Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#943 closed defect (invalid)

Segfault libaacplus

Reported by: burek Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Hi,
I don't remember having this error before with ffmpeg. I'll try to recompile libaacplus without fftw3 support to see if there are any changes to this issue.

# gdb ffmpeg_g
GNU gdb (GDB) 7.3-debian
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /root/tmp/ffmpeg/ffmpeg_g...done.

(gdb) r -y -re -i brlja.wav -acodec libaacplus -ab 32k out.aac
Starting program: /root/tmp/ffmpeg/ffmpeg_g -y -re -i brlja.wav -acodec libaacplus -ab 32k out.aac
[Thread debugging using libthread_db enabled]
ffmpeg version N-37208-g01fcbdf Copyright (c) 2000-2012 the FFmpeg developers
  built on Jan 27 2012 14:35:23 with gcc 4.6.2
  configuration: --enable-static --enable-shared --enable-gpl --enable-nonfree --enable-postproc --enable-libx264 --enable-libaacplus --enable-libmp3lame --enable-libv4l2 --enable-libvo-aacenc --enable-version3 --enable-debug
  libavutil      51. 34.101 / 51. 34.101
  libavcodec     53. 60.100 / 53. 60.100
  libavformat    53. 31.100 / 53. 31.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 60.100 /  2. 60.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  6.100 /  0.  6.100
  libpostproc    52.  0.100 / 52.  0.100
[wav @ 0x6253a0] max_analyze_duration 5000000 reached at 5034667
Input #0, wav, from 'brlja.wav':
  Duration: 00:00:21.33, bitrate: 768 kb/s
    Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 48000 Hz, 1 channels, s16, 768 kb/s
Output #0, adts, to 'out.aac':
  Metadata:
    encoder         : Lavf53.31.100
    Stream #0:0: Audio: aac, 48000 Hz, 1 channels, s16, 32 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_s16le -> libaacplus)
Press [q] to stop, [?] for help

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3af441d in ?? () from /usr/lib/libfftw3f.so.3

(gdb) bt
#0  0x00007ffff3af441d in ?? () from /usr/lib/libfftw3f.so.3
#1  0x00007ffff39fe0ab in ?? () from /usr/lib/libfftw3f.so.3
#2  0x00007ffff43db486 in CFFTN (ctx=<optimized out>, afftData=0x0, len=<optimized out>, isign=7245968) at cfftn.c:1390
#3  0x00007ffff43f2fea in mdct (fftctx=0x6d81dc, dctdata=0x6d81dc, sineWindow=<optimized out>, n=1024, ld_n=10, trigData=<optimized out>) at transform.c:128
#4  0x00007ffff43f3353 in Transform_Real (fftctx=0x6c8be8, mdctDelayBuffer=0x625cc0, timeSignal=<optimized out>, chIncrement=<optimized out>, realOut=0x6d81dc, blockType=<optimized out>) at transform.c:406
#5  0x00007ffff43e8cf9 in psyMain (fftctx=<optimized out>, timeInStride=<optimized out>, elemInfo=<optimized out>, timeSignal=<optimized out>, psyData=<optimized out>, tnsData=<optimized out>, psyConfLong=0x6c56a8, 
    psyConfShort=0x6c5ce0, psyOutChannel=0x6c5068, psyOutElement=0x6c4f70, pScratchTns=0x6dc1dc) at psy_main.c:289
#6  0x00007ffff43d4b6d in AacEncEncode (aacEnc=0x6c4640, timeSignal=<optimized out>, timeInStride=<optimized out>, ancBytes=<optimized out>, numAncBytes=<optimized out>, outBytes=<optimized out>, numOutBytes=0x7fffffffc0a8)
    at aacenc.c:310
#7  0x00007ffff43f381c in aacplusEncEncode (hEncoder=0x6c4610, inputBuffer=<optimized out>, samplesInput=<optimized out>, outputBuffer=0x702de0 "", bufferSize=<optimized out>) at aacplusenc.c:349
#8  0x00007ffff6c4a614 in avcodec_encode_audio2 () from /usr/local/lib/libavcodec.so.53
#9  0x0000000000409e6e in encode_audio_frame (s=0x694da0, ost=0x69ccb0, 
    buf=0x6fb880 "M\001L\001C\001\066\001\066\001C\001K\001A\001D\001E\001C\001P\001g\001e\001Z\001T\001f\001t\001w\001_\001H\001\060\001+\001.\001%\001\023\001\035\001\021\001\020\001\026\001(\001D\001W\001Y\001V\001O\001F\001;\001C\001,\001\022", <incomplete sequence \375>, buf_size=4096) at ffmpeg.c:1078
#10 0x000000000040c4ed in do_audio_out (ist=0x6440c0, ost=0x69ccb0, s=0x694da0, decoded_frame=<optimized out>) at ffmpeg.c:1274
#11 transcode_audio (got_output=0x7fffffffc408, pkt=0x7fffffffc2e0, ist=<optimized out>) at ffmpeg.c:2048
#12 output_packet (ist=<optimized out>, ost_table=0x69ccb0, nb_ostreams=<optimized out>, pkt=<optimized out>) at ffmpeg.c:2268
#13 0x000000000040f5f5 in transcode (output_files=0x64bc00, nb_output_files=1, input_files=0x64bbd0, nb_input_files=0) at ffmpeg.c:3047
#14 0x0000000000405f4e in main (argc=<optimized out>, argv=0x7fffffffe6c8) at ffmpeg.c:5145

Change History (6)

comment:1 by burek, 12 years ago

I can confirm that when I do "apt-get remove libfftw3-dev" and rebuild libaacplus (without fftw3), the Segfault is gone and FFmpeg works nicely :)
Still though, could that segfault be avoided anyhow? Just for the sake of stability.

comment:2 by Carl Eugen Hoyos, 12 years ago

Is there any indication that there is a bug in FFmpeg?

comment:3 by burek, 12 years ago

well I didn't say it's FFmpeg's fault, I just said:
"Still though, could that segfault be avoided anyhow? Just for the sake of stability."
it would be more acceptable if FFmpeg wouldn't crash, rather print out some error message and abort the operation.

comment:4 by Carl Eugen Hoyos, 12 years ago

Resolution: invalid
Status: newclosed

How could that be possible?

comment:5 by Andrew Wason, 12 years ago

libaacplus encoding started crashing for all samples for me after upgrading from Ubuntu Lucid to Oneiric. The bug is probably somewhere in libaacplus or libfftw3, but adding info here for when others hit this.

Oneiric now builds libfftw3 with SSE/SSE2 enabled, Lucid did not.
https://bugs.launchpad.net/ubuntu/+source/fftw3/+bug/602586

I tried building my own libfftw3 with and without --enable-sse/--enable-sse2 and if I enable SSE then libaacplus crashes, leave it disabled and it works.

Here's a stack trace with libftw3 symbols when SSE is enabled:

Starting program: /home/aw/Projects/encoder/foundation/codex-foundation/scratch/7.0.4-dirty-debug/codex-foundation_7.0.4-dirty-debug_amd64/debian/opt/motionbox/foundation/7.0.4-dirty-debug/bin/ffmpeg -i /tmp/test.avi -codec:a libaacplus -b:a 64k -ar 44100 -ac 2 -vn -y /tmp/out.mp4
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff177af68 in LDA (x=0x6634cc, ivs=2, aligned_like=0x6634cc)
    at ../../../simd-support/simd-sse2.h:110
110	     return *(const V *)x;
(gdb) p x
$1 = (const R *) 0x6634cc
(gdb) p *x
$2 = 0
#0  0x00007ffff177af68 in LDA (x=0x6634cc, ivs=2, aligned_like=0x6634cc)
    at ../../../simd-support/simd-sse2.h:110
#1  0x00007ffff177b3a7 in t3fv_16 (ri=0x6634cc, ii=0x6634d0, W=0x6e2940, 
    rs=0x6e2520, mb=0, me=32, ms=2) at ../common/t3fv_16.c:268
#2  0x00007ffff14fa311 in apply (ego_=0x6def10, rio=0x6634cc, iio=0x6634d0)
    at dftw-direct.c:53
#3  0x00007ffff14f9906 in apply_dit (ego_=0x6de7d0, ri=0x6634cc, ii=0x6634d0, 
    ro=0x6634cc, io=0x6634d0) at ct.c:44
#4  0x00007ffff167a4e6 in fftwf_execute_dft (p=0x63bc60, in=0x6634cc, 
    out=0x6634cc) at execute-dft.c:29
#5  0x00007ffff28204e4 in CFFTN (ctx=<optimized out>, 
    afftData=<optimized out>, len=<optimized out>, isign=<optimized out>)
    at cfftn.c:1390
#6  0x00007ffff283801e in mdct (fftctx=<optimized out>, dctdata=0x6634cc, 
    sineWindow=<optimized out>, n=1024, ld_n=10, trigData=<optimized out>)
    at transform.c:128
#7  0x00007ffff283836b in Transform_Real (fftctx=0x653ed8, 
    mdctDelayBuffer=0x638220, timeSignal=0x653ef8, chIncrement=2, 
    realOut=0x6634cc, blockType=<optimized out>) at transform.c:406
#8  0x00007ffff282dd58 in psyMain (fftctx=0x653ed8, timeInStride=2, 
    elemInfo=0x64f950, timeSignal=0x653ef8, psyData=0x651218, 
    tnsData=0x652c88, psyConfLong=0x650998, psyConfShort=0x650fd0, 
    psyOutChannel=0x650358, psyOutElement=0x650260, pScratchTns=0x6674cc)
    at psy_main.c:299
#9  0x00007ffff2819bac in AacEncEncode (aacEnc=0x64f930, 
    timeSignal=<optimized out>, timeInStride=<optimized out>, 
    ancBytes=0x65af84 "\337\250\025\320\200", numAncBytes=<optimized out>, 
    outBytes=<optimized out>, numOutBytes=0x7fffffffc7bc) at aacenc.c:310
#10 0x00007ffff2838dbb in aacplusEncEncode (hEncoder=0x64f900, 
    inputBuffer=<optimized out>, samplesInput=<optimized out>, 
    outputBuffer=0x731d30 "S\277\366E", bufferSize=<optimized out>)
    at aacplusenc.c:349
#11 0x00007ffff6a5a517 in aacPlus_encode_frame (avctx=0x637520, 
    frame=0x731d30 "S\277\366E", buf_size=64584, data=0x6e3150)
    at libavcodec/libaacplus.c:106
#12 0x00007ffff6bc6565 in avcodec_encode_audio (avctx=0x637520, 
    buf=0x731d30 "S\277\366E", buf_size=64584, samples=0x6e3150)
    at libavcodec/utils.c:728
#13 0x0000000000407378 in do_audio_out (s=0x636d70, ost=0x6379d0, 
    ist=0x62e900, 
    buf=0x702f20 "\332\331\331\331a\302a\302\002\317\002\317+\344*\344\313\332\314\332N\330N\330\332\335\334\335\266\337\265\337e\367d\367\036\374\035\374{\333{\333\245\341\244\341", size=4096) at ffmpeg.c:970
#14 0x000000000040ab91 in output_packet (ist=0x62e900, ist_index=1, 
    ost_table=0x6379d0, nb_ostreams=1, pkt=0x7fffffffcce0) at ffmpeg.c:1872
#15 0x000000000040e158 in transcode (output_files=0x637ce0, nb_output_files=1, 
    input_files=0x62e980, nb_input_files=1) at ffmpeg.c:2632
#16 0x00000000004150e2 in main (argc=14, argv=0x7fffffffe398) at ffmpeg.c:4473

comment:6 by reimar, 12 years ago

Well, it might be possible that this has something with insufficient padding or alignment to do.
In that case a valgrind trace might help figuring it out.
A disassembly of the crashing code would help, too.
But the address it crashes on does not seem to come from FFmpeg so I would assume some internal issue in libaacplus.
Since gdb seems fine with the address, it seems most likely that the fact that it is only 4-byte aligned causes the crash.

Note: See TracTickets for help on using tickets.