[FFmpeg-trac] #792(swscale:open): zzuf .mad crashes FFMPEG
FFmpeg
trac at avcodec.org
Mon Dec 19 11:35:34 CET 2011
#792: zzuf .mad crashes FFMPEG
---------------------------------------+-----------------------------------
Reporter: oanastratulat | Owner:
Type: defect | Status: open
Priority: important | Component: swscale
Version: git-master | Resolution:
Keywords: crash SIGSEGV | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
---------------------------------------+-----------------------------------
Changes (by cehoyos):
* keywords: => crash SIGSEGV
* status: new => open
* component: FFmpeg => swscale
* reproduced: 0 => 1
Comment:
{{{
(gdb) r -i corruptfile -f null -
...
Program received signal SIGSEGV, Segmentation fault.
0x086c9755 in yuv2yuvX_sse3 (filter=0x8ed6218, filterSize=136,
src=0x8e972a4,
dest=0xf32091a0
"\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200"...,
dstW=360,
dither=0x8827c48 "@@@@@@@@", offset=0) at
libswscale/x86/swscale_mmx.c:200
200 __asm__ volatile(
(gdb) bt
#0 0x086c9755 in yuv2yuvX_sse3 (filter=0x8ed6218, filterSize=136,
src=0x8e972a4,
dest=0xf32091a0
"\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200"...,
dstW=360,
dither=0x8827c48 "@@@@@@@@", offset=0) at
libswscale/x86/swscale_mmx.c:200
#1 0x086bbb80 in swScale (c=0x8ed3880, src=0xffffa960,
srcStride=0xffffa930, srcSliceY=0,
srcSliceH=33264, dst=0xffffa950, dstStride=0xffffa940) at
libswscale/swscale.c:2786
#2 0x0869c81a in sws_scale (c=0x8ed3880, srcSlice=0xffffaa10,
srcStride=0xffffa9f0, srcSliceY=0,
srcSliceH=33264, dst=0xffffaa00, dstStride=0xffffa9e0) at
libswscale/swscale_unscaled.c:937
#3 0x080757cb in scale_slice (field=0, mul=1, h=33264, y=0,
sws=0x8ed3880, link=<value optimized out>)
at libavfilter/vf_scale.c:298
#4 draw_slice (field=0, mul=1, h=33264, y=0, sws=0x8ed3880, link=<value
optimized out>)
at libavfilter/vf_scale.c:315
#5 0x080677a8 in avfilter_draw_slice (link=0x8dc51a0, y=0, h=33264,
slice_dir=1)
at libavfilter/avfilter.c:641
#6 0x0807806f in request_frame (link=0x8dc51a0) at
libavfilter/vsrc_buffer.c:191
#7 0x08066baf in avfilter_request_frame (link=0x8dc5f40) at
libavfilter/avfilter.c:520
#8 0x0806b1db in av_buffersink_get_buffer_ref (ctx=0x8dc3c60,
bufref=0x8dc3854, flags=0)
at libavfilter/sink_buffer.c:128
#9 0x08052263 in transcode_video (pkt_dts=<value optimized out>,
pkt_pts=<value optimized out>,
got_output=0xffffae5c, pkt=0xffffadd0, ist=0x8dc4800) at ffmpeg.c:1933
#10 output_packet (pkt_dts=<value optimized out>, pkt_pts=<value optimized
out>, got_output=0xffffae5c,
pkt=0xffffadd0, ist=0x8dc4800) at ffmpeg.c:2046
#11 0x08055de4 in transcode (output_files=0x8dbdff8, nb_output_files=1,
input_files=0x8e69c78,
nb_input_files=1) at ffmpeg.c:2804
#12 0x0805a5f3 in main (argc=<value optimized out>, argv=<value optimized
out>) at ffmpeg.c:4885
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x86c9735 to 0x86c9775:
0x086c9735 <yuv2yuvX_sse3+69>: jno 0x86c971a <yuv2yuvX_sse3+42>
0x086c9737 <yuv2yuvX_sse3+71>: add $0x66,%al
0x086c9739 <yuv2yuvX_sse3+73>: movq %mm3,%mm4
0x086c973c <yuv2yuvX_sse3+76>: movdqa %xmm3,%xmm7
0x086c9740 <yuv2yuvX_sse3+80>: mov 0x44(%esp),%ecx
0x086c9744 <yuv2yuvX_sse3+84>: mov %edi,%edx
0x086c9746 <yuv2yuvX_sse3+86>: mov (%edx),%esi
0x086c9748 <yuv2yuvX_sse3+88>: nop
0x086c9749 <yuv2yuvX_sse3+89>: lea 0x0(%esi,%eiz,1),%esi
0x086c9750 <yuv2yuvX_sse3+96>: movddup 0x8(%edx),%xmm0
0x086c9755 <yuv2yuvX_sse3+101>: movdqa (%esi,%ecx,2),%xmm2
0x086c975a <yuv2yuvX_sse3+106>: movdqa 0x10(%esi,%ecx,2),%xmm5
0x086c9760 <yuv2yuvX_sse3+112>: add $0x10,%edx
0x086c9763 <yuv2yuvX_sse3+115>: mov (%edx),%esi
0x086c9765 <yuv2yuvX_sse3+117>: test %esi,%esi
0x086c9767 <yuv2yuvX_sse3+119>: pmulhw %xmm0,%xmm2
0x086c976b <yuv2yuvX_sse3+123>: pmulhw %xmm0,%xmm5
0x086c976f <yuv2yuvX_sse3+127>: paddw %xmm2,%xmm3
0x086c9773 <yuv2yuvX_sse3+131>: paddw %xmm5,%xmm4
End of assembler dump.
(gdb) info all-registers
eax 0xf32091a0 -215969376
ecx 0x0 0
edx 0x8ed6218 149774872
ebx 0x168 360
esp 0xffffa6e4 0xffffa6e4
ebp 0xf32205a0 0xf32205a0
esi 0x100012 1048594
edi 0x8ed6218 149774872
eip 0x86c9755 0x86c9755 <yuv2yuvX_sse3+101>
eflags 0x210202 [ IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 -2147483648 (raw 0xc01e8000000000000000)
st4 123456 (raw 0x400ff120000000000000)
st5 0 (raw 0x00000000000000000000)
st6 320602061668352 (raw 0x402f91cafe0000000000)
st7 36028797018963.967998504638671875 (raw
0x402c83126e978d4fdf3b)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x869d474 141153396
foseg 0x0 0
fooff 0x0 0
fop 0x5d8 1496
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x10, 0x0,
0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0, 0x10, 0x0,
0x10}, v8_int16 = {0x1000, 0x1000,
0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000}, v4_int32 =
{0x10001000, 0x10001000, 0x10001000,
0x10001000}, v2_int64 = {0x1000100010001000, 0x1000100010001000},
uint128 = 0x10001000100010001000100010001000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0},
v8_int16 = {0x0, 0x0, 0x0, 0x20, 0x0,
0x0, 0x0, 0x20}, v4_int32 = {0x0, 0x200000, 0x0, 0x200000}, v2_int64 =
{0x20000000000000,
0x20000000000000}, uint128 = 0x00200000000000000020000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0,
0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x4, 0x0, 0x4, 0x0,
0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16
= {0x4, 0x4, 0x4, 0x4, 0x4,
0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004},
v2_int64 = {0x4000400040004,
0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x4, 0x0, 0x4, 0x0,
0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16
= {0x4, 0x4, 0x4, 0x4, 0x4,
0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004},
v2_int64 = {0x4000400040004,
0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0,
0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0,
0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x4, 0x0, 0x4, 0x0,
0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0}, v8_int16
= {0x4, 0x4, 0x4, 0x4, 0x4,
0x4, 0x4, 0x4}, v4_int32 = {0x40004, 0x40004, 0x40004, 0x40004},
v2_int64 = {0x4000400040004,
0x4000400040004}, uint128 = 0x00040004000400040004000400040004}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000},
v4_int16 = {0x0, 0x0, 0x0,
0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4 {uint64 = 0xf120000000000000, v2_int32 = {0x0, 0xf1200000},
v4_int16 = {0x0, 0x0, 0x0,
0xf120}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xf1}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0x91cafe0000000000, v2_int32 = {0x0, 0x91cafe00},
v4_int16 = {0x0, 0x0, 0xfe00,
0x91ca}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0xca, 0x91}}
mm7 {uint64 = 0x83126e978d4fdf3b, v2_int32 = {0x8d4fdf3b,
0x83126e97}, v4_int16 = {0xdf3b,
0x8d4f, 0x6e97, 0x8312}, v8_int8 = {0x3b, 0xdf, 0x4f, 0x8d, 0x97,
0x6e, 0x12, 0x83}}
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/792#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list