Opened 12 years ago

Closed 12 years ago

#792 closed defect (fixed)

zzuf .mad crashes FFMPEG

Reported by: Oana Stratulat Owned by:
Priority: important Component: swscale
Version: git-master Keywords: crash SIGSEGV
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description


Attachments (2)

corruptfile (1.4 MB ) - added by Oana Stratulat 12 years ago.
valgrind (2.0 MB ) - added by Oana Stratulat 12 years ago.

Change History (4)

by Oana Stratulat, 12 years ago

Attachment: corruptfile added

by Oana Stratulat, 12 years ago

Attachment: valgrind added

comment:1 by Carl Eugen Hoyos, 12 years ago

Component: FFmpegswscale
Keywords: crash SIGSEGV added
Reproduced by developer: set
Status: newopen
(gdb) r -i corruptfile -f null -

...

Program received signal SIGSEGV, Segmentation fault.
0x086c9755 in yuv2yuvX_sse3 (filter=0x8ed6218, filterSize=136, src=0x8e972a4,
    dest=0xf32091adstW=360,
    dither=0x8827c48 "@@@@@@@@", offset=0) at libswscale/x86/swscale_mmx.c:200
200         __asm__ volatile(
(gdb) bt
#0  0x086c9755 in yuv2yuvX_sse3 (filter=0x8ed6218, filterSize=136, src=0x8e972a4,
    dest=0xf32091adstW=360,
    dither=0x8827c48 "@@@@@@@@", offset=0) at libswscale/x86/swscale_mmx.c:200
#1  0x086bbb80 in swScale (c=0x8ed3880, src=0xffffa960, srcStride=0xffffa930, srcSliceY=0,
    srcSliceH=33264, dst=0xffffa950, dstStride=0xffffa940) at libswscale/swscale.c:2786
#2  0x0869c81a in sws_scale (c=0x8ed3880, srcSlice=0xffffaa10, srcStride=0xffffa9f0, srcSliceY=0,
    srcSliceH=33264, dst=0xffffaa00, dstStride=0xffffa9e0) at libswscale/swscale_unscaled.c:937
#3  0x080757cb in scale_slice (field=0, mul=1, h=33264, y=0, sws=0x8ed3880, link=<value optimized out>)
    at libavfilter/vf_scale.c:298
#4  draw_slice (field=0, mul=1, h=33264, y=0, sws=0x8ed3880, link=<value optimized out>)
    at libavfilter/vf_scale.c:315
#5  0x080677a8 in avfilter_draw_slice (link=0x8dc51a0, y=0, h=33264, slice_dir=1)
    at libavfilter/avfilter.c:641
#6  0x0807806f in request_frame (link=0x8dc51a0) at libavfilter/vsrc_buffer.c:191
#7  0x08066baf in avfilter_request_frame (link=0x8dc5f40) at libavfilter/avfilter.c:520
#8  0x0806b1db in av_buffersink_get_buffer_ref (ctx=0x8dc3c60, bufref=0x8dc3854, flags=0)
    at libavfilter/sink_buffer.c:128
#9  0x08052263 in transcode_video (pkt_dts=<value optimized out>, pkt_pts=<value optimized out>,
    got_output=0xffffae5c, pkt=0xffffadd0, ist=0x8dc4800) at ffmpeg.c:1933
#10 output_packet (pkt_dts=<value optimized out>, pkt_pts=<value optimized out>, got_output=0xffffae5c,
    pkt=0xffffadd0, ist=0x8dc4800) at ffmpeg.c:2046
#11 0x08055de4 in transcode (output_files=0x8dbdff8, nb_output_files=1, input_files=0x8e69c78,
    nb_input_files=1) at ffmpeg.c:2804
#12 0x0805a5f3 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4885
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x86c9735 to 0x86c9775:
0x086c9735 <yuv2yuvX_sse3+69>:  jno    0x86c971a <yuv2yuvX_sse3+42>
0x086c9737 <yuv2yuvX_sse3+71>:  add    $0x66,%al
0x086c9739 <yuv2yuvX_sse3+73>:  movq   %mm3,%mm4
0x086c973c <yuv2yuvX_sse3+76>:  movdqa %xmm3,%xmm7
0x086c9740 <yuv2yuvX_sse3+80>:  mov    0x44(%esp),%ecx
0x086c9744 <yuv2yuvX_sse3+84>:  mov    %edi,%edx
0x086c9746 <yuv2yuvX_sse3+86>:  mov    (%edx),%esi
0x086c9748 <yuv2yuvX_sse3+88>:  nop
0x086c9749 <yuv2yuvX_sse3+89>:  lea    0x0(%esi,%eiz,1),%esi
0x086c9750 <yuv2yuvX_sse3+96>:  movddup 0x8(%edx),%xmm0
0x086c9755 <yuv2yuvX_sse3+101>: movdqa (%esi,%ecx,2),%xmm2
0x086c975a <yuv2yuvX_sse3+106>: movdqa 0x10(%esi,%ecx,2),%xmm5
0x086c9760 <yuv2yuvX_sse3+112>: add    $0x10,%edx
0x086c9763 <yuv2yuvX_sse3+115>: mov    (%edx),%esi
0x086c9765 <yuv2yuvX_sse3+117>: test   %esi,%esi
0x086c9767 <yuv2yuvX_sse3+119>: pmulhw %xmm0,%xmm2
0x086c976b <yuv2yuvX_sse3+123>: pmulhw %xmm0,%xmm5
0x086c976f <yuv2yuvX_sse3+127>: paddw  %xmm2,%xmm3
0x086c9773 <yuv2yuvX_sse3+131>: paddw  %xmm5,%xmm4
End of assembler dump.
(gdb) info all-registers
eax            0xf32091a0       -215969376
ecx            0x0      0
edx            0x8ed6218        149774872
ebx            0x168    360
esp            0xffffa6e4       0xffffa6e4
ebp            0xf32205a0       0xf32205a0
esi            0x100012 1048594
edi            0x8ed6218        149774872
eip            0x86c9755        0x86c9755 <yuv2yuvX_sse3+101>
eflags         0x210202 [ IF RF ID ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            -2147483648      (raw 0xc01e8000000000000000)
st4            123456   (raw 0x400ff120000000000000)
st5            0        (raw 0x00000000000000000000)
st6            320602061668352  (raw 0x402f91cafe0000000000)
st7            36028797018963.967998504638671875        (raw 0x402c83126e978d4fdf3b)
fctrl          0x37f    895
fstat          0x20     32
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x869d474        141153396
foseg          0x0      0
fooff          0x0      0
fop            0x5d8    1496
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x10, 0x0,
    0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10}, v8_int16 = {0x1000, 0x1000,
    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000}, v4_int32 = {0x10001000, 0x10001000, 0x10001000,
    0x10001000}, v2_int64 = {0x1000100010001000, 0x1000100010001000},
  uint128 = 0x10001000100010001000100010001000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0,
    0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x20, 0x0,
    0x0, 0x0, 0x20}, v4_int32 = {0x0, 0x200000, 0x0, 0x200000}, v2_int64 = {0x20000000000000,
    0x20000000000000}, uint128 = 0x00200000000000000020000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0,
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4, 0x0, 0x4, 0x0,
    0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16 = {0x4, 0x4, 0x4, 0x4, 0x4,
    0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004}, v2_int64 = {0x4000400040004,
    0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4, 0x0, 0x4, 0x0,
    0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16 = {0x4, 0x4, 0x4, 0x4, 0x4,
    0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004}, v2_int64 = {0x4000400040004,
    0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0,
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0,
    0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x4, 0x0, 0x4, 0x0,
    0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16 = {0x4, 0x4, 0x4, 0x4, 0x4,
    0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004}, v2_int64 = {0x4000400040004,
    0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0,
    0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4            {uint64 = 0xf120000000000000, v2_int32 = {0x0, 0xf1200000}, v4_int16 = {0x0, 0x0, 0x0,
    0xf120}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xf1}}
mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0,
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6            {uint64 = 0x91cafe0000000000, v2_int32 = {0x0, 0x91cafe00}, v4_int16 = {0x0, 0x0, 0xfe00,
    0x91ca}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0xca, 0x91}}
mm7            {uint64 = 0x83126e978d4fdf3b, v2_int32 = {0x8d4fdf3b, 0x83126e97}, v4_int16 = {0xdf3b,
    0x8d4f, 0x6e97, 0x8312}, v8_int8 = {0x3b, 0xdf, 0x4f, 0x8d, 0x97, 0x6e, 0x12, 0x83}}

comment:2 by Michael Niedermayer, 12 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.