[Ffmpeg-devel] [PATCH] fix ffmpeg crash when thread_count is zero
Limin Wang
lance.lmwang
Wed Feb 28 03:02:28 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
* Michael Niedermayer <michaelni at gmx.at> [2007-02-27 23:53:28 +0100]:
> Hi
>
> On Tue, Feb 27, 2007 at 07:21:09PM +0800, Limin Wang wrote:
> > Hi,
> >
> > After inputing "-threads auto" option for ffmpeg as x264, mencode by mistaken.
> > I got ffmpeg crashed. After checking, I got the reason is ffmpeg get
> > thread_count to zero in case of this usage.
> >
> > The attached patch will check and restrict the thread_count range from 1 to
> > FF_THREAD_MAX. Maybe it's better to support auto option like x264?
> >
> >
> > Thanks,
> > Limin
>
> > Index: ffmpeg.c
> > ===================================================================
> > --- ffmpeg.c (revision 8140)
> > +++ ffmpeg.c (working copy)
> > @@ -2323,6 +2323,8 @@
> > static void opt_thread_count(const char *arg)
> > {
> > thread_count= atoi(arg);
> > +
> > + thread_count = av_clip( thread_count, 1, FF_THREAD_MAX );
>
> ffmpeg should fail if the value is invalid
OK, if the input value is invalid then ffmpeg exit, right?
>
> [....]
>
> >
> > +#define FF_THREAD_MAX 16
>
> why?
Just give a max thread range, maybe 256 or bigger?
Below is the bug report from my testing, maybe somewhere has bug since
thread_count is zero shouldn't cause segment fault I think.
lmwang at lmwang_pc:~/yuvad/open/h264/ffmpeg$ gdb ./ffmpeg_g
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) r -threads 0 -i /home/lmwang/test_sequences/d1/dvd_t2_c1.ts -vcodec h264
/tmp/1.h264
Starting program: /home/lmwang/yuvad/open/h264/ffmpeg/ffmpeg_g -threads 0 -i
/home/lmwang/test_sequences/d1/dvd_t2_c1.ts -vcodec h264 /tmp/1.h264
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1211726144 (LWP 24643)]
FFmpeg version SVN-r8146, Copyright (c) 2000-2007 Fabrice Bellard, et al.
configuration: --enable-pthreads --enable-gpl --enable-x264
--disable-ffserver --enable-ffplay --enable-libfaad --enable-libfaac
--enable-liba52
libavutil version: 49.3.0
libavcodec version: 51.35.0
libavformat version: 51.10.0
built on Feb 27 2007 21:43:47, gcc: 4.1.2 20061115 (prerelease) (Debian
4.1.1-21)
Input #0, mpegts, from '/home/lmwang/test_sequences/d1/dvd_t2_c1.ts':
Duration: 00:01:30.0, start: 82484.399856, bitrate: 8717 kb/s
Stream #0.0[0x44](eng): Audio: 0x0000, 48000 Hz, stereo, 384 kb/s
Stream #0.1[0x45]: Video: mpeg2video, yuv420p, 720x480, 9800 kb/s, 29.97
fps(r)
File '/tmp/1.h264' already exists. Overwrite ? [y/N] y
Output #0, h264, to '/tmp/1.h264':
Stream #0.0: Video: h264, yuv420p, 720x480, q=2-31, 200 kb/s, 29.97 fps(c)
Stream mapping:
Stream #0.1 -> #0.0
[h264 @ 0x84835bc]using SAR=8/9
[h264 @ 0x84835bc]using cpu capabilities MMX MMXEXT SSE SSE2
Press [q] to stop encoding
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211726144 (LWP 24643)]
0x082208d2 in clear_blocks_mmx (blocks=0x0) at i386/dsputil_mmx.c:468
468 __asm __volatile(
(gdb) bt
#0 0x082208d2 in clear_blocks_mmx (blocks=0x0) at i386/dsputil_mmx.c:468
#1 0x081d0064 in mpeg_decode_mb (s=0x87b53a0, block=<value optimized out>) at
mpeg12.c:1194
#2 0x081d286d in mpeg_decode_slice (s1=0x87b53a0, mb_y=0, buf=0xbf955f64,
buf_size=47320) at mpeg12.c:2624
#3 0x081d470a in mpeg_decode_frame (avctx=0x85079c0, data=0xbf956314,
data_size=0xbf9564a0, buf=0x87c3cb8 "",
buf_size=47440) at mpeg12.c:3223
#4 0x080c0f00 in avcodec_decode_video (avctx=0x85079c0, picture=0xbf956314,
got_picture_ptr=0xbf9564a0,
buf=0x87c3cb8 "", buf_size=47440) at utils.c:878
#5 0x0805d704 in output_packet (ist=0x8508060, ist_index=1,
ost_table=0x85080b0, nb_ostreams=1, pkt=0xbf956aa8)
at ffmpeg.c:1080
#6 0x0805f33c in main (argc=Cannot access memory at address 0x8
) at ffmpeg.c:1928
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x82208b2 to 0x82208f2:
0x082208b2 <put_pixels16_mmx+114>: and $0x4,%al
0x082208b4 <put_pixels16_mmx+116>: add $0x8,%esp
0x082208b7 <put_pixels16_mmx+119>: ret
0x082208b8: nop
0x082208b9: lea 0x0(%esi),%esi
0x082208c0 <clear_blocks_mmx+0>: mov 0x4(%esp),%edx
0x082208c4 <clear_blocks_mmx+4>: add $0x300,%edx
0x082208ca <clear_blocks_mmx+10>: pxor %mm7,%mm7
0x082208cd <clear_blocks_mmx+13>: mov $0xfffffd00,%eax
0x082208d2 <clear_blocks_mmx+18>: movq %mm7,(%edx,%eax,1)
0x082208d6 <clear_blocks_mmx+22>: movq %mm7,0x8(%edx,%eax,1)
0x082208db <clear_blocks_mmx+27>: movq %mm7,0x10(%edx,%eax,1)
0x082208e0 <clear_blocks_mmx+32>: movq %mm7,0x18(%edx,%eax,1)
0x082208e5 <clear_blocks_mmx+37>: add $0x20,%eax
0x082208e8 <clear_blocks_mmx+40>: js 0x82208d2 <clear_blocks_mmx+18>
0x082208ea <clear_blocks_mmx+42>: ret
0x082208eb: nop
0x082208ec: lea 0x0(%esi),%esi
0x082208f0 <pix_sum16_mmx+0>: push %ebx
0x082208f1 <pix_sum16_mmx+1>: mov 0xc(%esp),%ecx
End of assembler dump.
(gdb) info all-registers
eax 0xfffffd00 -768
ecx 0x8 8
edx 0x300 768
ebx 0x0 0
esp 0xbf955bec 0xbf955bec
ebp 0x87b53a0 0x87b53a0
esi 0x87b7480 142308480
edi 0x0 0
eip 0x82208d2 0x82208d2 <clear_blocks_mmx+18>
eflags 0x10206 [ PF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 -nan(0x80807f807f7f7f7f) (raw 0xffff80807f807f7f7f7f)
st1 -nan(0x800080007f0080) (raw 0xffff00800080007f0080)
st2 -nan(0x8080807f807f7f7f) (raw 0xffff8080807f807f7f7f)
st3 30000 (raw 0x400dea60000000000000)
st4 1.000000000000000015902891109759918e+100 (raw
0x414b924d692ca61be800)
st5 1.000000000000000015902891109759918e+100 (raw
0x414b924d692ca61be800)
st6 0 (raw 0x00000000000000000000)
st7 <invalid float value> (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0x902a 36906
fiseg 0x73 115
fioff 0x805f633 134608435
foseg 0x7b 123
fooff 0xbf9564b8 -1080728392
fop 0x1c9 457
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
- ---Type <return> to continue, or q <return> to quit---
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x80807f807f7f7f7f, v2_int32 = {0x7f7f7f7f,
0x80807f80}, v4_int16 = {0x7f7f, 0x7f7f, 0x7f80,
0x8080}, v8_int8 = {0x7f, 0x7f, 0x7f, 0x7f, 0x80, 0x7f, 0x80, 0x80}}
mm1 {uint64 = 0x800080007f0080, v2_int32 = {0x7f0080, 0x800080},
v4_int16 = {0x80, 0x7f, 0x80, 0x80},
v8_int8 = {0x80, 0x0, 0x7f, 0x0, 0x80, 0x0, 0x80, 0x0}}
mm2 {uint64 = 0x8080807f807f7f7f, v2_int32 = {0x807f7f7f,
0x8080807f}, v4_int16 = {0x7f7f, 0x807f, 0x807f,
0x8080}, v8_int8 = {0x7f, 0x7f, 0x7f, 0x80, 0x7f, 0x80, 0x80, 0x80}}
mm3 {uint64 = 0xea60000000000000, v2_int32 = {0x0, 0xea600000},
v4_int16 = {0x0, 0x0, 0x0, 0xea60}, v8_int8 = {
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0xea}}
mm4 {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800,
0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c,
0x924d}, v8_int8 = {0x0, 0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
mm5 {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800,
0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c,
0x924d}, v8_int8 = {0x0, 0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}}
mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}}
(gdb)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBReTitEztbf7dKiuoAQJKtgf/R9yshczPwfzfF9BtJrJ+6gn3mK+96JYL
vbr/HR4nweyGMLplPJFiSRHT8auHC4AtpR7nd4Dy7OkscPcvkgaYkJQy9K9/2I9g
FzDoOyj9R0+FCcWatKyXykDecqbMcm8t0vBzCV33exUgeH+53jTJIo1yayPpCBfK
kF891lElcM7Nm5SKoELExFJ0j5ZlOs1az6igIi6hG17LCglP1mVB8tsjrcV4T0xK
Ar4G7bww7zIQlQzyV9gaGLYaGFgkpHPd7dNUw8atCgLDnGG/1wY3lTg2yleLWjxf
2OmVrfRk15GwxGMeDoOzrOvmkp0zvc4pewSvibhlapqnG6TxbDXUVw==
=XAhb
-----END PGP SIGNATURE-----
More information about the ffmpeg-devel
mailing list