Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#4181 closed defect (invalid)

libilbc segfault

Reported by: llogan Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: libilbc crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description (last modified by llogan)

Found by Andrew Strong.

(gdb) r -y -f lavfi -i sine=r=8000:d=3 out.lbc
Starting program: ffmpeg_g -y -f lavfi -i sine=r=8000:d=3 out.lbc
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
ffmpeg version N-68377-gf96fcba Copyright (c) 2000-2014 the FFmpeg developers
  built on Dec 11 2014 11:06:46 with gcc 4.9.2 (GCC)
  configuration: --enable-libilbc --disable-doc
  libavutil      54. 15.100 / 54. 15.100
  libavcodec     56. 14.100 / 56. 14.100
  libavformat    56. 15.103 / 56. 15.103
  libavdevice    56.  3.100 / 56.  3.100
  libavfilter     5.  2.103 /  5.  2.103
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
[New Thread 0x7ffff4587700 (LWP 19557)]
[New Thread 0x7ffff3d86700 (LWP 19558)]
[New Thread 0x7ffff3585700 (LWP 19559)]
[New Thread 0x7ffff2d84700 (LWP 19560)]
[New Thread 0x7ffff2583700 (LWP 19561)]
[New Thread 0x7ffff1d82700 (LWP 19562)]
[New Thread 0x7ffff1581700 (LWP 19563)]
[New Thread 0x7ffff0d80700 (LWP 19564)]
[New Thread 0x7ffff057f700 (LWP 19565)]
Input #0, lavfi, from 'sine=r=8000:d=3':
  Duration: N/A, start: 0.000000, bitrate: 128 kb/s
    Stream #0:0: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
[New Thread 0x7fffefd7e700 (LWP 19566)]
[New Thread 0x7fffef57d700 (LWP 19567)]
[New Thread 0x7fffeed7c700 (LWP 19568)]
[New Thread 0x7fffee57b700 (LWP 19569)]
[New Thread 0x7fffedd7a700 (LWP 19570)]
[New Thread 0x7fffed579700 (LWP 19571)]
[New Thread 0x7fffecd78700 (LWP 19572)]
[New Thread 0x7fffec577700 (LWP 19573)]
[New Thread 0x7fffebd76700 (LWP 19574)]
Output #0, ilbc, to 'out.lbc':
  Metadata:
    encoder         : Lavf56.15.103
    Stream #0:0: Audio: ilbc (libilbc), 8000 Hz, mono, s16
    Metadata:
      encoder         : Lavc56.14.100 libilbc
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_s16le (native) -> ilbc (libilbc))
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007ffff605dad7 in WebRtcSpl_AutoCorrelation (in_vector=in_vector@entry=0x7fffffffd8d0, in_vector_length=in_vector_length@entry=240, order=order@entry=10, result=result@entry=0x7fffffffd8a0, scale=scale@entry=0x7fffffffd85c) at signal_processing/auto_correlation.c:31
#2  0x00007ffff605b9de in WebRtcIlbcfix_SimpleLpcAnalysis (lsf=<optimized out>, data=<optimized out>, iLBCenc_inst=0x18f6ca8) at ilbc/simple_lpc_analysis.c:65
#3  0x00007ffff605a2c0 in WebRtcIlbcfix_LpcEncode (syntdenum=syntdenum@entry=0x7fffffffdd58, weightdenum=weightdenum@entry=0x7fffffffdbf0, lsf_index=lsf_index@entry=0x7fffffffdc80, data=data@entry=0x7fffffffdea4, iLBCenc_inst=iLBCenc_inst@entry=0x18f6ca8)
    at ilbc/lpc_encode.c:45
#4  0x00007ffff60574d7 in WebRtcIlbcfix_EncodeImpl (bytes=0x18d9100, block=<optimized out>, iLBCenc_inst=iLBCenc_inst@entry=0x18f6ca8) at ilbc/encode.c:134
#5  0x000000000083a426 in ilbc_encode_frame (avctx=<optimized out>, avpkt=0x7fffffffe470, frame=0x18da5a0, got_packet_ptr=0x7fffffffe1ec) at libavcodec/libilbc.c:172
#6  0x00000000009ab94f in avcodec_encode_audio2 (avctx=0x18f67c0, avpkt=0x7fffffffe470, frame=0x18da5a0, got_packet_ptr=0x7fffffffe1ec) at libavcodec/utils.c:1872
#7  0x000000000047e29e in do_audio_out (frame=<optimized out>, ost=<optimized out>, s=<optimized out>) at ffmpeg.c:780
#8  reap_filters () at ffmpeg.c:1278
#9  0x0000000000465688 in transcode_step () at ffmpeg.c:3721
#10 transcode () at ffmpeg.c:3764
#11 main (argc=26167360, argv=0x18f6620) at ffmpeg.c:3941
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xffffffffffffffe0 to 0x20:
End of assembler dump
(gdb) info all-registers
rax            0x7ffff6268330   140737323107120
rbx            0x7fffffffd8d0   140737488345296
rcx            0x7fffffffd8a0   140737488345248
rdx            0xa      10
rsi            0xf0     240
rdi            0x7fffffffd8d0   140737488345296
rbp            0xa      0xa
rsp            0x7fffffffd7c8   0x7fffffffd7c8
r8             0x7fffffffd85c   140737488345180
r9             0xffffff66       4294967142
r10            0xfffff861       4294965345
r11            0xf0     240
r12            0x7fffffffd8a0   140737488345248
r13            0xf0     240
r14            0x18f6ca8        26176680
r15            0x7fffffffd8d0   140737488345296
rip            0x0      0x0
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
st6            0        (raw 0x00000000000000000000)
st7            0        (raw 0x00000000000000000000)
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xff, 0x0 <repeats 11 times>, 0xff, 0x0, 0x0, 0x0}, v8_int16 = {0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0}, v4_int32 = {0xff, 0x0, 0x0, 0xff}, v2_int64 = {0xff, 0xff00000000}, 
  uint128 = 0x000000ff0000000000000000000000ff}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x25 <repeats 16 times>}, v8_int16 = {0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525, 0x2525}, v4_int32 = {0x25252525, 0x25252525, 0x25252525, 0x25252525}, v2_int64 = {
    0x2525252525252525, 0x2525252525252525}, uint128 = 0x25252525252525252525252525252525}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0xd0, 0xff, 0xff, 0xff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec, 0x3, 0x0, 0x0}, v8_int16 = {0xd000, 0xffff, 0x7fff, 0x0, 0x0, 0x0, 0x3ec, 0x0}, v4_int32 = {0xffffd000, 0x7fff, 0x0, 
    0x3ec}, v2_int64 = {0x7fffffffd000, 0x3ec00000000}, uint128 = 0x000003ec0000000000007fffffffd000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xff, 0x0 <repeats 11 times>, 0xff, 0x0, 0x0, 0x0}, v8_int16 = {0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0}, v4_int32 = {0xff, 0x0, 0x0, 0xff}, v2_int64 = {0xff, 0xff00000000}, 
  uint128 = 0x000000ff0000000000000000000000ff}
xmm5           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, 
  v2_int64 = {0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, 
  v2_int64 = {0x3ff0000000000000, 0x0}, uint128 = 0x00000000000000003ff0000000000000}
xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x7d, 0x3, 0xaa, 0x5, 0x2b, 0x7, 0xd4, 0x7, 0x90, 0x7, 0x66, 0x6, 0x7c, 0x4, 0x9, 0x2}, v8_int16 = {0x37d, 0x5aa, 0x72b, 0x7d4, 0x790, 0x666, 0x47c, 0x209}, v4_int32 = {0x5aa037d, 
    0x7d4072b, 0x6660790, 0x209047c}, v2_int64 = {0x7d4072b05aa037d, 0x209047c06660790}, uint128 = 0x0209047c0666079007d4072b05aa037d}
xmm9           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0xff <repeats 12 times>}, v8_int16 = {0x0, 0x0, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0x0, 0xffffffff, 0xffffffff, 
    0xffffffff}, v2_int64 = {0xffffffff00000000, 0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffff00000000}
xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 
    0xffffffff}, v2_int64 = {0xffffffffffffffff, 0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x34, 0x29, 0x37, 0x3d, 0x9, 0xba, 0x38, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x2934, 0x3d37, 0xba09, 0xbc38, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x3d372934, 0xbc38ba09, 
    0x0, 0x0}, v2_int64 = {0xbc38ba093d372934, 0x0}, uint128 = 0x0000000000000000bc38ba093d372934}
xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xe883858e, 0x3c5324f0, 
    0x0, 0x0}, v2_int64 = {0x3c5324f0e883858e, 0x0}, uint128 = 0x00000000000000003c5324f0e883858e}
xmm15          {v4_float = {0x0, 0xffffffff, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xf6, 0x8f, 0xee, 0x21, 0xa8, 0x74, 0xd3, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x8ff6, 0x21ee, 0x74a8, 0xbfd3, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x21ee8ff6, 
    0xbfd374a8, 0x0, 0x0}, v2_int64 = {0xbfd374a821ee8ff6, 0x0}, uint128 = 0x0000000000000000bfd374a821ee8ff6}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]

Change History (10)

comment:1 Changed 3 years ago by llogan

  • Description modified (diff)

Fixed typo in command.

comment:2 Changed 3 years ago by cehoyos

Is there any indication that this is a bug that can be fixed within FFmpeg?

comment:3 follow-up: Changed 3 years ago by llogan

I'm not sure if it is something that can be fixed on this side or not. I wanted to report it before I forgot about it, but I was unable to spend more time investigating it. If isn't our issue then it can be closed as invalid (and reported to WebRTC or wherever if appropriate).

I expect Timothy Gu would be more useful here than me. I got the library from https://github.com/TimothyGu/libilbc, but I'm not sure if that is the correct repository.

comment:4 Changed 3 years ago by cehoyos

  • Resolution set to worksforme
  • Status changed from new to closed

Shows no issues with valgrind either.

$ ffmpeg -f lavfi -i sine=r=8k:d=3 out.lbc
ffmpeg version N-68378-ge2829a8 Copyright (c) 2000-2014 the FFmpeg developers
  built on Dec 11 2014 23:58:04 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --enable-libilbc
  libavutil      54. 15.100 / 54. 15.100
  libavcodec     56. 14.100 / 56. 14.100
  libavformat    56. 15.104 / 56. 15.104
  libavdevice    56.  3.100 / 56.  3.100
  libavfilter     5.  2.103 /  5.  2.103
  libswscale      3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc    53.  3.100 / 53.  3.100
Input #0, lavfi, from 'sine=r=8k:d=3':
  Duration: N/A, start: 0.000000, bitrate: 128 kb/s
    Stream #0:0: Audio: pcm_s16le, 8000 Hz, mono, s16, 128 kb/s
Output #0, ilbc, to 'out.lbc':
  Metadata:
    encoder         : Lavf56.15.104
    Stream #0:0: Audio: ilbc (libilbc), 8000 Hz, mono, s16
    Metadata:
      encoder         : Lavc56.14.100 libilbc
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_s16le (native) -> ilbc (libilbc))
Press [q] to stop, [?] for help
size=       6kB time=00:00:03.00 bitrate=  15.2kbits/s
video:0kB audio:6kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 0.157895%

comment:5 follow-up: Changed 3 years ago by llogan

Are you using current git master from libilbc?

comment:6 in reply to: ↑ 5 Changed 3 years ago by cehoyos

Replying to llogan:

Are you using current git master from libilbc?

Does this really matter?

I am using current FFmpeg git head with a version of libilbc that I - afaict from the path and the file modification date of the library - compiled myself two years ago. This combination does not crash. If a newer version of libilbc does crash now, wouldn't this imply a regression within libilbc? Or are we missing a version check in configure? From a quick look, I don't see a version information in my ilbc.h file.

But please feel free to reopen this ticket, I am just not sure where this will (or can) lead us.

comment:7 in reply to: ↑ 3 Changed 3 years ago by Timothy_Gu

Replying to llogan:

I expect Timothy Gu would be more useful here than me. I got the library from https://github.com/TimothyGu/libilbc, but I'm not sure if that is the correct repository.

Yes, this is the right repo. I asked Jeroen Dekkers to transfer the repo to me as he seems to be fairly busy recently. I will investigate this issue and come back.

Last edited 3 years ago by Timothy_Gu (previous) (diff)

comment:8 follow-up: Changed 3 years ago by Timothy_Gu

OK, I have fixed this problem (hopefully): https://github.com/TimothyGu/libilbc/commit/1be98256eed50bc68b5388f4f1fdb544f58da5a1

If possible, could you please test again? If that works fine, I'll make a new release.

comment:9 Changed 3 years ago by Timothy_Gu

  • Resolution changed from worksforme to invalid

Reclosing as invalid as this is not a bug in FFmpeg.

comment:10 in reply to: ↑ 8 Changed 3 years ago by llogan

Replying to Timothy_Gu:

If possible, could you please test again? If that works fine, I'll make a new release.

Works fine now. Thanks.

Note: See TracTickets for help on using tickets.