[FFmpeg-trac] #474(avcodec:new): SIG SEV in clear_blocks_sse in ff_h263_decode_mb
FFmpeg
trac at avcodec.org
Fri Sep 16 18:11:38 CEST 2011
#474: SIG SEV in clear_blocks_sse in ff_h263_decode_mb
-----------------------------------+-----------------------------------
Reporter: sgarcia | Owner:
Type: defect | Status: new
Priority: important | Component: avcodec
Version: git | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+-----------------------------------
Comment (by sgarcia):
Hi
I am using it for a multiconference application, so it is decoding rtp
video data. I could try to dump the h263 stream to a file to check if it
makes ffmpeg crash. The problem ususally happen on situations with big
packets losses that could cause damaged h263 streams.
I add the padding to the buffer, but it is not alligned (anyway it does
not crash inmediatelly).
I have got the full info from another core dump:
(gdb) bt
#0 0x00e81882 in clear_blocks_sse (blocks=0xb36202e0) at
libavcodec/x86/dsputil_mmx.c:539
#1 0x00c7ec39 in ff_h263_decode_mb (s=0xb3600a60, block=0xb36202e0) at
libavcodec/ituh263dec.c:634
#2 0x00bcef1f in decode_slice (s=0xb3600a60) at libavcodec/h263dec.c:215
#3 0x00bd0059 in ff_h263_decode_frame (avctx=0xb3600520, data=0xb3600940,
data_size=0xb15fbc40, avpkt=0xb15fbbfc) at libavcodec/h263dec.c:671
#4 0x00dec1e1 in avcodec_decode_video2 (avctx=0xb3600520,
picture=0xb3600940, got_picture_ptr=0xb15fbc40, avpkt=0xb15fbbfc) at
libavcodec/utils.c:772
#5 0x080c493d in H263Decoder::DecodePacket (this=0xb36004c8,
in=0xb15fbcc4 "", inLen=308, lost=0, last=1) at
/usr/local/src/mcu/media/src/h263/h263codec.cpp:476
#6 0x08077852 in VideoStream::RecVideo (this=0xb6a122d0) at
/usr/local/src/mcu/media/src/videostream.cpp:668
#7 0x08076b17 in VideoStream::startReceivingVideo (par=0xb6a122d0) at
/usr/local/src/mcu/media/src/videostream.cpp:190
#8 0x001239e9 in start_thread () from /lib/libpthread.so.0
#9 0x0066ff3e in clone () from /lib/libc.so.6
(gdb) bt
#0 0x00e81882 in clear_blocks_sse (blocks=0xb36202e0) at
libavcodec/x86/dsputil_mmx.c:539
#1 0x00c7ec39 in ff_h263_decode_mb (s=0xb3600a60, block=0xb36202e0) at
libavcodec/ituh263dec.c:634
#2 0x00bcef1f in decode_slice (s=0xb3600a60) at libavcodec/h263dec.c:215
#3 0x00bd0059 in ff_h263_decode_frame (avctx=0xb3600520, data=0xb3600940,
data_size=0xb15fbc40, avpkt=0xb15fbbfc) at libavcodec/h263dec.c:671
#4 0x00dec1e1 in avcodec_decode_video2 (avctx=0xb3600520,
picture=0xb3600940, got_picture_ptr=0xb15fbc40, avpkt=0xb15fbbfc) at
libavcodec/utils.c:772
#5 0x080c493d in H263Decoder::DecodePacket (this=0xb36004c8,
in=0xb15fbcc4 "", inLen=308, lost=0, last=1) at
/usr/local/src/mcu/media/src/h263/h263codec.cpp:476
#6 0x08077852 in VideoStream::RecVideo (this=0xb6a122d0) at
/usr/local/src/mcu/media/src/videostream.cpp:668
#7 0x08076b17 in VideoStream::startReceivingVideo (par=0xb6a122d0) at
/usr/local/src/mcu/media/src/videostream.cpp:190
#8 0x001239e9 in start_thread () from /lib/libpthread.so.0
#9 0x0066ff3e in clone () from /lib/libc.so.6
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xe81862 to 0xe818a2:
0x00e81862 <clear_blocks_sse+18>: movaps %xmm0,(%edx,%eax,1)
0x00e81866 <clear_blocks_sse+22>: movaps %xmm0,0x10(%edx,%eax,1)
0x00e8186b <clear_blocks_sse+27>: movaps %xmm0,0x20(%edx,%eax,1)
0x00e81870 <clear_blocks_sse+32>: movaps %xmm0,0x30(%edx,%eax,1)
0x00e81875 <clear_blocks_sse+37>: movaps %xmm0,0x40(%edx,%eax,1)
0x00e8187a <clear_blocks_sse+42>: movaps %xmm0,0x50(%edx,%eax,1)
0x00e8187f <clear_blocks_sse+47>: movaps %xmm0,0x60(%edx,%eax,1)
0x00e81884 <clear_blocks_sse+52>: movaps %xmm0,0x70(%edx,%eax,1)
0x00e81889 <clear_blocks_sse+57>: add $0x80,%eax
0x00e8188e <clear_blocks_sse+62>: js 0xe81862
<clear_blocks_sse+18>
0x00e81890 <clear_blocks_sse+64>: ret
0x00e81891: jmp 0xe818a0 <add_bytes_mmx>
0x00e81893: nop
0x00e81894: nop
0x00e81895: nop
0x00e81896: nop
0x00e81897: nop
0x00e81898: nop
0x00e81899: nop
0x00e8189a: nop
0x00e8189b: nop
0x00e8189c: nop
0x00e8189d: nop
0x00e8189e: nop
0x00e8189f: nop
0x00e818a0 <add_bytes_mmx+0>: push %esi
0x00e818a1 <add_bytes_mmx+1>: xor %edx,%edx
End of assembler dump.
(gdb) info all-registers
eax 0x0 0
ecx 0x1170da0 18288032
edx 0xb36205e0 -1285421600
ebx 0xb3600a60 -1285551520
esp 0xb15fb94c 0xb15fb94c
ebp 0x0 0x0
esi 0x7 7
edi 0x938d 37773
eip 0xe81882 0xe81882 <clear_blocks_sse+50>
eflags 0x10286 [ PF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 -nan(0x8c8c8b8b8c8c8a8a) (raw 0xffff8c8c8b8b8c8c8a8a)
st1 -nan(0x8c008c008b008b) (raw 0xffff008c008c008b008b)
st2 -nan(0x8c8c8b8b8c8b8a8a) (raw 0xffff8c8c8b8b8c8b8a8a)
st3 -nan(0x8c008c008b008b) (raw 0xffff008c008c008b008b)
st4 -nan(0x8b008b008a008a) (raw 0xffff008b008b008a008a)
st5 -nan(0x8a008a0089008a) (raw 0xffff008a008a0089008a)
st6 -nan(0x8b008b008a008a) (raw 0xffff008b008b008a008a)
st7 -inf (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xaaaa 43690
fiseg 0x73 115
fioff 0x80779d7 134707671
foseg 0x7b 123
fooff 0xb15fc2c4 -1319124284
fop 0x144 324
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x57000000, 0x75700000, 0x55400000,
0x55400000}, v2_double = {0x8000000000000000, 0x8000000000000000},
v16_int8 = {0x57, 0x56, 0x56, 0x57,
0x57, 0x57, 0x56, 0x55, 0x54, 0x55, 0x55, 0x55, 0x55, 0x55, 0x54,
0x56}, v8_int16 = {0x5657, 0x5756, 0x5757, 0x5556, 0x5554, 0x5555, 0x5555,
0x5654}, v4_int32 = {
0x57565657, 0x55565757, 0x55555554, 0x56545555}, v2_int64 =
{0x5556575757565657, 0x5654555555555554}, uint128 =
0x56545555555555545556575757565657}
xmm2 {v4_float = {0x57000000, 0x65700000, 0x51540000,
0x55500000}, v2_double = {0x8000000000000000, 0x8000000000000000},
v16_int8 = {0x57, 0x56, 0x57, 0x57,
0x57, 0x56, 0x56, 0x55, 0x55, 0x54, 0x54, 0x54, 0x55, 0x55, 0x54,
0x55}, v8_int16 = {0x5657, 0x5757, 0x5657, 0x5556, 0x5455, 0x5454, 0x5555,
0x5554}, v4_int32 = {
0x57575657, 0x55565657, 0x54545455, 0x55545555}, v2_int64 =
{0x5556565757575657, 0x5554555554545455}, uint128 =
0x55545555545454555556565757575657}
xmm3 {v4_float = {0xd5800000, 0x55600000, 0x54560000,
0x51500000}, v2_double = {0x8000000000000000, 0x8000000000000000},
v16_int8 = {0x56, 0x57, 0x57, 0x56,
0x56, 0x55, 0x55, 0x55, 0x56, 0x54, 0x53, 0x53, 0x54, 0x54, 0x53,
0x54}, v8_int16 = {0x5756, 0x5657, 0x5556, 0x5555, 0x5456, 0x5353, 0x5454,
0x5453}, v4_int32 = {
0x56575756, 0x55555556, 0x53535456, 0x54535454}, v2_int64 =
{0x5555555656575756, 0x5453545453535456}, uint128 =
0x54535454535354565555555656575756}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x8c8c8b8b8c8c8a8a, v2_int32 = {0x8c8c8a8a,
0x8c8c8b8b}, v4_int16 = {0x8a8a, 0x8c8c, 0x8b8b, 0x8c8c}, v8_int8 = {0x8a,
0x8a, 0x8c, 0x8c, 0x8b,
0x8b, 0x8c, 0x8c}}
mm1 {uint64 = 0x8c008c008b008b, v2_int32 = {0x8b008b,
0x8c008c}, v4_int16 = {0x8b, 0x8b, 0x8c, 0x8c}, v8_int8 = {0x8b, 0x0,
0x8b, 0x0, 0x8c, 0x0, 0x8c, 0x0}}
mm2 {uint64 = 0x8c8c8b8b8c8b8a8a, v2_int32 = {0x8c8b8a8a,
0x8c8c8b8b}, v4_int16 = {0x8a8a, 0x8c8b, 0x8b8b, 0x8c8c}, v8_int8 = {0x8a,
0x8a, 0x8b, 0x8c, 0x8b,
0x8b, 0x8c, 0x8c}}
mm3 {uint64 = 0x8c008c008b008b, v2_int32 = {0x8b008b,
0x8c008c}, v4_int16 = {0x8b, 0x8b, 0x8c, 0x8c}, v8_int8 = {0x8b, 0x0,
0x8b, 0x0, 0x8c, 0x0, 0x8c, 0x0}}
mm4 {uint64 = 0x8b008b008a008a, v2_int32 = {0x8a008a,
0x8b008b}, v4_int16 = {0x8a, 0x8a, 0x8b, 0x8b}, v8_int8 = {0x8a, 0x0,
0x8a, 0x0, 0x8b, 0x0, 0x8b, 0x0}}
mm5 {uint64 = 0x8a008a0089008a, v2_int32 = {0x89008a,
0x8a008a}, v4_int16 = {0x8a, 0x89, 0x8a, 0x8a}, v8_int8 = {0x8a, 0x0,
0x89, 0x0, 0x8a, 0x0, 0x8a, 0x0}}
mm6 {uint64 = 0x8b008b008a008a, v2_int32 = {0x8a008a,
0x8b008b}, v4_int16 = {0x8a, 0x8a, 0x8b, 0x8b}, v8_int8 = {0x8a, 0x0,
0x8a, 0x0, 0x8b, 0x0, 0x8b, 0x0}}
mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
(gdb)
BR
Sergio
--
Ticket URL: <https://avcodec.org/trac/ffmpeg/ticket/474#comment:2>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list