUMMARY: 7 errors from 3 contexts (suppressed: 2 from 2)
Killed
(gdb) r -f v4l2 -pix_fmt uyvy422 -i /dev/video0
Starting program: /home/cehoyos/test/cehoyos/FFmpeg/ffplay_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffplay version N-60842-g72e6913 Copyright (c) 2003-2014 the FFmpeg developers
  built on Feb 23 2014 19:27:16 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      52. 65.100 / 52. 65.100
  libavcodec     55. 52.102 / 55. 52.102
  libavformat    55. 33.100 / 55. 33.100
  libavdevice    55. 10.100 / 55. 10.100
  libavfilter     4.  1.103 /  4.  1.103
  libswscale      2.  5.101 /  2.  5.101
  libswresample   0. 17.104 /  0. 17.104
  libpostproc    52.  3.100 / 52.  3.100
Option -pix_fmt is deprecated, use -pixel_format.
[New Thread 0x7ffff59eb700 (LWP 3562)]
[New Thread 0x7ffff48c8700 (LWP 3563)]
[New Thread 0x7ffff3fc6700 (LWP 3564)]
Input #0, video4linux2,v4l2, from '/dev/video0':B sq=    0B f=0/0
  Duration: N/A, start: 1393181754.236851, bitrate: 176947 kb/s
    Stream #0:0: Video: rawvideo (UYVY / 0x59565955), uyvy422, 768x576, 176947 kb/s, 25 fps, 25 tbr, 1000k tbn, 1000k tbc
[New Thread 0x7ffff27bd700 (LWP 3565)]
[New Thread 0x7ffff1fbc700 (LWP 3566)]
[New Thread 0x7ffff17bb700 (LWP 3567)]
[New Thread 0x7ffff0fba700 (LWP 3568)]
[New Thread 0x7fffebfff700 (LWP 3569)]
[New Thread 0x7fffeb7fe700 (LWP 3570)]
[New Thread 0x7fffeaffd700 (LWP 3571)]
[New Thread 0x7fffea7fc700 (LWP 3572)]
[New Thread 0x7fffe9ffb700 (LWP 3573)]
[New Thread 0x7fffe97fa700 (LWP 3574)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff27bd700 (LWP 3565)]
0x0000000000cfaef8 in extract_even_mmxext (count=<optimized out>, dst=0x7fffe4078fa0 "", src=0x7ffff37c6001 "") at libswscale/x86/rgb2rgb_template.c:2147
2147            __asm__ volatile(
(gdb) bt
#0  0x0000000000cfaef8 in extract_even_mmxext (count=<optimized out>,
    dst=0x7fffe4078fa0 "", src=0x7ffff37c6001 "")
    at libswscale/x86/rgb2rgb_template.c:2147
#1  uyvytoyuv420_mmxext (ydst=<optimized out>, udst=0x7fffe4093e80 "",
    vdst=0x7fffe40aef00 "", src=<optimized out>, width=768, height=576,
    lumStride=768, chromStride=384, srcStride=1536)
    at libswscale/x86/rgb2rgb_template.c:2439
#2  0x0000000000cf096e in uyvyToYuv420Wrapper (c=0x7fffe40037a0, src=<optimized out>,
    srcStride=<optimized out>, srcSliceY=0, srcSliceH=576, dstParam=0x7ffff27bc710,
    dstStride=0x7ffff27bc6e0) at libswscale/swscale_unscaled.c:287
#3  0x0000000000cb4c51 in sws_scale (c=<optimized out>,
    srcSlice=srcSlice@entry=0x7ffff27bc800, srcStride=srcStride@entry=0x7ffff27bc7c0,
    srcSliceY=srcSliceY@entry=0, srcSliceH=576, dst=dst@entry=0x7ffff27bc820,
    dstStride=0x7ffff27bc7d0) at libswscale/swscale.c:1101
#4  0x00000000004bcaa5 in scale_slice (field=<optimized out>, mul=<optimized out>,
    h=<optimized out>, sws=<optimized out>, cur_pic=<optimized out>,
    out_buf=<optimized out>, link=<optimized out>, y=<optimized out>)
    at libavfilter/vf_scale.c:423
#5  filter_frame (link=link@entry=0x7fffe40033c0, in=0x7fffe400ca80)
    at libavfilter/vf_scale.c:520
#6  0x0000000000480a4a in ff_filter_frame_framed (link=link@entry=0x7fffe40033c0,
    frame=0x7ffff37c6000, frame@entry=0x7fffe400ca80) at libavfilter/avfilter.c:1081
#7  0x0000000000481b49 in ff_filter_frame (link=link@entry=0x7fffe40033c0,
    frame=0x7fffe400ca80) at libavfilter/avfilter.c:1161
#8  0x0000000000485c02 in request_frame (link=0x7fffe40033c0)
    at libavfilter/buffersrc.c:500
#9  0x0000000000480e2a in ff_request_frame (link=0x7fffe40033c0)
    at libavfilter/avfilter.c:346
#10 0x0000000000480e94 in ff_request_frame (link=0x7fffe4003660)
    at libavfilter/avfilter.c:348
#11 0x0000000000480e94 in ff_request_frame (link=link@entry=0x7fffe4003280)
    at libavfilter/avfilter.c:348
#12 0x0000000000485428 in av_buffersink_get_frame_flags (
    ctx=ctx@entry=0x7fffe40026a0, frame=0x7fffe40008c0, flags=0,
    flags@entry=-469755424) at libavfilter/buffersink.c:138
#13 0x00000000004731b5 in video_thread (arg=0x7ffff3fc7040) at ffplay.c:1972
#14 0x00007ffff6f0ae96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#15 0x00007ffff6f4dcd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#16 0x00007ffff6ce4e0e in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff60f82cd in clone () from /lib64/libc.so.6
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xcfaed8 to 0xcfaf18:
   0x0000000000cfaed8 <uyvytoyuv420_mmxext+152>:        mov    %r12,%rax
   0x0000000000cfaedb <uyvytoyuv420_mmxext+155>:        jge    0xcfaf23 <uyvytoyuv420_mmxext+227>
   0x0000000000cfaedd <uyvytoyuv420_mmxext+157>:        mov    -0x20(%rsp),%rax
   0x0000000000cfaee2 <uyvytoyuv420_mmxext+162>:        pcmpeqw %mm7,%mm7
   0x0000000000cfaee5 <uyvytoyuv420_mmxext+165>:        psrlw  $0x8,%mm7
   0x0000000000cfaee9 <uyvytoyuv420_mmxext+169>:        movq   -0x1e(%rdi,%rax,2),%mm0
   0x0000000000cfaeee <uyvytoyuv420_mmxext+174>:        movq   -0x16(%rdi,%rax,2),%mm1
   0x0000000000cfaef3 <uyvytoyuv420_mmxext+179>:        movq   -0xe(%rdi,%rax,2),%mm2
=> 0x0000000000cfaef8 <uyvytoyuv420_mmxext+184>:        movq   -0x6(%rdi,%rax,2),%mm3
   0x0000000000cfaefd <uyvytoyuv420_mmxext+189>:        pand   %mm7,%mm0
   0x0000000000cfaf00 <uyvytoyuv420_mmxext+192>:        pand   %mm7,%mm1
   0x0000000000cfaf03 <uyvytoyuv420_mmxext+195>:        pand   %mm7,%mm2
   0x0000000000cfaf06 <uyvytoyuv420_mmxext+198>:        pand   %mm7,%mm3
   0x0000000000cfaf09 <uyvytoyuv420_mmxext+201>:        packuswb %mm1,%mm0
   0x0000000000cfaf0c <uyvytoyuv420_mmxext+204>:        packuswb %mm3,%mm2
   0x0000000000cfaf0f <uyvytoyuv420_mmxext+207>:        movntq %mm0,-0xf(%rcx,%rax,1)
   0x0000000000cfaf14 <uyvytoyuv420_mmxext+212>:        movntq %mm2,-0x7(%rcx,%rax,1)
End of assembler dump.
(gdb) info all-register
rax            0xffffffffffffffff       -1
rbx            0x7fffe4093e80   140737019199104
rcx            0x7fffe4078fa0   140737019088800
rdx            0x7fffe40aef00   140737019309824
rsi            0x7ffff37c6000   140737278402560
rdi            0x7ffff37c6001   140737278402561
rbp            0x7fffe40aef00   0x7fffe40aef00
rsp            0x7ffff27bc5c8   0x7ffff27bc5c8
r8             0x600    1536
r9             0x240    576
r10            0x7fffe4079000   140737019088896
r11            0x23f    575
r12            0xfffffffffffffd00       -768
r13            0x600    1536
r14            0x1      1
r15            0x180    384
rip            0xcfaef8 0xcfaef8 <uyvytoyuv420_mmxext+184>
eflags         0x10286  [ PF SF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            -nan(0x7e177f1080117e12) (raw 0xffff7e177f1080117e12)
st1            -nan(0x80107f15801e7e1e) (raw 0xffff80107f15801e7e1e)
st2            -nan(0x80187e147f107f10) (raw 0xffff80187e147f107f10)
st3            -nan(0x13001700150019)   (raw 0xffff0013001700150019)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            0        (raw 0x00000000000000000000)
st7            -nan(0xff00ff00ff00ff)   (raw 0xffff00ff00ff00ff00ff)
fctrl          0x37f    895
fstat          0x0      0
ftag           0x95aa   38314
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa8   [ OE PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x95, 0x98, 0x1, 0x0, 0x69, 0x4, 0x2, 0x0, 0x4b, 0x64, 0x0, 0x0, 0x1f, 0xd0, 0x0 <repeats 18 times>}, v16_int16 = {0x9895, 0x1, 0x469, 0x2, 0x644b, 0x0, 0xd01f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x19895, 0x20469, 0x644b, 0xd01f, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2046900019895, 0xd01f0000644b, 0x0, 0x0}, v2_int128 = {0x0000d01f0000644b0002046900019895, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x61, 0x75, 0x74, 0x6f, 0x0, 0x7f, 0x0, 0x0, 0xe0, 0x1a, 0x0, 0xe4, 0xff, 0x7f, 0x0 <repeats 18 times>}, v16_int16 = {0x7561, 0x6f74, 0x7f00, 0x0, 0x1ae0, 0xe400, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6f747561, 0x7f00, 0xe4001ae0, 0x7fff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x7f006f747561, 0x7fffe4001ae0, 0x0, 0x0}, v2_int128 = {0x00007fffe4001ae000007f006f747561, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x1, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x63, 0x5f, 0x76, 0x5f, 0x63, 0x68, 0x72, 0x5f, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x5f63, 0x5f76, 0x6863, 0x5f72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x3ff00000, 0x5f765f63, 0x5f726863, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3ff0000000000000, 0x5f7268635f765f63, 0x0, 0x0}, v2_int128 = {0x5f7268635f765f633ff0000000000000, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x73, 0x6d, 0x70, 0x74, 0x65, 0x31, 0x37, 0x30, 0x6d, 0x0, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x0 <repeats 16 times>}, v16_int16 = {0x6d73, 0x7470, 0x3165, 0x3037, 0x6d, 0x6e49, 0x6176, 0x696c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x74706d73, 0x30373165, 0x6e49006d, 0x696c6176, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3037316574706d73, 0x696c61766e49006d, 0x0, 0x0}, v2_int128 = {0x696c61766e49006d3037316574706d73, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x3, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x20, 0x20, 0x0, 0x0}, v32_int8 = {0x40 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x40404040, 0x40404040, 0x40404040, 0x40404040, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4040404040404040, 0x4040404040404040, 0x0, 0x0}, v2_int128 = {0x40404040404040404040404040404040, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x5b <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x5b5b5b5b5b5b5b5b, 0x5b5b5b5b5b5b5b5b, 0x0, 0x0}, v2_int128 = {0x5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x20 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2020202020202020, 0x2020202020202020, 0x0, 0x0}, v2_int128 = {0x20202020202020202020202020202020, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0xff, 0x0, 0x0, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xff, 0xffff0000, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff00000000, 0xffffffffffff0000, 0x0, 0x0}, v2_int128 = {0xffffffffffff0000000000ff00000000, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0 <repeats 17 times>}, v16_int16 = {0x0, 0xff00, 0x0, 0x0, 0xff00, 0x0, 0xff00, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff000000, 0x0, 0xff00, 0xffff00, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff000000, 0xffff000000ff00, 0x0, 0x0}, v2_int128 = {0x00ffff000000ff0000000000ff000000, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3cc40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3cc4000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003cc4000000000000, 0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0xbc598000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xbc59800000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bc59800000000000, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53, 0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3c5324f0e883858e, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c5324f0e883858e, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2d, 0x0, 0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4046dfb516f209c0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004046dfb516f209c0, 0x00000000000000000000000000000000}}

The following workaround avoids the crash:

diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c
index 96a272c..0a02dd1 100644
--- a/libavdevice/v4l2.c
+++ b/libavdevice/v4l2.c
@@ -531,7 +531,7 @@ static int mmap_read_frame(AVFormatContext *ctx, AVPacket *pkt)
     }

     /* Image is at s->buff_start[buf.index] */
-    if (avpriv_atomic_int_get(&s->buffers_queued) == FFMAX(s->buffers / 8, 1)) {
+    if (1 || avpriv_atomic_int_get(&s->buffers_queued) == FFMAX(s->buffers / 8, 1)) {
         /* when we start getting low on queued buffers, fall back on copying data */
         res = av_new_packet(pkt, buf.bytesused);
         if (res < 0) {

Change History (4)

comment:1 by Carl Eugen Hoyos, 10 years ago

Trac user FishB8 showed another possibility to test in ticket #3685 after loading kernel device v4l2loopback from https://github.com/umlaeute/v4l2loopback.git

$ gst-launch-1.0 videotestsrc is-live=true pattern=0 do-timestamp=true ! video/x-raw, height=720, width=1280, framerate=30000/1001, format=UYVY ! v4l2sink device=/dev/video0

The crash with ffplay may have been fixed (or worked around), the crash with valgrind and ffmpeg is still reproducible here.

in reply to:  1 comment:2 by Carl Eugen Hoyos, 10 years ago

Replying to cehoyos:

The crash with ffplay may have been fixed (or worked around)

I can reproduce the crash with ffplay with bd650ee3.

comment:3 by Michael Niedermayer, 10 years ago

comment:4 by Carl Eugen Hoyos, 10 years ago

Resolution: fixed
Status: newclosed

The crash is fixed for me.

Note: See TracTickets for help on using tickets.