Opened 7 years ago
Closed 7 years ago
#6519 closed defect (fixed)
Crash when passing rgb24 data to ssim filter
| Reported by: | t.rapp | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
When I pass rgb24 data generated by the testsrc filter to ssim the application crashes. When I convert the data to YUV first (like yuv422p) ssim seems to work fine.
How to reproduce:
% ./build-linux/ffmpeg-dbg_g -f lavfi -i "testsrc=s=300x200:r=5:d=1" -vf "split [ref][tmp]; [tmp] avgblur=3 [enc]; [enc][ref] ssim" -f null -
ffmpeg version N-86755-g0780ad9 Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 20160609
configuration: --disable-network --enable-libtwolame --enable-libmp3lame --enable-libvorbis --enable-libfreetype --enable-static --disable-shared --progs-suffix=-dbg --enable-debug --disable-optimizations --enable-extra-warnings --assert-level=2 --prefix=/usr/local
libavutil 55. 67.100 / 55. 67.100
libavcodec 57.100.104 / 57.100.104
libavformat 57. 75.100 / 57. 75.100
libavdevice 57. 7.100 / 57. 7.100
libavfilter 6. 95.100 / 6. 95.100
libswscale 4. 7.101 / 4. 7.101
libswresample 2. 8.100 / 2. 8.100
Input #0, lavfi, from 'testsrc=s=300x200:r=5:d=1':
Duration: N/A, start: 0.000000, bitrate: N/A
Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 300x200 [SAR 1:1 DAR 3:2], 5 tbr, 5 tbn, 5 tbc
Stream mapping:
Stream #0:0 -> #0:0 (rawvideo (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf57.75.100
Stream #0:0: Video: wrapped_avframe, gbrp, 300x200 [SAR 1:1 DAR 3:2], q=2-31, 200 kb/s, 5 fps, 5 tbn, 5 tbc
Metadata:
encoder : Lavc57.100.104 wrapped_avframe
frame= 5 fps=0.0 q=-0.0 Lsize=N/A time=00:00:01.00 bitrate=N/A speed=42.2x
video:3kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
*** Error in `./build-linux/ffmpeg-dbg_g': corrupted size vs. prev_size: 0x00000000041be170 ***
(gdb) bt
#0 0x00007ffff4f45428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff4f4702a in __GI_abort () at abort.c:89
#2 0x00007ffff4f877ea in __libc_message (do_abort=2,
fmt=fmt@entry=0x7ffff50a0e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff4f90dfb in malloc_printerr (ar_ptr=0x7ffff52d4b20 <main_arena>, ptr=0x25d2bd0,
str=0x7ffff509dc35 "corrupted size vs. prev_size", action=3) at malloc.c:5006
#4 _int_free (av=0x7ffff52d4b20 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:4014
#5 0x00007ffff4f9453c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968
#6 0x000000000166bbfa in av_free (ptr=0x25d2720) at src/libavutil/mem.c:209
#7 0x000000000166bc42 in av_freep (arg=0x25cb158) at src/libavutil/mem.c:219
#8 0x00000000014f7a3f in sws_freeContext (c=0x25c18a0) at src/libswscale/utils.c:2283
#9 0x00000000005cb4d6 in uninit (ctx=0x25ae800) at src/libavfilter/vf_scale.c:151
#10 0x000000000045ec0f in avfilter_free (filter=0x25ae800) at src/libavfilter/avfilter.c:800
#11 0x000000000046127f in avfilter_graph_free (graph=0x25a9850) at src/libavfilter/avfiltergraph.c:123
#12 0x00000000004222ee in ffmpeg_cleanup (ret=0) at src/ffmpeg.c:477
#13 0x000000000040819c in exit_program (ret=0) at src/cmdutils.c:138
#14 0x00000000004338fb in main (argc=11, argv=0x7fffffffdf28) at src/ffmpeg.c:4814
(gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x7ffff4f45408 to 0x7ffff4f45448: 0x00007ffff4f45408 <__GI_raise+24>: mov $0xf000000,%edx 0x00007ffff4f4540d <__GI_raise+29>: add $0x8964c189,%eax 0x00007ffff4f45412 <__GI_raise+34>: add $0x25,%al 0x00007ffff4f45414 <__GI_raise+36>: rolb (%rdx) 0x00007ffff4f45416 <__GI_raise+38>: add %al,(%rax) 0x00007ffff4f45418 <__GI_raise+40>: movslq %eax,%rsi 0x00007ffff4f4541b <__GI_raise+43>: movslq %edi,%rdx 0x00007ffff4f4541e <__GI_raise+46>: mov $0xea,%eax 0x00007ffff4f45423 <__GI_raise+51>: movslq %ecx,%rdi 0x00007ffff4f45426 <__GI_raise+54>: syscall => 0x00007ffff4f45428 <__GI_raise+56>: cmp $0xfffffffffffff000,%rax 0x00007ffff4f4542e <__GI_raise+62>: ja 0x7ffff4f45450 <__GI_raise+96> 0x00007ffff4f45430 <__GI_raise+64>: repz retq 0x00007ffff4f45432 <__GI_raise+66>: nopw 0x0(%rax,%rax,1) 0x00007ffff4f45438 <__GI_raise+72>: test %ecx,%ecx 0x00007ffff4f4543a <__GI_raise+74>: jg 0x7ffff4f4541b <__GI_raise+43> 0x00007ffff4f4543c <__GI_raise+76>: mov %ecx,%edx 0x00007ffff4f4543e <__GI_raise+78>: neg %edx 0x00007ffff4f45440 <__GI_raise+80>: and $0x7fffffff,%ecx 0x00007ffff4f45446 <__GI_raise+86>: cmove %esi,%edx End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x86 134
rcx 0x7ffff4f45428 140737303041064
rdx 0x6 6
rsi 0x3c35 15413
rdi 0x3c35 15413
rbp 0x7fffffffdae0 0x7fffffffdae0
rsp 0x7fffffffd748 0x7fffffffd748
r8 0x5 5
r9 0x0 0
r10 0x8 8
r11 0x206 518
r12 0x86 134
r13 0x7fffffffd8f8 140737488345336
r14 0x7fffffffd8f8 140737488345336
r15 0x2 2
rip 0x7ffff4f45428 0x7ffff4f45428 <__GI_raise+56>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 14 times>,
0xff, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, v4_int32 = {0x0, 0x0, 0x0, 0xff0000},
v2_int64 = {0x0, 0xff000000000000}, uint128 = 0x00ff0000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
uint128 = 0x00000000000000003ff0000000000000}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm9 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3e, 0x50, 0x62, 0x12,
0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x503e, 0x1262, 0x7400,
0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0, 0x0}, v2_int64 = {
---Type <return> to continue, or q <return> to quit---
0x3fce74001262503e, 0x0}, uint128 = 0x00000000000000003fce74001262503e}
xmm10 {v4_float = {0xf65282a0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xd6, 0xd7, 0x1a,
0xcd, 0x8b, 0x5, 0x69, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xd7d6, 0xcd1a, 0x58b,
0x3c69, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcd1ad7d6, 0x3c69058b, 0x0, 0x0}, v2_int64 = {
0x3c69058bcd1ad7d6, 0x0}, uint128 = 0x00000000000000003c69058bcd1ad7d6}
xmm11 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3e, 0x50, 0x62, 0x12,
0x0, 0x74, 0xce, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x503e, 0x1262, 0x7400,
0x3fce, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x1262503e, 0x3fce7400, 0x0, 0x0}, v2_int64 = {
0x3fce74001262503e, 0x0}, uint128 = 0x00000000000000003fce74001262503e}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>},
v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm15 {v4_float = {0xfed6beb2, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xa7, 0xa0, 0x94,
0xcb, 0xd0, 0xe9, 0x46, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xa0a7, 0xcb94, 0xe9d0,
0xbc46, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xcb94a0a7, 0xbc46e9d0, 0x0, 0x0}, v2_int64 = {
0xbc46e9d0cb94a0a7, 0x0}, uint128 = 0x0000000000000000bc46e9d0cb94a0a7}
mxcsr 0x1fa8 [ OE PE IM DM ZM OM UM PM ]
Attachments (3)
Change History (5)
by , 7 years ago
| Attachment: | ffmpeg-20170711-124513.log added |
|---|
by , 7 years ago
| Attachment: | valgrind-fate-ssim-rgb.log added |
|---|
by , 7 years ago
| Attachment: | valgrind-fate-ssim-yuv.log added |
|---|
comment:1 by , 7 years ago
comment:2 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
After some more checks it seems the issue is caused by ssim x86 assembly. When running the command with "-cpuflags 0" it disappears.
Further the issue seems to be unrelated to rgb24 pixel format, when running the command in Valgrind both rgb24 and yuv422p formats cause errors to be printed. I'm attaching the log files generated with Valgrind for rgb24 and yuv422p.