Opened 14 years ago
Closed 14 years ago
#270 closed defect (fixed)
Crash decoding qdm2 on ia32
Reported by: | Carl Eugen Hoyos | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | git-master | Keywords: | ia32 regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
The sample from ticket #263 crashes ia32 ffmpeg since 984ece7503597d30e6f3bdeb67e337ea1616f880
(gdb) r -i qdm2-channels.mov -f null - ffmpeg version git-N-30606-g40da61e, Copyright (c) 2000-2011 the FFmpeg developers built on Jun 7 2011 12:41:25 with gcc 4.5.3 configuration: --cc='/usr/local/gcc-4.5.3/bin/gcc -m32' libavutil 51. 6. 1 / 51. 6. 1 libavcodec 53. 6. 1 / 53. 6. 1 libavformat 53. 2. 0 / 53. 2. 0 libavdevice 53. 1. 1 / 53. 1. 1 libavfilter 2. 14. 0 / 2. 14. 0 libswscale 0. 14. 1 / 0. 14. 1 [mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] Unimplemented container channel layout. [mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/MPlayer/incoming/ and contact the ffmpeg-devel mailing list. [mov,mp4,m4a,3gp,3g2,mj2 @ 0x8c60360] max_analyze_duration 5000000 reached at 5120000 Seems stream 1 codec frame rate differs from container frame rate: 15000.00 (15000/1) -> 14.99 (15000/1001) Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'qdm2-channels.mov': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2006-11-03 19:12:00 composer : This movie was made with Adobe GoLive. composer-eng : This movie was made with Adobe GoLive. Duration: 00:00:30.03, start: 0.000000, bitrate: 311 kb/s Stream #0.0(eng): Audio: qdm2, 32000 Hz, 1 channels, s16, 24 kb/s Metadata: creation_time : 2006-11-03 19:12:00 Stream #0.1(eng): Video: svq1, yuv410p, 320x240, 285 kb/s, 14.99 fps, 14.99 tbr, 15k tbn, 15k tbc Metadata: creation_time : 2006-11-03 19:12:00 Stream #0.2(eng): Data: [0][0][0][0] / 0x0000, 0 kb/s Metadata: creation_time : 2006-11-03 19:12:00 [buffer @ 0x8c5a3a0] w:320 h:240 pixfmt:yuv410p tb:1/1000000 sar:0/1 sws_param: Output #0, null, to 'pipe:': Metadata: major_brand : qt minor_version : 537199360 compatible_brands: qt creation_time : 2006-11-03 19:12:00 composer : This movie was made with Adobe GoLive. composer-eng : This movie was made with Adobe GoLive. encoder : Lavf53.2.0 Stream #0.0(eng): Video: rawvideo, yuv410p, 320x240, q=2-31, 200 kb/s, 90k tbn, 14.99 tbc Metadata: creation_time : 2006-11-03 19:12:00 Stream #0.1(eng): Audio: pcm_s16le, 32000 Hz, 1 channels, s16, 512 kb/s Metadata: creation_time : 2006-11-03 19:12:00 Stream mapping: Stream #0.1 -> #0.0 Stream #0.0 -> #0.1 Press [q] to stop, [?] for help Program received signal SIGSEGV, Segmentation fault. 0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0, unused=0xffffba5c, out=0xffff965c, incr=1) at libavcodec/x86/mpegaudiodec_mmx.c:120 120 __asm__ volatile( (gdb) bt #0 0x0849c814 in apply_window_mp3 (in=0x8c85620, win=0x8bee2e0, unused=0xffffba5c, out=0xffff965c, incr=1) at libavcodec/x86/mpegaudiodec_mmx.c:120 #1 0x0831153c in ff_mpa_synth_filter_float (s=0x8c85608, synth_buf_ptr=0x8c85620, synth_buf_offset=0x8c87620, window=0x8bee2e0, dither_state=0xffffba5c, samples=0xffff965c, incr=1, sb_samples=0x8c87640) at libavcodec/mpegaudiodsp_template.c:173 #2 0x0836d035 in qdm2_synthesis_filter (q=0x8c79de0, index=147346976) at libavcodec/qdm2.c:1616 #3 0x08370f06 in qdm2_decode (out=0xf7bc9020, in=0x8cae8c0 "\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-", q=0x8c79de0) at libavcodec/qdm2.c:1927 #4 qdm2_decode_frame (out=0xf7bc9020, in=0x8cae8c0 "\202\001}\246\212\t)\314\310\060\b\310\f.\030e\201\031\031\061%`F\027n\025\063\272p\027\062##\267\"32p\027\062\243\203\311\b\231\243\003\n\027\001\026\026\"\225D\227\304\060\261)\313\\{\aMc(\331\363\370\262E;\366\275\034\346\350\\\nW۵\272\305t\001\025M\t\372E}AL\215\347J\363a\201e\306\r\a\305\v\200-", q=0x8c79de0) at libavcodec/qdm2.c:1966 #5 0x083ed490 in avcodec_decode_audio3 (avctx=0x8c62880, samples=0xf7bc9020, frame_size_ptr=0xffffc038, avpkt=0xffffbf50) at libavcodec/utils.c:796 #6 0x080502d0 in output_packet (ist=0x8c73930, ist_index=0, ost_table=0x8c73b40, nb_ostreams=2, pkt=0xffffcdbc) at ffmpeg.c:1580 #7 0x08053726 in transcode (nb_output_files=1, input_files=0x8c5a808, nb_input_files=1, stream_maps=0x0, nb_stream_maps=0, output_files=0x8701500) at ffmpeg.c:2739 #8 0x08058f75 in main (argc=<value optimized out>, argv=<value optimized out>) at ffmpeg.c:4551 (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x849c7f4 to 0x849c834: 0x0849c7f4 <apply_window_mp3+1188>: add %al,(%eax) 0x0849c7f6 <apply_window_mp3+1190>: add %al,(%eax) 0x0849c7f8 <apply_window_mp3+1192>: fstp %st(0) 0x0849c7fa <apply_window_mp3+1194>: mov 0x1a4(%esp),%edx 0x0849c801 <apply_window_mp3+1201>: mov 0x24(%esp),%eax 0x0849c805 <apply_window_mp3+1205>: mov 0x20(%esp),%ecx 0x0849c809 <apply_window_mp3+1209>: movups 0x34(%esi),%xmm0 0x0849c80d <apply_window_mp3+1213>: shufps $0x1b,%xmm0,%xmm0 0x0849c811 <apply_window_mp3+1217>: subps (%eax),%xmm0 0x0849c814 <apply_window_mp3+1220>: movaps %xmm0,(%edx) 0x0849c817 <apply_window_mp3+1223>: movups 0x4(%ecx),%xmm0 0x0849c81b <apply_window_mp3+1227>: shufps $0x1b,%xmm0,%xmm0 0x0849c81f <apply_window_mp3+1231>: addps 0x30(%edi),%xmm0 0x0849c823 <apply_window_mp3+1235>: movaps %xmm0,0x70(%edx) 0x0849c827 <apply_window_mp3+1239>: movups 0x24(%esi),%xmm0 0x0849c82b <apply_window_mp3+1243>: shufps $0x1b,%xmm0,%xmm0 0x0849c82f <apply_window_mp3+1247>: subps 0x10(%eax),%xmm0 0x0849c833 <apply_window_mp3+1251>: movaps %xmm0,0x10(%edx) End of assembler dump. (gdb) info all-registers eax 0xffff9560 -27296 ecx 0xffff94c0 -27456 edx 0xffff965c -27044 ebx 0x8c85620 147346976 esp 0xffff9438 0xffff9438 ebp 0x8bee2e0 0x8bee2e0 esi 0xffff9470 -27536 edi 0xffff9510 -27376 eip 0x849c814 0x849c814 <apply_window_mp3+1220> eflags 0x210246 [ PF ZF IF RF ID ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99 st0 -0 (raw 0x80000000000000000000) st1 0 (raw 0x00000000000000000000) st2 0 (raw 0x00000000000000000000) st3 0 (raw 0x00000000000000000000) st4 -0 (raw 0x80000000000000000000) st5 0 (raw 0x00000000000000000000) st6 0 (raw 0x00000000000000000000) st7 0 (raw 0x00000000000000000000) fctrl 0x37f 895 fstat 0x20 32 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x849c7f8 139053048 foseg 0x0 0 fooff 0x0 0 fop 0x5d8 1496 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x17, 0xa9, 0x30, 0x6d, 0x2c, 0x2c, 0xac, 0xbb, 0x1, 0xab}, v8_int16 = {0x0, 0x0, 0x4b00, 0xa917, 0x6d30, 0x2c2c, 0xbbac, 0xab01}, v4_int32 = {0x0, 0xa9174b00, 0x2c2c6d30, 0xab01bbac}, v2_int64 = {0xa9174b0000000000, 0xab01bbac2c2c6d30}, uint128 = 0xab01bbac2c2c6d30a9174b0000000000} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xc0, 0x10, 0x64, 0xbf, 0x0 <repeats 12 times>}, v8_int16 = {0x10c0, 0xbf64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf6410c0, 0x0, 0x0, 0x0}, v2_int64 = {0xbf6410c0, 0x0}, uint128 = 0x000000000000000000000000bf6410c0} xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xac, 0xbb, 0x81, 0x3e, 0x0 <repeats 12 times>}, v8_int16 = {0xbbac, 0x3e81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x3e81bbac, 0x0, 0x0, 0x0}, v2_int64 = {0x3e81bbac, 0x0}, uint128 = 0x0000000000000000000000003e81bbac} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x43, 0x99, 0xe9, 0xbe, 0x0 <repeats 12 times>}, v8_int16 = {0x9943, 0xbee9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbee99943, 0x0, 0x0, 0x0}, v2_int64 = {0xbee99943, 0x0}, uint128 = 0x000000000000000000000000bee99943} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xee, 0xbb, 0x15, 0xbf, 0x0 <repeats 12 times>}, v8_int16 = {0xbbee, 0xbf15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xbf15bbee, 0x0, 0x0, 0x0}, v2_int64 = {0xbf15bbee, 0x0}, uint128 = 0x000000000000000000000000bf15bbee} mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
Note:
See TracTickets
for help on using tickets.
should be fixed with my next git push