Opened 13 years ago
Closed 13 years ago
#713 closed defect (needs_more_info)
sws_scale crashes after deinterlacing with avpicture_deinterlace (only on recent versions of FFmpeg)
Reported by: | Andrea3000 | Owned by: | |
---|---|---|---|
Priority: | important | Component: | undetermined |
Version: | git-master | Keywords: | sws_scale avpicture_deinterlace |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
I use FFmpeg API in my Mac OS X application to decode video frames.
In case of interlaced frame I'm used to:
1) convert frame to YUV420P with sws_scale
2) deinterlace frame with avpicture_deinterlace
3) convert frame back to my required pixel format (UYVY422) with sws_scale
(I obviuosly use two different swscale context)
This has always worked fine with git development branch of FFmpeg
till end of october.
On 11th of november I updated FFmpeg to the latest version
available on git repository and since then (till today's version of FFmpeg)
my app crash while performing deinterlace and picture format conversion.
If I convert frame to YUV420P and then back to UYVY422 (without deinterlacing),
it works fine but frame is obviously interlaced.
If I convert frame to YUV420P and then deinterlace it (without back converting to
UYVY422), the app doesn't crash but the output is obviously only a green tint.
It's only the combination of all three steps (conversion, deinterlacing and back
conversion) which makes my app crash. Debugging the crash I discovered that
it is caused by yv12touyvy_MMX2 function but, unfortunately, that function has
not been changed from end of october till now..
It happens with every movie file.
Since I'm using FFmpeg as API, I'm not able to provide further informations..or I don't know how to do it at least..
Change History (9)
follow-up: 2 comment:1 by , 13 years ago
comment:2 by , 13 years ago
Replying to cehoyos:
Please find the commit that introduced the problem and please provide backtrace etc. as explained on http://ffmpeg.org/bugreports.html
Sorry for the delay but it tooks me hours to figure out which was the incriminated commit but finally I have found it!
This is the commit which introduced the issue: 13b7781ec8d475513c1ee40a6e481763b728a71e
Here is backtrace, disassembly and output:
Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x000000012b395000 [Switching to process 64984] 0x0000000100591c26 in yv12touyvy_MMX2 () at vector.tcc:300 300 this->_M_impl._M_end_of_storage = __new_start + __len; (gdb) bt #0 0x0000000100591c26 in yv12touyvy_MMX2 () at vector.tcc:300 #1 0x0000000100581489 in planarToUyvyWrapper () at vector.tcc:300 #2 0x000000012b297400 in ?? () #3 0x4040404040404040 in ?? () Current language: auto; currently objective-c++ (gdb) disass $pc-32,$pc+32 Dump of assembler code for function yv12touyvy_MMX2: 0x0000000100591bc0 <yv12touyvy_MMX2+0>: push %rbp 0x0000000100591bc1 <yv12touyvy_MMX2+1>: push %rbx 0x0000000100591bc2 <yv12touyvy_MMX2+2>: mov %r9d,%ebp 0x0000000100591bc5 <yv12touyvy_MMX2+5>: sar %r8d 0x0000000100591bc8 <yv12touyvy_MMX2+8>: movslq %r8d,%r8 0x0000000100591bcb <yv12touyvy_MMX2+11>: test %r9d,%r9d 0x0000000100591bce <yv12touyvy_MMX2+14>: jle 0x100591c7b <yv12touyvy_MMX2+187> 0x0000000100591bd4 <yv12touyvy_MMX2+20>: movslq 0x18(%rsp),%r9 0x0000000100591bd9 <yv12touyvy_MMX2+25>: movslq 0x28(%rsp),%r11 0x0000000100591bde <yv12touyvy_MMX2+30>: xor %r10d,%r10d 0x0000000100591be1 <yv12touyvy_MMX2+33>: movslq 0x20(%rsp),%rbx 0x0000000100591be6 <yv12touyvy_MMX2+38>: jmp 0x100591c02 <yv12touyvy_MMX2+66> 0x0000000100591be8 <yv12touyvy_MMX2+40>: nopl 0x0(%rax,%rax,1) 0x0000000100591bf0 <yv12touyvy_MMX2+48>: inc %r10d 0x0000000100591bf3 <yv12touyvy_MMX2+51>: cmp %ebp,%r10d 0x0000000100591bf6 <yv12touyvy_MMX2+54>: je 0x100591c7b <yv12touyvy_MMX2+187> 0x0000000100591bfc <yv12touyvy_MMX2+60>: add %r9,%rdi 0x0000000100591bff <yv12touyvy_MMX2+63>: add %r11,%rcx 0x0000000100591c02 <yv12touyvy_MMX2+66>: xor %rax,%rax 0x0000000100591c05 <yv12touyvy_MMX2+69>: nopl 0x0(%rax,%rax,1) 0x0000000100591c0a <yv12touyvy_MMX2+74>: nopw 0x0(%rax,%rax,1) 0x0000000100591c10 <yv12touyvy_MMX2+80>: prefetchnta 0x20(%rdi,%rax,2) 0x0000000100591c15 <yv12touyvy_MMX2+85>: prefetchnta 0x20(%rsi,%rax,1) 0x0000000100591c1a <yv12touyvy_MMX2+90>: prefetchnta 0x20(%rdx,%rax,1) 0x0000000100591c1f <yv12touyvy_MMX2+95>: movq (%rsi,%rax,1),%mm0 0x0000000100591c23 <yv12touyvy_MMX2+99>: movq %mm0,%mm2 0x0000000100591c26 <yv12touyvy_MMX2+102>: movq (%rdx,%rax,1),%mm1 0x0000000100591c2a <yv12touyvy_MMX2+106>: punpcklbw %mm1,%mm0 0x0000000100591c2d <yv12touyvy_MMX2+109>: punpckhbw %mm1,%mm2 0x0000000100591c30 <yv12touyvy_MMX2+112>: movq (%rdi,%rax,2),%mm3 0x0000000100591c34 <yv12touyvy_MMX2+116>: movq 0x8(%rdi,%rax,2),%mm5 0x0000000100591c39 <yv12touyvy_MMX2+121>: movq %mm0,%mm4 0x0000000100591c3c <yv12touyvy_MMX2+124>: movq %mm2,%mm6 0x0000000100591c3f <yv12touyvy_MMX2+127>: punpcklbw %mm3,%mm0 0x0000000100591c42 <yv12touyvy_MMX2+130>: punpckhbw %mm3,%mm4 0x0000000100591c45 <yv12touyvy_MMX2+133>: punpcklbw %mm5,%mm2 0x0000000100591c48 <yv12touyvy_MMX2+136>: punpckhbw %mm5,%mm6 0x0000000100591c4b <yv12touyvy_MMX2+139>: movntq %mm0,(%rcx,%rax,4) 0x0000000100591c4f <yv12touyvy_MMX2+143>: movntq %mm4,0x8(%rcx,%rax,4) 0x0000000100591c54 <yv12touyvy_MMX2+148>: movntq %mm2,0x10(%rcx,%rax,4) 0x0000000100591c59 <yv12touyvy_MMX2+153>: movntq %mm6,0x18(%rcx,%rax,4) 0x0000000100591c5e <yv12touyvy_MMX2+158>: add $0x8,%rax 0x0000000100591c62 <yv12touyvy_MMX2+162>: cmp %r8,%rax 0x0000000100591c65 <yv12touyvy_MMX2+165>: jb 0x100591c10 <yv12touyvy_MMX2+80> 0x0000000100591c67 <yv12touyvy_MMX2+167>: test $0x1,%r10b 0x0000000100591c6b <yv12touyvy_MMX2+171>: je 0x100591bf0 <yv12touyvy_MMX2+48> 0x0000000100591c6d <yv12touyvy_MMX2+173>: add %rbx,%rsi 0x0000000100591c70 <yv12touyvy_MMX2+176>: add %rbx,%rdx 0x0000000100591c73 <yv12touyvy_MMX2+179>: inc %r10d 0x0000000100591c76 <yv12touyvy_MMX2+182>: cmp %ebp,%r10d 0x0000000100591c79 <yv12touyvy_MMX2+185>: jne 0x100591bfc <yv12touyvy_MMX2+60> 0x0000000100591c7b <yv12touyvy_MMX2+187>: emms 0x0000000100591c7d <yv12touyvy_MMX2+189>: sfence 0x0000000100591c80 <yv12touyvy_MMX2+192>: pop %rbx 0x0000000100591c81 <yv12touyvy_MMX2+193>: pop %rbp 0x0000000100591c82 <yv12touyvy_MMX2+194>: retq 0x0000000100591c83 <yv12touyvy_MMX2+195>: nopw 0x0(%rax,%rax,1) 0x0000000100591c89 <yv12touyvy_MMX2+201>: nopl 0x0(%rax) End of assembler dump. (gdb) info all-registers rax 0x280 640 rbx 0x3c0 960 rcx 0x11dde6400 4796081152 rdx 0x12b394d80 5020142976 rsi 0x12b316480 5019624576 rdi 0x12b299200 5019111936 rbp 0x440 0x440 rsp 0x120e3aa98 0x120e3aa98 r8 0x3c0 960 r9 0x780 1920 r10 0x43c 1084 r11 0xf00 3840 r12 0x0 0 r13 0x1021ef800 4330551296 r14 0x11 17 r15 0x3c0 960 rip 0x100591c26 0x100591c26 <yv12touyvy_MMX2+102> eflags 0x10287 66183 cs 0x2b 43 ss 0x0 0 ds 0x0 0 es 0x0 0 fs 0x23 35 gs 0xf 15 st0 -nan(0x7a7a7a7a7a7a7a7a) (raw 0xffff7a7a7a7a7a7a7a7a) st1 <invalid float value> (raw 0xffff0000000000000000) st2 -nan(0x7a7a7a7a7a7a7a7a) (raw 0xffff7a7a7a7a7a7a7a7a) st3 -nan(0x8e8e8e8e8e8e8e8e) (raw 0xffff8e8e8e8e8e8e8e8e) st4 -nan(0x8e008e7a8e008e7a) (raw 0xffff8e008e7a8e008e7a) st5 -nan(0x8e8e8e8e8e8e8e8f) (raw 0xffff8e8e8e8e8e8e8e8f) st6 -nan(0x8e008e7a8e008e7a) (raw 0xffff8e008e7a8e008e7a) st7 2 (raw 0x40008000000000000000) fctrl 0x37f 895 fstat 0x4000 16384 ftag 0x2aaa 10922 fiseg 0x2b 43 fioff 0x8701692a -2029950678 foseg 0x23 35 fooff 0x20e3a6b8 551790264 fop 0x55d 1373 xmm0 { v4_float = {0, 0, 4.53125, 0}, v2_double = {0, 1088}, v16_int8 = {0, 0, 0, 0, 0, 0, 0, 0, 64, -111, 0, 0, 0, 0, 0, 0}, v8_int16 = {0, 0, 0, 0, 16529, 0, 0, 0}, v4_int32 = {0, 0, 1083244544, 0}, v2_int64 = {0, 4652499890050433024}, uint128 = 37184 } (raw 0x00000000000091400000000000000000) xmm1 { v4_float = {0, 0, 4.53125, 0}, v2_double = {0, 1088}, v16_int8 = {0, 0, 0, 0, 0, 0, 0, 0, 64, -111, 0, 0, 0, 0, 0, 0}, v8_int16 = {0, 0, 0, 0, 16529, 0, 0, 0}, v4_int32 = {0, 0, 1083244544, 0}, v2_int64 = {0, 4652499890050433024}, uint128 = 37184 } (raw 0x00000000000091400000000000000000) xmm2 { v4_float = {0, 0, 5.2331543, 0}, v2_double = {0, 3003}, v16_int8 = {0, 0, 0, 0, 0, 0, 0, 0, 64, -89, 118, 0, 0, 0, 0, 0}, v8_int16 = {0, 0, 0, 0, 16551, 30208, 0, 0}, v4_int32 = {0, 0, 1084716544, 0}, v2_int64 = {0, 4658822081910145024}, uint128 = 7776064 } (raw 0x000000000076a7400000000000000000) xmm3 { v4_float = {1.30577099e+36, 2.1059141e+37, 2.09757384e+37, 1.30579135e+36}, v2_double = {6.5386757897991892e+286, 2.9109276065644548e+296}, v16_int8 = {123, 123, 123, 123, 125, 125, 125, 125, 125, 124, 124, 124, 123, 123, 124, 124}, v8_int16 = {31611, 31611, 32125, 32125, 32124, 31868, 31611, 31868}, v4_int32 = {2071690107, 2105376125, 2105310332, 2071690364}, v2_int64 = {8897841259117116797, 9042239025942592636}, uint128 = 0x7b7b7b7b7d7d7d7d7d7c7c7c7b7b7c7c } (raw 0x7c7c7b7b7c7c7c7d7d7d7d7d7b7b7b7b) xmm4 { v4_float = {1.30577099e+36, 1.30577099e+36, 1.30577099e+36, 2.1059141e+37}, v2_double = {6.5386757613253666e+286, 6.5386757897991892e+286}, v16_int8 = {123 <repeats 12 times>, 125, 125, 125, 125}, v8_int16 = {31611, 31611, 31611, 31611, 31611, 31611, 32125, 32125}, v4_int32 = {2071690107, 2071690107, 2071690107, 2105376125}, v2_int64 = {8897841259083430779, 8897841259117116797}, uint128 = 0x7b7b7b7b7b7b7b7b7b7b7b7b7d7d7d7d } (raw 0x7d7d7d7d7b7b7b7b7b7b7b7b7b7b7b7b) xmm5 { v4_float = {3.7956544e+25, 9.24099228e+23, 5.63560025e-06, -5.25562337e+32}, v2_double = {3.3282210898181474e+202, 5.0971145433431912e-45}, v16_int8 = {105, -5, 44, -29, 103, 67, -81, -123, 54, -67, 25, 112, -11, -49, 76, 60}, v8_int16 = {27131, 11491, 26435, -20603, 14013, 6512, -2609, 19516}, v4_int32 = {1778068707, 1732489093, 918362480, -170963908}, v2_int64 = {7636746948338495365, 3944336821597457468}, uint128 = 0x69fb2ce36743af8536bd1970f5cf4c3c } (raw 0x3c4ccff57019bd3685af4367e32cfb69) xmm6 { v4_float = {-221650272, -1.19395729e-08, 2.05909728e-07, 0.000163621356}, v2_double = {-3.1893469237096725e+64, 1.8539696798410024e-56}, v16_int8 = {-51, 83, 97, -42, -78, 77, 30, -52, 52, 93, 24, 9, 57, 43, -111, -58}, v8_int16 = {-12973, 25046, -19891, 7884, 13405, 6153, 14635, -28218}, v4_int32 = {-850173482, -1303568692, 878516233, 959156678}, v2_int64 = {-3651467298125046068, 3773198490699272646}, uint128 = 0xcd5361d6b24d1ecc345d1809392b91c6 } (raw 0xc6912b3909185d34cc1e4db2d66153cd) xmm7 { v4_float = {9.25334131e+37, 348784.812, -2.42001909e-28, 6.92919744e+16}, v2_double = {3.6469880178186947e+301, -6.8585696613434697e-224}, v16_int8 = {126, -117, 58, -109, 72, -86, 78, 26, -111, -103, 99, 14, 91, 118, 44, -81}, v8_int16 = {32395, 14995, 18602, 19994, -28263, 25358, 23414, 11439}, v4_int32 = {2123053715, 1219120666, -1852218610, 1534471343}, v2_int64 = {9118446274795425306, -7955218353458107217}, uint128 = 0x7e8b3a9348aa4e1a9199630e5b762caf } (raw 0xaf2c765b0e6399911a4eaa48933a8b7e) xmm8 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm9 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm10 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm11 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm12 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm13 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm14 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) xmm15 { v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = {0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0 } (raw 0x00000000000000000000000000000000) mxcsr 0x1fa0 8096
comment:5 by , 13 years ago
Replying to michael:
You could try valgrind or provide a compileable testcase.
I apologise in advanced if the informations I'm going to report aren't useful. I'm a newbie developer and I've still to learn a lot of stuff..
I paste here the relevant output from valgrind:
==27261== 1 errors in context 1 of 8: ==27261== Thread 1: ==27261== Use of uninitialised value of size 8 ==27261== at 0x1021E803D: ff_h264_decode_seq_parameter_set (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libavcodec.dylib) ==27261== by 0x7FFF5FBFDCAF: ??? ==27261== by 0x10820C8BF: ??? ==27261== by 0x7FFF5FBFDCB0: ??? ==27261== by 0x38003E9F: ??? ==27261== by 0x11B233E9F: ??? ==27261== ==27261== ==27261== 1 errors in context 2 of 8: ==27261== Conditional jump or move depends on uninitialised value(s) ==27261== at 0x1021E802B: ff_h264_decode_seq_parameter_set (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libavcodec.dylib) ==27261== by 0x7FFF5FBFDCAF: ??? ==27261== by 0x10820C8BF: ??? ==27261== by 0x7FFF5FBFDCB0: ??? ==27261== by 0x38003E9F: ??? ==27261== by 0x11B233E9F: ??? ==27261== ==27261== ==27261== 1 errors in context 3 of 8: ==27261== Conditional jump or move depends on uninitialised value(s) ==27261== at 0x1021E7FCA: ff_h264_decode_seq_parameter_set (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libavcodec.dylib) ==27261== by 0x7FFF5FBFDCAF: ??? ==27261== by 0x10820C8BF: ??? ==27261== by 0x7FFF5FBFDCB0: ??? ==27261== by 0x38003E9F: ??? ==27261== by 0x11B233E9F: ??? ==27261== ==27261== ==27261== 1 errors in context 4 of 8: ==27261== Conditional jump or move depends on uninitialised value(s) ==27261== at 0x1021E7F81: ff_h264_decode_seq_parameter_set (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libavcodec.dylib) ==27261== by 0x7FFF5FBFDCAF: ??? ==27261== by 0x10820C8BF: ??? ==27261== by 0x7FFF5FBFDCB0: ??? ==27261== by 0x38003E9F: ??? ==27261== by 0x11B233E9F: ??? ==27261== ==27261== ==27261== 3786240 errors in context 5 of 8: ==27261== Thread 9: ==27261== Invalid read of size 8 ==27261== at 0x102C50D84: yv12touyvy_MMX2 (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libswscale.dylib) ==27261== by 0x43F: ??? ==27261== Address 0x12b9b6088 is 8 bytes inside a block of size 3,110,400 free'd ==27261== at 0x1001A552D: free (vg_replace_malloc.c:430) ==27261== by 0x10009A445: -[VideoTrack decodePacket] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x10009AD7F: -[VideoTrack decodeThreadFunc:] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x1001EA113: __NSThread__main__ (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==27261== by 0x102FFAFD5: _pthread_start (in /usr/lib/libSystem.B.dylib) ==27261== by 0x102FFAE88: thread_start (in /usr/lib/libSystem.B.dylib) ==27261== ==27261== ==27261== 3786240 errors in context 6 of 8: ==27261== Invalid read of size 8 ==27261== at 0x102C50D80: yv12touyvy_MMX2 (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libswscale.dylib) ==27261== by 0x43F: ??? ==27261== Address 0x12b9b6080 is 0 bytes inside a block of size 3,110,400 free'd ==27261== at 0x1001A552D: free (vg_replace_malloc.c:430) ==27261== by 0x10009A445: -[VideoTrack decodePacket] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x10009AD7F: -[VideoTrack decodeThreadFunc:] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x1001EA113: __NSThread__main__ (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==27261== by 0x102FFAFD5: _pthread_start (in /usr/lib/libSystem.B.dylib) ==27261== by 0x102FFAE88: thread_start (in /usr/lib/libSystem.B.dylib) ==27261== ==27261== ==27261== 3786240 errors in context 7 of 8: ==27261== Invalid read of size 8 ==27261== at 0x102C50D76: yv12touyvy_MMX2 (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libswscale.dylib) ==27261== by 0x43F: ??? ==27261== Address 0x12bc2ed80 is 2,592,000 bytes inside a block of size 3,110,400 free'd ==27261== at 0x1001A552D: free (vg_replace_malloc.c:430) ==27261== by 0x10009A445: -[VideoTrack decodePacket] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x10009AD7F: -[VideoTrack decodeThreadFunc:] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x1001EA113: __NSThread__main__ (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==27261== by 0x102FFAFD5: _pthread_start (in /usr/lib/libSystem.B.dylib) ==27261== by 0x102FFAE88: thread_start (in /usr/lib/libSystem.B.dylib) ==27261== ==27261== ==27261== 3786240 errors in context 8 of 8: ==27261== Invalid read of size 8 ==27261== at 0x102C50D6F: yv12touyvy_MMX2 (in <path/to/my/app>/MyPlayer.app/Contents/Frameworks/libswscale.dylib) ==27261== by 0x43F: ??? ==27261== Address 0x12bbb0480 is 2,073,600 bytes inside a block of size 3,110,400 free'd ==27261== at 0x1001A552D: free (vg_replace_malloc.c:430) ==27261== by 0x10009A445: -[VideoTrack decodePacket] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x10009AD7F: -[VideoTrack decodeThreadFunc:] (in <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer) ==27261== by 0x1001EA113: __NSThread__main__ (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==27261== by 0x102FFAFD5: _pthread_start (in /usr/lib/libSystem.B.dylib) ==27261== by 0x102FFAE88: thread_start (in /usr/lib/libSystem.B.dylib)
This output is the result of about 1 second of movie playback and it has been generated with:
valgrind -v --error-limit=no --dsymutil=yes --alignment=16 --leak-check=full <path/to/my/app>/MyPlayer.app/Contents/MacOS/MyPlayer
Are these the information you need or I have to run valgrind with different command line options?
comment:6 by , 13 years ago
I have discovered another "bug" and I'm quite sure that it is related to the bug explained in this ticket and can be the cause of it.
Take a look at this two picture which come from a progressive movie (therefore no deinterlacing and no crash):
1) Prior to incriminated commit: Image1
2) After incriminated commit: Image2
As you can see, after incriminated commit, height of the frame is 8 pixels bigger than the correct one (in this case 1088 against 1080), and a black border appears in the bottom part of the window/frame.
This happens with every h264 stream inside m2ts container and never happens with mkv container.
MPEG-2 and VC-1 streams don't have this issue.
This happens even with interlaced movie (with deinterlacing disabled).
When deinterlacing is enabled, that black border is yellow/green in the first frame and after that the app crash.
All of the interlaced movie file that I have are h264, but I'm quite sure that MPEG-2 and VC-1 video stream won't lead to any crash when deinterlacing.
I have deinterlaced progressive MPEG-2 and VC-1 (it's useless but possible, I think) and the app doesn't crash at all. On the contrary, if I try to deinterlace a progressive h264, the app crashes.
So I'm quite sure that the issue is related to the bug that add those 8 pixels in the height of h264 frames inside m2ts containers, since only those tracks make the app crashes when deinterlacing.
follow-up: 8 comment:7 by , 13 years ago
Valgrind indicates that you run sws on memory that has been freed.
Its output should be a bit more informative if the involved parts are compiled without optimizations and with debug symbols
comment:8 by , 13 years ago
Replying to michael:
Valgrind indicates that you run sws on memory that has been freed.
Its output should be a bit more informative if the involved parts are compiled without optimizations and with debug symbols
Thank you for your help. I have found the cause of this issue (but not the solution) and I have opened a specific ticket: https://ffmpeg.org/trac/ffmpeg/ticket/731
Have you got any hint on that bug?
comment:9 by , 13 years ago
Resolution: | → needs_more_info |
---|---|
Status: | new → closed |
Closing ticket as Ticket731 has been closed 3 month ago, and this appears to be due to use of the wrong width/height fields by the user.
If some issue in ffmpeg remains, please reopen!
Please find the commit that introduced the problem and please provide backtrace etc. as explained on http://ffmpeg.org/bugreports.html