Opened 11 years ago
Closed 10 years ago
#3410 closed defect (fixed)
v4l2 crash
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | undetermined |
| Version: | git-master | Keywords: | v4l2 crash regression SIGSEGV |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
v4l2 input crashes here in libswscale if I force uyvy422, this is a regression since a05a44e2
The ffplay crash is not reproducible with valgrind, the crash with ffmpeg is only reproducible with valgrind.
$ valgrind ./ffmpeg_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0 -pix_fmt yuv420p -f null -
==3446== Memcheck, a memory error detector
==3446== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==3446== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==3446== Command: ./ffmpeg_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0 -pix_fmt yuv420p -f null -
==3446==
ffmpeg version N-60842-g72e6913 Copyright (c) 2000-2014 the FFmpeg developers
built on Feb 23 2014 19:27:16 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 52. 65.100 / 52. 65.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 1.103 / 4. 1.103
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
libpostproc 52. 3.100 / 52. 3.100
Input #0, video4linux2,v4l2, from '/dev/video0':
Duration: N/A, start: 1393181634.113993, bitrate: 176947 kb/s
Stream #0:0: Video: rawvideo (UYVY / 0x59565955), uyvy422, 768x576, 176947 kb/s, 25 fps, 25 tbr, 1000k tbn, 1000k tbc
==3446== Invalid read of size 8
==3446== at 0x6ADD59F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==3446== by 0x6A918A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==3446== by 0xD1684E: av_strtod (eval.c:98)
==3446== by 0xD17094: parse_primary (eval.c:324)
==3446== by 0xD17B20: parse_factor (eval.c:483)
==3446== by 0xD17D1B: parse_term (eval.c:532)
==3446== by 0xD16DDE: parse_expr (eval.c:556)
==3446== by 0xD17F1C: av_expr_parse (eval.c:673)
==3446== by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446== by 0x4CA1F6: config_props (vf_scale.c:256)
==3446== by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446== by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446== Address 0x75a61e0 is 0 bytes inside a block of size 3 alloc'd
==3446== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446== by 0xD1F229: av_malloc (mem.c:94)
==3446== by 0xD17E65: av_expr_parse (eval.c:650)
==3446== by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446== by 0x4CA1F6: config_props (vf_scale.c:256)
==3446== by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446== by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446== by 0x4922EE: avfilter_graph_config (avfiltergraph.c:276)
==3446== by 0x4788B2: configure_filtergraph (ffmpeg_filter.c:901)
==3446== by 0x4832E6: transcode_init (ffmpeg.c:2488)
==3446== by 0x4677C8: main (ffmpeg.c:3413)
==3446==
==3446== Invalid read of size 8
==3446== at 0x6ADD5A7: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==3446== by 0x6A918A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==3446== by 0xD1684E: av_strtod (eval.c:98)
==3446== by 0xD17094: parse_primary (eval.c:324)
==3446== by 0xD17B20: parse_factor (eval.c:483)
==3446== by 0xD17D1B: parse_term (eval.c:532)
==3446== by 0xD16DDE: parse_expr (eval.c:556)
==3446== by 0xD17F1C: av_expr_parse (eval.c:673)
==3446== by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446== by 0x4CA1F6: config_props (vf_scale.c:256)
==3446== by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446== by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446== Address 0x75a61e8 is 5 bytes after a block of size 3 alloc'd
==3446== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3446== by 0xD1F229: av_malloc (mem.c:94)
==3446== by 0xD17E65: av_expr_parse (eval.c:650)
==3446== by 0xD18063: av_expr_parse_and_eval (eval.c:710)
==3446== by 0x4CA1F6: config_props (vf_scale.c:256)
==3446== by 0x48E10C: avfilter_config_links (avfilter.c:254)
==3446== by 0x48E0EF: avfilter_config_links (avfilter.c:243)
==3446== by 0x4922EE: avfilter_graph_config (avfiltergraph.c:276)
==3446== by 0x4788B2: configure_filtergraph (ffmpeg_filter.c:901)
==3446== by 0x4832E6: transcode_init (ffmpeg.c:2488)
==3446== by 0x4677C8: main (ffmpeg.c:3413)
==3446==
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf55.33.100
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 768x576, q=2-31, 200 kb/s, 90k tbn, 25 tbc
Stream mapping:
Stream #0:0 -> #0:0 (rawvideo -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x743c140] Encoder did not produce proper pts, making some up.
==3446== Invalid read of size 8
==3446== at 0xD09308: uyvytoyuv420_mmxext (rgb2rgb_template.c:2147)
==3446== by 0xCFED7D: uyvyToYuv420Wrapper (swscale_unscaled.c:287)
==3446== by 0xCC3060: sws_scale (swscale.c:1101)
==3446== by 0x4CAEB4: filter_frame (vf_scale.c:423)
==3446== by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446== by 0x48F360: default_filter_frame (avfilter.c:1161)
==3446== by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446== by 0x48FF58: ff_filter_frame (avfilter.c:1161)
==3446== by 0x494011: request_frame (buffersrc.c:500)
==3446== by 0x4942AA: av_buffersrc_add_frame_internal (buffersrc.c:181)
==3446== by 0x49463C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==3446== by 0x47D119: decode_video (ffmpeg.c:1835)
==3446== Address 0x420aff9 is not stack'd, malloc'd or (recently) free'd
==3446==
==3446==
==3446== Process terminating with default action of signal 11 (SIGSEGV)
==3446== Access not within mapped region at address 0x420B000
==3446== at 0xD09308: uyvytoyuv420_mmxext (rgb2rgb_template.c:2147)
==3446== by 0xCFED7D: uyvyToYuv420Wrapper (swscale_unscaled.c:287)
==3446== by 0xCC3060: sws_scale (swscale.c:1101)
==3446== by 0x4CAEB4: filter_frame (vf_scale.c:423)
==3446== by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446== by 0x48F360: default_filter_frame (avfilter.c:1161)
==3446== by 0x48EE59: ff_filter_frame_framed (avfilter.c:1081)
==3446== by 0x48FF58: ff_filter_frame (avfilter.c:1161)
==3446== by 0x494011: request_frame (buffersrc.c:500)
==3446== by 0x4942AA: av_buffersrc_add_frame_internal (buffersrc.c:181)
==3446== by 0x49463C: av_buffersrc_add_frame_flags (buffersrc.c:106)
==3446== by 0x47D119: decode_video (ffmpeg.c:1835)
==3446== If you believe this happened as a result of a stack
==3446== overflow in your program's main thread (unlikely but
==3446== possible), you can try to increase the size of the
==3446== main thread stack using the --main-stacksize= flag.
==3446== The main thread stack size used in this run was 8388608.
==3446==
==3446== HEAP SUMMARY:
==3446== in use at exit: 718,853 bytes in 134 blocks
==3446== total heap usage: 2,554 allocs, 2,420 frees, 2,775,626 bytes allocated
==3446==
==3446== LEAK SUMMARY:
==3446== definitely lost: 0 bytes in 0 blocks
==3446== indirectly lost: 0 bytes in 0 blocks
==3446== possibly lost: 2,448 bytes in 9 blocks
==3446== still reachable: 716,405 bytes in 125 blocks
==3446== suppressed: 0 bytes in 0 blocks
==3446== Rerun with --leak-check=full to see details of leaked memory
==3446==
==3446== For counts of detected and suppressed errors, rerun with: -v
==3446== ERROR SUMMARY: 7 errors from 3 contexts (suppressed: 2 from 2)
Killed
(gdb) r -f v4l2 -pix_fmt uyvy422 -i /dev/video0
Starting program: /home/cehoyos/test/cehoyos/FFmpeg/ffplay_g -f v4l2 -pix_fmt uyvy422 -i /dev/video0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffplay version N-60842-g72e6913 Copyright (c) 2003-2014 the FFmpeg developers
built on Feb 23 2014 19:27:16 with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 52. 65.100 / 52. 65.100
libavcodec 55. 52.102 / 55. 52.102
libavformat 55. 33.100 / 55. 33.100
libavdevice 55. 10.100 / 55. 10.100
libavfilter 4. 1.103 / 4. 1.103
libswscale 2. 5.101 / 2. 5.101
libswresample 0. 17.104 / 0. 17.104
libpostproc 52. 3.100 / 52. 3.100
Option -pix_fmt is deprecated, use -pixel_format.
[New Thread 0x7ffff59eb700 (LWP 3562)]
[New Thread 0x7ffff48c8700 (LWP 3563)]
[New Thread 0x7ffff3fc6700 (LWP 3564)]
Input #0, video4linux2,v4l2, from '/dev/video0':B sq= 0B f=0/0
Duration: N/A, start: 1393181754.236851, bitrate: 176947 kb/s
Stream #0:0: Video: rawvideo (UYVY / 0x59565955), uyvy422, 768x576, 176947 kb/s, 25 fps, 25 tbr, 1000k tbn, 1000k tbc
[New Thread 0x7ffff27bd700 (LWP 3565)]
[New Thread 0x7ffff1fbc700 (LWP 3566)]
[New Thread 0x7ffff17bb700 (LWP 3567)]
[New Thread 0x7ffff0fba700 (LWP 3568)]
[New Thread 0x7fffebfff700 (LWP 3569)]
[New Thread 0x7fffeb7fe700 (LWP 3570)]
[New Thread 0x7fffeaffd700 (LWP 3571)]
[New Thread 0x7fffea7fc700 (LWP 3572)]
[New Thread 0x7fffe9ffb700 (LWP 3573)]
[New Thread 0x7fffe97fa700 (LWP 3574)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff27bd700 (LWP 3565)]
0x0000000000cfaef8 in extract_even_mmxext (count=<optimized out>, dst=0x7fffe4078fa0 "", src=0x7ffff37c6001 "") at libswscale/x86/rgb2rgb_template.c:2147
2147 __asm__ volatile(
(gdb) bt
#0 0x0000000000cfaef8 in extract_even_mmxext (count=<optimized out>,
dst=0x7fffe4078fa0 "", src=0x7ffff37c6001 "")
at libswscale/x86/rgb2rgb_template.c:2147
#1 uyvytoyuv420_mmxext (ydst=<optimized out>, udst=0x7fffe4093e80 "",
vdst=0x7fffe40aef00 "", src=<optimized out>, width=768, height=576,
lumStride=768, chromStride=384, srcStride=1536)
at libswscale/x86/rgb2rgb_template.c:2439
#2 0x0000000000cf096e in uyvyToYuv420Wrapper (c=0x7fffe40037a0, src=<optimized out>,
srcStride=<optimized out>, srcSliceY=0, srcSliceH=576, dstParam=0x7ffff27bc710,
dstStride=0x7ffff27bc6e0) at libswscale/swscale_unscaled.c:287
#3 0x0000000000cb4c51 in sws_scale (c=<optimized out>,
srcSlice=srcSlice@entry=0x7ffff27bc800, srcStride=srcStride@entry=0x7ffff27bc7c0,
srcSliceY=srcSliceY@entry=0, srcSliceH=576, dst=dst@entry=0x7ffff27bc820,
dstStride=0x7ffff27bc7d0) at libswscale/swscale.c:1101
#4 0x00000000004bcaa5 in scale_slice (field=<optimized out>, mul=<optimized out>,
h=<optimized out>, sws=<optimized out>, cur_pic=<optimized out>,
out_buf=<optimized out>, link=<optimized out>, y=<optimized out>)
at libavfilter/vf_scale.c:423
#5 filter_frame (link=link@entry=0x7fffe40033c0, in=0x7fffe400ca80)
at libavfilter/vf_scale.c:520
#6 0x0000000000480a4a in ff_filter_frame_framed (link=link@entry=0x7fffe40033c0,
frame=0x7ffff37c6000, frame@entry=0x7fffe400ca80) at libavfilter/avfilter.c:1081
#7 0x0000000000481b49 in ff_filter_frame (link=link@entry=0x7fffe40033c0,
frame=0x7fffe400ca80) at libavfilter/avfilter.c:1161
#8 0x0000000000485c02 in request_frame (link=0x7fffe40033c0)
at libavfilter/buffersrc.c:500
#9 0x0000000000480e2a in ff_request_frame (link=0x7fffe40033c0)
at libavfilter/avfilter.c:346
#10 0x0000000000480e94 in ff_request_frame (link=0x7fffe4003660)
at libavfilter/avfilter.c:348
#11 0x0000000000480e94 in ff_request_frame (link=link@entry=0x7fffe4003280)
at libavfilter/avfilter.c:348
#12 0x0000000000485428 in av_buffersink_get_frame_flags (
ctx=ctx@entry=0x7fffe40026a0, frame=0x7fffe40008c0, flags=0,
flags@entry=-469755424) at libavfilter/buffersink.c:138
#13 0x00000000004731b5 in video_thread (arg=0x7ffff3fc7040) at ffplay.c:1972
#14 0x00007ffff6f0ae96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#15 0x00007ffff6f4dcd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#16 0x00007ffff6ce4e0e in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff60f82cd in clone () from /lib64/libc.so.6
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xcfaed8 to 0xcfaf18:
0x0000000000cfaed8 <uyvytoyuv420_mmxext+152>: mov %r12,%rax
0x0000000000cfaedb <uyvytoyuv420_mmxext+155>: jge 0xcfaf23 <uyvytoyuv420_mmxext+227>
0x0000000000cfaedd <uyvytoyuv420_mmxext+157>: mov -0x20(%rsp),%rax
0x0000000000cfaee2 <uyvytoyuv420_mmxext+162>: pcmpeqw %mm7,%mm7
0x0000000000cfaee5 <uyvytoyuv420_mmxext+165>: psrlw $0x8,%mm7
0x0000000000cfaee9 <uyvytoyuv420_mmxext+169>: movq -0x1e(%rdi,%rax,2),%mm0
0x0000000000cfaeee <uyvytoyuv420_mmxext+174>: movq -0x16(%rdi,%rax,2),%mm1
0x0000000000cfaef3 <uyvytoyuv420_mmxext+179>: movq -0xe(%rdi,%rax,2),%mm2
=> 0x0000000000cfaef8 <uyvytoyuv420_mmxext+184>: movq -0x6(%rdi,%rax,2),%mm3
0x0000000000cfaefd <uyvytoyuv420_mmxext+189>: pand %mm7,%mm0
0x0000000000cfaf00 <uyvytoyuv420_mmxext+192>: pand %mm7,%mm1
0x0000000000cfaf03 <uyvytoyuv420_mmxext+195>: pand %mm7,%mm2
0x0000000000cfaf06 <uyvytoyuv420_mmxext+198>: pand %mm7,%mm3
0x0000000000cfaf09 <uyvytoyuv420_mmxext+201>: packuswb %mm1,%mm0
0x0000000000cfaf0c <uyvytoyuv420_mmxext+204>: packuswb %mm3,%mm2
0x0000000000cfaf0f <uyvytoyuv420_mmxext+207>: movntq %mm0,-0xf(%rcx,%rax,1)
0x0000000000cfaf14 <uyvytoyuv420_mmxext+212>: movntq %mm2,-0x7(%rcx,%rax,1)
End of assembler dump.
(gdb) info all-register
rax 0xffffffffffffffff -1
rbx 0x7fffe4093e80 140737019199104
rcx 0x7fffe4078fa0 140737019088800
rdx 0x7fffe40aef00 140737019309824
rsi 0x7ffff37c6000 140737278402560
rdi 0x7ffff37c6001 140737278402561
rbp 0x7fffe40aef00 0x7fffe40aef00
rsp 0x7ffff27bc5c8 0x7ffff27bc5c8
r8 0x600 1536
r9 0x240 576
r10 0x7fffe4079000 140737019088896
r11 0x23f 575
r12 0xfffffffffffffd00 -768
r13 0x600 1536
r14 0x1 1
r15 0x180 384
rip 0xcfaef8 0xcfaef8 <uyvytoyuv420_mmxext+184>
eflags 0x10286 [ PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 -nan(0x7e177f1080117e12) (raw 0xffff7e177f1080117e12)
st1 -nan(0x80107f15801e7e1e) (raw 0xffff80107f15801e7e1e)
st2 -nan(0x80187e147f107f10) (raw 0xffff80187e147f107f10)
st3 -nan(0x13001700150019) (raw 0xffff0013001700150019)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 -nan(0xff00ff00ff00ff) (raw 0xffff00ff00ff00ff00ff)
fctrl 0x37f 895
fstat 0x0 0
ftag 0x95aa 38314
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x95, 0x98, 0x1, 0x0, 0x69, 0x4, 0x2, 0x0, 0x4b, 0x64, 0x0, 0x0, 0x1f, 0xd0, 0x0 <repeats 18 times>}, v16_int16 = {0x9895, 0x1, 0x469, 0x2, 0x644b, 0x0, 0xd01f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x19895, 0x20469, 0x644b, 0xd01f, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2046900019895, 0xd01f0000644b, 0x0, 0x0}, v2_int128 = {0x0000d01f0000644b0002046900019895, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x61, 0x75, 0x74, 0x6f, 0x0, 0x7f, 0x0, 0x0, 0xe0, 0x1a, 0x0, 0xe4, 0xff, 0x7f, 0x0 <repeats 18 times>}, v16_int16 = {0x7561, 0x6f74, 0x7f00, 0x0, 0x1ae0, 0xe400, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6f747561, 0x7f00, 0xe4001ae0, 0x7fff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x7f006f747561, 0x7fffe4001ae0, 0x0, 0x0}, v2_int128 = {0x00007fffe4001ae000007f006f747561, 0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x1, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x63, 0x5f, 0x76, 0x5f, 0x63, 0x68, 0x72, 0x5f, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x5f63, 0x5f76, 0x6863, 0x5f72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x3ff00000, 0x5f765f63, 0x5f726863, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3ff0000000000000, 0x5f7268635f765f63, 0x0, 0x0}, v2_int128 = {0x5f7268635f765f633ff0000000000000, 0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x73, 0x6d, 0x70, 0x74, 0x65, 0x31, 0x37, 0x30, 0x6d, 0x0, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x0 <repeats 16 times>}, v16_int16 = {0x6d73, 0x7470, 0x3165, 0x3037, 0x6d, 0x6e49, 0x6176, 0x696c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x74706d73, 0x30373165, 0x6e49006d, 0x696c6176, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3037316574706d73, 0x696c61766e49006d, 0x0, 0x0}, v2_int128 = {0x696c61766e49006d3037316574706d73, 0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x3, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x20, 0x20, 0x0, 0x0}, v32_int8 = {0x40 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x40404040, 0x40404040, 0x40404040, 0x40404040, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4040404040404040, 0x4040404040404040, 0x0, 0x0}, v2_int128 = {0x40404040404040404040404040404040, 0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x5b <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x5b5b5b5b5b5b5b5b, 0x5b5b5b5b5b5b5b5b, 0x0, 0x0}, v2_int128 = {0x5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b, 0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x20 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x2020202020202020, 0x2020202020202020, 0x0, 0x0}, v2_int128 = {0x20202020202020202020202020202020, 0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0xff, 0x0, 0x0, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0xff, 0xffff0000, 0xffffffff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff00000000, 0xffffffffffff0000, 0x0, 0x0}, v2_int128 = {0xffffffffffff0000000000ff00000000, 0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xff, 0xff, 0x0 <repeats 17 times>}, v16_int16 = {0x0, 0xff00, 0x0, 0x0, 0xff00, 0x0, 0xff00, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xff000000, 0x0, 0xff00, 0xffff00, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff000000, 0xffff000000ff00, 0x0, 0x0}, v2_int128 = {0x00ffff000000ff0000000000ff000000, 0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3cc40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3cc4000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003cc4000000000000, 0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0xbc598000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xbc59800000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000bc59800000000000, 0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53, 0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3c5324f0e883858e, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003c5324f0e883858e, 0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2d, 0x0, 0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046, 0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4046dfb516f209c0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004046dfb516f209c0, 0x00000000000000000000000000000000}}
The following workaround avoids the crash:
diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c
index 96a272c..0a02dd1 100644
--- a/libavdevice/v4l2.c
+++ b/libavdevice/v4l2.c
@@ -531,7 +531,7 @@ static int mmap_read_frame(AVFormatContext *ctx, AVPacket *pkt)
}
/* Image is at s->buff_start[buf.index] */
- if (avpriv_atomic_int_get(&s->buffers_queued) == FFMAX(s->buffers / 8, 1)) {
+ if (1 || avpriv_atomic_int_get(&s->buffers_queued) == FFMAX(s->buffers / 8, 1)) {
/* when we start getting low on queued buffers, fall back on copying data */
res = av_new_packet(pkt, buf.bytesused);
if (res < 0) {
Change History (4)
follow-up: 2 comment:1 by , 11 years ago
comment:2 by , 11 years ago
Replying to cehoyos:
The crash with ffplay may have been fixed (or worked around)
I can reproduce the crash with ffplay with bd650ee3.
Note:
See TracTickets
for help on using tickets.
Trac user FishB8 showed another possibility to test in ticket #3685 after loading kernel device v4l2loopback from https://github.com/umlaeute/v4l2loopback.git
The crash with ffplay may have been fixed (or worked around), the crash with valgrind and ffmpeg is still reproducible here.